Rogue Policies Configuration
While creating Rogue policies based on SSIDs or RSSI value, should we select "AllAps" for Rogue Location Discovery Protocol ?
The access points will detect rogue AP's by default. Enabling RLDP can and will cause issue in your environment if the access point is also serving clients. Please review what RLDP does before enabling that. Typically it would be enabled an access points that are in monitor mode, not set I sing clients.
Scott
Similar Messages
-
How to get Info about all VPD policies configured?
Hi,
is it possible to get a list of all VPD policies configured in the database?
$VPD_POLICY - displays all the fine-grained security policies and predicates associated with the cursors currently in the library cache.
`- It's empty. This means that this view is populated only if the policy is currently used ..
Thanks.I have not checked but the dba_* views should be able to give to you this. V$vpd_policy only shows the what's there in the library cache.
Please see this link,
http://download.oracle.com/docs/cd/E11882_01/network.112/e10574/vpd.htm#CIHJGHDE
HTH
Aman.... -
Control Plane Protection (Policing) configuration on Catalyst 3850
I need to block ICMP requests from being received by the switch. And there is no 'control-plane' configuration mode, which I was going to use for this.
How can I configure this feature or apply another for my purpose?Greetings,
How about on the 3725 router?
A couple specific questions I have while configuring the portion for IGPs.
Here is a couple snips of example configurations I'm finding on the Internet, that I have questions on.
1. Cisco CoPP Best Practicesaccess-list 120 permit ospf any
access-list 120 permit ospf any host 224.0.0.5
access-list 120 permit ospf any host 224.0.0.6
2. Deploying Cisco Control Plane Policing
ip access-list extended coppacl-igp remark CoPP IGP traffic class
! permit OSPF permit ospf any host 224.0.0.5
permit ospf any host 224.0.0.6 permit ospf any any
3. RFC6192
ip access-list extended OSPF
permit ospf 192.0.2.0 0.0.0.255 any
Questions - Which optionis better?
- Is the network specified in option #3, the network statement under the OSPF process,
or the actual network I'm routing?
- If option #1 is better, what is the "router receive block" mentioned?
Thank you for your assistance!!
Debbie -
I'm running WCS ver 7.0.164 and the controllers are running 7.0.98 code. I have a daily rogue report configured to email me the rogue access points reported by the controllers and access points. How do I limit the reporting so that any rogue with a RSSI of less than -85 is not reported? I created a "rogue ap rule" and set the match conditition to a minimum RSSI of -85. Then I applied that to a "rogue ap rule group" and applied that to the controllers, but I still get the same number of rogues in my report.
Thanks,
AlPost the rogue message you are getting for starters.
Also how is your rogue policies configured? Here is the users guide for configuring rogue policies using the templates.
http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0temp.html#wp1100222
You modify the rogue ap rules to prevent those rogues from appearing:
Viewing or Editing Rogue Access Point Rules
You can view or edit current rogue access point rules on a single WLC. Follow these steps to access the rogue access point rules. See the "Configuring a Rogue AP Rules Template" section on page 12-77 for more information.
Step 1 Choose Configure > Controllers.
Step 2 Click an IP address under the IP Address column.
Step 3 From the left sidebar menu, choose Security > Rogue AP Rules. The Rogue AP Rules displays the rogue access point rules, the rule types (malicious or friendly), and the rule sequence.
Step 4 Choose a Rogue AP Rule to view or edit its details. -
Alerting of "Malicious" Rogue APs
Hi,
In WCS, I see that we can set a severity level for rogue APs, which is minor by default. What I'd like to do is set APs classificed as Malicious Rogues (based on the rogue policies), to have a different severity -- critical to be specific. The goal here is to have an email trigger based on rogue AP detection, but only for those classified as malicious. How do I accomplish this?
I'm running WCS 7.0, w/ a WLC 4404 on 6.0 code.
Thanks,
David Swafford, Network Engineer, CareSource
Cisco Certified Network Professional | Cisco NAC Specialist | EC-Council Certified Ethical HackerA possible alternative solution would be to have WCS send SNMP traps to a 3rd-party monitoring system, which could be configured to trigger an alert if it receives a notification indicating a new rogue AP has been detected and classified as malicious. This is from the WCS MIB file:
cWNotificationSpecialAttributes OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..1024))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents the specialized attributes required
to describe the network condition identified by
cWNotificationType. These include SNR, RSSI, channel information
etc. This value is formatted as 'name=value' pairs in CSV
format. For example, rogueAP Alert's special attributes are sent
as 'detectingAPRadioType=a0,YCoordinate=0, state=11,
rogueApType=0, spt Status=0, ssId=wpspsk, on80211A=0,
numOfDetectingAps=0, on80211B=1, XCoordinate=0,
classificationType=3, channelNumber=6, containmentLevel=0,
rssi=-51, rogueApMacAddr=00:1b:2b:35:6a:f3, onNetwork=0, total
RogueClients=0'. This string can be parsed to get different
name-value pairs."
::= { cwNotificationHistoryEntry 12 }
I haven't actually gotten around to trying this yet. Hopefully I'll have time during the holiday season. If anyone else gets it to work in the meantime, let me know! -
How to Prevent or Block Rogue APs from Joining Your Wired or Wireless WLANs
Hi all, I deployed a WLAN with 1 WLC 4400 and 5 1252AP. I do not see the way to Block Rogue APs from Joining the Wired or Wireless WLANs
PART 1
There are three parts to this:
1. detect - automatic
2. classify - by default APs are untrusted/unknown, various methods can be configured to classify them as trusted and threat (connected to wired network).
3. over the air contain (aka mitigate) - in 4.x this is manual, in 5.x you can configure auto-containment
First you need to detect. WLC does this automatically out of the box. It listens the air for unknown APs, clients and ad-hocs. Are you seeing Rogue APs under Monitor > Rogues > Rogue APs?
Next, you can manually classify rogue APs as "known" (internal or external). Starting with 5.0 you can also build rogue rules based on RSSI, SSID, Clients, etc. If an AP is classified as "known" (internal or external), WCS stops alerting you.
Another key classification piece is to detect whether or not the rogue AP is physically connected to your network which is a high security risk. There are three ways WLC can detect it and neither of them is automatic. You must configure these methods manually.
1. Rogue AP Detector, aka ARP sniffing. You have to dedicate one AP as "Rogue Detector" (change AP mode from local to rogue detector). Configure the port the AP is connected to as switchport mode trunk (normally it's switchport mode access). Rogue Detector AP turns off and doesn't use its radios. When WLC detects rogue APs it can also detect the MAC addresses of any clients associated to that rogue APs, and the rogue detector AP simply watches each hardwire trunked VLAN for ARP requests coming from those rogue AP clients. If it sees one, WLC automatically classifies the rogue AP as "threat" indicating that the rogue AP is physically connected to your network. It doesn't actually do anything with the rogue AP, it simply classifies it and alerts you. Also, keep in mind that this method doesn't work if the rogue AP is a Wireless Router, because Wireless Routers NAT and ARP requests don't propagate to the wire.
2. RLDP. Rogue Location Discovery Protocol. This feature is by default turned off and can be enabled under Security > Wireless Protection Policies > Rogue Polices. This feature works only when the rogue SSID is open, meaning that it's not using WEP/WPA/802.1x. When you enable RLDP, your WLC will pick some AP (you can't pick manually) which hears Rogue AP traffic, it will temporarily shut off its radio, turn it into a client, and instruct it to associate to the Rogue AP as client (this is where the requirement comes in for the Rogue SSID to be open authentication). Once associated, AP gets a DHCP IP through Rogue AP, it then sends a special small UDP port 6352 RLDP packet to every possible WLC's IP address (mgmt ip, ap manager ip, dynamic int IPs). If WLC gets one of those packets, it means that rogue AP is physically connected to your network. This method will work when Rogue AP is a Wireless Router. But this method is not recommended. It has an adverse effect on your wireless clients because RLDP AP goes offline for a period of time disconnecting your clients and forcing them to associate to another AP. Also, keep in mind, that WLC runs this RLDP process *once* per detected rogue AP. It doesn't periodically do this, it only does it once. In some later WLC versions, you can configure RLDP to run only on "monitor mode" APs, eliminating impact on your clients. Also, you can manually trigger RLDP for a rogue AP from CLI "config rogue ap rldp initiate ". You can "debug dot11 rldp" to see the process.
3. Switchport Tracing (need WCS, and WLC 5.1). This is a later feature that requires WCS. You can add your Catalyst switches to WCS, and WCS will look at CDP information and MAC tables on your switches to detect whether or not Rogue AP is connected to your network. This works with secured and NAT rogues. You can also *manually* instruct WCS to shut down the switchport that Rogue AP is connected to. -
I need a bit of info with the below topics.
Q1. What is a Rogue AP?
Q2. WLC 4400 is detecting a number of rogue access points from neighboring buildings. How should the WLC 4400 deal with these rogue access points?
Q3. Can the WLC 4400 block these accees points from broadcasting their SSID's into our air space?
Regards,
ColmFor the Clases, you have the ability to define what criteria must be met for a roge to be called friendly or malicious. Under the Security tab > Wireless Protection Policy, Rogue Policies, Rogue Rules.
Class Type:
unclassified <--- AP detected but not matching any policy
friendly <--- AP matches the criteria of a friendly AP
malicious <--- AP matches the criteria of a malicious AP
Update Status:
Contain <--Contain the AP, uses our own AP to spoof the AP to get the clients to join "us" instead of "them" , once again, you need to be real careful with this, as if you are containing your neighbors, there can be reprocussions
Alert <-- Just a message saying there is a rogue -
6880 Port policy map - TCAM error re configured L4OPs
Hi,
I'm working through a QoS configuration for the 6880-X-LE with 6800Ia FEXs. The QoS configuration, policymap, classes, ACLS etc have all been accepted fine.
I can apply a service policy to an interface but when I do I get the following errors come up:
*Oct 13 03:13:55.832: %EARL_CM-SW1-5-NOL4OP: Configured L4OPs exceeds the programmable limit for tcam= 0
*Oct 13 03:13:55.828: %EARL_CM-SW2_STBY-5-NOL4OP: Configured L4OPs exceeds the programmable limit for tcam= 0
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 1 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 2 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 1 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 2 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 1 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 2 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 1 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 2 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 1 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 2 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
I've checked the QoS policer quota's and they look OK. Is there something else I should be looking at??
NewLevel4Switch#sh platform hardware capacity qos
QoS Policer Resources
Aggregate policers: Sw/Mod Total Used %Used
1/5 16384 16 1%
2/5 16384 16 1%
Microflow policer configurations: Sw/Mod Total Used %Used
1/5 128 1 1%
2/5 128 1 1%
Netflow policer configurations: Sw/Mod Total Used %Used
1/5 384 0 0%
2/5 384 0 0%
Aggregate policer configurations: Sw/Mod Total Used %Used
1/5 1024 8 1%
2/5 1024 8 1%
Distributed policers: Total Used %Used
4096 1 1%
QoS Tcam Entries: Sw/Mod Total Used %Used
1/5 16384 1171 7%
2/5 16384 1171 7%
Thanks,
David.Hi Aninda,
Details as requested:
#show platform hardware capacity acl
Classification Mgr Tcam Resources
Key: Ttlent - Total TCAM entries, QoSent - QoS TCAM entries, LOU - LOUs,
RBLent - RBACL TCAM entries, Lbl - Labels, TCP - TCP Flags,
Dstbl - Destinfo Table, Ethcam - Ethertype Cam Table,
ACTtbl - Accounting Table, V6ext - V6 Extn Hdr Table
Sw/Mod Ttlent QoSent RBLent Lbl LOU TCP Dstbl Ethcam ACTtbl V6ext
1/5 2% 4% 0% 1% 1% 0% 2% 0% 0% 0%
2/5 2% 4% 0% 1% 1% 0% 2% 0% 0% 0%
#show platform hardware capacity qos
QoS Policer Resources
Aggregate policers: Sw/Mod Total Used %Used
1/5 16384 16 1%
2/5 16384 16 1%
Microflow policer configurations: Sw/Mod Total Used %Used
1/5 128 1 1%
2/5 128 1 1%
Netflow policer configurations: Sw/Mod Total Used %Used
1/5 384 0 0%
2/5 384 0 0%
Aggregate policer configurations: Sw/Mod Total Used %Used
1/5 1024 8 1%
2/5 1024 8 1%
Distributed policers: Total Used %Used
4096 1 1%
QoS Tcam Entries: Sw/Mod Total Used %Used
1/5 32768 1192 3%
2/5 32768 1192 3%
Qos config is as follows:
auto qos default
ip access-list extended SIGNALING-ACL
remark Used for voice/video signaling
permit tcp any any eq 5060
permit udp any any eq 5060
permit udp any any eq 2427
permit udp any any eq 2727
permit tcp any any eq 2748
permit tcp any any eq 1720
permit tcp any any range 2000 2002
permit tcp any any range 11000 11999
class-map match-any TAG-VOIP
match ip dscp ef
class-map match-any TAG-SIGNALING-ACL
match access-group name SIGNALING-ACL
class-map match-any TAG-SIGNALING-CS3
match ip dscp cs3
class-map match-any TAG-VIDEO
match ip dscp af41
class-map match-any TAG-LYNC-VOICE
match ip dscp af42
class-map match-any TAG-LYNC-VIDEO
match ip dscp af43
class-map match-any TAG-LYNC-App-Sharing
match ip dscp af22
class-map match-any TAG-STREAM
match access-group name STREAM-ACL
class-map match-any TAG-REATIME-MULTIMEDIA-CS4
match ip dscp cs4
class-map match-any TAG-REATIME-MULTIMEDIA-CS5
match ip dscp cs5
class-map match-any TAG-NETWORK-CONTROL-CS6
match ip dscp cs6
class-map match-any TAG-NETWORK-CONTROL-CS7
match ip dscp cs7
class-map match-any TAG-NETWORK-MGT
match access-group name NETWORK-ACL
class-map match-any TAG-BUSINESS-CRITICAL-AF21
match ip dscp af21
class-map match-any TAG-BUSINESS-CRITICAL-AF23
match ip dscp af23
class-map match-any TAG-PROCESS
match access-group name PROCESS-ACL
class-map match-any TAG-BULK
match access-group name BULK-ACL
class-map match-any TAG-SCAVENGER
match access-group name SCAVENGER-ACL
ip access-list extended STREAM-ACL
remark Define any webcast traffic flows here
ip access-list extended NETWORK-ACL
remark Used to identify CRITICAL network management traffic
permit tcp any any eq 23
permit tcp any any eq 22
ip access-list extended PROCESS-ACL
remark Used to identify Process PCN traffic
ip access-list extended BULK-ACL
remark Define any bulk traffic flows here (Backups/Misc web surfing etc)
ip access-list extended SCAVENGER-ACL
remark Define any Scavenger/junk class traffic here
table-map policed-dscp-markdown
map from 8 to 0
map from 10 to 0
map from 16 to 0
map from 18 to 0
map from 20 to 0
default copy
table-map dscp2dscp
default copy
policy-map TAG-INBOUND-MARKING-AND-POLICING
class TAG-VOIP
police cir 128000 bc 8000
conform-action set-dscp-transmit ef
exceed-action drop
class TAG-SIGNALING-ACL
police cir 32000 bc 8000
conform-action set-dscp-transmit cs3
exceed-action drop
class TAG-SIGNALING-CS3
police cir 32000 bc 8000
conform-action set-dscp-transmit cs3
exceed-action drop
class TAG-VIDEO
police cir 7000000 bc 218750
conform-action set-dscp-transmit af41
exceed-action drop
class TAG-LYNC-VOICE
police cir 128000 bc 8000
conform-action set-dscp-transmit af42
exceed-action drop
class TAG-LYNC-VIDEO
police cir 5000000 bc 156250
conform-action set-dscp-transmit af43
exceed-action drop
class TAG-LYNC-App-Sharing
police cir 1000000 bc 31250
conform-action set-dscp-transmit af22
exceed-action drop
class TAG-STREAM
set ip dscp cs4
class TAG-REATIME-MULTIMEDIA-CS4
set ip dscp cs4
class TAG-REATIME-MULTIMEDIA-CS5
set ip dscp cs5
class TAG-NETWORK-CONTROL-CS6
set ip dscp cs6
class TAG-NETWORK-CONTROL-CS7
set ip dscp cs7
class TAG-NETWORK-MGT
police cir 1000000 bc 31250
conform-action set-dscp-transmit cs2
exceed-action policed-dscp-transmit
class TAG-BUSINESS-CRITICAL-AF21
set ip dscp af21
class TAG-BUSINESS-CRITICAL-AF23
set ip dscp af23
class TAG-PROCESS
set ip dscp af31
class TAG-BULK
set ip dscp af11
class TAG-SCAVENGER
set ip dscp cs1
class class-default
set dscp default
interface gigabitEthernet xx/xx/xx - xx
service-policy input TAG-INBOUND-MARKING-AND-POLICING
Thanks,
David -
Hi All,
I have a question regarding rogue detection configuration on WLC.
we know that rogue detection can be enabled on a per AP basis under the advanced tab of each AP, starting from code 6.0, and it also supports rogue detection in RF groups when we configure protection type as "AP Authentication" under WLC security tab, which will make APs to authentication frames based on the RF group name, if name is different, then the AP is considered as a rogue.
so the question is if we only enable rogue detection on the AP level, however leave the AP authentication selected as "none", how does the AP detect rogues? does that mean if any signal detected is not from the APs connected to the WLC, then this will be considered as a rogue?
also in the configuration guide, under the section "enable rogue access point detection in RF groups", it says rogue detection will need the AP to be configured as either local or monitor mode, when we also have AP authentication enabled. however if an AP is under h-reap mode, we still able to enable/disable rogue detection under the advanced tab, so how does H-REAP mode APs detect rogues? is that the same method as when AP authentication selected as "none"
thanks in advance for your help.I've done some tests as well:
I have multiple WLCs on same mobility and same RF groups. AP Auth type set to "none" on all o ft hem. I took one WLC (I'll call it thereafter "My WLC") and changed its RF group name. I also cahnged its AP auth policy to "AP Authentication". All WLCs have same SSIDs configured. I added one extra test SSID on "MY WLC".
The results are:
- The WLC with different RF group name did not mention other APs as rogues. Other APs did not mention my WLC APs as rogues as well.
- There is very high number of AP impersonation detected by "My WLC". other WLCs did not detect ap impersonation. This indicates that other APs on other WLCs try to contain "My WLC" APs. However, "My WLC" does not seem to try impersonating other APs. (it worths to notice that number of APs on "My WLC" is much less than APs on other WLCs).
- When using "AP authentication", there is a new IE appears in the SSID beacons.
The highlighted in blue is that information that could not be interpretted (as seen in highlighted yellow above). This information differs based no the SSID. Different SSID name shows different information. This IE seems to carry the information about the RF group name. If this does not appear when using "none" as AP auth policy then WLCs can not distinguish different RF group names if ap auth set to "none". (because I could not find any RF group info anywhere in the beacon packet. If you know it is exist somewhere else please let us know. So far I assume it is included in this vendor specific IE).
- When I changed the AP auth to "none" the number of AP impersonation reported started to decrease gradually. I'll keep monitoring to see what it will be after couple of hours.
- Config guide is very useful. However, sometimes it is extremley stupid. Why?
well, because if you go to the part that talks about configuring MFP (http://tiny.cc/un6thw), and if you go to Step 5, you will find that the optoin metnioned in step 5 is not available in the AP. It tells you that to enable or disable MFP validation for specific AP you can do this from under Advanced tab. However, this option is not available under Advanced tab. I had a big discussion with TAC about this very long time ago. prompted to doc guys about it but so far nothign changed.
HTH
Amjad -
ASR 1006 shaping\policing on port-channel interfaces
Hello
I encountered a problem - ASR 1006 ignores shaping\policing configuration on a port-channel interfaces.
If I configure:
policy-map Shaping
class class-default
shape average 100000
interface TenGigabitEthernet0/0/0
no ip address
channel-group 1 mode active
interface Port-channel1.10
encapsulation dot1Q 10
ip address 1.0.0.1 255.255.255.0
service-policy output Shaping
With such configuration shaping doesn't work. But it works on ordinary tenGigabit interfaces...
I've tried several ios xe versions.. no changes
Are there any ristrictions with shaping on Port-channel interfaces?Hi,
Traditional QoS will not work for etherchannels. Please read to find suitable config for your case.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_mqc/configuration/xe-3s/qos-mqc-xe-3s-book/qos-eth-int.html#GUID-6137A7B8-B2D1-4024-8AC9-E7EBEDD868C6 -
WiSMs appear to be auto-containing rogues
(This appears to be the converse situation of another relatively recent post. I thought it might be better to have a separate thread rather than muddy up that conversation).
I have a relatively new deployment of 8 WiSMs controllers (4 of which are currently production and 4 are available for failover). The WiSMs are running code v5.2.157.0 and I have about 50 AP1252's split between the 4 production controllers.
We also have WCS v5.2.130.0 in the environment to manage the controllers. I am a little concerned by some messages I am seeing on the WCS which seem to indicate the WiSMs are auto-containing rogues even though I have verified there are no Auto-Contain features enabled on any of the WiSM controllers.
Here is a sample of a WCS log entry which concerns me:
Rogue AP '00:23:75:07:68:b0' with SSID 'qwest5184' and channel number '4' is detected by AP 'xxxx-2-a4' Radio type '802.11b' with RSSI '-92' and SNR '5'. RogueAP contained.
I can dig up more of these but all seem to indicate an action is being taken on Rogue APs even though we specifically have these options unselected (under Security | Wireless Protection Policies | Rogue Policies | General) and their are no Rogue Rules defined either.
Is there anywhere else I should be checking where something like this could be enabled?
I need to make sure I am not being a problem before I can go to my neighbors and expect the same.
Thanks for any ideas.Did you get a resolution to this?
I have the same issue, but am unsure if my WLC's are auto containing rogues, or whether WCS is just falsely reporting the containment.
I see no auto containment setting anywhere on my WLC (4.2.170.0), so I doubt very much it is auto containing.
Anyone know where I can check/look?
My WCS version is 5.2.130. -
Hi,
I have configured the Intune Agent policies as below for the updates as scheduled Everyday at 4:00 PM but after installing the intune agent on any laptops/desktops the Updates scheduled reflecting as Everyday at 3:00 am under Windows update settings of all
the machines that have already intune agent installed ... can anyone suggets why this update policies is not reflectingas per policies configured for Intune agent through Administrator Console..as below..
Also can you please explain more about use Automatic Maintenance for Windows Computers
what this policy will do exactly if we will configured , without this policy we can`t deploy any application through Scheduled...??
Shailendra DevThe UI won't change showing that you've set 4pm, but the impact should be that all your machines install updates and software at 4pm daily.
The Automatic Maintenance is specific to Windows 8 and helps avoid performance and conflicts while a user is interacting with the machine and also allows 3rd party apps to update during the same window. More information is available here: https://msdn.microsoft.com/en-us/library/windows/desktop/hh848037%28v=vs.85%29.aspx
Thanks,
Jon L. - MSFT - This posting is provided "AS IS" with no warranties and confers no rights. -
Hi!
I try to configure a Cisco 5508 Wireless controller and 25 Air-lap1041 to use as VoIP and data. I read documents, manuals, etc, but the AP doesn't charge the configuration, or not conect with the Wireless Controller, why? No Radius server present, only WPA security.howto, please...
I try to put a static ip in the LAP, with lwapp or capwap command, (LWAPP/CAPWAP ap ip address direccion mascara) and the AP returns "You should configure Domain and Name Server from controller CLI/GUI." and i can't change the name of the AP (Command is disabled).
Log from AP:
using ÿÿÿÿ ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x83000800, 0xc0000000
RQDC, RFDC : 0x80000037, 0x00000184
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is NOT up.
PCIE1 port 1 not initialize
PCIEx: initialization done
flashfs[0]: 6 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 2369024
flashfs[0]: Bytes available: 30016000
flashfs[0]: flashfs fsck took 21 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 44:2b:03:dc:09:25
Ethernet speed is 1000 Mb - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...###########################
File "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" uncompressed and installed, entr
y point: 0x4000
executing...
enet halted
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
flashfs[1]: 6 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32126976
flashfs[1]: Bytes used: 2369024
flashfs[1]: Bytes available: 29757952
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
flashfs[2]: 0 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 11999232
flashfs[2]: Bytes used: 1024
flashfs[2]: Bytes available: 11998208
flashfs[2]: flashfs fsck took 1 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Ethernet speed is 1000 Mb - FULL duplex
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1041N-E-K9 (PowerPC405ex) processor (revision B0) with 98294K/32
768K bytes of memory.
Processor board ID FCZ1611W414
PowerPC405ex CPU at 333Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 7.0.94.21
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 44:2B:03:DC:09:25
Part Number : 73-14034-04
PCA Assembly Number : 800-34273-05
PCA Revision Number : A0
PCB Serial Number : FOC16075VZ3
Top Assembly Part Number : 800-34284-03
Top Assembly Serial Number : FCZ1611W414
Top Revision Number : A0
Product/Model Number : AIR-LAP1041N-E-K9
% Please define a domain-name first.
Press RETURN to get started!
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:00:09.574: *** CRASH_LOG = YES
Base Ethernet MAC address: 44:2B:03:DC:09:25
*Mar 1 00:00:09.838: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log
(contains, 1024 messages)
*Mar 1 00:00:11.848: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state
to up
*Mar 1 00:00:11.892: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
*Mar 1 00:08:16.954: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to up
logging facility kern
^
% Invalid input detected at '^' marker.
*Mar 1 00:08:28.047: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 00:08:28.049: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:09:08.282: %CDP_PD-2-POWER_LOW: All radios disabled - LOW_POWER_CLASS
IC_NO_INJECTOR_CONFIGURED AIR-CT5508-K9 (c464.138f.9345)
*Mar 1 00:09:08.282: -Verify the required power-injector is installed on this
port: AIR-CT5508-K9(Gig 0/0/2).
*Mar 1 00:09:08.282: -If a power-injector is installed, issue the command:"pow
er inline negotiation injector installed"
*Mar 1 00:12:19.976: %CAPWAP-5-STATIC_TO_DHCP_IP: Could not discover WLC using
static IP. Forcing AP to use DHCP.
*Mar 1 00:12:29.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:39.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:49.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:59.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:09.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
Not in Bound state.
*Mar 1 00:13:19.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:19.993: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
logs from wireless controller:
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
ap-manager 2 untagged 209.165.200.231 Dynamic Yes No
management 1 untagged 209.165.200.230 Static Yes No
service-port N/A N/A 192.168.1.157 Static No No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >
i conect with service-port ok and the management port works, i think.
AP442b.03dc.0925>ping 209.165.200.230
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.230, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
AP442b.03dc.0925>
Help, please!
i write in spanish:
Hola:
Tengo que configurar un cisco 5508 wireless controller con 25 air-lap1041n, para usarlo como acceso de datos y voz. ¿Cómo lo hago? He leído manuales, y seguido las instrucciones, pero el punto de acceso parace que no es capaz de cargar el perfil. No hay servidor radius, solo la configuración de una clave wpa. Alguién me puede indicar pasos, GraciasHi!
I buy a gigabit switch. I connect the service-port to gigabit switch, and laptop to gigabit switch. I used 192.168.1.x ip address (192.168.1.157 to service-port and 192.168.1.233 to wired port on laptop, well, the laptop has two ip adress, 192.168.1.233 and 209.165.200.2, and the laptop works ok. Ping to 209.165.200.230 -ip address of management interface- and ping to 209.165.200.203 -ip address for AP, is assigned by DHCP of WLC. And i connect the ap to gigabit switch, and the wlc assigns well an ip direction.
I post the run-config and sysinfo log. The gigabit switch is tp-link model tl-sg1005d, no configuration.
Before the logs, I see this message from AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Hola:
He comprado un switch gigabit. Conecto el service-port al switch gigabit y el portátil también (por cable). Uso como direcciones ip el rango 192.168.1.x (192.168.1.157 asignado al service-port y 192, 168.1.233 al portátil, bueno, el portátil tiene dos direcciones, la dicha anteriormente y la 209.165.200.2) El portátil funciona bien, hace ping al 209.165.200.230 - la ip de la management interface, y a 209.165.200.203 - ip asignada al AP por el DHCP del WLC. He conectado el AP al swtich gigabit, y el dhcp del wlc asigna correctamente una dirección ip.
Añado a continuación los resultados de los comandos "show run-config" y "show sysinfo". El switch es un TP-LINK modelo TL-S1005D, sin necesidad de configuración.
Antes de mostrar los resultados de los comandos, he visto el siguiente mensaje en el log del AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Un saludo
Antonio R.
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-CT5508-K9, VID: V02, SN: FCW1608L05X
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 17 mins 45 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Network Information
RF-Network Name............................. hosp
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 0
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Location
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 management Disabled
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority GroupName
Press Enter to continue or to abort
AP Config
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Disabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Press Enter to continue or to abort
802.11a Advanced Configuration
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
DCA Sensitivity Level.......................... STARTUP (5 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
Radio RF Grouping
802.11a Group Mode............................. AUTO
--More or (q)uit current module or to abort
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... c4:64:13:8f:93:40
802.11a Group Member......................... c4:64:13:8f:93:40
802.11a Last Run............................... 75 seconds ago
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mode................................. Disabled
--More or (q)uit current module or to abort
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Enabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
802.11b Advanced Configuration
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
DCA Sensitivity Level: ...................... STARTUP (5 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... c4:64:13:8f:93:40
802.11b Group Member......................... c4:64:13:8f:93:40
802.11b Last Run............................... 213 seconds ago
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... hosp
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x97e2
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast
IP Status
c4:64:13:8f:93:40 209.165.200.230 hosp 0.0.0.0
Up
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 0
Probe request rate-limiting interval............. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1200
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Local mode Fast Heartbeat (seconds)........... disable
AP Hreap mode Fast Heartbeat (seconds)........... disable
AP Primary Discovery Timeout (seconds)........... 120
AP Primed Join Timeout (seconds)................. 0
Packet Forwarding watchdog timer (seconds)....... 240 (enable)
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango S
tate:Disabled
Interface Configuration
Interface Name................................... management
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 209.165.200.230
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 209.165.200.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 192.168.1.1
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 209.165.200.230
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... service-port
MAC Address...................................... c4:64:13:8f:93:41
IP Address....................................... 192.168.1.157
IP Netmask....................................... 255.255.255.0
DHCP Option 82................................... Disabled
DHCP Protocol.................................... Disabled
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... HOSP3C
Network Name (SSID).............................. HOSP3C
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... 209.165.200.230
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Platinum (voice)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
Authentication Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
Accounting Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
--More or (q)uit current module or to abort
TACACS Configuration
Authentication Servers
Idx Server Address Port State Tout
Authorization Servers
Idx Server Address Port State Tout
Accounting Servers
Idx Server Address Port State Tout
LDAP Configuration
Press Enter to continue or to abort
Local EAP Configuration
User credentials database search order:
Primary ..................................... Local DB
Timer:
Active timeout .............................. 300
Configured EAP profiles:
EAP Method configuration:
EAP-FAST:
Server key ................................
TTL for the PAC ........................... 10
Anonymous provision allowed ............... Yes
Authority ID .............................. 436973636f00000000000000000000
00
Authority Information ..................... Cisco A-ID
Press Enter to continue or to abort
HREAP Group Summary
HREAP Group Summary: Count: 0
Group Name # Aps
Press Enter to continue or to abort
HREAP Group Detail
Press Enter to continue or to abort
Route Info
Number of Routes................................. 0
Destination Network Netmask Gateway
Press Enter to continue or to abort
Qos Queue Length Info
Platinum queue length............................ 100
Gold queue length................................ 75
Silver queue length.............................. 50
Bronze queue length.............................. 25
Press Enter to continue or to abort
Mac Filter Info
Press Enter to continue or to abort
Authorization List
Authorize MIC APs against AAA ................... disabled
Authorize LSC APs against Auth-List ............. disabled
Allow APs with MIC - Manufactured Installed C.... disabled
Allow APs with SSC - Self-Signed Certificate..... disabled
Allow APs with LSC - Locally Significant Cert.... disabled
Load Balancing Info
Aggressive Load Balancing........................ Disabled
Aggressive Load Balancing Window................. 5 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 0 clients
Total Denial Sent................................ 0 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count........................ 0 times
Press Enter to continue or to abort
Dhcp Scope Info
Scope: PUNTOSAP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 209.165.200.201
Pool End......................................... 209.165.200.229
Network.......................................... 209.165.200.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 0.0.0.0 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Press Enter to continue or to abort
Exclusion List ConfigurationUnable to retrieve exclusion-list entry
Press Enter to continue or to abort
CDP Configuration
Press Enter to continue or to abort
Country Channels Configuration
Configured Country............................. ES - Spain
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
(-,-) = (indoor, outdoor) regulatory doamin allowed by this country.
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11bg :
Channels : 1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): A * * * * A * * * * A * * .
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11a : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): . A . A . A . A A A A A * * * * * * * * * * * . . . . .
Press Enter to continue or to abort
WPS Configuration Summary
Auto-Immune
Auto-Immune.................................... Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Press Enter to continue or to abort
Custom Web Configuration
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
Web Authentication Type.......................... Internal Default
External Web Authentication URL.................. None
Configuration Per Profile:
Rogue AP Configuration
Rogue Location Discovery Protocol................ Disabled
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
MAC Address Classification # APs # Clients Last Heard
Adhoc Rogue Configuration
Detect and report Ad-Hoc Networks................ Enabled
Auto-Contain Ad-Hoc Networks..................... Disabled
Client MAC Address Adhoc BSSID State # APs Last Heard
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
--More-- or (q)uit
MAC Address State # APs Last Heard
Ignore List Configuration
MAC Address
Rogue Rule Configuration
Priority Rule Name State Type Match Hit Count
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 41 mins 2 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
(Cisco Controller) >
The AP log
AP442b.03dc.0925>
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Selected MWAR 'CISCO-CAPWAP-CONTROLLER
'(index 0).
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Go join a capwap controller
logging facility kern
^
% Invalid input detected at '^' marker.
logging facility kern
^
% Invalid input detected at '^' marker.
*Apr 19 23:10:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:19.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 19 23:10:20.200: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:20.201: %CAPWAP-5-SENDJOIN: sending Join Request to 209.165.200.23
0
*Apr 19 23:10:20.201: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
*Apr 19 23:10:20.354: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Apr 19 23:10:20.355: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 209
.165.200.230:5246
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.412: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established -
WSM Managed server starts in ADMIN Mode after upgrade to 11.1.1.7
We have just upgraded our 11g SOA Cluster environment from 11.1.1.4 to 11.1.1.7. The issue is after the upgrade, our WSM servers are starting to ADMIN state with following error.
<Sep 25, 2013 7:14:35 AM PDT> <Error> <Deployer> <BEA-149205> <Failed to initialize the application 'DMS Application [Version=11.1.1.1.0]' due to error weblogic.application.ModuleException: Failed to load webapp: 'dms.war'.
weblogic.application.ModuleException: Failed to load webapp: 'dms.war'
Caused By: weblogic.management.DeploymentException: Error: Unresolved Webapp Library references for "ServletContext@381802823[app:DMS Application module:dms.war path:/dms spec-version:2.5 version:11.1.1.1.0]", defined in weblogic.xml [Extension-Name: jstl, Specification-Version: 1.2, Implementation-Version: 1.2, exact-match: false]
at weblogic.servlet.internal.WebAppServletContext.processWebAppLibraries(WebAppServletContext.java:2750)
Our cluster environment has one Admin Server, and two of each OSB, WSM and SOA managed servers. As our WSM servers are not coming up, we are not able to start our SOA servers too.
Thank YouSame issue here :-)), Just playing around with policies configuration, the server was running just fine, I wanted to check if the policies are applicable during runtime even the WSM managed server is down. After restart, it started in ADMIN mode, well the solution is straight. It is exactly telling that the dms application is missing the jstl library reference
<Error> <Deployer> <iwpdcdevsoaa.iwater.ie> <WLS_WSM1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <bcfaf10ec8fbdfc2:-26d85d29:1429ffae24c:-8000-0000000000000003> <1385663491675> <BEA-149205> <Failed to initialize the application 'DMS Application [Version=11.1.1.1.0]' due to error weblogic.application.ModuleException: Failed to load webapp: 'dms.war'.
weblogic.application.ModuleException: Failed to load webapp: 'dms.war'
at weblogic.servlet.internal.WebAppModule.prepare(WebAppModule.java:395)
at weblogic.application.internal.flow.ScopedModuleDriver.prepare(ScopedModuleDriver.java:180)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:518)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:47)
at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:649)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:144)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:40)
at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:22)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:166)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:181)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:97)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: weblogic.management.DeploymentException: Error: Unresolved Webapp Library references for "ServletContext@384044243[app:DMS Application module:dms.war path:/dms spec-version:2.5 version:11.1.1.1.0]", defined in weblogic.xml [Extension-Name: jstl, Specification-Version: 1.2, Implementation-Version: 1.2, exact-match: false]
at weblogic.servlet.internal.WebAppServletContext.processWebAppLibraries(WebAppServletContext.java:2750)
at weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.java:416)
at weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.java:494)
at weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:418)
at weblogic.servlet.internal.WebAppModule.registerWebApp(WebAppModule.java:976)
at weblogic.servlet.internal.WebAppModule.prepare(WebAppModule.java:384)
at weblogic.application.internal.flow.ScopedModuleDriver.prepare(ScopedModuleDriver.java:180)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:518)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:47)
at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:649)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:144)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:40)
at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:22)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:166)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:181)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:97)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
So search for "jstl" within the weblogic console in search bar, it is type of library, click on it and target it to the managed server where OWSM is running as weel. It was root cause in my case, somehow the library was not targeted to our WLS_WMS1 managed server. Now the server is back in RUNNING mode. Of course apply this in case of problem with SOA servers, target it to the cluster or exact nodes and it should work.
Still I don't know how the issue has been crated, I don't think that somebody removed it from deployment. Rather I think that somebody was applying patch or some artifacts to OSB or SOA managed server and this library was required as well, but as soon as we have separated WSM cluster, it was maybe assuming that it is running within OSB or SOA clusters and therefore didn't target the WSM cluster automatically. But this is just the idea :-))
Ladislav -
Password Violation error while creating users from Admin interface
Guys,
The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
Current System:
1. I have configured TAM Pass-Thru authentication for End User Login Application.
2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
3. I have custom password policies configured for different orgainizatoions
Problem:
1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
Appreciate your help!!!
Thanks
VijayGuys,
The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
Current System:
1. I have configured TAM Pass-Thru authentication for End User Login Application.
2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
3. I have custom password policies configured for different orgainizatoions
Problem:
1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
Appreciate your help!!!
Thanks
Vijay
Maybe you are looking for
-
I work with animations, so I produce many thousands of frame files. The frames are rendered on separate machines, and then copied to a central hard drive where they can be locally accessed. I have continually run into the issue of bad performance whi
-
Macbook Pro being used as XP Pro Bootcamp gaming laptop - OK?
I am looking to buy a Macbook pro 2.4 with 2gb ram. I want to split the drive into 2, making the other side bootcamp, xp pro, for mainly purposes of gaming. Games like COD4, COD5, GRID, etc. etc., but wanted to know before I buy can the Macbook Pro b
-
H264 - difference between MOV / MP4 container?
Hi Folks, I'm compressing broadcast video from PR422 Quicktime to an intermediate quality / size movie (for ease of transfer by internet). My associate is using Sorenson Squeeze to compress this intermediate file to a smaller FLASH FLV file for web d
-
Copying audio files to SD memory card
I have a 1GB Secure Digital card connected with a card reader. I converted an audio book CD to mp3 files using iPhoto. When I try to copy the mp3 files to the empty SD card, after 75 files and 342 MB, this message appears: "The item cannot be copied
-
Strange eth0 interface traffic
For almost a week now, I noticed that there is some traffic over the eth0 interface every 3 seconds (90 - 180 B/s). Even when I close all applications like Firefox and Kmail. I don't know what to google on because I don't know what this all about. S