VWLC 7.4 LAP Flexconnect config
Hello Friends,
I have a lab scenario wher i have installed ISE1.1 on VM and other hand vWLC7.4 also there in VM i am using 1130AG APs in flexconnect mode and using central auth and central switch.
i wan to configure it for CWA(central web Auth) from ISE but a little a bit confuse about ACLs.
please any idea about config guide of this integration done.
thanks
Which part of the ACL's do you need help with? You need a pre-auth ACL configured on the WLC so that the client can get an ip address, and then you need to match this name on the ISE portal with the one on the WLC. Once the CWA process has been completed a CoA is triggered and a new ACL (and VLAN) can be applied.
For the pre-auth ACL all that the client generally needs access to is DHCP, DNS, and HTTPS to each of the respective services.
Similar Messages
-
ISE Central webauth and vWLC 7.4
Hi Everybody,
I am wondering if anyone has gotten this scenario to work, Cisco ISE Guest Portal via CWA redirect on an AP connected to a Virtual WLC running 7.4. As vWLC can only run flexconnect, and no centrally switched vlans are supported, how would this scenario be possible, if at all, the AP would have to do the redirect instead of the controller ?Yes, I agree with Tarik
also do review the below link which might be helpful:
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_41_guest_services.pdf
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_40_webauthentication_dg.pdf -
FlexConnect VLAN Mappings Inheritance
Hi guys,
I have 3 APs, which joined the vWLC some time ago (FlexConnect mode). I setup the VLAN Mappings, add them to an AP Group and all went well.
After some time I started to use FlexConnect Groups. I have created a group for these three and add each to the group.
Trouble is, even after adding each AP to the FlexConnect Group the VLAN Mappings Inheritance stays on AP-Specific instead of Group-Specific.
I tried Remove AP Specific option, but I receive an error message I have attached.
Thanks in advance for any hint/tip.Yes... If your ap and users are going to be put in the data Vlan, you can just leave the port to an access port and you don't have to setup any native val. Or Vlan mapping in the FlexConnect AP. If you decide you want to map users to the voice Vlan, then you need to trunk it.
If you want to trunk it anyways, then you can map a WLAN to the data Vlan too.
Sent from Cisco Technical Support iPhone App -
ISE BYOD Android : Impossible to launch "Network setup assistant"
Hello
The Byod procedure fails when launching "Network setup assistant"
Error message is: "This profile could not be downloaded, are-you connected to Guest Portal ?"
WLC 5508 (VM) 7.5
Wlan : Flexconnect
Config : AP Flexconnect
ISE 1.3
Android 4.1.2
Here are the step:
1: Rule CWA : Redirect to Guest portal : OK
2: Rule CWA : Redirect to device portal : OK
3: Rule Android_dualSSID : Downloading "Network setup assistant" from Googleplay : OK
4: Rule Android_dualSSID : Launch "Network setup assistant 1.2.40" : NOK
Note : Profile "CWA_GooglePlay" = Redirect-ACL (NSP-ACL-Google)
The NSP-ACL-Google looks like:
(Taken from Flexconnect AP):
Extended IP access list NSP-ACL-Google
10 permit ip any host <IP ISE>
20 permit ip host <IP ISE> any
30 permit udp any range 0 65535 any eq domain
40 permit udp any eq domain any range 0 65535
50 permit ip any 74.128.0.0 0.0.255.255
60 permit ip 74.128.0.0 0.0.255.255 any
70 permit ip any 173.194.0.0 0.0.255.255
80 permit ip 173.194.0.0 0.0.255.255 any
90 permit ip any 206.111.0.0 0.0.255.255
100 permit ip 206.111.0.0 0.0.255.255 any
110 permit ip any 74.125.0.0 0.0.255.255
120 permit ip 74.125.0.0 0.0.255.255 any
130 permit ip any 208.117.224.0 0.0.0.255
140 permit ip 208.117.224.0 0.0.0.255 any
150 permit ip any 216.12.120.0 0.0.0.255
160 permit ip 216.12.120.0 0.0.0.255 any
170 deny ip any any
Could you please help
Michel MisonneHello
We use the one describe in "Cisco Unified Access (UA) and Bring Your Own
Device (BYOD) CVD"
I tried also with this one:
Extended IP access list NSP-ACL-Google
10 permit ip any host 10.35.124.195
20 permit ip host 10.35.124.195 any
30 permit ip any host 10.35.65.4
40 permit ip host 10.35.65.4 any
50 deny ip any 72.163.1.0 0.0.0.255
60 permit ip any any
10 : ISE
20 : ISE
30 : DNS
40 : DNS
50 :Enroll.cisco.com= 72.163.1.80 ( To redirect the Network setup assistant to ISE)
(Enroll.cisco.com is the adresse that the Network setup assiatnt is tryiong to connect)
Regards
Michel -
Flexconnect and vWLC not working DHCP
Hi to all,
I am having trouble with my lab. the wireless clients is not available to get addresses, the client is in state DHCP_RQD.
I am using vwlc 7.4.121 and the ap in flexconnect mode.
the CORE is the dhcp server
the ESXi is the server where i exectute the vWLC
See the attached screenshotHi rasika,
Thanks for you replay. the dhcp for wired client work. and yes the DHCP address assignment is checked as you suggest.
here is the log of dhcp when the wired client request an address:
CRYCOLABCORE01#debug ip dhcp server events
DHCP server event debugging is on.
CRYCOLABCORE01#
*Mar 23 12:23:34.538: DHCPD: Sending notification of DISCOVER:
*Mar 23 12:23:34.538: DHCPD: htype 1 chaddr 0800.27f5.ccef
*Mar 23 12:23:34.538: DHCPD: interface = Vlan20
*Mar 23 12:23:34.538: DHCPD: class id 4d53465420352e30
*Mar 23 12:23:34.538: DHCPD: out_vlan_id 0
*Mar 23 12:23:34.538: DHCPD: Sending notification of DISCOVER:
*Mar 23 12:23:34.538: DHCPD: htype 1 chaddr 0800.27f5.ccef
*Mar 23 12:23:34.538: DHCPD: interface = Vlan20
*Mar 23 12:23:34.538: DHCPD: class id 4d53465420352e30
*Mar 23 12:23:34.538: DHCPD: out_vlan_id 0
*Mar 23 12:23:34.538: DHCPD: requested address 10.10.30.1 is not on subnet 192.168.20.0.
*Mar 23 12:23:36.540: DHCPD: Adding binding to radix tree (192.168.20.1)
*Mar 23 12:23:36.540: DHCPD: Adding binding to hash tree
*Mar 23 12:23:36.540: DHCPD: assigned IP address 192.168.20.1 to client 0108.0027.f5cc.ef. (25 0)
*Mar 23 12:23:36.540: DHCPD: DHCPOFFER notify setup address 192.168.20.1 mask 255.255.255.0
*Mar 23 12:23:36.544: DHCPD: Sending notification of ASSIGNMENT:
*Mar 23 12:23:36.544: DHCPD: address 192.168.20.1 mask 255.255.255.0
*Mar 23 12:23:36.544: DHCPD: htype 1 chaddr 0800.27f5.ccef
*Mar 23 12:23:36.544: DHCPD: lease time remaining (secs) = 86400
*Mar 23 12:23:36.544: DHCPD: interface = Vlan20
*Mar 23 12:23:36.544: DHCPD: out_vlan_id 0
CRYCOLABCORE01#
*Mar 23 12:23:39.336: DHCPD: Sending notification of ASSIGNMENT:
*Mar 23 12:23:39.336: DHCPD: address 192.168.20.1 mask 255.255.255.0
*Mar 23 12:23:39.336: DHCPD: htype 1 chaddr 0800.27f5.ccef
*Mar 23 12:23:39.336: DHCPD: lease time remaining (secs) = 86400
*Mar 23 12:23:39.336: DHCPD: interface = Vlan20
*Mar 23 12:23:39.336: DHCPD: out_vlan_id 0
and here is the log of the dhcp server when the wireless client request an address in the SSID (SSID20)
CRYCOLABCORE01#
*Mar 23 12:37:59.324: DHCPD: Sending notification of DISCOVER:
*Mar 23 12:37:59.324: DHCPD: htype 1 chaddr 485a.b67c.bfb7
*Mar 23 12:37:59.324: DHCPD: interface = Vlan11
*Mar 23 12:37:59.324: DHCPD: class id 4d53465420352e30
*Mar 23 12:37:59.324: DHCPD: out_vlan_id 0
*Mar 23 12:37:59.324: DHCPD: Sending notification of DISCOVER:
*Mar 23 12:37:59.324: DHCPD: htype 1 chaddr 485a.b67c.bfb7
*Mar 23 12:37:59.324: DHCPD: interface = Vlan11
*Mar 23 12:37:59.324: DHCPD: class id 4d53465420352e30
*Mar 23 12:37:59.324: DHCPD: out_vlan_id 0
CRYCOLABCORE01#
*Mar 23 12:38:01.329: DHCPD: Adding binding to radix tree (192.168.11.4)
*Mar 23 12:38:01.330: DHCPD: Adding binding to hash tree
*Mar 23 12:38:01.330: DHCPD: assigned IP address 192.168.11.4 to client 0148.5ab6.7cbf.b7. (22 0)
*Mar 23 12:38:01.330: DHCPD: DHCPOFFER notify setup address 192.168.11.4 mask 255.255.255.0
CRYCOLABCORE01#
*Mar 23 12:38:02.604: DHCPD: Sending notification of DISCOVER:
*Mar 23 12:38:02.604: DHCPD: htype 1 chaddr 485a.b67c.bfb7
*Mar 23 12:38:02.604: DHCPD: interface = Vlan11
*Mar 23 12:38:02.604: DHCPD: class id 4d53465420352e30
*Mar 23 12:38:02.604: DHCPD: out_vlan_id 0
*Mar 23 12:38:02.604: DHCPD: Sending notification of DISCOVER:
*Mar 23 12:38:02.604: DHCPD: htype 1 chaddr 485a.b67c.bfb7
*Mar 23 12:38:02.604: DHCPD: interface = Vlan11
*Mar 23 12:38:02.604: DHCPD: class id 4d53465420352e30
*Mar 23 12:38:02.604: DHCPD: out_vlan_id 0
*Mar 23 12:38:02.604: DHCPD: DHCPOFFER notify setup address 192.168.11.4 mask 255.255.255.0
i don't know why the request come from the interface vlan11, the vlan 11 is the segment of the network wirelesss devices such as APs and CONTROLLER.
What additional task is needed in the vWLC ? :s
The vWLC work as dhcp proxy (default behavior) and no dhcp bridging enable
here is the swtich port config where is connected the LAP:
interface Ethernet3/3
description CONNECTED-to-LABLAP01
switchport trunk encapsulation dot1q
switchport trunk native vlan 11
switchport trunk allowed vlan 11,20-22
switchport mode trunk
duplex auto
spanning-tree portfast trunk
NOTE: When disable vlan support in the advanced AP configuration tab work the dhcp. but i wish to configure multi SSID in an AP. -
LAP: 1242AG version 12.3(7)JX3
WLC: CTVM version 7.6.100.0
LAP IP: 192.168.3.11
WLC IP: 192.168.2.22
Followed directions on
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99948-lap-notjoin-wlc-tshoot.html
1) Verified LAP and WLC can ping each other.
2) Verified that time on WLC is correct:
(Cisco Controller) >show time
Time............................................. Mon Mar 3 22:46:40 2014
3) Verified MIC on LAP is NOT expired:
Certificate
Status: Available
Certificate Serial Number: 4CD884DD0000000B2182
Certificate Usage: General Purpose
Issuer:
cn=Cisco Manufacturing CA
o=Cisco Systems
Subject:
Name: C1240-00175a9b08a4
[email protected]
cn=C1240-00175a9b08a4
o=Cisco Systems
l=San Jose
st=California
c=US
CRL Distribution Point:
http://www.cisco.com/security/pki/crl/cmca.crl
Validity Date:
start date: 05:02:38 UTC Apr 4 2006
end date: 05:12:38 UTC Apr 4 2016
renew date: 00:00:00 UTC Jan 1 1970
Associated Trustpoints: Cisco_IOS_MIC_cert
4) Getting the following messages on WLC. (00:17:0f:20:c4:30 is the LAP)
*spamApTask0: Mar 03 22:45:39.885: 00:17:0f:20:c4:30 Received LWAPP DISCOVERY REQUEST to 00:0c:29:9e:17:d7 on port '1'
*spamApTask0: Mar 03 22:45:39.885: 00:17:0f:20:c4:30 LWAPP Discovery Request AP Software Version: 0x3027415
*spamApTask0: Mar 03 22:45:39.885: 00:17:0f:20:c4:30 Join Priority Processing status = 0, Incoming Ap's Priority 0, MaxLrads = 200,joined Aps =0
*spamApTask0: Mar 03 22:45:39.885: 00:17:0f:20:c4:30 Received a Discovery Request from 00:17:0F:20:C4:30 destined for a different controller (0.0.0.0)!. Dropping the packet
5) Getting the following messages on LAP:
*Mar 1 00:15:50.797: LWAPP_CLIENT_EVENT: spamResolveStaticGateway - gateway found
*Mar 1 00:16:00.805: %DOT11-6-FREQ_USED: Interface Dot11Radio0, frequency 2437 selected
*Mar 1 00:16:00.812: %DOT11-6-FREQ_USED: Interface Dot11Radio1, frequency 5765 selected
*Mar 1 00:16:00.812: LWAPP_CLIENT_EVENT: spamHandleDiscoveryTimer: Could not discover any MWAR
"show run-config" from vWLC attached. How shall I troubleshoot?
Thank you!AP0017.5a9b.08a4#capwap ap controller ip address 192.168.2.22
^
% Invalid input detected at '^' marker.
AP0017.5a9b.08a4#
Exec commands:
cd Change current directory
clear Reset functions
clock Manage the system clock
crypto Encryption related commands.
debug Debugging functions (see also 'undebug')
delete Delete a file
dir List files on a filesystem
disable Turn off privileged commands
dot11 IEEE 802.11 commands
enable Turn on privileged commands
exit Exit from the EXEC
fsck Fsck a filesystem
help Description of the interactive help system
led LED functions
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
mkdir Create new directory
monitor Monitoring different system events
more Display the contents of a file
name-connection Name an existing network connection
no Disable debugging functions
ping Send echo messages
pwd Display current working directory
release Release a resource
reload Halt and perform a cold restart
rename Rename a file
renew Renew a resource
rmdir Remove existing directory
save Start to save raise_interrupt_level stack
send Send a message to other tty lines
set Set system parameter (not config)
show Show running system information
systat Display information about terminal lines
terminal Set terminal line parameters
test Test subsystems, memory, and interfaces
traceroute Trace route to destination
undebug Disable debugging functions (see also 'debug')
upgrade Upgrade software
verify Verify a file
where List active connections
AP0017.5a9b.08a4#
From LAP:
AP0017.5a9b.08a4#ping 192.168.2.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.22, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
AP0017.5a9b.08a4#
From vWLC:
(Cisco Controller) >ping 192.168.3.11
Send count=3, Receive count=6 from 192.168.3.11
(Cisco Controller) > -
Hi
I am running into a really weird problem.
My vWLC has AP associated to it and in Flexconnect mode and I can connect to WLAN's (SSID) successfully.
But if I switch between WLAN's e.g test-ho and test-guest I see that they timeout in a way that I get the IP from the correct VLAN / Subnet to which I have switched too , yet it shows as identifying on the computer and even I cannot ping anywhere or to the gateway for that matter and it takes like this forever.
if I just reset the WLAN's from the vWLC , the workstations connects immediately but if I switch again between WLAN's is does the same thing again.
I am just unable to figure out whats causing this delay and behavior.
Any help will be really appreciated
Thanks in Advance.alright I believe I have found the issue and it's basically my configuration and making me all confused, my apologies.
let me do a back trace of events !
I am setting up my vWLC migrating from WLC 5508 .
needed to changed the mode from local to flexconnect to make the AP's work on vWLC as I read and advised that only flexconnect mode works on vWLC.
I have two WLAN's 'HO' and 'Guest' , 'HO' is AAA authenticated and 'GUEST' is local webauth , two different VLAN's for 'HO' = 20 and 'Guest '30'
It seems I am following a bad guide to setup the AP in Flexconnect mode with my setup . Do you have any guide which I can refer to. -
Can I force a Flexconnect AP into Standalone mode?
I've found an interesting setup where some remote sites have over 400+ ms latency to the controller (This is due to the 3G/4G WWAN connection back to corp), I am thinking this causing some issues since the required latency for Flexconnect is no more then 150+ ms. It appears if I block the CAPWAP traffic from the LAP to the controller and force everything to be locally switched those issues dissappear. So I was wondering if there was a way I can force a Flexconnect AP into standalone, I have not been able to find anything in any documentation this far.
I've slated an upgrade to 7.4 (from 7.2) to gain the ability to apply a Flexconnect ACL to force everything to be locally switches at the remote sites LAP, but I was just looking for a "better" stop gap in this less than ideal design.
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/My apologies Scott, I forgot to mention the WLAN config but yes that is exactly how it's configured the WLAN is setup for local switching and it is mapped to the appriopriate VLAN on the remote LAN. I know flexconnect locally switched traffic is not affected when the LAP changes between standalone and connected mode but this is just one of those times I've hit a brick wall, and it's even more interesting that blocking the CAPWAP communications between the LAP and WLC has resolved the issue (Communication has been functioning fine for over a week so it's not just a fluke one time thing).
I am under the assumption that by default with Flexconnect that local traffic will be locally switched and traffic destined outside the site/local subnets will be tunneled back through the CAPWAP tunnel, unless specified by a Flexconnect ACL.
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/ -
VWLC clients getting DHCP address from management VLAN
Hi,
We have a strange scenario whereby some wireless employees are obtaining addresses from the management VLAN.
Some details:
DHCP managed by MS DHCP 2008 R2 (in remote data centre)
Cisco vWLC AIR-CTVM-K9 running v7.6.110.0
AP's are a mix of 2602 and 3702 (46 and 2 of each respectively)
SSID's are employee, guest, and production devices (all mapped to their own interface with relevant VLAN tag as per normal)
AP's all in FlexConnect mode as per vWLC caveats
Some employees are receiving addresses in the wireless management VLAN. This network only has six DHCP addresses available as it is solely for AP's, WLC and HSRP gateway. Obviously this gets exhausted very quickly leaving us with a scenario where clients are not obtaining DHCP addresses.
I understand that with FlexConnect mode, it will assign IP's from the native VLAN. What I don't understand is why most clients receive addresses in the correct VLAN, but a handful do not, and then cannot get an address from DHCP. Obviously the ideal scenario would be to put the AP's into local mode but unless this has changed in a SW release then I don't believe it's possible...
My question is: How do I get ALL the employees to obtain addresses from their interface and not the management VLAN?
Thanks in advance.Hi,
I think we need a closer look to your configurarion to eliminate some possibilities:
- What is the WLAN security you choose?
- What is the interface that is configured under the WLAN?
- Does your WLAN have local switching enabled?
- If your security is using RADIUS server, do you have AAA override enabled under the WLAN config?
- If your security is using RADIUS server, do you send any attributes to the users?
- You have eliminate that clients that got management vlan IPs are always on same AP or they can be on any AP.
HTH
Amjad -
Hi,
I have setup a vWLC and I'm unable to get local webauth working for a guest WLAN. From my understanding, as the access points only work in Flexconnect mode, traffic to the virtual IP address should still be sent to the vWLC using capwap instead of switching locally but this is not working. The client device receives an IP address from DHCP but the redirect does not happen. Manual connection attempt to https://1.1.1.1/login.html also fails (1.1.1.1 being the VIP on the vWLC).
Can someone confirm that the vWLC supports local webauth or if an external webauth server is required?
Thanks,Hello Will,
As per your query i can suggest you the following steps-
Step 1 Copy the .tar file containing your login page to the default directory on your server.
Step 2 Specify the download mode by entering this command:
transfer download mode {tftp | ftp | sftp
Step 3 Specify the type of file to be downloaded by entering this command:
transfer download datatype webauthbundle
Step 4 Specify the IP address of the TFTP server by entering this command:
transfer download serverip tftp-server-ip-address.
Note Some TFTP servers require only a forward slash (/) as the TFTP server IP address, and the TFTP server automatically determines the path to the correct directory.
Step 5 Specify the download path by entering this command:
transfer download path absolute-tftp-server-path-to-file
Step 6 Specify the file to be downloaded by entering this command:
transfer download filename filename.tar
Step 7 View your updated settings and answer y to the prompt to confirm the current download settings and start the download by entering this command:
transfer download start
Step 8 Specify the web authentication type by entering this command:
config custom-web webauth_type customized
Step 9 Enter the save config command to save your settings.
For more information please refer to the link-
http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/system_management/config_system_management_chapter_010111.html#ID785
Hope this will help you. -
Cisco LAP 2602 can not join Virtual WLC
dear all,
i just install Virtual WLC and i remove WLC 2504 , i install & configured it , but LAP can not join. it was work fine with WLC 2504.
i used the same network topology with the old WLC.
i receive this error logs.
*spamApTask4: Feb 04 06:01:30.082: <<<< Start of CAPWAP Packet >>>>
*spamApTask4: Feb 04 06:01:30.082: CAPWAP Control mesg Recd from 10.192.200.93, Port 26711
*spamApTask4: Feb 04 06:01:30.082: HLEN 4, Radio ID 0, WBID 1
*spamApTask4: Feb 04 06:01:30.082: Msg Type : CAPWAP_DISCOVERY_REQUEST
*spamApTask4: Feb 04 06:01:30.082: Msg Length : 155
*spamApTask4: Feb 04 06:01:30.082: Msg SeqNum : 0
*spamApTask4: Feb 04 06:01:30.082:
*spamApTask4: Feb 04 06:01:30.082: Type : CAPWAP_MSGELE_DISCOVERY_TYPE, Length 1
*spamApTask4: Feb 04 06:01:30.082: Discovery Type : CAPWAP_DISCOVERY_TYPE_UNKNOWN
*spamApTask4: Feb 04 06:01:30.082:
*spamApTask4: Feb 04 06:01:30.082: Type : CAPWAP_MSGELE_WTP_BOARD_DATA, Length 62
*spamApTask4: Feb 04 06:01:30.083: Vendor Identifier : 0x00409600
*spamApTask4: Feb 04 06:01:30.083: WTP_SERIAL_NUMBER : AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_WTP_DESCRIPTOR, Length 40
*spamApTask4: Feb 04 06:01:30.083: Maximum Radios Supported : 2
*spamApTask4: Feb 04 06:01:30.083: Radios in Use : 2
*spamApTask4: Feb 04 06:01:30.083: Encryption Capabilities : 0x00 0x01
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_WTP_FRAME_TUNNEL, Length 1
*spamApTask4: Feb 04 06:01:30.083: WTP Frame Tunnel Mode : NATIVE_FRAME_TUNNEL_MODE
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_WTP_MAC_TYPE, Length 1
*spamApTask4: Feb 04 06:01:30.083: WTP Mac Type : SPLIT_MAC
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
*spamApTask4: Feb 04 06:01:30.083: Vendor Identifier : 0x00409600
*spamApTask4: Feb 04 06:01:30.083:
IE : UNKNOWN IE 207
*spamApTask4: Feb 04 06:01:30.083: IE Length : 4
*spamApTask4: Feb 04 06:01:30.083: Decode routine not available, Printing Hex Dump
*spamApTask4: Feb 04 06:01:30.083: 00000000: 03 00 00 01 ....
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 12
*spamApTask4: Feb 04 06:01:30.083: Vendor Identifier : 0x00409600
*spamApTask4: Feb 04 06:01:30.083:
IE : RAD_NAME_PAYLOAD
*spamApTask4: Feb 04 06:01:30.083: IE Length : 6
*spamApTask4: Feb 04 06:01:30.083: Rad Name :
*spamApTask4: Feb 04 06:01:30.083: CEO_AP
*spamApTask4: Feb 04 06:01:30.083: <<<< End of CAPWAP Packet >>>>
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Discovery Request from 10.192.200.93:26711
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 ApModel: AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
*spamApTask4: Feb 04 06:01:30.083: apModel: AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083: apType = 26 apModel: AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083: apType: Ox1a bundleApImageVer: 8.0.110.0
*spamApTask4: Feb 04 06:01:30.083: version:8 release:0 maint:110 build:0
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Discovery Response sent to 10.192.200.93 port 26711
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Discovery Response sent to 10.192.200.93:26711
Please any help.dear
yes the wlc 2504 is 8.0.110 but because its damaged i replaced it with new vWLC v 8.0.110.
also i can not put the LAP in flexconnect until its joint. -
Move AP´s form 4400 to vWLC
Hello Community.
At the moment we migrate AP´s from our old 4402 WLC (Version 7.0.235) to a new vWLC (Version 7.5.102)
I have to load a new image to the AP´s that they will connect with the new vWLC.
My Problem is, when i upgrade a AP in a Branch Office everthing works fine. I enter the new controller IP directly to the AP, becouse the DNS points to the old controller which is the productiv at the moment.
When i try to migrate a AP in our central, where also is the physikal old controller, the AP´s will not connect to the new vWLC. I make the Update from the AP and clear the private config and enter the ip of the new controller on the CLI of the AP. After a reboot the AP joins automaticly the old wlc and makes a firmwaredowngrad.
Why ignores the AP the static configured controller IP?
Regards StefanI would recommend to pay extra attention to Troubleshooting – AP Considerations section of the deployment guide. It literally states the following
An AP must be at software version 7.3.1.35 and above to successfully join a virtual controller. Virtual controllers use SSC in order to validate an AP before joining.
There are other items listed as well, but the main requirement is in that one sentence. Cisco Lightweight AP will not join vWLC if that AP lacks Software Release 7.3 or above. For clarity sake, the latest Cisco WLC 4400 Software Release is 7.0.250.0, which implies that it won’t be possible to migrate Lightweight APs from Cisco WLC 4400 to Cisco vWLC in a direct manner.
If you try to associate an AP that runs pre 7.3 WLC Software Release, you will likely notice the following messages in the console CLI, which is a good sign you need to upgrade AP’s software before it can join vWLC:
*Mar 28 12:07:20.227: %CAPWAP-5-SENDJOIN: sending Join Request to 10.175.1.200
*Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.175.1.200
*Mar 28 12:07:20.231: %DTLS-5-ALERT: Received WARNING : Close notify alert from 10.175.1.200
*Mar 28 12:07:30.243: %CAPWAP-3-ERRORLOG: Go join a capwap controller
Before you even start to migrate APs to the vWLC, you have to understand if those APs are being supported in the new version of WLC software (7.3 and above).
Check the WLC 7.3.112.0 Release Notes, specifically “Software Release Support for Access Points” section. There’s a table that lists the majority of Cisco Access Point models and information about their life cycle – First Support and Last Support release versions. The latest column is of highest interest. You can expect an AP to work with the new WLC Software Releases if a dash is displayed in that column. Otherwise you will have to consider replacing APs as well, and not only the WLC.
For example, Cisco Lightweight AP 1142 can be upgraded to software version 7.3 (Last Support release column has the dash). At the same time Cisco Lightweight AP 1220 can not be upgraded (Last Support release version is 7.0.x). After you confirmed that your APs are being supported by WLC 7.3 or above, you can proceed further.
There are two ways to meet this main requirement: Manual and Automatic.
Manual Upgrade (slow, not recommended in large deployments)
This methods does not require any special kit except the console cable and network connectivity to the TFTP server. Process is as follows
Get a recovery image software from the download section at Cisco.com, for WLC 7.3 or above. For example, IOS software that corresponds to WLC Software Release 7.3.112.0 is 15.2(2) JA1 – c1140-rcvk9w8-tar.152-2.JA1.tar;
Interrupt AP boot process by holding Mode button for 30 seconds (until led becomes RED);
Format flash, and download new software from the TFTP server.
load_helper
flash_init
format flash:
set IP_ADDR 192.168.0.200
set NETMASK 255.255.255.0
set DEFAULT_ROUTER 192.168.0.1
tftp_init
tar -xtract tftp://192.168.10.5/c1140-rcvk9w8-tar.152-2.JA1.tar flash:
boot
Reboot AP. It will begin a join process (will upgrade/downgrade to vWLC version, if required);
Automatic Upgrade (recommended)
This process is suitable for large environments, but it requires a presence of hardware WLC that supports Software Release 7.3 and above, like Cisco WLC 5508. Hardware WLC does not require AP to authenticate through SSC (Self-Signed Certificates) hash, thus making it possible for Lightweight AP to join hardware controller with Software Release 7.3 and above without extra efforts, and as result upgrading to the same version of software. The process is described below.
Change an existing DHCP Option 43 to list an IP address of the hardware WLC 7.3 or above (Cisco 5508 will do the trick);
Login to the old WLC’s web page (the one from where you want to migrate compatible APs);
Choose an AP and select “Clear All Config”. This will remove the CAPWAP configuration from AP’s cache and reboot it;
Wait for AP to reboot. It will join hardware WLC 7.3 and upgrade own software. Wait until AP’s status changes to REG;
Change DHCP Option 43 again but this time it has list an IP address of the vWLC
Force an upgraded AP to reboot with factory default settings (“Clear All Config”);
Wait for AP to join vWLC. It may reboot a couple of times, if software versions on hardware and virtual WLCs differ;
Voila – AP will join vWLC without physical intervention.
You can repeat steps 1 through 7 for the rest of APs one by one or in bulk.
One other important requirement to consider is that vWLC will only work with Lightweight APs configured to operate in FlexConnect mode (ex H-REAP). Even though, once upgraded, APs will eventually join vWLC, they won’t be able to associate clients until you switch them to FlexConnect mode. This can be done manually using web interface
Or, vWLC can be configured to automatically convert all APs to work in FlexConnect mode after they join the controller for the first time, and after all required upgrades are complete. To do that, execute the following command using vWLC’s CLI:
config ap autoconvert flexconnect enable
Once applied, every single AP associated with this controller, will be switched to FlexConnect mode automatically. -
Hi!
I try to configure a Cisco 5508 Wireless controller and 25 Air-lap1041 to use as VoIP and data. I read documents, manuals, etc, but the AP doesn't charge the configuration, or not conect with the Wireless Controller, why? No Radius server present, only WPA security.howto, please...
I try to put a static ip in the LAP, with lwapp or capwap command, (LWAPP/CAPWAP ap ip address direccion mascara) and the AP returns "You should configure Domain and Name Server from controller CLI/GUI." and i can't change the name of the AP (Command is disabled).
Log from AP:
using ÿÿÿÿ ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x83000800, 0xc0000000
RQDC, RFDC : 0x80000037, 0x00000184
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is NOT up.
PCIE1 port 1 not initialize
PCIEx: initialization done
flashfs[0]: 6 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 2369024
flashfs[0]: Bytes available: 30016000
flashfs[0]: flashfs fsck took 21 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 44:2b:03:dc:09:25
Ethernet speed is 1000 Mb - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...###########################
File "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" uncompressed and installed, entr
y point: 0x4000
executing...
enet halted
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
flashfs[1]: 6 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32126976
flashfs[1]: Bytes used: 2369024
flashfs[1]: Bytes available: 29757952
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
flashfs[2]: 0 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 11999232
flashfs[2]: Bytes used: 1024
flashfs[2]: Bytes available: 11998208
flashfs[2]: flashfs fsck took 1 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Ethernet speed is 1000 Mb - FULL duplex
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1041N-E-K9 (PowerPC405ex) processor (revision B0) with 98294K/32
768K bytes of memory.
Processor board ID FCZ1611W414
PowerPC405ex CPU at 333Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 7.0.94.21
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 44:2B:03:DC:09:25
Part Number : 73-14034-04
PCA Assembly Number : 800-34273-05
PCA Revision Number : A0
PCB Serial Number : FOC16075VZ3
Top Assembly Part Number : 800-34284-03
Top Assembly Serial Number : FCZ1611W414
Top Revision Number : A0
Product/Model Number : AIR-LAP1041N-E-K9
% Please define a domain-name first.
Press RETURN to get started!
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:00:09.574: *** CRASH_LOG = YES
Base Ethernet MAC address: 44:2B:03:DC:09:25
*Mar 1 00:00:09.838: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log
(contains, 1024 messages)
*Mar 1 00:00:11.848: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state
to up
*Mar 1 00:00:11.892: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
*Mar 1 00:08:16.954: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to up
logging facility kern
^
% Invalid input detected at '^' marker.
*Mar 1 00:08:28.047: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 00:08:28.049: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:09:08.282: %CDP_PD-2-POWER_LOW: All radios disabled - LOW_POWER_CLASS
IC_NO_INJECTOR_CONFIGURED AIR-CT5508-K9 (c464.138f.9345)
*Mar 1 00:09:08.282: -Verify the required power-injector is installed on this
port: AIR-CT5508-K9(Gig 0/0/2).
*Mar 1 00:09:08.282: -If a power-injector is installed, issue the command:"pow
er inline negotiation injector installed"
*Mar 1 00:12:19.976: %CAPWAP-5-STATIC_TO_DHCP_IP: Could not discover WLC using
static IP. Forcing AP to use DHCP.
*Mar 1 00:12:29.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:39.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:49.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:59.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:09.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
Not in Bound state.
*Mar 1 00:13:19.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:19.993: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
logs from wireless controller:
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
ap-manager 2 untagged 209.165.200.231 Dynamic Yes No
management 1 untagged 209.165.200.230 Static Yes No
service-port N/A N/A 192.168.1.157 Static No No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >
i conect with service-port ok and the management port works, i think.
AP442b.03dc.0925>ping 209.165.200.230
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.230, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
AP442b.03dc.0925>
Help, please!
i write in spanish:
Hola:
Tengo que configurar un cisco 5508 wireless controller con 25 air-lap1041n, para usarlo como acceso de datos y voz. ¿Cómo lo hago? He leído manuales, y seguido las instrucciones, pero el punto de acceso parace que no es capaz de cargar el perfil. No hay servidor radius, solo la configuración de una clave wpa. Alguién me puede indicar pasos, GraciasHi!
I buy a gigabit switch. I connect the service-port to gigabit switch, and laptop to gigabit switch. I used 192.168.1.x ip address (192.168.1.157 to service-port and 192.168.1.233 to wired port on laptop, well, the laptop has two ip adress, 192.168.1.233 and 209.165.200.2, and the laptop works ok. Ping to 209.165.200.230 -ip address of management interface- and ping to 209.165.200.203 -ip address for AP, is assigned by DHCP of WLC. And i connect the ap to gigabit switch, and the wlc assigns well an ip direction.
I post the run-config and sysinfo log. The gigabit switch is tp-link model tl-sg1005d, no configuration.
Before the logs, I see this message from AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Hola:
He comprado un switch gigabit. Conecto el service-port al switch gigabit y el portátil también (por cable). Uso como direcciones ip el rango 192.168.1.x (192.168.1.157 asignado al service-port y 192, 168.1.233 al portátil, bueno, el portátil tiene dos direcciones, la dicha anteriormente y la 209.165.200.2) El portátil funciona bien, hace ping al 209.165.200.230 - la ip de la management interface, y a 209.165.200.203 - ip asignada al AP por el DHCP del WLC. He conectado el AP al swtich gigabit, y el dhcp del wlc asigna correctamente una dirección ip.
Añado a continuación los resultados de los comandos "show run-config" y "show sysinfo". El switch es un TP-LINK modelo TL-S1005D, sin necesidad de configuración.
Antes de mostrar los resultados de los comandos, he visto el siguiente mensaje en el log del AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Un saludo
Antonio R.
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-CT5508-K9, VID: V02, SN: FCW1608L05X
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 17 mins 45 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Network Information
RF-Network Name............................. hosp
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 0
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Location
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 management Disabled
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority GroupName
Press Enter to continue or to abort
AP Config
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Disabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Press Enter to continue or to abort
802.11a Advanced Configuration
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
DCA Sensitivity Level.......................... STARTUP (5 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
Radio RF Grouping
802.11a Group Mode............................. AUTO
--More or (q)uit current module or to abort
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... c4:64:13:8f:93:40
802.11a Group Member......................... c4:64:13:8f:93:40
802.11a Last Run............................... 75 seconds ago
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mode................................. Disabled
--More or (q)uit current module or to abort
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Enabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
802.11b Advanced Configuration
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
DCA Sensitivity Level: ...................... STARTUP (5 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... c4:64:13:8f:93:40
802.11b Group Member......................... c4:64:13:8f:93:40
802.11b Last Run............................... 213 seconds ago
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... hosp
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x97e2
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast
IP Status
c4:64:13:8f:93:40 209.165.200.230 hosp 0.0.0.0
Up
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 0
Probe request rate-limiting interval............. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1200
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Local mode Fast Heartbeat (seconds)........... disable
AP Hreap mode Fast Heartbeat (seconds)........... disable
AP Primary Discovery Timeout (seconds)........... 120
AP Primed Join Timeout (seconds)................. 0
Packet Forwarding watchdog timer (seconds)....... 240 (enable)
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango S
tate:Disabled
Interface Configuration
Interface Name................................... management
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 209.165.200.230
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 209.165.200.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 192.168.1.1
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 209.165.200.230
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... service-port
MAC Address...................................... c4:64:13:8f:93:41
IP Address....................................... 192.168.1.157
IP Netmask....................................... 255.255.255.0
DHCP Option 82................................... Disabled
DHCP Protocol.................................... Disabled
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... HOSP3C
Network Name (SSID).............................. HOSP3C
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... 209.165.200.230
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Platinum (voice)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
Authentication Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
Accounting Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
--More or (q)uit current module or to abort
TACACS Configuration
Authentication Servers
Idx Server Address Port State Tout
Authorization Servers
Idx Server Address Port State Tout
Accounting Servers
Idx Server Address Port State Tout
LDAP Configuration
Press Enter to continue or to abort
Local EAP Configuration
User credentials database search order:
Primary ..................................... Local DB
Timer:
Active timeout .............................. 300
Configured EAP profiles:
EAP Method configuration:
EAP-FAST:
Server key ................................
TTL for the PAC ........................... 10
Anonymous provision allowed ............... Yes
Authority ID .............................. 436973636f00000000000000000000
00
Authority Information ..................... Cisco A-ID
Press Enter to continue or to abort
HREAP Group Summary
HREAP Group Summary: Count: 0
Group Name # Aps
Press Enter to continue or to abort
HREAP Group Detail
Press Enter to continue or to abort
Route Info
Number of Routes................................. 0
Destination Network Netmask Gateway
Press Enter to continue or to abort
Qos Queue Length Info
Platinum queue length............................ 100
Gold queue length................................ 75
Silver queue length.............................. 50
Bronze queue length.............................. 25
Press Enter to continue or to abort
Mac Filter Info
Press Enter to continue or to abort
Authorization List
Authorize MIC APs against AAA ................... disabled
Authorize LSC APs against Auth-List ............. disabled
Allow APs with MIC - Manufactured Installed C.... disabled
Allow APs with SSC - Self-Signed Certificate..... disabled
Allow APs with LSC - Locally Significant Cert.... disabled
Load Balancing Info
Aggressive Load Balancing........................ Disabled
Aggressive Load Balancing Window................. 5 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 0 clients
Total Denial Sent................................ 0 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count........................ 0 times
Press Enter to continue or to abort
Dhcp Scope Info
Scope: PUNTOSAP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 209.165.200.201
Pool End......................................... 209.165.200.229
Network.......................................... 209.165.200.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 0.0.0.0 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Press Enter to continue or to abort
Exclusion List ConfigurationUnable to retrieve exclusion-list entry
Press Enter to continue or to abort
CDP Configuration
Press Enter to continue or to abort
Country Channels Configuration
Configured Country............................. ES - Spain
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
(-,-) = (indoor, outdoor) regulatory doamin allowed by this country.
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11bg :
Channels : 1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): A * * * * A * * * * A * * .
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11a : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): . A . A . A . A A A A A * * * * * * * * * * * . . . . .
Press Enter to continue or to abort
WPS Configuration Summary
Auto-Immune
Auto-Immune.................................... Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Press Enter to continue or to abort
Custom Web Configuration
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
Web Authentication Type.......................... Internal Default
External Web Authentication URL.................. None
Configuration Per Profile:
Rogue AP Configuration
Rogue Location Discovery Protocol................ Disabled
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
MAC Address Classification # APs # Clients Last Heard
Adhoc Rogue Configuration
Detect and report Ad-Hoc Networks................ Enabled
Auto-Contain Ad-Hoc Networks..................... Disabled
Client MAC Address Adhoc BSSID State # APs Last Heard
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
--More-- or (q)uit
MAC Address State # APs Last Heard
Ignore List Configuration
MAC Address
Rogue Rule Configuration
Priority Rule Name State Type Match Hit Count
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 41 mins 2 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
(Cisco Controller) >
The AP log
AP442b.03dc.0925>
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Selected MWAR 'CISCO-CAPWAP-CONTROLLER
'(index 0).
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Go join a capwap controller
logging facility kern
^
% Invalid input detected at '^' marker.
logging facility kern
^
% Invalid input detected at '^' marker.
*Apr 19 23:10:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:19.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 19 23:10:20.200: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:20.201: %CAPWAP-5-SENDJOIN: sending Join Request to 209.165.200.23
0
*Apr 19 23:10:20.201: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
*Apr 19 23:10:20.354: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Apr 19 23:10:20.355: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 209
.165.200.230:5246
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.412: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established -
So supposing I have a LAP that I move from one WLC to another WLC on a different subnet. I reset this very same AP to factory settings using the mode button, when I attempt to join to the 2nd WLC I have issues with the AP retaining its previous IP settings, if this is the case is my only recourse to manually configure the LAP with the following commands?
AP#lwapp ap ip address <IP address> <Subnet Mask>
AP#lwapp ap ip default-gateway <IP-address>
AP#lwapp ap controller ip address <IP-address>
Shouldnt the reset from the mode button have cleared it to the point where I have a factory-default AP?Hi Rene,
I'm not sure if this is described as a "best practice" but for us it is. There are numerous reasons that the setting of a Username/Password on an LWAPP AP becomes a valuable step in the configuration process;
Resetting the LWAPP Configuration on a Lightweight AP (LAP)
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml
Deleting the LWAPP Configuration File to Redeploy the AP
When you redeploy an access point after moving it from one location to another, you must first delete the LWAPP configuration file and restore the access point to the factory default settings. Deleting the LWAPP configuration enables the commands on the access point console to configure the static IP address on the access point, the IP address on the controller, the access point hostname, and the default gateway IP address.
To delete the LWAPP configuration and restore the factory defaults, enter the following command in EXEC mode on the access point console:
clear lwapp private-config
The clear lwapp private-config command becomes available on the access point console after the controller pushes a new username and password to the access point.
http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp169479
Hope this helps!
Rob -
Virtual WLC Ports Confusion -or- ADDING ports to the vWLC
I am a struggling with configuring a virtual wireless controller (vWLC).
I am working with the newest vWLC, 8.0.100.0
I currently own an elderly 2504 WLC with 4 ports. (four physical interfaces on the box)
On this 2504, I use one port for the management of the WLC and for WLC to communicate with the APs.
The APs are on the same network as the 2504. The other port is the interface that all my wireless traffic from the clients use.
Now with this vWLC, the virtual machine has two network interface, but once I get to a point that I am able to login to the vWLC, I only see one 'port'. According to this posting, I am suppose to take the service port and point it too a dummy virtual switch or a 'Black Hole' https://supportforums.cisco.com/document/12098556/vwlc-getting-started-key-points-and-common-issues.
Okay, I've done this and it works, but it not what I am accustomed to.
I enjoy having the web console of the WLC and the AP on separate networks from the wireless clients.
To complicate things my desire is for this new vWLC and my 2504 to work together.
I want over time to migrate APs from the 2504 to the vWLC without re-addressing them.
Can I add "ports" to my vWLC controller? Do I need to rethink my wireless infrastructure?
I am confused and am seeking your help, advice, suggestions, opinions and flames.
Bryan Smith
Butler, IndianaI think you need to re-look at your wireless design. I would prefer the 2504 over a vWLC, but that's me. I would not of separated the ports also on the WLC. No real reason to, to be honest. Keep AP's on a seperate subnet and the traffic to and from the WLC is tunneled using capwap. Breaking up ports was an old design to be honest and that was also done back them with the 4400's. You have to also look at the pro's and con's of FlexConnect AP's vs local mode. I never create an ap manager interface on the newer WLC's. I have always kept the dynamic ap manager in the managemt. Traffic is tunneled and you control user traffic when it leaves the WLC.
Scott
Maybe you are looking for
-
Logical System Name is defined for which type of Business Sytem
hi Can some one helps me on this question and explaination. Logical System Name is defined for which type of Business Sytem ? a.Third Party b.Web AS java c.WebAs abap d.Standalone java Thanks Chandra
-
Getting rid of icloud music (not just hiding it)
so, I just bought a new car with Bluetooth music capabilities. I was very excited to have a small selection of music to be able to select from, and I actually added music to my phone for the first time. My issue, is that on the car's screen, I am see
-
Query to display integer and decimal and integer in the same column
Hello , Have a question, is there a easier way to do this.. is the question i have a column called units.. and i need to display either a integer in it if the value does not have any value after the decimal point .. so it shud be display as integer
-
ME21 Purchase order number.
hi friends, i am in the process of writing a BDC program for transaction ME21 to create P.O, to run in Background via JOB through Batch input session method. The purchase order number is generated internally, that means until P.O is
-
Auto determination of Service Organization and Org.Unit
Hello I've created an Org.Model with Org.Units. I've also configured a rule to derive the service organization and the responsible Org Unit based on the activity reason. When i manually specify the activity reason in the transaction, both service org