Wireless Controller locking down User per SSID
I am using Wireless Controller 4112. We use WPA enterprise mode for authentication and encryption via Microsoft IAS server and MS AD domain.
My question is how to lock down a user to a specific SSID? I would guess that this is via some vendor specific radius attributes, am I right? And if so, what would be the name (and ID) for the attributes?
Thanks in advance.
Making progress in setting up the wireless controller with multiple VLAN and WLAN/SSID. I create a virtaul interface at the controller and assign a VLAN number to it. The controller mgmt port is also set to a trunk port. Create a new SSID WLAN and have it mapped to the new virtual interface. Things work good.
The new problem I am trying to solve is how to prevent wired users to access the controller admin web interface via the virtual interface IP. I try create ACL and map it to the virtual interface. It doesn't seem working.
Similar Messages
-
Can we lock down user admin functionality to allow password changes only?
Hi,
Is it possible to lock down the user admin functionality so a specific role can only change passwords?
We have a large user base of >10K infrequent users that are forced to change their passwords every 30 days. We suspect a lot will require password changes and we are keen to not have the tech team spending most of their time dealing with such requests. We would like to pass this task onto data management but not allow them the system administrator functionality.
We know we can create a responsibility with a limited menu available so the operator can see only the security/user/define menu. But this will still allow the person to add responsibilities to existing user accounts and create new user accounts, both of which are deemed unacceptable security risks. Is it possible to lock down the form as well as the menu? Allowing operators to only change the password of existing users? Or can we use the custom.pll to error when a user tries to do anything except edit the password field when in this role?
Thanks
MattYou should be able to do that. You would create a new privilege level (ie 7), assign all commands to that level except (this is my guess) the command vpn-sessiondb, you would put that at a lower privilege level (ie 6). Here's a write-up that may help getting you in the right direction.
http://www.packetpros.com/2012/08/read-only-asdm.html -
I'm trying to find a way to give access to some IT staff in some of our smaller sites, but I'm not finding exactly what I'd like to do. Our hope is that we can give them access similar to the "Help desk user" preset (locks them down to only the message tracking screen). Unfortunately, we'd also like to restrict what domains they are able to track messages for, but I'm not able to find any way to restrict them other than the pre-made categories.
Anyone ever done anything like that before, or know if it's even possible?Hello -
We do not have that ability available in Message Tracking. You might be able to work around this limitation by having certain admins / help desk users only have access to certain appliances (if you could limit each site's appliance to handle only certain domains). You might chose to only give these help desk users quarantine access for simple tasks, or perhaps delegate only the more savvy help desk folks with more access.
Take care!
Andrew Wurster -
Pymt Terms - Ability to LOCK down Users from Input or Change
Is there an easy way to prevent Users from Entering or Changing Payment Terms on an Invoice? Note in other module areas there is an easy way to Define the Screen Layout for Optional/Required/Display etc., (Materials Managment / Purchasing) . Thanks!!!
Hi Santosh
I have been off working on another area. Your feedback is always so helpful. As stated before, your suggestion allows me to Suppress Payment Term, but is there a way to simply Ghost (shows up but user cannot change it)...
btw, I want to allow only specific Security Group/Authorizations to change the Payment Method in FB60 or any Logistics Invoice... Have you run across this? I will be submitting a new thread on this but thought I would ask here as well...
As always... Thank you!!!! -
Hi,
I'm having some difficulties configuring my Cisco WLC (5508) - ver 7.0.230.0 .
I'm have multiple client device residing on same vlan associated to the WLC but unable to telnet over port 8090. However, when inter-vlan, client device able to telnet over port 8090.
So in brief :
Say Machine A as application hosted machine and Machine B as client machine;
Machine A
Machine B
Telnet over port 8090 from B to A
In Vlan 6
In vlan 6
Not ok
in Vlan 6
In vlan 4
OK
inVlan 4
In vlan 6
OK
Any advice where i should be looking on the WLC to allow telnet port 8090 over from Machine A to B within the vlan .
Thanks.nope, the ptp blocking is disabled by default and were not configuration were made. so its disable. user is still not able to telnet from device from vlan 6 to vlan 6 via port 8090. No ACL were applied. anywhere else i should look at?
-
Access Connections v4.52 - user rights in locked down environment
I'm currently working on a small project to deploy various Lenovo wireless drivers, Access Connections v4.52, Hotkey and Power Management drivers via SMS but have come across a slight issue with Access Connections that I can't seem to resolve.
I'm hoping to provide my locked down users with a selection of standard profiles that are copied to their machines on logon but would also like to give them the ability to create and modify new ones too - this is where I'm having problems.
Through Group Policy I have set:
Allow Windows users without administrator privileges to create and apply WLAN location profiles using Find Wireless Network function
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Lenovo\AccessConnection\EnableCreateProfilewithFWN 1
Allow Windows users without administrator privileges to create and apply location profiles
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Lenovo\AccessConnection\EnableUserMode 1
I have also manually set the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Access Connections\Install\AllowPrfCreationThruFWN 1
I couldn't find a key for the 'EnableUserMode' option
Unfortunately, none of these give standard users access to create or modify profiles.
Have any of you come across this in your environment and if so did you manage to come up with a suitable solution?
Thanks in advance.Hi,
the steps, that you performed are correct.
However I would not do the last step:
HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Access Connections\Install\AllowPrfCreationThruFWN 1
This might cause confusiong.
I have just tested it in here and it's working fine with the 5.x version of AC
Cheers -
Locking down Firefox Connection settings
Due to Google removing their support for IE8, I'm being forced down the road to look at an alternative Browser to support my users when connecting to Google tools.
Using IE I have locked down users to enforce them to use our cloud based web security using a PAC file and now need to use the same with firefox.
I've edited the registry with the PAC file but now want to effectivly grey out the options on the Connections setting page
I've read a few guides and tried them but they are all for older version of FF.
Can anyone out there point me in the right direction?If you really want to prevent users from changing settings then the only way to achieve this is via a mozilla.cfg file.
It is not really that difficult.<br />
You need to create to plain text files.
Place a file local-settings.js in the defaults\pref folder where you also find the file channel-prefs.js to specify using mozilla.cfg.
<pre><nowiki>pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0); // use this to disable the byte-shift
</nowiki></pre>
The mozilla.cfg file to be located in the main Firefox program folder should contain these lines:
<pre><nowiki>// mzila.cfg should start with a comment line
lockPref("network.proxy.type", 2);
</nowiki></pre>
See also:
*http://kb.mozillazine.org/network.proxy.type
*http://kb.mozillazine.org/Locking_preferences -
How Creative Cloud working under locked down IT administration environment
We are existing CS6 and would like to sign for Creative Cloud. Just want to know how it works on the locked down user computers (without local administrator rights)?
DISCLAIMER The contents of this email and any attachments (together "this email") may contain information that is confidential to Breville Group Limited (and/or its associated entities) (together"BRG"). Information contained in this email is subject to copyright. If you are not the intended recipient, you cannot print, use, rely, or disseminate any part of this email. If you receive this email in error, please notify us immediately by return e-mail and erase all copies. If you are the intended recipient of this email you should not copy, disclose, or distribute this email without the authority of BRG. Any views expressed in this email are those of the individual sender, except where the sender specifically states them to be the views of BRG. If this email contains any defamatory comments expressed by the individual sender, these comments are made outside the scope of his/her authority. BRG does not accept liability in respect of such defamatory comments. BRG does not warrant that the integrity of this email has been maintained, or that this email is free of errors or viruses, and has not been intercepted or interfered with. It is your responsibility to scan this email for computer viruses and other defects. BRG does not accept liability for any loss or damage however caused, whether by negligence or otherwise, which may result directly or indirectly from this email. In any event, BRG's liability is limited to the cost of re-supplying this email. Please consider the environment before printing this email. ***************************************************************The deployment is just the same like for the conventional suites and the same rules apply, so I'm not sure what you are asking.
Mylenium -
Locking down is it possible.
Hello, We just installed a server 2012 r2 with the AD and Remote Desktop Services roles, To host quickbooks. All our client computers are running non professional versions of windows. Can we use Group Policy to lock down user activities
when logged into the remote desktop. Users are logging in fine, but no group policy seems to be working. I have been attempting to do this with no success and just want to make sure i am not wasting my time.Hi,
Thanks for posting in Windows Server Forum.
As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply
this post directly so we will be notified to follow it up.
BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.
Thanks for your Support & understanding.
Regards.
Dharmesh Solanki
TechNet Community Support -
Locking down settings of an user account?
Locking down settings of an user account?
I have an IMac with 2 user accounts and a guest account.
1 user account is the administrator account.
The second user account is to be used by many people.
How can I lock down settings for this account? Parental controls are insufisient, for instance: the settings for Safari can still be changed (default homepage etc)
Also when connecting to the wireless network, the user is required to login with his own credentials, in this login window there is the username and password boxes and a "remember this login" checkbox, how can I set this checkbox as off by default? (and maybe grayed out so it can't be turned on).Hmmm, when a Guest logs out that info should be gone...
... the nice thing is that all traces of the person being there are erased after they log off. (At least that’s what Apple claims — there could be some caches left over if you look deep.)
http://mac.tutsplus.com/tutorials/os-x/using-the-guest-account-in-os-x/ -
How do you modify the web.xml to lock down the pages from a user role
how do you modify the web.xml to lock down the pages from a user role
I'll make a stab at your question:
The following is an example of where a URL is protected within a web.xml deployment descriptor. In this example, the URL /protectedA within the application is protected:
<!-- security constraints -->
<security-constraint>
<web-resource-collection>
<web-resource-name>protectedA</web-resource-name>
<url-pattern>/protectedA</url-pattern>
</web-resource-collection>
<!-- authorization -->
<auth-constraint>
<role-name>sr_developer</role-name>
</auth-constraint>
</security-constraint>
Sun's explaination here:
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security4.html -
I have a Win7Pro SP1 PC locked down with a Group Policy as it is a public facing PC. PDF fillable forms cannot be completed when logged on as the restricted user. The forms work as a normal user. What are the user requirements/permissions needed to fill forms?
Well, try this (I was able to fix my with these steps):
Go Utilities > Disk Utility
Select your Startup Disk, e.g. Macintosh HD
Then, under the First Aid Tab, click Verify Disk Permissions.
If there are errors, then click repair Disk Permissions.
After it is done, restart the computer and see if your problem is resolved.
I hope this help.
Zeke
www.ZekeYuen.com/blog/ -
Hi!
I try to configure a Cisco 5508 Wireless controller and 25 Air-lap1041 to use as VoIP and data. I read documents, manuals, etc, but the AP doesn't charge the configuration, or not conect with the Wireless Controller, why? No Radius server present, only WPA security.howto, please...
I try to put a static ip in the LAP, with lwapp or capwap command, (LWAPP/CAPWAP ap ip address direccion mascara) and the AP returns "You should configure Domain and Name Server from controller CLI/GUI." and i can't change the name of the AP (Command is disabled).
Log from AP:
using ÿÿÿÿ ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x83000800, 0xc0000000
RQDC, RFDC : 0x80000037, 0x00000184
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is NOT up.
PCIE1 port 1 not initialize
PCIEx: initialization done
flashfs[0]: 6 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 2369024
flashfs[0]: Bytes available: 30016000
flashfs[0]: flashfs fsck took 21 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 44:2b:03:dc:09:25
Ethernet speed is 1000 Mb - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...###########################
File "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" uncompressed and installed, entr
y point: 0x4000
executing...
enet halted
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
flashfs[1]: 6 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32126976
flashfs[1]: Bytes used: 2369024
flashfs[1]: Bytes available: 29757952
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
flashfs[2]: 0 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 11999232
flashfs[2]: Bytes used: 1024
flashfs[2]: Bytes available: 11998208
flashfs[2]: flashfs fsck took 1 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Ethernet speed is 1000 Mb - FULL duplex
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1041N-E-K9 (PowerPC405ex) processor (revision B0) with 98294K/32
768K bytes of memory.
Processor board ID FCZ1611W414
PowerPC405ex CPU at 333Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 7.0.94.21
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 44:2B:03:DC:09:25
Part Number : 73-14034-04
PCA Assembly Number : 800-34273-05
PCA Revision Number : A0
PCB Serial Number : FOC16075VZ3
Top Assembly Part Number : 800-34284-03
Top Assembly Serial Number : FCZ1611W414
Top Revision Number : A0
Product/Model Number : AIR-LAP1041N-E-K9
% Please define a domain-name first.
Press RETURN to get started!
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:00:09.574: *** CRASH_LOG = YES
Base Ethernet MAC address: 44:2B:03:DC:09:25
*Mar 1 00:00:09.838: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log
(contains, 1024 messages)
*Mar 1 00:00:11.848: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state
to up
*Mar 1 00:00:11.892: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
*Mar 1 00:08:16.954: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to up
logging facility kern
^
% Invalid input detected at '^' marker.
*Mar 1 00:08:28.047: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 00:08:28.049: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:09:08.282: %CDP_PD-2-POWER_LOW: All radios disabled - LOW_POWER_CLASS
IC_NO_INJECTOR_CONFIGURED AIR-CT5508-K9 (c464.138f.9345)
*Mar 1 00:09:08.282: -Verify the required power-injector is installed on this
port: AIR-CT5508-K9(Gig 0/0/2).
*Mar 1 00:09:08.282: -If a power-injector is installed, issue the command:"pow
er inline negotiation injector installed"
*Mar 1 00:12:19.976: %CAPWAP-5-STATIC_TO_DHCP_IP: Could not discover WLC using
static IP. Forcing AP to use DHCP.
*Mar 1 00:12:29.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:39.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:49.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:59.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:09.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
Not in Bound state.
*Mar 1 00:13:19.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:19.993: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
logs from wireless controller:
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
ap-manager 2 untagged 209.165.200.231 Dynamic Yes No
management 1 untagged 209.165.200.230 Static Yes No
service-port N/A N/A 192.168.1.157 Static No No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >
i conect with service-port ok and the management port works, i think.
AP442b.03dc.0925>ping 209.165.200.230
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.230, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
AP442b.03dc.0925>
Help, please!
i write in spanish:
Hola:
Tengo que configurar un cisco 5508 wireless controller con 25 air-lap1041n, para usarlo como acceso de datos y voz. ¿Cómo lo hago? He leído manuales, y seguido las instrucciones, pero el punto de acceso parace que no es capaz de cargar el perfil. No hay servidor radius, solo la configuración de una clave wpa. Alguién me puede indicar pasos, GraciasHi!
I buy a gigabit switch. I connect the service-port to gigabit switch, and laptop to gigabit switch. I used 192.168.1.x ip address (192.168.1.157 to service-port and 192.168.1.233 to wired port on laptop, well, the laptop has two ip adress, 192.168.1.233 and 209.165.200.2, and the laptop works ok. Ping to 209.165.200.230 -ip address of management interface- and ping to 209.165.200.203 -ip address for AP, is assigned by DHCP of WLC. And i connect the ap to gigabit switch, and the wlc assigns well an ip direction.
I post the run-config and sysinfo log. The gigabit switch is tp-link model tl-sg1005d, no configuration.
Before the logs, I see this message from AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Hola:
He comprado un switch gigabit. Conecto el service-port al switch gigabit y el portátil también (por cable). Uso como direcciones ip el rango 192.168.1.x (192.168.1.157 asignado al service-port y 192, 168.1.233 al portátil, bueno, el portátil tiene dos direcciones, la dicha anteriormente y la 209.165.200.2) El portátil funciona bien, hace ping al 209.165.200.230 - la ip de la management interface, y a 209.165.200.203 - ip asignada al AP por el DHCP del WLC. He conectado el AP al swtich gigabit, y el dhcp del wlc asigna correctamente una dirección ip.
Añado a continuación los resultados de los comandos "show run-config" y "show sysinfo". El switch es un TP-LINK modelo TL-S1005D, sin necesidad de configuración.
Antes de mostrar los resultados de los comandos, he visto el siguiente mensaje en el log del AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Un saludo
Antonio R.
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-CT5508-K9, VID: V02, SN: FCW1608L05X
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 17 mins 45 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Network Information
RF-Network Name............................. hosp
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 0
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Location
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 management Disabled
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority GroupName
Press Enter to continue or to abort
AP Config
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Disabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Press Enter to continue or to abort
802.11a Advanced Configuration
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
DCA Sensitivity Level.......................... STARTUP (5 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
Radio RF Grouping
802.11a Group Mode............................. AUTO
--More or (q)uit current module or to abort
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... c4:64:13:8f:93:40
802.11a Group Member......................... c4:64:13:8f:93:40
802.11a Last Run............................... 75 seconds ago
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mode................................. Disabled
--More or (q)uit current module or to abort
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Enabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
802.11b Advanced Configuration
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
DCA Sensitivity Level: ...................... STARTUP (5 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... c4:64:13:8f:93:40
802.11b Group Member......................... c4:64:13:8f:93:40
802.11b Last Run............................... 213 seconds ago
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... hosp
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x97e2
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast
IP Status
c4:64:13:8f:93:40 209.165.200.230 hosp 0.0.0.0
Up
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 0
Probe request rate-limiting interval............. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1200
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Local mode Fast Heartbeat (seconds)........... disable
AP Hreap mode Fast Heartbeat (seconds)........... disable
AP Primary Discovery Timeout (seconds)........... 120
AP Primed Join Timeout (seconds)................. 0
Packet Forwarding watchdog timer (seconds)....... 240 (enable)
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango S
tate:Disabled
Interface Configuration
Interface Name................................... management
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 209.165.200.230
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 209.165.200.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 192.168.1.1
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 209.165.200.230
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... service-port
MAC Address...................................... c4:64:13:8f:93:41
IP Address....................................... 192.168.1.157
IP Netmask....................................... 255.255.255.0
DHCP Option 82................................... Disabled
DHCP Protocol.................................... Disabled
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... HOSP3C
Network Name (SSID).............................. HOSP3C
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... 209.165.200.230
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Platinum (voice)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
Authentication Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
Accounting Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
--More or (q)uit current module or to abort
TACACS Configuration
Authentication Servers
Idx Server Address Port State Tout
Authorization Servers
Idx Server Address Port State Tout
Accounting Servers
Idx Server Address Port State Tout
LDAP Configuration
Press Enter to continue or to abort
Local EAP Configuration
User credentials database search order:
Primary ..................................... Local DB
Timer:
Active timeout .............................. 300
Configured EAP profiles:
EAP Method configuration:
EAP-FAST:
Server key ................................
TTL for the PAC ........................... 10
Anonymous provision allowed ............... Yes
Authority ID .............................. 436973636f00000000000000000000
00
Authority Information ..................... Cisco A-ID
Press Enter to continue or to abort
HREAP Group Summary
HREAP Group Summary: Count: 0
Group Name # Aps
Press Enter to continue or to abort
HREAP Group Detail
Press Enter to continue or to abort
Route Info
Number of Routes................................. 0
Destination Network Netmask Gateway
Press Enter to continue or to abort
Qos Queue Length Info
Platinum queue length............................ 100
Gold queue length................................ 75
Silver queue length.............................. 50
Bronze queue length.............................. 25
Press Enter to continue or to abort
Mac Filter Info
Press Enter to continue or to abort
Authorization List
Authorize MIC APs against AAA ................... disabled
Authorize LSC APs against Auth-List ............. disabled
Allow APs with MIC - Manufactured Installed C.... disabled
Allow APs with SSC - Self-Signed Certificate..... disabled
Allow APs with LSC - Locally Significant Cert.... disabled
Load Balancing Info
Aggressive Load Balancing........................ Disabled
Aggressive Load Balancing Window................. 5 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 0 clients
Total Denial Sent................................ 0 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count........................ 0 times
Press Enter to continue or to abort
Dhcp Scope Info
Scope: PUNTOSAP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 209.165.200.201
Pool End......................................... 209.165.200.229
Network.......................................... 209.165.200.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 0.0.0.0 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Press Enter to continue or to abort
Exclusion List ConfigurationUnable to retrieve exclusion-list entry
Press Enter to continue or to abort
CDP Configuration
Press Enter to continue or to abort
Country Channels Configuration
Configured Country............................. ES - Spain
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
(-,-) = (indoor, outdoor) regulatory doamin allowed by this country.
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11bg :
Channels : 1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): A * * * * A * * * * A * * .
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11a : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): . A . A . A . A A A A A * * * * * * * * * * * . . . . .
Press Enter to continue or to abort
WPS Configuration Summary
Auto-Immune
Auto-Immune.................................... Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Press Enter to continue or to abort
Custom Web Configuration
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
Web Authentication Type.......................... Internal Default
External Web Authentication URL.................. None
Configuration Per Profile:
Rogue AP Configuration
Rogue Location Discovery Protocol................ Disabled
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
MAC Address Classification # APs # Clients Last Heard
Adhoc Rogue Configuration
Detect and report Ad-Hoc Networks................ Enabled
Auto-Contain Ad-Hoc Networks..................... Disabled
Client MAC Address Adhoc BSSID State # APs Last Heard
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
--More-- or (q)uit
MAC Address State # APs Last Heard
Ignore List Configuration
MAC Address
Rogue Rule Configuration
Priority Rule Name State Type Match Hit Count
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 41 mins 2 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
(Cisco Controller) >
The AP log
AP442b.03dc.0925>
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Selected MWAR 'CISCO-CAPWAP-CONTROLLER
'(index 0).
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Go join a capwap controller
logging facility kern
^
% Invalid input detected at '^' marker.
logging facility kern
^
% Invalid input detected at '^' marker.
*Apr 19 23:10:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:19.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 19 23:10:20.200: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:20.201: %CAPWAP-5-SENDJOIN: sending Join Request to 209.165.200.23
0
*Apr 19 23:10:20.201: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
*Apr 19 23:10:20.354: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Apr 19 23:10:20.355: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 209
.165.200.230:5246
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.412: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established -
Hi
We are just putting in a new Controller - 5500 type
We are using a WCS .
Someone has raised the issue of whether we can have multiple vlans
per SSID - as otherwise we may have very large broadcast domains
due to the overall design being to have Maybe 3 SSIDs
Guest
Staff
Engineering
I think in SWAN we could get away with dynamic vlans.
We would like to have multiple vlans in each SSID to avoid the above.
Can we do this in the new setup.
Kind Regards
SteveHi Steve,
yes it works just the same.
Enable AAA override on the controller and have interfaces configured for each vlan. Then the ACS can simply push the vlan depending on the user authentication. Users are then split in separate vlans.
Another way of doing is to group APs. You can have a group of APs serving SSID Guest in vlan 1, Employee in vlan 2 and another group of APs serving the same SSIDs but in vlan 3 and 4. It's "per-user" vlan load balancing or "geographic" vlan load balancing.
However, broadcast domains should not be a major concern in wireless as broadcasts are blocked by default. The WLC will proxy for ARP and DHCP.
Regards,
Nicolas -
Wireless APs going down randomly
Hi All
We have a situation where wireless access points are just going down randomly on our network. The situation is as follows:
We have 2 Cisco 5508 WLCs (licensed for 250 APs each, with more licenses en-route), both running software version 7.2.103.0. Then we have a large-ish number (±300) of Cisco AIR-CAP3502I-E-K9 APs connecting to these two controllers. The APs are either connected to Cisco WS-C2960S switches, or in "older" areas of the network they are connected to WS-C2950 switches. We do not have PoE switches installed yet, so all APs are powered by power injectors (AIR-PWRINJ4=).
Anyhat, all the access points are in FlexConnect (previously HREAP) mode, and they all connect via trunk ports to the switches in order to get the VLAN per SSID working. Both controllers are in the same mobility group, and both are in the DNS as "cisco-capwap-controller" as they are load balancing. The APs are installed about 25m apart in most areas. There is one installation where two APs are about 10m apart, but this is due to the shape of the building in which they are installed. We have no autonomous APs deployed at all...
The problem is that some access points work for about a day, and then they just disassociate with whichever controller they were associated to, and then they just fall off the network completely. Both WLCs, the NCS, and the network monitoring system (WhatsUp Gold) show the affected APs as physically unreachable. Looking at the trunk port on the switch, it shows that the port is up and the line protocol is up, input rate is 0 bits/sec, and output rate is up to 70,000bits/sec. There are no input or output errors on the switch port. Here is the output from one such switch port:
FastEthernet0/19 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is dc7b.9439.da13 (bia dc7b.9439.da13)
Description: Link to NC_K22-AP1
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:50:20, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 71000 bits/sec, 91 packets/sec
977358 packets input, 80661413 bytes, 0 no buffer
Received 29925 broadcasts (16038 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 16038 multicast, 0 pause input
0 input packets with dribble condition detected
37567889 packets output, 3624164243 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Connecting a console cable to an affected AP is fruitless, as the AP appears to be unresponsive while it is "down". Rebooting the AP, then connecting a console cable works, but then you've lost your syslogs. Looking at the Ethernet interface on the AP, it appears as if the interface is picking up a lot of errors, especially CRC errors, which would indicate a physical cable problem.
I got our cabling contractor out to do a cable test again, and it passes every time. We have them test both the Systimax and the Molex cable installations of affected APs, and all is OK. They use a Fluke MicroScanner² cable tester which certifies the Cat 6 cable from patch lead to flylead. No problems there, and I trust that the cable is 100% as tested.
So I swap the power injector of an affected AP (let's call it AP A) with an AP that is not affected by this (let's call this one AP B), and AP A goes down again after a day, or sometimes only a couple of hours. AP B remains operational as usual. If I swap AP A out with a new AP (AP C), then AP C starts showing the same symptoms after about a day, and then it also just goes down. When "suspect" AP A is installed somewhere else, then it works and stays operational for, well, 58 days now. Changing the switch/switch port also makes no difference.
This happens to one of the APs that are part of the "10m apart deployment", but it also happens to another AP that is completely on its own in a building far away from any other wireless source, so I cannot think that this could be the problem. I happens to an AP that is less than 100m away from its closest WLC, and it happens to an AP that is more than 350km away from its closest controller. All the other APs deployed in our remote campus (350km fibre link) are 100% OK. It happens to APs connected to the older WS-C2950 switches as well as the brand new WS-C2960S switches.
I am at wits end with this one. Where could the problem be? I trust the "Big Green" company that does our cable installations, and I trust the equipment they use. I also trust both Systimax and Molex to be very good products. And I do trust Cisco, as this is the only network equipment we deploy.
Where to from here?
Regards
ConnieThis issue has now been resolved. Details can be found here: http://www.cisco.com/en/US/partner/ts/fn/635/fn63537.html.
Here is the short version:
Problem Description:
Calibration between DRAM and processor on AIR-CAP350x and AIR-LAP126x results in Access Points (APs) failing to boot properly. One symptom includes a white LED and no console output.
Background:
The root cause is the DDR memory calibration process that was performed on the Access Points (APs) at the time of manufacture. The fix recalibrates the existing memory hardware, so it will operate more reliably.
Workaround/Solution:
The fix for this issue is now publicly available. Go to www.cisco.com to obtain Access Point (AP) IOS code version: 15.2(2)JA or later and/or WLC software version: 7.0.235.3 (or later 7.0 release), 7.2.111.3 (or later 7.2 release) or 7.3.101.0 (or later 7.3 release).
As of June 2012, new AP3500 and AP1260 products with version ID (VID) V02 are free of this issue.
Maybe you are looking for
-
How do i track my ipod if it has the same apple id as my iphone?
i lost my ipod touch and i know it has the track my iphone app. but it also uses that same apple id as my iphone. so when i try to track it on my iphone it tells me that it found my iphone but not my ipod touch. in case i lost it somewhere at home th
-
Error while creation of role menu
Dear All, I am creating role for my functional team. In Menu, I want to copy the area menu W10T meant for IS Retail. But, it gives me following dump: Runtime Errors CALL_FUNCTION_PARM_MISSING Except. CX_SY_DYN_CALL_PARAM_MISSI
-
Wlconfig ant task and JTA unde 8.1sp5
How can I set the JTA timeout value from the wlcreate task within ant for 8.1sp5? If I use: <query domain="${domain.name}" type="Server" name="${admin.name}" property="admin.server" /> <create type="UnixMachine" name="${unix_machine.name}" property="
-
CE & HTTP 1.0/1.1 and Moved Temporarily
We are having a problem with accessing sites that issue "server moved" instructions. The CE is not passing on the socket close connnection when a continuation frame is used. The upshot is that we can't access sites that issue "server moved" instructi
-
Adobe CS3 install fails on new iMac
I have been unable to install Adobe CS3 Design Standard on my brand new 27" Core 15 iMac. I have followed all the suggestions from Adobe, but only Acrobat installs okay. Can't get Photoshop, Illustrator, or Indesign to install. On the Adobe forums so