Sample config for wireless

Similar Messages

• Sample config for TACCAS+ on ASA 8.22

  I am looking for a sample configuration for doing TACCAS+ on ACS 5.2 with an ASA 8.2.2.
  Any help would be appreciated.

  I think the following should just about do it - However it is MUCH simpler to do this in the GUI
  aaa-server TACACS protocol tacacs+
  aaa-server TACACS (management) host x.x.x.x key ****
  aaa authentication http console TACACS LOCAL
  aaa authentication ssh console TACACS LOCAL
  aaa authentication serial console TACACS LOCAL
  aaa authentication enable console TACACS LOCAL
  aaa authentication telnet console TACACS LOCAL
  aaa accounting ssh console TACACS
  aaa accounting telnet console TACACS
  aaa accounting serial console TACACS
  aaa accounting enable console TACACS
  aaa accounting command TACACS
  Remember you need to create the network device in ACS with the same shared key.
  Paul

• Sample config for local switching of QLLC to Ethernet?

  is it possible to switch a serial attached controller (PU2.0/2.1) over X.25 QLLC to a local attached Mainframe by ethernet?

  We used Frame Relay across the WAN instead of X.25 and there were no problems with the implemetation. Guess it would work with X.25 too. The following doc gives you the configuration.
  http://www.cisco.com/warp/customer/488/48.html

• Sample Config - IDSM-2

  I'm looking for a sample config for a IPS IDSM-2. I've been reviewing the configuration manual and love the excruciating detail, but would like to work from a sample config. Maybe just the basics to get started and then I can add stuff in later.
  Any samples would be most appreciated.
  Thanks,
  Mike

  You need to decide the mode you want to run your IPS in? Promiscuous, Inline (VLAN/Interface pair) ?
  Here are two examples from CCO:
  https://www.cisco.com/en/US/products/sw/secursw/ps2113/products_configuration_example09186a0080876d9f.shtml
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00809c37cb.shtml
  Regards
  Farrukh

• Help setting up a Laserjet P1102w for wireless printing on a Mac

  I'm trying to setup a Laserjet P1102w on my Mac for wireless printing, but it's not working.  It will print fine using USB, but all the documentation for wireless setup is for Windows, not Mac.  if I connect the printer via USB to my Mac, how will it get an IP address from my wireless network?  Any help appreciated.

  Hi Staxofjoy,
  Based on the information you provided, and comparing to another post regarding this issue (link below) - It sounds like you are running 10.7 (Lion).
  http://h30434.www3.hp.com/t5/Mac-Printing-and-Scanning/HP-Laserjet-P1102w-driver-for-Macbook-OS-X-Li...
  Please go to the linked thread above, and look for the post by mikel1004 - he outlined the steps for connecting Adhoc to the printer very clearly.
  Summary of what you will need to to:
  1. Reset Printer to Defaults
  2. Connect to printer via Adhoc from your Mac (This will disconnect you from your home wireless network)
  3. Access HTML Config, and configure the printer's wireless settings manually from there.
  4. Reconnect the Mac to the Home Network
  5. Add the printer to the print queue.
  Hope this helps
  I am an HP Employee
  Click the KUDOS Star to say "Thanks"
  Please mark the post that solves your problem as "Accepted Solution"

• DMZ Anchor WLC setup for Wireless Guest Access

  I have the following setup.
  A DMZ WLC 4402 connected to firewall DMZ interface in 10.10.73.0/24 network.
  An Inside WLC 2106 connected to firewall Inside interface in 10.10.71.0/24 network.
  Both WLCs are running the same 4.2.176 code.
  DMZ WLC is anchor to itself and Inside WLC select the DMZ WLC as the anchor point.
  I have setup EoIP between DMZ and Inside WLCs successfully with both the control and data path both show as UP status. >> "show mobility anchor"
  The main issue: Clients cannot obtain IP addresses after connected to Guest SSID.
  1. Inside WLC, the guest WLAN ingress is 802.11b/g radio and egress port is set to management interface (EoIP) of type WLAN.
  What is the DMZ WLC setting? Is the ingress set to "802.11b/g" which does not make sense because the ingress is EoIP from Inside WLC?
  Or I still set as 802.11b/g? Same config as Inside WLC? I read from other threads suggested by Terry that the config must be the same for both WLCs.
  In the Inside WLC, I saw alot of pdu encapsulation errors for broadcast packets which is ffff.ffff.ffff xxxx which I think is the DHCP request from the connected Wireless clients not making through the EoIP tunnel. I have set static ip for the Wireless client but the packets cannot route through the EoIP tunnel to the far end.
  2. DHCP server is provided by DMZ WLC with the scope 10.10.76.0/24. In the Inside WLC, which DHCP server IP adddress to set to? DMZ WLC mgmt ip address? DMZ WLC, the DHCP server is also set to DMZ WLC mgmt ip?
  3. Layer 2 authentication. I read that DMZ WLC is supposed to be the DHCP server, Layer 2 or 3 authentication for Wireless Clients. However, it seems like Inside WLC is required to configure the Layer 2 authentication parameters and the DMZ WLC is set to providing the DHCP service?
  4. Lastly, anyone has done DMZ WLC sending the Wireless clients traffic to Bluecoat proxy server before hitting the Internet?
  Thanks.

  One of the biggest things is to make sure the wlan is configured exactly the same. The DMZ WLC ingress is the management and also is the egress port. You can create a dynamic interface on the DMZ WLC, but this way makes thing easier. The DMZ WLC should provide the dhcp, so the dhcp scope of course will be on the same subnet as the management of the DMZ WLC. The DHCP Server will be the ip address of the management interface of the DMZ WLC. The authentication also has to be configured exactly the same on the inside wlc and the DMZ wlc. Since you are pushing clients through the tunnel to the DMZ WLC, that is where clients will need to get their ip address, since that DMZ WLC has a network interface to the guest network. I haven't had luck when a proxy is involved, but I know there was a post a while ago on how to setup the proxy to allow the wlc to bypass the users initial dns resolution.

• Cisco ISE configs for switch

  I suppose Cisco ISE sends a URL redirect to the switch and the switch presents it to the client in case of guest Access getting a URL redirect with User Acceptance Page (Wired Guests and not wireless).
  My question here is, Do we need to configure http and https server on the switches (both supplicant and authenticator)?
  I am sure it will need but just wanted a confirmation..
  I have checked the configuration for supplicant and Authenticator switches for ISE and it has no where mentioned that part of the config.
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_troubleshooting.html (a problem of URL redirection and possible cause is mentioned) ------- makes me sure that the config is needed.
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_010000.html
  (config of supplicant and authenticator switch)---- nowhere mentioned of the http/https config for both switches.

  Yes, its needed.  The http/s server within the swtich is used to grab the http user traffic and redirect the traffic to the CWA portal, or a device registration portal, or even to the Mobile Device Management (MDM) onboarding portal.  .
  ip http server
  ip http secure-server
  The info below I grabbed from Cisco ISE for BYOD and secure unified access book.
  "Many organization want to ensure that this redirection process using the switch's internal HTTP server is decoupled from the management of the switch itself, in order to limit the chances of an end user interacting with the management intervace and control plane of a switch.  this may be accomplished by running the following two commands from global configuration mode:
  ip http active-session-modules none
  ip http secure-active-session-modules none"

• NAC for wireless layer 3 oob

  Hi,
  Anyone implemented nac for wireless layer 3 oob? This is using nac appliance not ise.
  What I did is to configure wlc as per layer 2 oob setup. Configure svi 669 (authentication/quarantine vlan) on switches that’s with the wism. Pbr all vlan 669 traffic to test cas untrusted interface.
  Problem now I’m not able to get an ip from dhcp after associating. DHCP works when tested on wired. Is there any additional config to be done on WLC or am i doing it right??
  The test cas/cam are ugraded to ver 4.8.2.
  Regards
  Joachim

  Everyone can do a mistake and it seems I did a big one :-)
  l3 wireless OOB was not supported until last version :
  §Wireless L3 OOB RIP has been introduced in 4.8.2.
  §In order to support wireless in L3 OOB RIP deployment – DHCP release and renew values were propagated from CAS to the client so that client can perform IP refresh.
  §The configuration of WLC and AP’s needs to be done like in Wireless L2 OOB VGW deployments.
  §There are no ports in WLC hence Port profile is not required
  §WLC allows only two VLAN’s namely Quarantine (Auth) and Access VLAN’s. Hence the support for User role Vlans is not there in Wireless deployments.
  §iPhone/iPad support is also not present. Reason being IP address cannot be refreshed in iPhone/iPad due to lack of support for Java Applet/ActiveX.
  §The authentication trap control needs to be checked in order for the WLC to send 599.0.4 trap.

• QoS config for Video Traffic

  Hello all,
  I have a campus network with several remote sites, at the campus I have a 6509 at the core and 3560 and 3750 switches at the access layer. I do have QoS enable on the 6509 and I am using auto QoS on the 3560 and 3750 switches and all seems to be working fine with my existing VOIP environment. But now as I am in the middle of rolling out a video conferencing solution with the existing QoS config I am experiencing a noticeable delay between audio and video. Example like during a video call I can tell that the voice and the lips of the person speaking are not in synch.
  Has anyone run into this issue ? can someone provide me a sample QoS config for the 6509 and 3560/3750 switches ?
  P.S. I am using a Tandberg/Codian solution for video conferencing with Tandberg/Codian MCU, IP Gateway, ISDN Gateway and Tandberg endpoints. And both the endpoints and the back-end infrastructure devices and are set for IP Precedence 5.
  Thank you very much in advance !!!
  Danny

  The main concern with configuring your back-end infrastructure devices with IP Precedence value 5 is that the 3560/3750 auto-qos will map this value to Q1 which is ordinarily the strict priority Q.
  In most cases auto-qos will also configure or map Video to Q3, you can see this as a majority SRR bandwidth is assigned to the Q.
  In order to use the strict priority queue, it has to be enabled on the interface 'priority-queue out', without it Q1 will not be emptied before the others. It will be serviced according to the weight.
  With auto-qos Q1 will not have enough bandwidth as it will be assigned to Q3. Therefore you could initially enable priority-queue if not already enabled so that Q1 is emptied first, or you increase the weight.
  The next question is whether you are using egress scheduling within the Core? and this conforms to your edge classification for Video?
  HTH.
  Allan

• Sample config

  So I have been trying to setup trunking (got that done and tested) on a pair of CSS 11503's and now i would like to setup ASR, vr and vip redudnacy to failover between them. Does anyone have any samples of how to do this with all public ips, all the cisco docs are for nat'd configuration which we do not run, everything would be public.
  right now management of the css is done over vlan100 but the servers are in vlan150, different subnet's obviously however what is messing me up is the docs are all saying to use outside public ips and inside for the servers. I only have public ips and don't have time to change anything to a nat...any help would be great

  actually let me append my previous comment with a question..
  since I am trunking up (to my 6509s) and down (to various switches)...what should my default route be on the CSS's
  i have 2 vlan's right now
  vlan 10
  ip address 192.168.10.10 255.255.255.240
  vlan 20
  ip address 192.168.11.11 255.255.255.224
  in my global however I am using
  ip route 0.0.0.0 0.0.0.0 192.168.10.1 1
  10.1 btw is a virtual (HSRP address) on my 6509's
  11.1 would be the virtual (HSRP address) on my 6509's for vlan20 etc..
  so yes my previous statement about the gateways for my web servers pointing to the CSS is true (redudant int), however if I have other servers on my switches that are not in the lb's groups and I point it those servers to my HSRP virtual for vlan20's 11.1 i cannot ping it... so what are my options cause I would rather not change gateways on some of the other machines that won't be load balancing.
  I noticed in the trunking sample config the global had no route, but when i removed it, i couldn't get to anything (of course).
  thanks again

• Sample Config ACE20-MOD-K9

  Hi,
  Can some one help me with a sample configuration for ACE20?
  Rgds....Partha Acharya

  here is a copy of my lab config.
  switch/User1# sho run
  Generating configuration....
  logging enable
  logging buffered 7
  access-list PERMIT_ANY line 10 extended permit ip any any
  access-list app line 10 extended permit ip host 192.168.20.41 any
  probe http ACECFG-http
  interval 5
  faildetect 2
  passdetect interval 10
  request method get url /index.html
  expect status 200 299
  probe ftp ftp_probe
  interval 10
  passdetect interval 10
  expect status 0 999
  open 5
  parameter-map type connection REPL
  parameter-map type connection TCP
  rserver host 20.20.20.20
  ip address 20.20.20.20
  inservice
  rserver host REFLECTOR-10
  ip address 192.168.60.10
  inservice
  rserver host REFLECTOR-11
  ip address 192.168.60.11
  inservice
  rserver host REFLECTOR-12
  ip address 192.168.60.12
  inservice
  rserver host REFLECTOR-13
  ip address 192.168.60.13
  inservice
  rserver host REFLECTOR-14
  ip address 192.168.60.14
  inservice
  rserver host REFLECTOR-15
  ip address 192.168.60.15
  inservice
  rserver host linux1-48
  ip address 192.168.30.48
  rserver host linux2
  ip address 192.168.20.41
  inservice
  serverfarm host 20.20.20.20
  rserver 20.20.20.20
  inservice
  serverfarm host REFLECTOR
  predictor leastconns
  rserver REFLECTOR-10
  weight 1
  inservice
  rserver REFLECTOR-11
  weight 1
  inservice
  rserver REFLECTOR-12
  weight 1
  inservice
  rserver REFLECTOR-13
  weight 1
  inservice
  rserver REFLECTOR-14
  weight 1
  inservice
  rserver REFLECTOR-15
  weight 1
  inservice
  rserver linux1-48
  inservice
  serverfarm host linux2
  failaction purge
  probe ACECFG-http
  rserver linux2
  inservice
  serverfarm host linux2-ftp
  probe ftp_probe
  rserver linux2 21
  inservice
  sticky ip-netmask 255.255.255.255 address source STICKY-REFLECTOR
  replicate sticky
  serverfarm REFLECTOR
  class-map match-all NAT
  2 match access-list app
  class-map type http loadbalance match-all URL
  2 match http url .*
  class-map match-all VIP-250-80
  2 match virtual-address 192.168.100.250 tcp eq www
  class-map match-all VIP-250-ftp
  2 match virtual-address 192.168.100.250 tcp eq ftp
  class-map match-any VIP-REFLECTOR-254
  2 match virtual-address 192.168.100.254 tcp eq www
  policy-map type management first-match ALLOW
  class class-default
  permit
  policy-map type loadbalance first-match 20.20.20.20
  class class-default
  serverfarm 20.20.20.20
  policy-map type loadbalance first-match LB_linux2
  class class-default
  serverfarm linux2
  policy-map type loadbalance first-match REFLECTOR
  class class-default
  sticky-serverfarm STICKY-REFLECTOR
  policy-map type loadbalance first-match ftp-linux2
  class class-default
  serverfarm linux2-ftp
  policy-map multi-match NAT1
  class NAT
  nat dynamic 1 vlan 100
  policy-map multi-match SLB-REFLECTOR
  class VIP-REFLECTOR-254
  loadbalance vip inservice
  loadbalance policy REFLECTOR
  loadbalance vip icmp-reply
  policy-map multi-match SLB1
  class VIP-250-80
  loadbalance vip inservice
  loadbalance policy 20.20.20.20
  loadbalance vip icmp-reply
  class VIP-250-ftp
  loadbalance vip inservice
  loadbalance policy ftp-linux2
  loadbalance vip icmp-reply
  inspect ftp
  service-policy input ALLOW
  interface vlan 20
  ip address 192.168.20.253 255.255.255.0
  mac-sticky enable
  access-group input PERMIT_ANY
  service-policy input SLB1
  no shutdown
  interface vlan 100
  ip address 192.168.100.2 255.255.255.0
  alias 192.168.100.1 255.255.255.0
  peer ip address 192.168.100.3 255.255.255.0
  access-group input PERMIT_ANY
  nat-pool 1 192.168.100.240 192.168.100.245 netmask 255.255.255.0
  no shutdown
  ip route 0.0.0.0 0.0.0.0 192.168.100.9
  ip route 192.168.100.4 255.255.255.255 192.168.100.9
  ip route 171.69.146.79 255.255.255.255 192.168.20.41
  ip route 192.168.30.0 255.255.255.0 192.168.20.37
  ip route 20.20.20.20 255.255.255.255 192.168.20.41

• Basic internet config for t1 incoming wan

  what would be a basic internet config on a t1 wic w/ a public ip and two fast ethernet ports? 1841 router. i'm trying to write up a checklist of everthing the config should accommodate so i don't leave anything out.

  hello johnny,
  sample config of a T1 is as below:
  Interface serial 0/0
  service-module t1 clock source internal
  service-module t1 timeslots 1-24 speed 64
  service-module t1 framing esf
  service-module t1 linecode b8zs
  ip address 10.1.1.1 255.255.255.0
  encapsulation ppp
  fair-que
  no shut
  make sure the framing and linecode are configured right. check this with the ISP... if your LAN is on a private range, you also might need to do a NAT/PAT over the T1 interface.. for NAT examples refer to the CCO. you also need a default route to the outside towards the t1 interface...
  Hope this helps.. all the best. rate replies if found useful..
  Raj

• Wireless 3850 and Web-Auth for Wireless clients

  Hi
  I can't get the web-auth feature to work properly on the Catalyst 3850 for wireless clients.
  Internet is all tested and there is full IP connectivity.
  Issue is when I enable the webauth feature on the SSID. Incidentally when I enable the SSID to use consent it works.
  I am using local authentication for the guest users.
  When user logs onto the wireless, they get to the landing page, and are able to enter the credentials then there is a 30 second pause. The client detail says WEBAUTH_PEND and then a pop up window comes back as seen below
  Config below
  interface Vlan302
  description **** Wireless Guest ****
  ip address 10.145.224.161 255.255.255.224
  ip helper-address 10.144.214.134
  ip helper-address 172.17.2.56
  ip http server
  ip http secure server
  ip dhcp snooping
  wlan XXXXX 2 XXXXXX
  aaa-override
  accounting-list default
  client vlan 302
  ip flow monitor wireless-avc-basic input
  ip flow monitor wireless-avc-basic output
  no security wpa
  no security wpa akm dot1x
  no security wpa wpa2
  no security wpa wpa2 ciphers aes
  security dot1x authentication-list WEB_AUTH
  security ft
  security web-auth
  security web-auth authentication-list WEB_AUTH
  security web-auth parameter-map vit_web
  no shutdown
  parameter-map type webauth vit_web
  type webauth
  security web-auth parameter-map vit_web
  user-name Guest1
  creation-time 1390837878
  privilege 15
  password 7 022D0156060F1B351D
  type network-user description Temp-Guest-User guest-user lifetime year 0 month 1 day 0 hour 0 minute 0 second 0
  user-name Guest2
  creation-time 1390838016
  privilege 15
  password 7 0724244143000D1145
  type network-user description Temp-Guest-User guest-user lifetime year 0 month 1 day 0 hour 0 minute 0 second 0
  aaa new-model
  aaa authentication login WEB_AUTH local
  aaa authorization network WEB_AUTH local

  Hey Greg,
  Did you also define the global webauth parameter? I think I had to do this to get my 5760 "working" or as working as these new controllers can be.
  parameter-map type webauth global
  type webauth
  virtual-ip ipv4 x.x.x.x wlc.whatever.org
  max-http-conns 50
  Also I had to enable http server in addition to secure server
  ip http server
  ip http secure-server
  Are you using a self signed cert?
  I saw windows clients take a long time to load the page when using a self signed cert.
  MAC clients dont seem to work if you use the IOS or OSX based logon. You'll need to disable the auto logon and launch a browser for the redirect. There was a bug ID around this MAC problem which was supposedly resolved in 3.3.1SE  but I still have the problem.
  -Kyle

• Can not connect All in one 209b to new router for wireless printing....

  Have an HP laptop and All in one priner 209b.  All was working fine, wired and wireless printing.  Then we had to upgrade our ATT Uverse router.  Everything works...even wireless laptop and printer when connected to laptop.  However, can't get printer to printer wireless since it has the old router info.  I used the disk but when it asks to you to pick the printer, I choose the printer but it says printer now found ??? what ???? and this is with the cable connected.  I do not have the wizard on the touch screen but I did reset to factory settings hoping it would load new router info but it does not.  How do you manually enter router into for wireless printing.  Is it best to delete the printer and reinstall as new...wired and then wireless ???
  I am about to call an outsite company and pay the outrageous charge as the help on HP is not working.  Thanks

  Try this utility:
  http://h10025.www1.hp.com/ewfrf/wc/document?docname=c02114394&cc=us&dlc=en&jumpid=reg_r1002_usen&lc=...
  007OHMSS
  I was a support engineer for HP.
  If the advice resolved the situation, please mark it as a solution. Thank you.

• Routine sample code for reading 2 fields from existing DSO

  Hi Gurus,
               I am a monkey when it comes to write ABAP code. I have one DSO-A where we store accounting info of purchading (from DS 2lis_02_acc) and one DSO-B getting data from 2lis_02_scl data source.
  We need to write a rountine to read DSO-A for G/L account and populate DSO-B G/L account field.
  Please provide me the sample code for this.
  Warm Regards,
  Anil

  Hi anil,
  Create a local table this is type of you source,
  Data : LV_table  TYPE  XXXX
  use the select statement to read the table of DSO .You have to use th active table for the dso that you want to read data from.
  Select xxxfieldxxx FROM  /BIC/A..........50
  into lv_table where
  filed name of of scheule line probably order no and item no .
  <soruce-fields>-IOBELN = IOBELN
  and <source-fields>-IOBELP = IOBELP.
  Checke the techinal name i am not sure about it. It will be something like that.
  Cheers mate