Tapping wireless traffic on a WiSM
All,
Is there any way to do a port span or tap of all traffic going to and from a WiSM? You can't seem to monitor the port channel that goes into the controller.
Thanks
Jason
Sure, you can set the port-channel interface as the source of the monitor session.
lab1sup720ip1(config)#monitor session 1 source interface ?
FastEthernet FastEthernet IEEE 802.3
GigabitEthernet GigabitEthernet IEEE 802.3z
Port-channel Ethernet Channel of interfaces
Similar Messages
-
WAP4410N wireless traffic locks up even when running latest firmware update
I maintain multiple buildings, and each building has anywhere between 1 and 4 Cisco/Linksys WAP4410N access points. The problem is that at random intervals, the access points just stop sending and receiving wireless traffic. Every day or two, I have to log into every single access point (either via HTTPS or SSH) and reboot them in order for them to start working again.
In short, here are the config details:
They are all version 2 hardware (either WAP4410N-A V02 or WAP4410N-E V02).
They are running IPv4 (IPv6 is disabled) and get static IP addresses via DHCP.
When there are WAPs with overlapping signals, each WAP is on a different non-overlapping channel (1, 6, or 11).
Each WAP has two SSIDs (with spaces in their names). One is secured with WPA2. The other is unsecured.
There are two VLANs on the Ethernet interface. Each of the two SSIDs are assigned to a separate VLAN.
There is a DHCP server on the network, so the WAPs do not actually assign IP addresses to clients.
All of the WAPs are running on PoE switches. However, some are gigabit and some are 10/100 switches. Brands vary (Dell and Linksys) and models vary.
Cisco finally recognized this issue as:
CSCtx62203—In certain environments and traffic model, the WAP4410N may lockup after some undetermined time. Workaround: Reboot the device.
As such, the workaround didn’t really offer anything new. Rebooting every WAP ends up being a very time consuming process. It’s awful. And since you have no control over when this issue surfaces and can’t put any safeguards in place, I get calls about it at various points of the day almost every day.
Supposedly the most recent firmware update (2.0.6.1) claimed to fix the issue, but it only seemed to make it worse. So now instead of a WAP locking up every day or two, it locks up anywhere between every 15 minutes to 4 hours when in use.
The firmware was updated and the following issue was fixed in firmware version 2.0.6.1: CSCtx62203—In certain environments and traffic model, the WAP4410N may lockup after some undetermined time. (A protection mechanism was added to guard against sporadic problems with client association that could occur after six to 24 hours.)
As for troubleshooting, there are no error packets. On access points running firmware 2.0.6.1, these messages appear:
Feb 7 13:42:27 Syslogd start up
Feb 7 13:51:59 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 13:52:01 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 13:52:05 syslog: Found beacon stuck, down and up the VAP interface.
Feb 7 14:47:01 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 14:47:02 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 14:47:05 syslog: Found beacon stuck, down and up the VAP interface.
Feb 7 15:22:53 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 15:22:56 syslog: Found beacon stuck, down and up the VAP interface.
Feb 7 16:15:19 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 16:15:33 syslog: Found beacon stuck, down and up the VAP interface.
Feb 7 12:27:25 Syslogd start up
Feb 7 14:06:18 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 14:06:23 syslog: Found beacon stuck, down and up the VAP interface.
Feb 7 14:44:28 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 14:44:31 syslog: Found beacon stuck, down and up the VAP interface.
Feb 7 15:09:18 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 15:09:24 syslog: Found beacon stuck, down and up the VAP interface.
Feb 7 15:42:23 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 15:42:25 syslog: Found beacon stuck, down and up the VAP interface.
Feb 7 16:52:18 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 16:52:24 syslog: Found beacon stuck, down and up the VAP interface.
Feb 7 16:53:05 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 17:20:05 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 17:20:08 syslog: Found beacon stuck, down and up the VAP interface.
Feb 7 17:23:34 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 17:23:39 syslog: Found beacon stuck, down and up the VAP interface.
Feb 7 21:21:28 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 7 21:21:30 syslog: Found beacon stuck, down and up the VAP interface.
Feb 8 09:55:23 kernel: ath_bstuck_tasklet: stuck beacon; resetting (bmiss count 36)
Feb 8 09:55:29 syslog: Found beacon stuck, down and up the VAP interface.
These log messages appear on both WAP4410N-A V02 and WAP4410N-E V02 devices.
I noticed that when the “beacon stuck” message appears, wireless traffic locked up 10-15 minutes prior to the message’s appearance in the log, and the SSID drops for 4-6 minutes after the message appears.
Is there anything that can be done to address the issue?1) LAN port speed doesn't appear to have any effect
2) Forcing a connection type doesn't seem to have any effect. This is also rather impractical.
3) I don't have that option (though there is a TKIP/AES mixed option). Either way, I'd rather not have to resort to using a weaker encryption method.
4) No effect.
I did manage to find some information about the error message (older versions of firmware didn't even offer that clue).
http://www.dd-wrt.com/wiki/index.php/Advanced_wireless_settings#Beacon_Interval
I ended up increasing the beacon interval from 100ms to 500ms under Wireless > Advanced Settings.
The wifi analyzer app on android seems to keep dropping the SSID when the beacon interval is set that high, so I might have to adjust it to find a good balance.
However, while it was set to 500ms, none of the access points went down for two days.
[edit]: I reduced the beacon interval incrementally down to 300ms. It started locking up at 250ms. -
WAAS- Optimization for OCS and Wireless traffic
Hi,
I have been trying to find some information regarding optimization of Microsoft Office Communicator and Wireless traffic across a WAN environment via WAAS and its acceleration/optimization capabilities.
So far, I have seen the case studies section for WAAS but no case offers what I am looking for...
Do you have any information/documentation that can be shared with customers regarding OCS and Wireless as key business application that were benefited after a WAAS deployment?
Thanks
Regards,
M.Hi Manuel,
Answers for you:
So we can say that wireless traffic across a WAN link could not obtain any benefits from any WAN optimization solution, in this case WAAS?
Ans: Nope. I do nto mean that. What I am trying to say is - it's a different thing. Wireless or no Wireless, optimization can be done when the traffic passes thru edge and core side WAEs. If it passes thru only one WAE, it will go in pass thru.
If a wireless controller at a remote site needs to send traffic to another wireless controller in a centralized or HUB site, can we optimize this traffic or it will just benefit from the overall reduction in bandwidth as a result of any TCP based application getting optimized?
Ans: It really does not matter. The traffic really needs to pass thru WAEs on both sides in order to optimize. Whether it is from wireless controller or from any other devices, it really does not matter. Further the type of traffic and policies on WAEs will determine how much optimization can be done, if any.
OCS uses SIP which is TCP based or ports 506x so I am assuming that SIP could be benfited by WAAS unless OCS uses a secured session were SIP is encrypted.: Yes, WAAS can help you but SIP is a voice traffic and there are default policies like VoIP on WAAS which will pass thru this traffic for port 5060. It's not a good idea to optimize voice traffic due to various reasons. -
Wired/wireless traffic general question
I originally set up my Airport Extreme without much expertise on WiFi or routers, but I want to raise my knowledge base now.
My current question: In general operation with both ethernet and wireless clients, obviously all the traffic with wireless clients is broadcast over RF to anything out there that can receive them, but is any of the traffic between the base station and the ethernet clients also broadcast over the RF signal? To put it another way, can eaves dropping on the RF traffic also allow eaves dropping on the ethernet traffic?
Are there any good educational books like a Missing Manual or such on WiFi or Airport?A lot of very interesting aspect of "others experience w/airport". I'm also in a suburb w/a lot of WiFi, other variation's of the same, and Airport traffic. One early concern I had was the Rf-AP system starting up, as it does right out of the box. Not knowing this, (at least at first) was for me an embarrassing wake-up call. As for near-by WiFi/and other "dish, etc" systems, A few thing's I noticed, and thanks to associate's who know WiFi/Rf tech very well, a few observations, for what it's worth. Regarding "Ghosting" of certain signals, it is almost inevitable for many reasons. It's a bit like (usually and harmlessly) being at a crowded party, where you "hear" many people jabbering away, but don't really know "what they're saying, other then 'something."
Oddly enough, I have an associate who calls that (a bit like a cheap hearing aid) "Rf, or harmonic din". As for it being problematic from a security point-of-view one needs to isolate "sections" from one "broadcast" which I'm told is rather low tech, as a first step to having one "borrow your specific signal,' for say either sub-Walmart (cheap bas******) access to the net thanks to your WiFi AP. As you mentioned, w/so much depending on the chronic pain that's all based on passwords, well, we know the issue w/that.
Several aspects of trying to maintain some dignity in not getting hacked for whatever intent present repeated problems. I was hacked, and it was (unfortunately not benign). Believe me. Since , I have done everything short of active EW suppression (FTC, and anyone in range would be understandably ******-off.) Your comment about "flat signal strength" I'm told is screaming, "I'm blending in, move on." Varying sig strength is one way to blend in yourself, but only a bit.
But WiFi signal structure has certain quiescent properties reported in the literature (I read it on physorg.com, or technology review I think) that makes that soft engulfing-Rf nature of WiFi useful, Ex: for those who want to know, or really just be aware "someone, a pet", etc; who is moving around a room, compared w/the stuff in a room, building, etc. That attribute provide's a technical/mathematical yardstick that is at least one reproducible and exploitable aspect of the technology. As with that noisy background "party din," it's why noise in general can be cut through as long as you get even a small piece of a conversation.
I've looked at passive material "blankets" that smother Rf. Certain conductive polymer's woven in the density of a gym mat are somewhat useful if its something serious enough. Naturally, (pricey) and by no means perfect. Beyond that one can use old power company techniques developed to know where a line goes down, for example if using a hard line. Since ac can be modulated, it can also be run through what looks like a small old desk-top pc cpu tower. ****, anyone can buy a plugin, looks a small 120vt-12v transformer you plug in the wall ac, and that turns ones household wiring into a local, house/office Rf wireless network.
In the end it can get surreal, silly, paranoid. or just sad. Been there too. Anyway, best of luck. Bob. -
Guest Wireless traffic redirect to Proxy Server
I have Guest WLAN and i want to redirect all the traffice to Proxy Server. We use Cisco Ironport.
Cisco proxy Ironport has the ip 10.X.X.X.
We also have NCS Server. Can anybody tells me where i can configure this
best regards and thanks in advanceMuzaffar:
If you have web-auth configured you may have problems with the redirection if the users are using manual proxy server configured.
For that, you better enable WebAuth proxy redirection on wireless controller.
Here is the config example
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b8a909.shtml
HTH
Amjad -
Wireless Traffic Disrupts Wired Traffic. Why
I've got an AirPort Extreme wired to two computers and to an AirPort Express using CAT 6A cables. One of the computers streams Pandoras desktop app to the AirPort Express via AirFoil so I can listen on my stereo.
This set up has worked very well for years. Now suddenly, sometimes when the AirPort Extreme gets a WiFi signal, it stops transmitting via Ethernet (or WiFi as I've tried both) to the AirPort Extreme. Turning off all WiFi on the Extreme fixes the problem, but obviously I'd like to have some WiFi in my home.
Any idea what needs to be done? I've swapped Extremes with a friend and his does it too. I've also swapped Expresses, computers, OSes, and even Windows and Mac versions of AirFoil.
Any help would be very much appreciated.
JimI've got an AirPort Extreme wired to two computers and to an AirPort Express using CAT 6A cables. One of the computers streams Pandoras desktop app to the AirPort Express via AirFoil so I can listen on my stereo.
This set up has worked very well for years. Now suddenly, sometimes when the AirPort Extreme gets a WiFi signal, it stops transmitting via Ethernet (or WiFi as I've tried both) to the AirPort Extreme. Turning off all WiFi on the Extreme fixes the problem, but obviously I'd like to have some WiFi in my home.
Any idea what needs to be done? I've swapped Extremes with a friend and his does it too. I've also swapped Expresses, computers, OSes, and even Windows and Mac versions of AirFoil.
Any help would be very much appreciated.
Jim -
LEAP wireless clients work, then fail, Using WISM blades HELP
I am at a complete loss. Calls to Cisco, working with different vendors, nothing has worked to solve the problem. This is what we see, and we see this at every single one of our hospital sites.
All hospitals used to run just IOS code on their AP's. Some hospitals used the older 1200 series AP's, which have been upgraded from B only radios to A/B/G. Some hospitals were rolled out with newer 1240 series AP's. Every single hospital was just fine when using IOS code on the AP's. Users never disconnected or disassociated. They were fine. Clients run a mixture of the old Cisco 350 series cards, or Ubiquiti A/B/G cards.
Now, fast forward and we started installing WISM blades in all the 6509 distribution switches at each hospital. AP's were then upgraded to lightweight code and at first everything seemed great. Then the calls started.
All clients at all hospitals will just disassociate. It is completely random. Some machines can see it once, others 50 times a day, then tomorrow, totally different. I have witnessed the same thing with my laptop. We have 3 WLAN's in the hospitals. One that uses LEAP authentication, one that uses Certificates, and one that is our Patient WiFi. Both LEAP and Certs have the issue. I have never been kicked off of the Patient WiFi system. Not once.
LEAP clients use the same exact ACS servers they have always used. Nothing changed in the configs. Same goes for the clients using certificates.
I have upgraded code on the WISM blades 3 times now. Currently we are using the 5.187 code. I have tried forcing all AP's to use only B/G radios, tried using only A, doesn't matter. Same problem happens.
What is even worse, when this event happens, 50% of the time you have to actually reboot the workstation to get it to log back onto the wireless network. It fails the attempt and it just stops. This is not everyone at the same time either. There seems to be no event that I can find where all clients have the problem at the exact same time. I can have two devices side by side, same exact NIC, same software, everything. One will disassociate, the other is just fine.
I am out of ideas. Everyone I talk to at Cisco says never heard of this before. I just can't believe we are the only ones that have ever seen this problem.
I can take the same workstation that is breaking left and right on our wireless networks using the WISM blades, go to a site with AP's still in IOS mode, it will never disassociate and disconnect.
Has anyone heard of this, have any ideas of something I could try. Would you like to see any other information about this? I can post whatever you like to help. I am looking for any assistance on this.
I have been trying to do some searches on this forum, but for whatever reason it seems to be very slow so thought I might post my issue as I search around, maybe if it has already come up and there is a fix, someone could direct me right too it.
Thank you in advance.I tried that in the beginning. Put all ap power and channel as hard set. It did not change anything. I am not sure if we have tried the 4.2.207 code. I know we went through several 4.x.x codes in testing. Cisco recommended the lastest one that we are on now.
What really gets me is how everything worked just fine until the WISM upgrade. No AP placement changed, no additional AP installs, we just installed the WISM blades, migrated code to lightweight and everything started flaking out.
What other NIC's do people use? Maybe the brand we use is not any good? I have been up and down with the vendor, tried different drivers, nothing seemed to change anything.
It looks to me like the WISM sends out some kind of response that the workstation NIC's do not understand, so they just sit there. On wireless sniffer traces, you can see where the request goes out to the workstation, but the workstation just never responds, hence the lockup so to speak. It will just sit there until a reboot of the PC. -
Trying to understand traffic Flow in a LWAPP wireless configuration.
I'm trying to understand at a high level how wireless traffic flow in the new LWAPP configuration. Based on what I can tell all wireless traffic must flow through the controllers prior to getting onto the LAN.
So lets say I have a LWAPP Access Point off an access switch in a remote closet and my controller is off my core switches. I want to communicate from my wireless PC to a wired PC on this same access switch. The traffic flows from the AP down to the core switch, through the Controller and back up to the access switch to the wired PC.
Is that correct?
If this is true my main concern is supporting APs from a central controller across a low speed WAN. Looks like I would not want to do that...You're right in your assumption. Data traffic travels from the client to the AP. The AP then encapsulates this data using LWAPP and forwards it to the Controller. The WLC then de-encapsulates (?) it, processes the traffic as necessary and then drops it onto the wired LAN.
So, in your scenario, the wireless client would send data to the AP. This would be encapsulated between the AP and the controller and then sent back again unencapsulated to the wired client.
Regarding using this system over a low speed WAN, there are two ways of doing this.
The first is to use a local WLC at the remote site (e.g. a WLC2006 or the new WLC network module for 2800/3800 ISR routers).
The second is to use AP1030s which are 'Remote Edge Access Points'. These aren't quite as lightweight as the rest of the 1000 Series in that they will bridge local traffic and only encapsulate traffic heading 'off site'. They will also continue to operate if connection back to the WLC is lost (the first WLAN configured on the WLC remains up on the REAP whilst connection to the WLC is lost).
I believe that the recommendation for these is a minimum of 2Mbps WAN connection. -
ASA5510 base config for guest wireless network
Hello
I am partitioning off my guest wireless traffic out a new connection.
I have a WISM and a 5508 controller. The WISM will anchor the subnets to the specific controller.
AP - WISM - 5508 - FW - Cable link - Internet
Can anyone assist in implementing a base config so only traffic originating inside can get out, nothing from outside getting in.
The external link will be via cable and I want to configure their static on my outside int,
Where would be the best place to ratelimit the subnet(s)?
sMcip access-list 10 permit ip 172.16.16.0 255.255.255.0 eq 80ip access-list 10 permit ip 172.16.16.0 255.255.255.0 eq 443
These are router configurations and would not work on the ASA. To do this the ACL config would need to look like this:
access-list LAN extended permit ip 172.16.16.0 255.255.255.0 any eq 80
access-list LAN extended permit ip 172.16.16.0 255.255.255.0 any eq 443
access-group LAN in interface inside
Keep in mind that you can change the ACL name (LAN) to anything you want it to be. You could apply the ACL in the outbound direction but this is very unusual to do on the ASA and I do not suggest doing it unless you have a specific reason for doing so.
Also, to make sure this subnet has no access to inside services, what would be needed?
Not exactly sure where you are going with this. Is this subnet also located on the inside interface? or on a different interface?
If it is located on a different interface, then all you have to do is either give it a lower security level than that of the inside interface (lets say 90 for example), or add an ACL that denies traffic to the inside network subnet and then under that rule have an entery permitting traffic to any.
Keep in mind that the ACLs are checked top to bottom and there is an implicit deny any rule at the bottom of all ACLs. If this ASA is version 8.3 or higher the implicit deny can be seen in the global ACL in the ASDM.
Please remember to rate and select a correct answer -
Question concerning WiSM operation
I have a question concerning the operation of the wireless network and the WiSM in a 6500 that we have put in place. My customer has the following setup: On thier mainsite, they have a core 6500 with a WiSM module in place. They have 4 remote sites, with several APs at each remote site. Each remote site is setup in an all Cisco environment, where its typically AP --> cisco switch --> fiber to main site cisco switch --> core --> then on to where ever. I have an engineer telling me this, that whatever wireless data traffic (internet, anything) that hits the AP (at any site), it must go THROUGH the WiSM module. I would have thought that the WiSM module would be for ONLY management of APs, not for data traffic handling.
Again, he says that ALL traffic (internet, etc) goes through the WiSM module, then on out through the infrastructure.
I would have thought that traffic would go through the AP only, then through the infrastructure.
Can you verify wheather data traffic from any wireless device through the AP actually traverses the WiSM module or not?
Again, I thought the WiSM module would be only for management of APs. Thanks.The engineer is largely correct. By default, the APs will tunnel all traffic to the controller to be distributed according to VLAN/SSID. The controller and the AP work together to perform the normal wireless <-> wired bridging. This allows some flexibility in how the infrastructure handles mobile clients. There are many benefits to the Cisco Unified model (or LWAPP).
We have three hospital campuses and only a couple remote wireless sites. They are all well-connected. As all our primary app servers are on one campus, we only have controllers on that one campus. The client traffic is bridged at the main campus.
The Cisco Unified model does offer other modes of operation (H-REAP for example) that allow some local traffic to bypass the controller and be bridged by the AP to the local LAN. There are some caveats to this, however, and you'd want to read up on it before trying it:
http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig41/index.htm
or more specifically:
http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig41/c41hreap.htm -
Hi!
I try to configure a Cisco 5508 Wireless controller and 25 Air-lap1041 to use as VoIP and data. I read documents, manuals, etc, but the AP doesn't charge the configuration, or not conect with the Wireless Controller, why? No Radius server present, only WPA security.howto, please...
I try to put a static ip in the LAP, with lwapp or capwap command, (LWAPP/CAPWAP ap ip address direccion mascara) and the AP returns "You should configure Domain and Name Server from controller CLI/GUI." and i can't change the name of the AP (Command is disabled).
Log from AP:
using ÿÿÿÿ ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x83000800, 0xc0000000
RQDC, RFDC : 0x80000037, 0x00000184
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is NOT up.
PCIE1 port 1 not initialize
PCIEx: initialization done
flashfs[0]: 6 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 2369024
flashfs[0]: Bytes available: 30016000
flashfs[0]: flashfs fsck took 21 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 44:2b:03:dc:09:25
Ethernet speed is 1000 Mb - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...###########################
File "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" uncompressed and installed, entr
y point: 0x4000
executing...
enet halted
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
flashfs[1]: 6 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32126976
flashfs[1]: Bytes used: 2369024
flashfs[1]: Bytes available: 29757952
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
flashfs[2]: 0 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 11999232
flashfs[2]: Bytes used: 1024
flashfs[2]: Bytes available: 11998208
flashfs[2]: flashfs fsck took 1 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Ethernet speed is 1000 Mb - FULL duplex
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1041N-E-K9 (PowerPC405ex) processor (revision B0) with 98294K/32
768K bytes of memory.
Processor board ID FCZ1611W414
PowerPC405ex CPU at 333Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 7.0.94.21
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 44:2B:03:DC:09:25
Part Number : 73-14034-04
PCA Assembly Number : 800-34273-05
PCA Revision Number : A0
PCB Serial Number : FOC16075VZ3
Top Assembly Part Number : 800-34284-03
Top Assembly Serial Number : FCZ1611W414
Top Revision Number : A0
Product/Model Number : AIR-LAP1041N-E-K9
% Please define a domain-name first.
Press RETURN to get started!
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:00:09.574: *** CRASH_LOG = YES
Base Ethernet MAC address: 44:2B:03:DC:09:25
*Mar 1 00:00:09.838: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log
(contains, 1024 messages)
*Mar 1 00:00:11.848: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state
to up
*Mar 1 00:00:11.892: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
*Mar 1 00:08:16.954: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to up
logging facility kern
^
% Invalid input detected at '^' marker.
*Mar 1 00:08:28.047: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 00:08:28.049: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:09:08.282: %CDP_PD-2-POWER_LOW: All radios disabled - LOW_POWER_CLASS
IC_NO_INJECTOR_CONFIGURED AIR-CT5508-K9 (c464.138f.9345)
*Mar 1 00:09:08.282: -Verify the required power-injector is installed on this
port: AIR-CT5508-K9(Gig 0/0/2).
*Mar 1 00:09:08.282: -If a power-injector is installed, issue the command:"pow
er inline negotiation injector installed"
*Mar 1 00:12:19.976: %CAPWAP-5-STATIC_TO_DHCP_IP: Could not discover WLC using
static IP. Forcing AP to use DHCP.
*Mar 1 00:12:29.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:39.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:49.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:59.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:09.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
Not in Bound state.
*Mar 1 00:13:19.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:19.993: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
logs from wireless controller:
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
ap-manager 2 untagged 209.165.200.231 Dynamic Yes No
management 1 untagged 209.165.200.230 Static Yes No
service-port N/A N/A 192.168.1.157 Static No No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >
i conect with service-port ok and the management port works, i think.
AP442b.03dc.0925>ping 209.165.200.230
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.230, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
AP442b.03dc.0925>
Help, please!
i write in spanish:
Hola:
Tengo que configurar un cisco 5508 wireless controller con 25 air-lap1041n, para usarlo como acceso de datos y voz. ¿Cómo lo hago? He leído manuales, y seguido las instrucciones, pero el punto de acceso parace que no es capaz de cargar el perfil. No hay servidor radius, solo la configuración de una clave wpa. Alguién me puede indicar pasos, GraciasHi!
I buy a gigabit switch. I connect the service-port to gigabit switch, and laptop to gigabit switch. I used 192.168.1.x ip address (192.168.1.157 to service-port and 192.168.1.233 to wired port on laptop, well, the laptop has two ip adress, 192.168.1.233 and 209.165.200.2, and the laptop works ok. Ping to 209.165.200.230 -ip address of management interface- and ping to 209.165.200.203 -ip address for AP, is assigned by DHCP of WLC. And i connect the ap to gigabit switch, and the wlc assigns well an ip direction.
I post the run-config and sysinfo log. The gigabit switch is tp-link model tl-sg1005d, no configuration.
Before the logs, I see this message from AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Hola:
He comprado un switch gigabit. Conecto el service-port al switch gigabit y el portátil también (por cable). Uso como direcciones ip el rango 192.168.1.x (192.168.1.157 asignado al service-port y 192, 168.1.233 al portátil, bueno, el portátil tiene dos direcciones, la dicha anteriormente y la 209.165.200.2) El portátil funciona bien, hace ping al 209.165.200.230 - la ip de la management interface, y a 209.165.200.203 - ip asignada al AP por el DHCP del WLC. He conectado el AP al swtich gigabit, y el dhcp del wlc asigna correctamente una dirección ip.
Añado a continuación los resultados de los comandos "show run-config" y "show sysinfo". El switch es un TP-LINK modelo TL-S1005D, sin necesidad de configuración.
Antes de mostrar los resultados de los comandos, he visto el siguiente mensaje en el log del AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Un saludo
Antonio R.
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-CT5508-K9, VID: V02, SN: FCW1608L05X
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 17 mins 45 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Network Information
RF-Network Name............................. hosp
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 0
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Location
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 management Disabled
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority GroupName
Press Enter to continue or to abort
AP Config
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Disabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Press Enter to continue or to abort
802.11a Advanced Configuration
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
DCA Sensitivity Level.......................... STARTUP (5 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
Radio RF Grouping
802.11a Group Mode............................. AUTO
--More or (q)uit current module or to abort
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... c4:64:13:8f:93:40
802.11a Group Member......................... c4:64:13:8f:93:40
802.11a Last Run............................... 75 seconds ago
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mode................................. Disabled
--More or (q)uit current module or to abort
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Enabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
802.11b Advanced Configuration
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
DCA Sensitivity Level: ...................... STARTUP (5 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... c4:64:13:8f:93:40
802.11b Group Member......................... c4:64:13:8f:93:40
802.11b Last Run............................... 213 seconds ago
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... hosp
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x97e2
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast
IP Status
c4:64:13:8f:93:40 209.165.200.230 hosp 0.0.0.0
Up
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 0
Probe request rate-limiting interval............. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1200
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Local mode Fast Heartbeat (seconds)........... disable
AP Hreap mode Fast Heartbeat (seconds)........... disable
AP Primary Discovery Timeout (seconds)........... 120
AP Primed Join Timeout (seconds)................. 0
Packet Forwarding watchdog timer (seconds)....... 240 (enable)
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango S
tate:Disabled
Interface Configuration
Interface Name................................... management
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 209.165.200.230
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 209.165.200.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 192.168.1.1
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 209.165.200.230
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... service-port
MAC Address...................................... c4:64:13:8f:93:41
IP Address....................................... 192.168.1.157
IP Netmask....................................... 255.255.255.0
DHCP Option 82................................... Disabled
DHCP Protocol.................................... Disabled
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... HOSP3C
Network Name (SSID).............................. HOSP3C
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... 209.165.200.230
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Platinum (voice)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
Authentication Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
Accounting Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
--More or (q)uit current module or to abort
TACACS Configuration
Authentication Servers
Idx Server Address Port State Tout
Authorization Servers
Idx Server Address Port State Tout
Accounting Servers
Idx Server Address Port State Tout
LDAP Configuration
Press Enter to continue or to abort
Local EAP Configuration
User credentials database search order:
Primary ..................................... Local DB
Timer:
Active timeout .............................. 300
Configured EAP profiles:
EAP Method configuration:
EAP-FAST:
Server key ................................
TTL for the PAC ........................... 10
Anonymous provision allowed ............... Yes
Authority ID .............................. 436973636f00000000000000000000
00
Authority Information ..................... Cisco A-ID
Press Enter to continue or to abort
HREAP Group Summary
HREAP Group Summary: Count: 0
Group Name # Aps
Press Enter to continue or to abort
HREAP Group Detail
Press Enter to continue or to abort
Route Info
Number of Routes................................. 0
Destination Network Netmask Gateway
Press Enter to continue or to abort
Qos Queue Length Info
Platinum queue length............................ 100
Gold queue length................................ 75
Silver queue length.............................. 50
Bronze queue length.............................. 25
Press Enter to continue or to abort
Mac Filter Info
Press Enter to continue or to abort
Authorization List
Authorize MIC APs against AAA ................... disabled
Authorize LSC APs against Auth-List ............. disabled
Allow APs with MIC - Manufactured Installed C.... disabled
Allow APs with SSC - Self-Signed Certificate..... disabled
Allow APs with LSC - Locally Significant Cert.... disabled
Load Balancing Info
Aggressive Load Balancing........................ Disabled
Aggressive Load Balancing Window................. 5 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 0 clients
Total Denial Sent................................ 0 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count........................ 0 times
Press Enter to continue or to abort
Dhcp Scope Info
Scope: PUNTOSAP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 209.165.200.201
Pool End......................................... 209.165.200.229
Network.......................................... 209.165.200.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 0.0.0.0 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Press Enter to continue or to abort
Exclusion List ConfigurationUnable to retrieve exclusion-list entry
Press Enter to continue or to abort
CDP Configuration
Press Enter to continue or to abort
Country Channels Configuration
Configured Country............................. ES - Spain
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
(-,-) = (indoor, outdoor) regulatory doamin allowed by this country.
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11bg :
Channels : 1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): A * * * * A * * * * A * * .
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11a : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): . A . A . A . A A A A A * * * * * * * * * * * . . . . .
Press Enter to continue or to abort
WPS Configuration Summary
Auto-Immune
Auto-Immune.................................... Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Press Enter to continue or to abort
Custom Web Configuration
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
Web Authentication Type.......................... Internal Default
External Web Authentication URL.................. None
Configuration Per Profile:
Rogue AP Configuration
Rogue Location Discovery Protocol................ Disabled
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
MAC Address Classification # APs # Clients Last Heard
Adhoc Rogue Configuration
Detect and report Ad-Hoc Networks................ Enabled
Auto-Contain Ad-Hoc Networks..................... Disabled
Client MAC Address Adhoc BSSID State # APs Last Heard
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
--More-- or (q)uit
MAC Address State # APs Last Heard
Ignore List Configuration
MAC Address
Rogue Rule Configuration
Priority Rule Name State Type Match Hit Count
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 41 mins 2 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
(Cisco Controller) >
The AP log
AP442b.03dc.0925>
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Selected MWAR 'CISCO-CAPWAP-CONTROLLER
'(index 0).
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Go join a capwap controller
logging facility kern
^
% Invalid input detected at '^' marker.
logging facility kern
^
% Invalid input detected at '^' marker.
*Apr 19 23:10:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:19.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 19 23:10:20.200: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:20.201: %CAPWAP-5-SENDJOIN: sending Join Request to 209.165.200.23
0
*Apr 19 23:10:20.201: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
*Apr 19 23:10:20.354: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Apr 19 23:10:20.355: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 209
.165.200.230:5246
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.412: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established -
Home Wireless Router Cascading
I had a WRT610N wireless router that was working fine and just replaced it with a e4200. Everything on the e4200 is also working fine, as far as I can tell. I want to redeploy the WRT610N in the far reaches of my home as a wireless hub to add range to my network. I supposed that I could connect a LAN cable to the 610N get a DHCP address from the e4200 and then pass wireless traffic that connects to the 610N to the e4200. However it does not seem to work. I cannot get an IP address from the e4200.
Is using a 610N router as a wireless hub something that should be possible?
Thanks for your help.
BillRead this: http://homecommunity.cisco.com/t5/Wireless-Routers/Connecting-two-routers-wired-the-definitive-answe...
-
My new mac mini seems stuck whilst launching for the first time - looking for bluetooth peripherals - they are a new trackpad and wireless keyboard - both in pair mode so I can't see what the issue is..Do I really need to find wired mouse and keyboard to set this up?
Hehehe... Yes, a freshly-booting Mac from the factory can get confused with all that wireless traffic. In the past I've been able to get new Macs to pair with a keyboard and mouse/trackpad by switching the keyboard/mouse/whatever off and then on again while the computer is attempting to find something to pair with. The computer will attempt pairing with the newly-activated device and otherwise pretty much ignore all the other Bluetooth chatter is sees.
That said, whenever I set up a Mac for someone, I always bring a USB keyboard and mouse with me. It makes the process faster and easier. I then set up their Bluetooth input devices later, using System Preferences. -
I have a customer who currently uses Symbol Wireless AP's in their enviroment. As part of their PCI requirements they need to start monitoring for rouge AP's and the wireless traffic. Other than the wireless devices they are a total Cisco shop. My question is this; does Cisco have anything that will monitor the traffic and detect rouge AP's even though they are from another vendor?
Yes. Cisco WLC has a basic IPS (detect rougue AP), and if you need has WIPS solution (appliance MSE with WIPS license and Sensor AP).
-
WLC 2500 and WCCP for Wireless Guest Users
Hi there
I would like to redirect web traffic from WLANs on a Wireless LAN Controller 2500 to a proxy server in a remote site. I'm using ironport proxy server and Cisco 3560 Layer 3 switch. Basically current scenario is:
Wireless Guest Users get authenticated by web-auth through Access Point 3501 HREAP configured. Guest client gets an IP address on VLAN 100 in remote site. Once they connect to VLAN 100, I want all web traffic to be redirected to the proxy server. I know PAC file may be the easier solution however our guest clients want seamless solution for internet. I am not sure whether WCCP is supported for this.
You advice will be highly appreciated.
RegardsFor guest wireless traffic redirect to proxy server
https://supportforums.cisco.com/thread/2126486
Maybe you are looking for
-
Printing a selected portion of a webpage in Safari
I just gave my old iMac G4 to my husband (a previous PC user) when I got my new iMac G5. He is now starting to cruise through the Mac world, and he has this question, which I don't know how to answer. He wants to select only a portion of a webpage an
-
Hey ppl, I do have a requirement in Oracle Alerts to get the email alert whenever an employee is created.. Now everything is working fine... But this alert works only for one particular BG... Even if i choose the Operaing Unit in Installation Tab, it
-
The Palm Desktop finally opened to my calendar after repeated installs/repairs of it(v4.1.4). However, when the M125 is connected via USB in the front of my Emachine (Win xp MC 2004) and I try to get it to sync via the cradle, I keep getting the mess
-
HELP in Masking TextField!!!
If a text field Datatype is DateTime and masking to HH24:MI:SS, then how i assign a default value(any time) to the text field by hard coded. TQ From Kent null
-
I am able to download mails but unable to read them. They can only be read when I forward them or in reply mode. This however does not allow me to view attachments. Any body got ideas.