VLANs for the WiSM

Hi Everybody,
we followed the cisco layered model in our campus design where we have 6500 switch at the core, 4500 at the distribution and 3750 at the access layer.
The connectivity between the core and the distribution is layer 3, the connectivity between the distribution and access layer is layer 2.we have all the intervlan routing on the distribution switches.we have recently installed two WiSM controllers in our core and planning to deploy light weight access points.
we want to use the exiting VLANS that we created for the wired users on the distribution switch for Wireless LAN users . I wanted to know if this is possible because as the dynamic interfaces for the Wireless VLANS would be created on the WiSM that is on the core switch and as the dynamic interface are like SVIs for the Wireless VLANS.
Secondly i wanted to know what does it mean to assign a VLAN to the WiSM
Regards,
Ahmed Zubedi

I would recommend keeping the wired vlan separate from the wireless vlan.
You need to assign a vlan for the service port of the controllers. This is local to the 6500 and is not routeable. This is how the controllers talk to the 6500. I normally do like a 192.168.1.x

Similar Messages

  • Console & Configuration for the WISM

    we are in the process of upgrading the wireless network in the office to use the Unified solution. We have converted the WLSE to the WCS and now in the process of configuring the WISM cards. 1st off we are having an issue with the console connection to the wism card. we are using the rollover cable connected to a termserver and are unable to get in. 2nd trying to configure the wism card is becoming a hassle. we set up the service port so far and the managment vlan and we still see service port down. Looking for some help in configuration. Please advise.

    actually it turned out to be a faulty wism card but i do have a question regarding configuration. i am have 2 wism cards installed in 2 different chassis since the service vlan is local can it be configured the same on both chassis?

  • Dedicated vlan for WLC

    Hi,
    In reviewing the lab for WLC configuration, they used a dedicated vlan for all APs and the WLC to communicate with CAPWAP.
    In the production environment I'm designing for, a campus network that has many LAN connected sites all with different vlans at the edge, that would entail trunking another vlan out to the edge switches. It also requires the MetroEthernet provider to provision the same beforehand.
    One of the advantages of the WLC is the ability to avoid having to add vlans at the edge for WLANs, but what about a dedicated vlan for the APs and WLC to communicate with CAPWAP? A best practice?
    Thanks.

    As best practice we've only two options, keep the AP on L2 vlan(not scalable) of management or on any L3(vlan that is not part of dynamic interface of WLC) which is scalable and good for highavailability.

  • Setting up 2 vlans for 2 pixs.

    I have a situation that I was trying to seek some assistance on. At this site, there are 2 Internet connections, 1 T1 and 1 Cable. Right now everything is going out the T1. They would like to add the cable ISP and a PIX 501 for guests and have all the Access Points using the Cable ISP and keep everything internal using the T1 like they are now. The current setup goes like this. T1 -> PIX 515 -> Cisco 4000 series router -> 2950. Would like the add the Cable -> PIX 501 -> 2950 -> AP. I know that I need to configure a VLAN for the wireless on the 2950s, but how would I configure a default route since the default route is being used already for the the other VLAN? I think that I am making this much more difficult than it really is.

    I hope I understand your question taht you want to install two ISP uplink into your pix.
    There is no chance to connect your pix to two ISPs, at same time only one ISP can be used as active. In 7.2 version there is the option for tracking and in this case the second ISP connection can become active.
    You can add maximum three default route, but using the same outside interface, but this is not acceptable for this scenario.
    If you install second PIX, just use in the guest VLAN as default GW the new PIX inside interface and that's all. On 2950 you just use L2 VLAN.
    bye
    FCS
    Please rate me if I helped.

  • VLANs for multiple customers on the same switch accessing ISP

    I have multiple customers accessing the Internet from the same ISP through the same SRW 2016.  The switch is set completely at default, with all ports on VLAN 1.  I want to separate all the (3) customers' traffic into 3 VLANs for security, but I want them to still access the ISP through port 1.  Can I do that with this switch?  How would I set port 1 so that all VLANs can send and receive packets through port 1 but still be isolated from each other on the LAN?

    Hi,
    I had a simular situation. In the past I didn't have a VLAN-capable modem/router and just connected the modem as a normal device to the layer2 switch (Cisco 3548XL at that time). In my setup, I gave all separated LAN's its own multi-VLAN port(s) in its own unique VLAN and the modem a single-VLAN port in its own VLAN. Next I made all the ports who needed internet access member of the modem's VLAN. A nmap scan and testing showed me that the seperated LAN's couldn't connect to eachother.
    So, I don't know if i did something stupid (in security way), but it worked like a charm.
    Sorry for my English ;-)

  • The same SSID used at 3 sites and the same vlan for client IP assignment?

    we are deploying 5508 controller and LW APs for wireless IP phone 7925G
    Controller is installed at site A and there are APs and wireless phones at site B and C as well.
    1. can I use the same SSID for all three sites for wireless phones? or have to use 3 distinct SSIDs?
    2. If I can use the same SSID, can I associate one subnet e.g 10.10.131.0/24 for wireless IP phones at 3 sites? (our Cisco UCM is fine with this)
    3. if I have use 3 distinct SSIDs, do I have to assign three subnets for IP phones at three sites?
    thanks for the help!
    Eric

    yes.. this is done by HREAP mode.. the below link will help you out!!
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml
    That is, by default the WLAN will get pushed to all APs.. so if you have a single wlan then this will broadcast the SSID and the remotre site clients will connect to it..
    Lemme know if this answered your question!!
    Regards
    Surendra

  • How to set up a VLAN for a School Network for student ipads/ipods?

    I work at a small private school that is going to implement about 20 ipads for classes. Students bring their ipods and iphones and are connecting to the existing unsecured wireless access points and are taking up the remaining IP addresses in the DHCP scope. I am running out of IP addresses and was wondering if I could set up a VLAN using the Cisco WRVS4400N for all of these wireless devices the students will be using. I plan to pull out all unsecured wireless AP's and replace with what ever solution we come up with. I will need about 6 access points/routers to cover the entire school. There is not a lot of money for technology and the ipods were donated. I have never set up a VLAN before. Is there an inexpensive way to allow the students with their personal ipads/ipods and the 20 ipads owned by the school to connect to a VLAN to keep from using up our DHCP IP addresses from the server. Thanks in advance. 

    Hi pctiger92!
    The WRVS4400N is now being handled by the Cisco Small Business Support Community.
    For discussions about this product, please go here.

  • Can 2 vlans have the same subnet?

    I hope the combined genius of the fellow community can answer me this. I am new to Cisco, and I understand VLANs as a physical boundary separating broadcast domains.
    I was wondering if it is possible to divide 1 subnet (192.168.1.0) into two separate VLANS? I have all layer 3 switches in my environment. Making matters worse, there would be no pattern for the IP address assignments into VLAN-A vs. VLAN-B..
    If this is possible, can you please explain the mechanisms for a successful implementation. 

    It mostly depends if/how you want hosts on them to talk one another (or other networks).
    If the answer is "not at all" then you can have as many VLANs as you like using the same subnet. 
    If the answer is "completely" then you have to either a. break your addressing (L3) down to have one set of hosts in subnet A (on vlan a) and the others in subnet b (on VLAN b). or b. have some fancy tricks in place with network address translation (NAT) in place.
    I'll leave the latter solution off as beyond the scope of your question.
    For the former, you would just change your subnet mask - for example, if the classful subnet is a "standard" /24 (255.255.255.0) then split it in two - /25 or 255.255.255.128. Assign hosts in one or the other.
    You have to have some pattern - all networking is based on patterns in some way or another.

  • How to set up VLANs for Cisco SG500 - 28 switch

    Hi,
    First of all, this is my first post in here, I hope someone can help me, and please be patient since I am very little experienced.
    OK, so let me explain you the scenarion that I am facing and hopefully someone will be able to help me.
    We have a Cisco SG500 - 28 port gigabit switch in our workplace.
    Our goal, is to create 3 VLANs and seperate the networks between different departements.
    VLAN1 (which is the default VLAN in the switch) - will be used for IT department and the management.
    VLAN100 - will be used for business .
    VLAN200 - will be used for guests who need to connect to the internet through WiFi.
    I have created VLAN100 and VLAN200, and VLAN1 is there by default.
    I want to use port 13 for VLAN200 and to connect the Wifi access-point there.
    The uplink is in port 25.
    I would be glad if you could explain me the stuff first in a abstract more general level, and then we can look at the specific scenario that we have.
    The Cisco SG500 - 28 gets internet from a Sophos UTM 9 router.
    I will need to take care of inter-VLAN routing as well, and subnet, and DHCP
    Thanks in advance,
    Kindest regards,
    D

    Hello Desmond,
    You have two different options:
    Option 1:
    Configure Sg500 switch as a Layer 2 switch and let the Sophos firewall do all the Layer 3 routing along with internet access. If you choose this option, then, you need to configure your uplink port as a trunk port and allow all 3 vlans to pass through. Also, you need to make sure that the Sophos device supports VLANs and trunking (or at least sub interfaces and create sub interfaces for each vlan). Also, all LAN devices will have the respective sub-interface/VLAN interface IP on the Sophos as their default gateway.
    Option 2:
    Configure SG500 switch as a Layer 3 device and configure intervlan routing to manage internal network traffic locally and send just the internet traffic to Sophos device.
    You need to create Layer 3 interfaces for VLAN1, VLAN100, and VLAN200 on SG500 and then make those Layer 3 interfaces default gateway for respective VLAN.
    You can configure the uplink port as an access port in one of the VLANs.
    Make sure that the Sophos device has an IP on the same subnet as the VLAN you chose for the uplink port.
    You also need to enter static routes on the Sophos device for the remaining two subnets on the SG500 (next hop address pointing to the IP address of the VLAN that the uplink port belongs to).
    Also, on the SG500, you need to configure a default route, next hop address pointing to the Sophos interface IP address.
    Hope this helps.
    Nagaraja

  • Oracle RAC Interconnect, PowerVM VLANs, and the Limit of 20

    Hello,
    Our company has a requirement to build a multitude of Oracle RAC clusters on AIX using Power VM on 770s and 795 hardware.
    We presently have 802.1q trunking configured on our Virtual I/O Servers, and have currently consumed 12 of 20 allowed VLANs for a virtual ethernet adapter. We have read the Oracle RAC FAQ on Oracle Metalink and it seems to otherwise discourage the use of sharing these interconnect VLANs between different clusters. This puts us in a scalability bind; IBM limits VLANs to 20 and Oracle says there is a one-to-one relationship between VLANs and subnets and RAC clusters. We must assume we have a fixed number of network interfaces available and that we absolutely have to leverage virtualized network hardware in order to build these environments. "add more network adapters to VIO" isn't an acceptable solution for us.
    Does anyone know if Oracle can afford any flexibility which would allow us to host multiple Oracle RAC interconnects on the same 802.1q trunk VLAN? We will independently guarantee the bandwidth, latency, and redundancy requirements are met for proper Oracle RAC performance, however we don't want a design "flaw" to cause us supportability issues in the future.
    We'd like it very much if we could have a bunch of two-node clusters all sharing the same private interconnect. For example:
    Cluster 1, node 1: 192.168.16.2 / 255.255.255.0 / VLAN 16
    Cluster 1, node 2: 192.168.16.3 / 255.255.255.0 / VLAN 16
    Cluster 2, node 1: 192.168.16.4 / 255.255.255.0 / VLAN 16
    Cluster 2, node 2: 192.168.16.5 / 255.255.255.0 / VLAN 16
    Cluster 3, node 1: 192.168.16.6 / 255.255.255.0 / VLAN 16
    Cluster 3, node 2: 192.168.16.7 / 255.255.255.0 / VLAN 16
    Cluster 4, node 1: 192.168.16.8 / 255.255.255.0 / VLAN 16
    Cluster 4, node 2: 192.168.16.9 / 255.255.255.0 / VLAN 16
    etc.
    Whereas the concern is that Oracle Corp will only support us if we do this:
    Cluster 1, node 1: 192.168.16.2 / 255.255.255.0 / VLAN 16
    Cluster 1, node 2: 192.168.16.3 / 255.255.255.0 / VLAN 16
    Cluster 2, node 1: 192.168.17.2 / 255.255.255.0 / VLAN 17
    Cluster 2, node 2: 192.168.17.3 / 255.255.255.0 / VLAN 17
    Cluster 3, node 1: 192.168.18.2 / 255.255.255.0 / VLAN 18
    Cluster 3, node 2: 192.168.18.3 / 255.255.255.0 / VLAN 18
    Cluster 4, node 1: 192.168.19.2 / 255.255.255.0 / VLAN 19
    Cluster 4, node 2: 192.168.19.3 / 255.255.255.0 / VLAN 19
    Which eats one VLAN per RAC cluster.

    Thank you for your answer!!
    I think I roughly understand the argument behind a 2-node RAC and a 3-node or greater RAC. We, unfortunately, were provided with two physical pieces of hardware to virtualize to support production (and two more to support non-production) and as a result we really have no place to host a third RAC node without placing it within the same "failure domain" (I hate that term) as one of the other nodes.
    My role is primarily as a system engineer, and, generally speaking, our main goals are eliminating single points of failure. We may be misusing 2-node RACs to eliminate single points of failure since it seems to violate the real intentions behind RAC, which is used more appropriately to scale wide to many nodes. Unfortunately, we've scaled out to only two nodes, and opted to scale these two nodes up, making them huge with many CPUs and lots of memory.
    Other options, notably the active-passive failover cluster we have in HACMP or PowerHA on the AIX / IBM Power platform is unattractive as the standby node drives no resources yet must consume CPU and memory resources so that it is prepared for a failover of the primary node. We use HACMP / PowerHA with Oracle and it works nice, however Oracle RAC, even in a two-node configuration, drives load on both nodes unlike with an active-passive clustering technology.
    All that aside, I am posing the question to both IBM, our Oracle DBAs (whom will ask Oracle Support). Typically the answers we get vary widely depending on the experience and skill level of the support personnel we get on both the Oracle and IBM sides... so on a suggestion from a colleague (Hi Kevin!) I posted here. I'm concerned that the answer from Oracle Support will unthinkingly be "you can't do that, my script says to tell you the absolute most rigid interpretation of the support document" while all the time the same document talks of the use of NFS and/or iSCSI storage eye roll
    We have a massive deployment of Oracle EBS and honestly the interconnect doesn't even touch 100mbit speeds even though the configuration has been checked multiple times by Oracle and IBM and with the knowledge that Oracle EBS is supposed to heavily leverage RAC. I haven't met a single person who doesn't look at our environment and suggest jumbo frames. It's a joke at this point... comments like "OMG YOU DON'T HAVE JUMBO FRAMES" and/or "OMG YOU'RE NOT USING INFINIBAND WHATTA NOOB" are commonplace when new DBAs are hired. I maintain that the utilization numbers don't support this.
    I can tell you that we have 8Gb fiber channel storage and 10Gb network connectivity. I would probably assume that there were a bottleneck in the storage infrastructure first. But alas, I digress.
    Mainly I'm looking for a real-world answer to this question. Aside from violating every last recommendation and making oracle support folk gently weep at the suggestion, are there any issues with sharing interconnects between RAC environments that will prevent it's functionality and/or reduce it's stability?
    We have rapid spanning tree configured, as far as I know, and our network folks have tuned the timers razor thin. We have Nexus 5k and Nexus 7k network infrastructure. The typical issues you'd fine with standard spanning tree really don't affect us because our network people are just that damn good.

  • VLANs for Wireless LAN controller

    Hello,
    Just finished the configuration of wireless controller and connected Access point.
    I have a scheme like this:
    Cisco 3945 with WLC on SRE------TRUNK-------L3 switch-------TRUNK----------L2 switch--------ACCESS PORT-------ACCESS POINT-----WIRELESS----CLIENT
    2 VLANs on the  WLC (with DHCP on the router):
    1. management (VLAN 200 for management and access points - works fine)
    2. clients (VLAN 300, all setting are same, except Enable Dynamic AP Management setting, which is off and IP subnet, DHCP on router too).
    Clients are able to connect, but they can't get address or ping the gateway of the clients VLAN (if i put this VLAN in the WLAN
    Interface/Interface Group(G) setting), but everything is fine, if i set management VLAN to Interface/Interface Group(G) setting of the WLAN.
    do i need to add any additional setting on the switches or on the router to allow this clients VLAN?...
    P.S. i am able to ping both vlans, or get DHCP address from the switch and router...

    yes, just for test, i set up IP from clients VLAN on the L2 switch, and from that switch i am able to ping the controller interface (clients interface).
    Just to be clear, do I need to have both VLANS (ap-management and clients VLANs) on all the switches and router on my setup?
    As I understand i need to have ap-management vlan only on L2 and L3 switches. Any other VLANs go throught the tunnel between AP and WLC?

  • Setting Qos for the Cisco C20plus codec endpoints.

    My company has implemented a cisco video conferencing system using the Cisco C20plus codecs as H323 endpoints.
    We currently utilise the Optus evolve network (MPLS) for our WAN
    Our network WAN utilises Qos per VLAN settings.
    For example, phones are in their own VLANs per site and the video conferencing system has its own VLAN.
    We policy map ACLs to the following Qos classes specified by Optus in order of priority (Highest to lowest):
     Gold-RT
     Gold-NRT
     Silver-NRT3
     Silver-NRT2
     Silver-NRT1
     Default
    Cisco recommend that Gold-RT is reserved for audio (phones) so I would like to set the C20plus video and audio traffic in the Gold-NRT class.
    This class has the DSCP bits set to af42 which is more than ample priority for the video conferencing traffic.
    Can anyone tell me what ports I need to specify in a permit statement in the Gold-NRT ACL to apply dscp af42 to the video and audio traffic please?
    All C20plus endpoints RTP ports range are set to 2326 - 2486 so I will need a UDP permit statement for those ports for the C20plus endpoint ip address.
    Are these the only ports that I need add to the Gold-NRT ACL?

    As Dejan has said, this question would be better placed in the TelePresence section of the forums where endpoints such as the C20 are discussed.
    In any case, if you set your switch ports to trust the DSCP markings on the packets, the tags themselves can be applied on the endpoint.
    If you go to the web interface of the C20 and log in, then go to Configuration > System Configuration > Network.
    Scroll down near the bottom and you'll find the QoS section.  Here you can set the Mode to "Diffserv" and set each of the individual values as required, ie, if you want AF42, enter 36 in the field (see the Assured Forwarding table on wikipedia for other value mappings).
    Wayne
    Please remember to rate responses and to mark your question as answered if appropriate.

  • 3750 bandwidth limitation between the same vlan over the trunk

    Hi All,
    I have 2 3750G series switches on the trunk link. some machines are part of vlan1 on the switch 1 and some machines are the part of the same vlan1 on the other switch2. I need to limit the bandwidth between the switches for the vlan1. picture is attached.
    I tried to do through the modulare policy frame work (class-map/service-map and policy-map using the police command) but problems are
    1) 3750 does not support output service policy, so i cannot apply the policy on the output of the trunk link.
    2) I can apply the input policy but it will be only for one machine but not for the others on the same switch. if i apply the policy on per port basis then every port has separate bw limitation. I require to limit the bandwidth on per vlan basis on the trunk port. like vlan 1 takes 10 MB, VLAN2 takes 10 MB on the trunk link when communicating between the same vlans.
    Is there any solution for that scenario? your help in this case will be higly appriciated. As its the layer 2 communication, its hard for me to find the solution. if it was layer 3 then i can do it easily by using the rate-limit commmand on the interface.
    thanks

    On the 4500 series we use vlan-range for this,
    conf t
    qos aggregate-policer 10MB 10 mbps 1250000 byte conform-action transmit exceed-action drop
    policy-map 10MB
    class class-default
    police aggregate 10MB
    interface GigabitEthernet1/1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,10,12,15
    switchport mode trunk
    switchport nonegotiate
    vlan-range 1
    service-policy input 10MB
    service-policy output 10MB
    end
    dunno if the 3750's have the same options

  • 802.1x on Cisco 3750 switch: How to stop retrying the authentication for the un-authorized guests

    Hi experts,
    I'm trying to stop the authentication retry for the guests. They won't have the credential to be authorzied and will be put in the guest VLAN. However the switch seems by default always retries the authentication every 15 seconds or so. It's fine if the guests are few but I'm implementing it at a hotel where most users are guests (like 1000 of them at the same time...).
    I really need to turn it off or at least find some timer to decrease the frenquency... It's urgent because the hotel is about to open... The following is the config I put on an interface:
    switchport access vlan 1055
    switchport mode access
    switchport nonegotiate
    switchport voice vlan 657
    ip access-group ACL_PortIso_IDF21 in
    authentication event fail action authorize vlan 1055
    authentication event no-response action authorize vlan 1055
    authentication host-mode multi-domain
    authentication port-control auto
    authentication violation protect
    mab
    no snmp trap link-status
    dot1x pae authenticator
    dot1x timeout quiet-period 300
    dot1x timeout tx-period 2
    dot1x timeout supp-timeout 2
    dot1x max-reauth-req 10
    dot1x timeout held-period 300
    no cdp enable
    spanning-tree portfast
    spanning-tree bpduguard enable
    no ip igmp snooping tcn flood
    Thanks!

    Elly,
    Soon I will have a Windows laptop plugged in. Then I will be able to run the wireshark. Now I have to run the "debug dot1x packets" since the attached device is a phone.
    So first I "clear dot1x session int f3/0/13". After a couple of "failure" eventually it will show this:
    "%AUTHMGR-5-SUCCESS: Authorization succeeded for client (Unknown MAC) on Interface Fa3/0/13"
    (Weird... why it's showing "success"? Anyway when the authentication restarts again after several minutes there won't be any "sucess" any more, as shown in my previous text file. They are)
    Then I have the debug turnned on:
    .Jan 25 12:47:21: %AUTHMGR-5-START: Starting 'dot1x' for client (0019.f302.a378) on Interface Fa3/0/13 AuditSessionID 0A8F7325000010629B960A41
    INDJWSW01-2104#
    .Jan 25 12:47:21: EAPOL pak dump Tx
    .Jan 25 12:47:21: EAPOL Version: 0x3  type: 0x0  length: 0x0005
    .Jan 25 12:47:21: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1
    .Jan 25 12:47:21: dot1x-packet(Fa3/0/13): EAPOL packet sent to client 0x5600009F (0019.f302.a378)
    INDJWSW01-2104#
    .Jan 25 12:47:23: EAPOL pak dump Tx
    .Jan 25 12:47:23: EAPOL Version: 0x3  type: 0x0  length: 0x0005
    .Jan 25 12:47:23: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1
    .Jan 25 12:47:23: dot1x-packet(Fa3/0/13): EAPOL packet sent to client 0x5600009F (0019.f302.a378)
    INDJWSW01-2104#
    .Jan 25 12:47:25: EAPOL pak dump Tx
    .Jan 25 12:47:25: EAPOL Version: 0x3  type: 0x0  length: 0x0005
    .Jan 25 12:47:25: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1
    .Jan 25 12:47:25: dot1x-packet(Fa3/0/13): EAPOL packet sent to client 0x5600009F (0019.f302.a378)
    INDJWSW01-2104#
    .Jan 25 12:47:27: %DOT1X-5-FAIL: Authentication failed for client (0019.f302.a378) on Interface Fa3/0/13 AuditSessionID 0A8F7325000010629B960A41
    .Jan 25 12:47:27: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (0019.f302.a378) on Interface Fa3/0/13 AuditSessionID 0A8F7325000010629B960A41
    .Jan 25 12:47:27: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (0019.f302.a378) on Interface Fa3/0/13 AuditSessionID 0A8F7325000010629B960A41
    INDJWSW01-2104#
    .Jan 25 12:47:27: %AUTHMGR-5-START: Starting 'mab' for client (0019.f302.a378) on Interface Fa3/0/13 AuditSessionID 0A8F7325000010629B960A41
    .Jan 25 12:47:28: %MAB-5-FAIL: Authentication failed for client (0019.f302.a378) on Interface Fa3/0/13 AuditSessionID 0A8F7325000010629B960A41
    .Jan 25 12:47:28: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'mab' for client (0019.f302.a378) on Interface Fa3/0/13 AuditSessionID 0A8F7325000010629B960A41
    .Jan 25 12:47:28: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (0019.f302.a378) on Interface Fa3/0/13 AuditSessionID 0A8F7325000010629B960A41
    .Jan 25 12:47:28: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (0019.f302.a378) on Interface Fa3/0/13 AuditSessionID 0A8F7325000010629B960A41
    Then the message will repeat and repeat forever... It seems that the switch Tx the packets first... Any ideas???
    Thanks!

  • Setting up a Test Voice VLAN for Lync 2013

    I want to set up a second voice vlan to be a test vlan.
    In the current situation the customer has voice and data running on  vlan1. The customer insist on taking incremental steps to improve QoS. I have advocated separated vlans for voice and data. They just want to move everything (phase 1) to a different
    vlan. They want to see how getting all traffic of vlan 1 will improve there performance. Again, I recommended the best practice, they want to try this approach first.
    I am conducting a pilot test with just one cx600 IP phone. and a single switchport. I created a new vlan99 using VTP.  I configured the switchports on the Cisco 2960-x switch as follows.
    #switchport mode access
    #switchport access vlan 99
    The phone gets its correct vlan id, and pulls its IP from the correct dhcp scope. However the phone displays "connecting with the lync server" for a long time, then "connecting to download its certificates". This takes a long time then fails.
    If I change the switchport back to vlan1 it works fine. What can be the problem? Does the vlan99 need to be defined on the lync server? How many vlans can be supported by Lync 2013?
    Thank you,
    gigiu

    Did you set the VLAN Configuration for Lync Phone Edition?
    You can check the following links:
    http://blog.schertz.name/2011/01/manual-vlan-configuration-for-lync-phone-edition/
    http://www.bricomp.com/blogs/post.cfm/dedicated-voice-vlan-for-lync-devices
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please
    make sure that you completely understand the risk before retrieving any suggestions from the above link.
    Lisa Zheng
    TechNet Community Support

Maybe you are looking for