SVI needed for WiSM service-port?

I currently have a vlan/SVI on my 6506 for the WiSM service-port. The WiSM has an address on the same subnet. To manage the WiSM, I either https to the Management interface address or use 'session slot X proc Y' from the the 6506. Since I am essentially only using two addresses from a subnet for this service-port I would like to free up the subnet. Can I keep my current functionality by having a vlan only (with the wism service-vlan XX command) with no SVI? Thanks.

Yes, correct. You dont have to have this as a SVI. You can just drop them into the vlan with no SVI. So long as the WiSMs have a service port and IP and they are on the same subnet in the same vlan you are good.
After you set this up do a show wism status .. You should see thet are all up.
In fact I bloged about a security issue with the service port and the SVI interface. Its a good read..
http://www.my80211.com/security-labs/2010/10/7/cisco-wism-config-practice-opens-svi-vulnerability.html
I hope this helps.

Similar Messages

  • WiSM Service Port is sourcing Fin-Ack packets

    For some reason or another, both of the service port interfaces on our WiSM WLCs are sorucing Fin-Ack packets to IP addresses out on the Internet.
    My understanding is that the service ports are only suppose to be used for communication between the Sup720 and WiSM, and I'm wondering if this could be due to some type of misconfiguration on the WiSM or 6509E.
    We have static IP addresses configured on the service ports in vlan 999 on the 6509E:
       interface Vlan999
        description VLAN for WiSM Service Port
        ip address 192.168.99.1 255.255.255.0
        no ip redirects
        no ip proxy-arp
       end
    There is also a connected route for this vlan on the 6509E:
       ROUTER# sh ip route
       C    192.168.99.0/24 is directly connected, Vlan999
    I have verified that traffic on vlan 999 is being routed off of that vlan. Should I? and how can I prevent that?
    Should our service port vlan (999) be a L2 vlan instead of L3 at the 6509E?
    Should we even have an SVI for vlan 999 on the 6509E?
    With the 6509E being a VTP server, vlan 999 has propigated to all of the other swtiches on our campus.
    Any advice would be greatly appreciated.
    - Jonathan

    Thanks for answering my questions Nicolas.
    I will configure an ACL to block this traffic.
    It just seems odd that this traffic would be coming from the service port interfaces.
    The source port for the Fin-Ack packets are always port 2006 of the WiSM service port interfaces:
    Ex)
    10:57:14 192.168.99.3.2006 > 178.16.32.26.55604: F ack 1572593820 win 1378
    10:57:14 192.168.99.3.2006 > 68.192.70.95.50091: F ack 520899031 win 1378
    10:57:14 192.168.99.3.2006 > 157.252.133.95.52194: F ack 198026245 win 1378
    10:57:14 192.168.99.3.2006 > 68.175.103.222.62076: F ack 2128482631 win 1378
    10:57:14 192.168.99.2.2006 > 69.192.173.15.52873: F ack 3642030540 win 1378
    10:57:15 192.168.99.3.2006 > 184.88.1.180.59208: F ack 644520437 win 1378
    Its understandable that traffic destined for the service port subnet would be forwarded out of the service port interfaces but in this case the traffic is destined for the IP addresses out on the Internet, not the service port subnet.
    - Jonathan

  • Wism Service Port issue

    Hi All,
    I am trying to configure a new wism module, as per the cisco official document i have configured all settings for the service interface, but it is not leasing ip address from my dhcp pool. What could be the possible reason ? Please Help
    Thanks in advance.
    Rgds.
    Shijo.

    Hello All,
    Thank you very much for the replies and let me inform you that i could resolve the problem by myself. I am glad to share my experiance and solution herev.
    As per the cisco documents the 'service port' will automatically lease an ip from the service vlan dhcp pool, as i posted b4 it was not working. Then tried to access the wism's console port using the default user name and password 'admin' (as per cisco documnets). But unfortunately for me it was 'cisco'. (It really took half of a day to make a blind attempt, my bad luck ). Using the newly discovered user name and password i had logged into the cosole and serached for a solution. The result was bit shocking - DHCP in service port was disabled !!!.Anyway i fixed it and logged out. The service port then  leased IPs from the sevice vlan dhcp pool. 
    Then i tried 'session' to the controller, it simpley gave me the next issue. The switch failed to session into controller !!. After a few hrs attempt i found that telnet was also diabled in the controller from the wism's console, fixed it from the wism console itself.
    Again, as per the cisco document in the first loggin to the wism you will get a configuration wizard, i didnt get anything like that .
    Anyways for the time it is working fine, and as it is my very first experience with a WISM i am expecting more issues when entering into more complex configuration. I expect all of yours support then.
    Merry X'mas in advance.
    Thank you very much,
    Shijo.

  • System processes needed for web service call

    Hi experts,
    one theoretical question: how about the system processes needed for a web service call? If have created a test service that does nothing except to wait for 10 seconds. When I call it from outside, no extra process is busy (as seen in trx SM50). Is it possible that one web service call (from outside -> SAP machine) does not need a DIA or BTC process on SAP machine?
    Thanks in advance for your help!
    Kind regards, Matthias

    Hi,
    Of course a web service needs a dialog workprocess to run.
    But if you used the "wait" abap instruction, it may be that this instruction frees the work process ?
    Regards,
    Olivier

  • WISM Service Ports Down

    I am walking into a site that already has the WISMs setup. There are 2 switches setup with VSS and there are a total of 4 WISMs. When I do a show wism status there are 3 of the service ports that show down. One port down on one of the WISMs and both ports down on another. The managment addresses are setup and I can mange the WISMs and when I do a show int on any of the interfaces they show as 'notconnect'.
    I don't think you can go in and do a "no shut" on the ports so not sure what to do in order to get the service ports up.

    I guess when in doubt reboot....I booted the controllers in question and the ports came up.

  • Is a NID needed for DSL service?

    I just signed up for "High Speed Internet" (aka DSL since FiOS is not yet available in Baltimore city).  I am doubtful I will get the promised speeds of Downloads up to 3 Mbps / Uploads up to 768 Kbps because the wiring is so old from the telephone pole to the house that I do not even have a Network Interface Device (NID) on the outside of the house.  I should add that I am about to install fresh wire on the inside of the house from where the phone line comes in to the point where the phone line will hook into the modem, so my inside wiring will be fine.  Do I have anything to worry about?  Will they definitely install a NID for me and redo the wiring from the poll to the house since it is 30+ years old?  I should add that I do not have home phone service and do not need it either.
    I just called Verizon to try and schedule the DSL technician and the one lady told me they turn on the DSL from a central location and there is no need for the technician to even come to my house so they will not install a NID while another lady told me that the technician will come out to my house and test the signal.  I was just trying to be proactive today in calling to set up an appointment when I would actually be home since if they do install an NID they will possibly need access to the interior of my house to hook up my interior wiring to the NID.  They wouldn't even let me push back the appt to a few days past the due date and none of my questions were answered.
    I have a feeling that no matter what happens, it will be a fight to get them to replace the 30+ year old wiring that comes from the poll to my house.  I am just assuming that this wiring is likely not new enough to get me the promised speeds (Downloads up to 3 Mbps / Uploads up to 768 Kbps).  Anyone have any insight or advice for me?
    Message Edited by RalphPa on 08-19-2009 06:33 AM

    No NID needed. I had DSL (moved to FiOS), and my copper pair ends with a porcelain block. My guess is the copper pair is upwards of 70 years old (the house dates from 1926).I had DSL service for about 15 months with Verizon before moving to FiOS. The service to this house long predates NID's.
     That's the good news. The bad news was that if I could hear thunder, my DSL service was down, and it also degraded substantially in bad weather. While on good days I could just about get to the 3mbps downlink, 650kbs was about the best I could ever do on the uplink. The modem reported horrendous losses (60+db) on the link, which mean fairly high transmit power on both ends which ultimately may impact modem life.
    Anyway once you are installed, you can connect to the router/modem and see what the modem has been able to negotiate with the CO. It will be in the log everytime the DSL connection is initiated.
    Ultimately the DSL performance depends upon how good or how bad the copper pair is between your premises and the CO. Even ancient copper can work quite well if the distances are short.

  • URGENT! BT line needed for LifeLine Service!

    My parents are trying to get a phoneline installed into a new-build bungalow for my Gran who replies on a lifeline pendant.  They called in the middle of March to order the phone number to be transferred to the new address only to be told the earliest that it could be done was 28th April!  They eventually managed to get someone to agree to 8th April but that date was put back and they were promised 16th April, the day before my Gran was to move home, on that day aparently two engineers were supposed to turn up, because the 2nd engineer arrived before the first, he found initial work hadn't been completed and left the property.  We're not sure whether engineers have even turned up as the wiring is already installed and the bungalow was locked.  move date has come and gone and still no phoneline despite BT making various excuses.  My Mum is at the end of her tether with the constant stream of excuses, today she's received a text message saying that the phone line is now active (the phone is dead) and when calling to report it, she's been told the order has been cancelled.
    My Gran  relies on lifeline and the lack of a phone means that this is putting her life at risk as well as unneccessary worry for my Mum and stress in trying to deal with the call centres who seem to have a different excuse everytime something is not done.  Is there somewhere (preferably in the Uk) we can get in touch with so the phoneline activation can be managed properly as I do believe the overseas call centre staff do not understand and/or do not care about the seriousness of the situation we're in? 
    Solved!
    Go to Solution.

    Hi Stressed2015,
    If you send over your Mums order details we'll chase this up.  Please use the 'contact the mods' link in my forum profile to send in the details. You can find the link by clicking on my username.
    Thanks
    Neil
    BTCare Community Mod
    If we have asked you to email us with your details, please make sure you are logged in to the forum, otherwise you will not be able to see our ‘Contact Us’ link within our profiles.
    We are sorry but we are unable to deal with service/account queries via the private message(PM) function so please don't PM your account info, we need to deal with this via our email account :-)
    If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

  • Roles needed for AXL Serviceability access on CCM5+

    So far, unless I add my application user to the superuser group, I'm unable to make any risport queries.
    Has anybody figured out what role controls access to the AXL Serviceability interface?

    Hi Stephan
    Do you have any update to this problem? I am trying to run an application without the superuser rights, but I was not successful. The error message is: Server returned HTTP response code: 403 for URL: https:///realtimeservice/services/RisPort
    Regards
    René

  • Need for applecare service but lost buying receipt, problem?

    My macbook pro just went off suddenly and doesn't start again, the power cable only show a weak green light but nothing works
    I'll take it to an authorized service shop but i can't find my buying receipt, it's covered by applecare though, but would that be a problem?
    Thank you

    Reset the #1 SMC,
    ..Step by Step to fix your Mac
    And no it's not a problem for AppleCare as they can check your serial number and name on their database.

  • Service port interface Question

    I have a customer that wants to use the service port interface as a backup entry door to its WLCs in the event of a network failure or misconfiguration. I have configured the WLC's mgt and ap-manager interface in a 10.50.x.x network and the service interface in a 10.103.x.x network, which are 2 completely separate networks. Cisco's documentation is unclear as to how to configure the service interface. Should I have the service interface completely separate from the 10.x.x.x network class (e.g 172.16.x.x or 192.168.x.x) or I am okay in using the 10.103.x.x. network?
    The WLC can be configured with static routes. Are those, when configured, reserved for the service interface? Should I configure the WLC with a static route? And if yes what should it be?
    Your help would be greatly appreciated
    Thanks

    You can use the service port, but make sure you configure it correctly. Here is from a Cisco doc:
    By default, the physical service port interface has a DHCP client installed and looks for an address via DHCP. The WLC attempts to request a DHCP address for the service port. If no DHCP server is available, then a DHCP request for the service port fails. Therefore, this generates the error messages.
    The workaround is to configure a static IP address to the service port (even if the service port is disconnected) or have a DHCP server available to assign an IP address to the service port. Then, reload the controller, if needed.
    The service port is actually reserved for out-of-band management of the controller and system recovery, and maintenance in the event of a network failure. It is also the only port that is active when the controller is in boot mode. The service port cannot carry 802.1Q tags. Therefore, it must be connected to an access port on the neighbor switch. Use of the service port is optional.
    The service port interface controls communications through and is statically mapped by the system to the service port. It must have an IP address on a different subnet from the management, AP-manager, and any dynamic interfaces. Also, it cannot be mapped to a backup port. The service port can use DHCP in order to obtain an IP address, or it can be assigned a static IP address, but a default gateway cannot be assigned to the service port interface. Static routes can be defined through the controller for remote network access to the service port.
    Hope this helps.

  • Error: DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.

    Hi,
    I am getting bellow error messages with new wlan i created. On the same WLC i have three other wlans working OK. This wlan suppose to get authenticated with acs, i tried to disable the authentication but got same error message. With acs authentication, i am able to authenticate OK but cannot get ip address from dhcp server. DHCP server is on wlc, used by other three wlans ok. All wlans are on differnt subnets; vlans created where needed.Any ideas would be appreciated.
    Thanks
    Error from wlc:
    *Sep 10 13:23:53.303: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
    *Sep 10 13:15:33.111: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
    *Sep 10 13:07:12.920: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
    *Sep 10 12:58:52.732: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
    *Sep 10 12:50:32.535: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.

    %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
    This one perplexed me too, there is no answer on Cisco's website that I could find. I think I have the  solution though....
    Go to Monitor -> Interfaces -> Service-Port and have a look at the configuration.
    I'm willing to bet that DHCP is enabled for the service port (the Ethernet interface on the left side of  the controller that you may or may not use) and the Ethernet is either not connected or it's connected to  a LAN where it can't get a DHCP lease.
    What the controller is try trying to say is something like "%DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Failed to get a DHCP address for the service port"

  • Is there a need for internet on iphone while you wan to locate it when you lost your iphone?

    I lost my iphone and I am trying to locate my iphone using the Icloud-Find my iphone, but it shows offline, so I just wanna know if is there  a need for internet service on iphone or it works with the location service only?? Cz it shows offline, help plz

    Maybe the networks have different services, cause here in Afghanistan I had a ROSHAN network simcard in my iphone, it shows your current location on the map if the map is already downloaded in a limited area, but if the map is not downloaded it shows the current location in a blank page even when I turn off the 3G and cellular services.
    That’s what I was using here. Thank you any way.
    Have a good time.

  • Using a Publish Service for print service prep

    I'm just starting to work out a new way to prepare images for sending to a (consumer grade!) print service using a Publish service, and realized I should harness the power of this corner of the Lightroom community to see if my ideas are sound. Feel free to add comments or suggestions.
    Here's what I'm doing:
    - For each size and processing option (e.g., 5x7, Matte) create a hard drive Publish Service.
    Set options appropriately, such as:
    - Filename for clarity. I use custom name + orig file number. (There appears to be a small display bug, in that the example displayed will show the " dng.jpg")
    - Given what I've learned about Lr and JPEG compression, I reduce the quality to 80% or so for a nice quality/size balance. I don't want to have to muck with this too much.
    - My service does not have an ICC profile for me to use, but assure me that AdobeRGB is accepted by their equipment.  So that's what I'll use. (One day I'll try out a pro service that understands that a simple thing like an ICC profile makes us feel warm and fuzzy.)
    - Resizing to fit. I set to never enlarge (though it should never happen that I have to enlarge) and set the dimensions to whatever I need for this service: 5x7, 4x6 &etc. Hints on optimal dimensions for getting nice borderless prints of a certain size accepted! I know that not all dimensions are created equal.
    - I'll assume that the default resolution is fine, but I ought to do my research for when to modify this when I get into 8x10 or larger formats.
    - Sharpening for print and paper type for this publish service.
    - My service has no reasonable file size limitations, so I just let the exported files get created at any size.
    - I minimize keywords.  Makes much smaller files because who needs keywords in prints? I have Metadata Wrangler, so I might insert that and have it leave in the minimal set of MD, like ICC profile and copyright info.
    So, given this, I can process my images as usual, make a number of crops (just to be a perfectionist) and then drag them to appropriate service where they end up in a hierarchy of folders ready for uploading.
    What am I missing?
    BTW, I'm not using the Print module because it was too tweaky trying to get it to make JPEGs that would print borderless.  Feel free to set me straight on that if you like.

    You only get one opportunity to set up the hard drive under publish and the folder cannot be changed unless you get a plug-in to provide a work around.
    However you could just create a generic publish folder - something like Photo Lab, or Print Job.
    But you could then right click on your publish folder and select “make target collection” - you will see the plus sign added.
    Simply highlight the photos you want to print and press B (the same as adding to a quick collection) and your Publish Services folder on your hard drive will be populated with the exports.
    The real problem is that you would need to edit the publish settings every time you required different dimensions etc (not sure possible). I use a similar system, which works well and I like how I can see what has already been published and what is still to be published but my prints are always the same size and resolution.
     

  • Do I need to open ports for my services if I am connecting through VPN

    Hi,
    I work in a small office and we are trying to connect people remotely to our server through VPN.
    Using the Server App I managed to make VPN work and successfully connected to our file share points, so that means file sharing worked without opening ports for afp on my Airport router.
    On the other side I cant connect to other services as iCal and Address Book as I am locally in the office. Does that mean I have to open the ports for those services on the router, if yes then why use VPN in the first place.
    Thanks,

    If I understood you correctly:
    External client -> (server.domain.name) -> Router -> Server: is working
    Internal client -> (server.domain.name) -> Router -> Server: is not working
    Internal client -> (local ip) -> Server: is working
    If yes, you can implement a-la "split zone DNS".
    1. On the external DNS your domain name server.domain.name resolved to the external router IP.
    2. You should add record (and zone) server.domain.name to your OS X Lion Server DNS pointing to local IP
    When you are connected to VPN, system sets DNS server to your Lion server and server.domain.name is resolving to local IP.
    When you are working without VPN, system use external DNS and server.domain.name is resolving to external IP.
    Of course, you should open ports for your services on the router is you want to use them from external network.
    I am using this configuration and it works perfectly.

  • Wism Controller 2 doesn't get service port IP but Controller 1 does

    I followed the documentation for setting up the WiSM. Controller 1 is up and fine. I see in dhcp bindings, that Controller 2 is getting a DHCP address and when I "session slot 9 pro 2" it tries to connect to that dhcp address, but on a "show wism status" the service-port of controller 2 is 0.0.0.0
    Has anyone encountered this problem?
    Thanks

    Hi..
    What about the connectivity?? do we still have the access to the WLC 2?? either from telnet or the GUI?? or will the session to the WLC work?
    Regards
    Surendra

Maybe you are looking for

  • Can't find files after restoring them from Time Machine

    Hi! Yesterday I formated my macbook pro and re-install Mountain Lion. Before that I made a backup using Time Machine. When I wanted to create full system restore I couldn't do that. Neither using migration assistant neither with Mountain Lion startup

  • Please urgent help needed for the following

    Hi Everybody! I desperately need help as soon as possible. Following is the partial code for the driver program which will use the Employee class Objects(Employee is declared abstract). If you want to see whole code you can take a look at my last two

  • HOW TP PASS A WINDOW AS A PARAMETER

    HI WHAT TO PASS THE WINDOW OF THE CANVAS AS PARAMETER TO A PROGRAM UNIT IT NEED S IT TO DO SOMETHING TO THE WINDOW TO CHANGE ITS APPERANCE.SO SHALL I PASS IT AS A STRING OR WHAT .THE PROGRAM UNIT DATA TYPE IS OLEOBJECT.SO CAN U TELL ME HOE AND BY THE

  • Two-Step picking in Lean WM.

    Hi all! Is it possible to configure two steps picking when you have a Lean WM implanted? My client wants to explore the possibility to use this functionality in his warehouse, but he has a lean WM, not a full one. I have configured IMG --> Logistics

  • Creating a Menu without Photoshop

    Hello ~ When I purchased CS5 PrPro I was told that Encore would allow me to create custom menus for DVDs. I have completed my video project and editing and exported the work from Pro to Encore with success along with several chapter markers that I wo