WLC 5500 802.1x problems
So here is the problem that i have.
I have a WLC 5500 in site A ( let´s say city A too ) with its own set of wlans ( wlan 1 , wlan 2 ... ) that are used to differentiate different types of users ( teachers, students, etc ) using a RADIUS server and a AD for this client and using 802.1x. Everything on site A is working fine.
Now i´m trying so set an access point in site B ( in city B ) with its own set of wlans ( wlan X, wlan Y ... ) that is also used to differentiate clients, site B as its own DHCP, its own RADIUS and its own AD. I´ve managed to connect the access point to the WLC and set wlans for site B. My problem now is that when a user tries to connect to wlan X and he is suppose to be in wlan Y, he is not forwarded to wlan Y and is left in wlan X. I´ve also configured HREAP.
Does anyone as any idea why the clients aren't being assigned to the correct wlan??
I´ve checked in the Radius server and its sending the correct wlan to the user.
I now that the text is probably a little bit confusing, but i hope that someone can help me.
Thanks in advanced.
You are right, it is not supported:
Note: If the APs are in H-REAP mode and locally switched at the remote site, the dynamic assignment of users to a specific VLAN based on the RADIUS server configuration is not supported.
Since you can't do dynamic vlan, why not have two policies, one for teachers and the other for students. You will need to have then in seperate groups in AD also. Then filter on the ssid and the AD group, so if students try to access the teachers ssid using their credentials, they get rejected and vice versa.
I don't know what you mean by connecting two site without h-reap. The only other way is switching the AP to local mode, which you better have some good bandwidth.
Scott
Similar Messages
-
Hello,
I am going to deploy Cisco ISE with WLC 5500. I have two kinds of users one for which I want to deploy just open access Wi-Fi network, without working with Cisco ISE and Second group of Users for which I want to deploy Cisco ISE services like advanced authentication, posture and profiling. For both users I have just one WLC. Is there any problem to just deploy two SSID one for open access (without Cisco ISE) and second Secure with Cisco ISE ?Thank you for helping.
I have read your proposed document, but didn't understand details beside SNMP probes.
The reason I don't want to enable ISE authentication/profiling and posture for guest is that I don't have enough licenses for all guests. I am planning to create separate SSID for guest which will have just open “authentication” without any key or ISE. In this case why ISE will profile guest users, it even doesn’t be associated with this WLAN profile? -
Wlc 5500 authentication timeout
I have a WLC 5500 controller. I have two WLANS (OBSD-Internal and OBSD-BYOD). I have authentication setup to the WLC for the BYOD WLAN using LDAP (users connect with an AD user account). They are required to re authenticate every few minutes. This only happens on the BYOD WLAN (not Internal)
Scott-
Here are the results of the sho WLAN cmd:
(Cisco Controller) >show wlan 3
WLAN Identifier.................................. 3
Profile Name..................................... OBSD BYOD
Network Name (SSID).............................. OBSD-BYOD
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 25
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. Infinity
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ g9c-guest
Multicast Interface.............................. Not Configured
--More-- or (q)uit
WLAN ACL......................................... Guest WiFi Internet Only
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
--More-- or (q)uit
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Web Auth
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
--More-- or (q)uit
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Mobility Anchor List
WLAN ID IP Address Status -
We have a WLC 5500 apliance, but i have a problem, the APs have a administrative IP in a diferent segment, only conected to WLC the AP have same segment of the management interface, the 5500 don´t have APmanager interface.
How configurate the WLC to conected and administrate all AP with different segment IP
Product Version.................................. 6.0.182.0
chasis: AIR-CT5508-K9You may check this article about the discovery process:
http://tiny.cc/lqu1zw
Now, with what Steve above is trying to say is that with 5508 the management interface itself is the AP manager interface (by default). so, management and ap-manager interfaces are merged into one interface with same IP address. You can change this behavior but this is the default.
The article will tell you what mechanisms can be used to direct the APs to join the WLC even if they are on different subnet.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you" -
Dear All,
i have WLC 5500 with 50 AP Base license with LAP 3500i APs,
so, do i need license for the WLC to work with the cleanair technology even it software ver 7 ?????
and also i have WCS with base license so do i need a license also for the WCS to work with clean air technology????
thanks
AhmedYou do not need extra license for either WLC or WCS to work with cleanair. But if you buy 10 AP pack 3500 APs, you will get WCS Plus upgrade license (for 100 APs) for free.
More info can be found here:
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10981/qa_c67-604158.html
zhenning -
Hi,
I have a WLC 5500 with image 7.0.98, and I can not use bonjour services.
My broadcast and multicast are enabled.
Ethernet Multicast Forwarding............... Enable
Ethernet Broadcast Forwarding............... Enable
AP Multicast/Broadcast Mode................. Multicast Address : 235.0.0.1
IGMP snooping............................... Enabled
the only thing that makes me crazy, is that I am migrating from all the network 3com, to CISCO, now all my switches, and routers are Cisco, my new wlan is CISCO, but for some reasons I have to use for a while the old wireless 3com infraestructure, and I dont have any issue like this in 3com wireless.
I really does not what to do.
Any idea???Just curious.. Since we are using Multicast - Multicast mode..make sure the Multicast routing should be enabled on..
>> MGMT interface and AP manager int's int VLAN where the routing is happening
>> VLAN on which the AP are lying
>> VLAN on whihc the clients are on.
Ex - If the Management and the AP manager is on VLAN 10 and AP are in VLAn 20 and CLients are on VLAN 30, then on VLANs 10, 20, 30 the multicast routing should be enabled..
Regards
Surendra -
Can we create Mobility group between WISM2 and WLC 5500
Dears,
I need your feedback urgent please,
Can we create Mobility Group between WISM2 and WLC 5500
Firmware for WISM2 > 7.4.121.0
Firmware for WLC5500 > 6.0.196.0
I created Mobility Group with (IP address , MAC Address and Mobility group name) for Foreign Controller. if any configuration required from my side.
Wait your feedback urgent please
Regards,Hi,
Controllers do not have to be of the same model to be a member of a mobility group. Mobility groups can be comprised of any combination of controller platforms.
Thats enough :)
Regards
Dont forget to rate helpful posts -
Overwrite image webauth-bundle WLC 5500
Hi,
Does any one knows how to replace an image in webauth-bundle on WLC 5500?
When I run "show custom-web webauth-bundle", I do see the files:
aup.html
login.html
yourlogo.jpg
But, the size of yourlogo.jpg is too big and need to replace with a smaller one.
I have tried (with the appropiate IP and filename):
transfer download mode tftp
transfer download datatype image
transfer download serverip tftp-server-ip-addres
transfer download filename {filename.jpg | filename.gif | filename.png}
but, it does not work.
Thanks very much.If the size changes, then yes you will need to define that on the html. Anyways, you will need to tar up the files and upload it to the WLC. That is the only way to update a custom webauth, either being a change to the html, image or maybe the AUP.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Hi experts,
I want to Migrate WLC 4400 with WLC 5500, But i don't know how to do this.
Should i create new configuration or use my WLC 4400 config ?
I want to know about IOS for WLC 5500, should I upgrade my Access Point to connect with new WLC ?
I need a good method to migrate this WLC. So my WLC 5500 can run properly.
Thankyou for your help.I have no idea how Ravi's answer is considered "correct" when he didn't address the most important aspect of your thread.
As far as I'm aware, you need to ensure both controllers are running the same firmware or 7.0.250.X.
Take a copy or export the config of the 4400 configuration to your TFTP server. Edit the file and change the necessary settings. Go to the 5500 and download this configuration file. Upgrade the firmware and the bootstrap if necessary. -
Hi, I have a WLC 5500 with Software Version, 6.0.196.0, License Level Base, according to the "Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 6.0.196.0", says that the base license includes all features present in the wplus license. In the monitor page from the WLC the Licence Level say "base", and when I go to Managment License Level, and I set the License Level to "wplus" a messages say: Setting wplus as next level failed. Only with the version of Operating system is enough to have the functions of Wplus Licence, although the level of license showing base license, in the monitor page of the WLC.
ThanksThanks leolahoo,
Your indicate that in the version 7 these functions are operative, but because the guide says that from version 6.0.196 they are available?
WPlus License Features Included in Base License
All features included in a Wireless LAN Controller WPlus license are now included in the base license; this change is introduced in release 6.0.196.0. There are no changes to WCS BASE and PLUS licensing.
These WPlus license features are included in the base license:
•Office Extend AP
•Enterprise Mesh
•CAPWAP Data Encryption
The licensing change can affect features on your wireless LAN when you upgrade or downgrade software releases, so you should be aware of these guidelines:
•If you have a WPlus license and you upgrade from 6.0.18x to 6.0.196.0: Your license file contains both Basic and WPlus license features. You won't see any disruption in feature availability and operation.
•If you have a WPlus license and you downgrade from 6.0.196.0 to 6.0.188 or 6.0.182: The license file in 6.0.196.0 contains both Basic and WPlus license features, so you won't see any disruption in feature availability and operation.
•If you have a base license and you downgrade from 6.0.196.0 to 6.0.188 or 6.0.182: When you downgrade, you lose all WPlus features. -
Simple : Which src MAC address when WLC bridges 802.11to 802.3 ?
When a WLC bridges 802.11 to 802.3, after extracting the original 802.11 frame from LWAPP, does it put the 802.11 senders
MAC address as the source addr in the new 802.3 frame ?
Or does it put the WLC's AP manager interface ? (Or the WLC's Management Interface) ?
If you refer to :-
http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html#wp1050985
One of the bullet points reads :-
After processing the 802.11 MAC header, the WLC extracts the payload (the IP packet from Host A), encapsulates it into an Ethernet frame, and then forwards the frame onto the appropriate wired network, typically adding an 802.1Q VLAN tag.
Should it include :-
and adds the MAC address of the Wireless client as the SOURCE MAC ADDRESS to the outgoing Ethernet Frame??
Also, will an ARP for a wireless client yeild the mac address of the WLC or the AP ???
ThanksIt looks like the src address of the original 802.11 client goes to the 802.3 frame as the source.
So am I correct in thinking that (in a flat topology, no L3 routing) the WLC will appear as to an attached switchport as trunk
(not necessarly 802.1q, but usually) with multiple mac address learned from it.
Any host on the LAN will send a packet for DEST MAC, which will eventually be SWITCHED (via L2 switching), upto the WLC.
The WLC will then send it over lwapp to the AP, and the AP will send it to the client.
But as far as the mac-address-table is concerned of any switch directly attached to the WLC, it will see
all client MAC address for ALL wireless stations for ALL AP's... Correct ?
Thanks -
Hi,
I have successfully connected my WLC 2500 controller with 20 light weight Access points 1262N.
I have used the internal DHCP server option in the controller for the AP's and client.
Port 1 of the WLC is trunked with the switch 2960. All is working fine
The problem comes when I remove the Ethernet cable from the management interface and restart the WLC. The AP's don't come back. If I don't restart the WLC the AP's remain.
On the other hand, when I leave the Ethernet cable connected to the management port with my pc and then reboot the WLC, the AP's appear.
Seems like whenever im not physically connected to the management port of the WLC and restart it, the AP's don't come back. The only way to make them come back again is to connect my PC to the management port.
Please help me. What seems to be the problem here ?
Best Regards,Hi,
All 20 Pc;s are in one area connected to the same AP im assuming. The PC;s are stationary, so didnt check for roaming, but generally my laptop connectivity is fine while roaming. It rarely disconnects but users have complained that it did disconncect a few times.
Please see below the WLC configuration:
User:Dawaa
Password:********
(Cisco Controller) >sh
(Cisco Controller) show>running-config
Notice: "show running-config" has been changed to be an alias to "show run-config".
Use "show run-config commands" to display the configuration commands.
Press Enter to continue or to abort...
System Inventory
NAME: "Chassis" , DESCR: "Cisco 2500 Series Wireless LAN Controller"
PID: AIR-CT2504-K9, VID: V01, SN: PSZ163602PD
Burned-in MAC Address............................ 20:3A:07:67:C3:00
Maximum number of APs supported.................. 15
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.3.101.0
Bootloader Version............................... 1.0.16
Field Recovery Image Version..................... 1.0.0
Firmware Version................................. PIC 16.0
Build Type....................................... DATA + WPS
System Name...................................... tEthernet0
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 192.168.0.140
Last Reset....................................... Software reset
System Up Time................................... 0 days 1 hrs 23 mins 40 secs
System Timezone Location......................... (GMT +3:00) Baghdad
Configured Country............................... SA - Saudi Arabia
Operating Environment............................ Commercial (0 to 40 C)
--More or (q)uit current module or to abort
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +26 C
External Temperature............................. +30 C
Fan Status....................................... 4200 rpm
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 10
Burned-in MAC Address............................ 20:3A:07:67:C3:00
Maximum number of APs supported.................. 15
Press Enter to continue or to abort
AP Bundle Information
Primary AP Image Size
ap1g2 10596
ap3g1 11088
ap3g2 10968
ap801 7092
ap802 8428
c1130 5072
c1140 9288
c1250 6784
c1520 7852
c602i 3736
Secondary AP Image Size
ap1g2 10596
ap3g1 11088
ap3g2 10968
ap801 7092
ap802 8428
--More or (q)uit current module or to abort
c1130 5072
c1140 9288
c1250 6784
c1520 7852
c602i 3736
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Strong Password Check Features:
case-check ...........Enabled
consecutive-check ....Enabled
default-check .......Enabled
username-check ......Enabled
Press Enter to continue or to abort
Network Information
RF-Network Name............................. Dawaa
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Multicast Address : 239.60.60.60
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
--More or (q)uit current module or to abort
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Enable
Mgmt Via Dynamic Interface.................. Enable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Fast SSID Change ........................... Disabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
CCX-lite status ............................ Disable
oeap-600 dual-rlan-ports ................... Disable
oeap-600 local-network ..................... Enable
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE
1 Normal Forw Enable Auto 1000 Full Up Enable N/A
2 Normal Disa Enable Auto Auto Down Enable N/A
3 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
4 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 14
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
AP6c20.56a0.b352 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b3:52 default location 1 SA 1
AP6c20.5666.e34a 2 AIR-LAP1262N-E-K9 6c:20:56:66:e3:4a default location 1 SA 1
AP6c20.56a0.b341 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b3:41 default location 1 SA 1
AP6c20.56a0.b4db_(Expiry) 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b4:db Expiry Warehouse 1 SA 1
AP6c20.569a.59da 2 AIR-LAP1262N-E-K9 6c:20:56:9a:59:da default location 1 SA 1
AP6c20.5666.e2db 2 AIR-LAP1262N-E-K9 6c:20:56:66:e2:db default location 1 SA 1
AP6c20.568c.d530_(Expiry) 2 AIR-LAP1262N-E-K9 6c:20:56:8c:d5:30 default location 1 SA 1
AP6c20.5666.e2ca 2 AIR-LAP1262N-E-K9 6c:20:56:66:e2:ca default location 1 SA 1
AP6c20.5666.e354 2 AIR-LAP1262N-E-K9 6c:20:56:66:e3:54 default location 1 SA 1
AP6c20.569a.59fd 2 AIR-LAP1262N-E-K9 6c:20:56:9a:59:fd default location 1 SA 1
AP6c20.56a0.b346 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b3:46 default location 1 SA 1
AP6c20.56a0.b2f0 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b2:f0 default location 1 SA 1
AP6c20.568c.d1ec 2 AIR-LAP1262N-E-K9 6c:20:56:8c:d1:ec default location 1 SA 1
AP6c20.56a0.b425 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b4:25 default location 1 SA 1
--More or (q)uit current module or to abort
AP Tcp-Mss-Adjust Info
AP Name TCP State MSS Size
AP6c20.56a0.b352 disabled -
AP6c20.5666.e34a disabled -
AP6c20.56a0.b341 disabled -
AP6c20.56a0.b4db_(Expiry) disabled -
AP6c20.569a.59da disabled -
AP6c20.5666.e2db disabled -
AP6c20.568c.d530_(Expiry) disabled -
AP6c20.5666.e2ca disabled -
AP6c20.5666.e354 disabled -
AP6c20.569a.59fd disabled -
AP6c20.56a0.b346 disabled -
AP6c20.56a0.b2f0 disabled -
AP6c20.568c.d1ec disabled -
AP6c20.56a0.b425 disabled -
Press Enter to continue or to abort
AP Location
Total Number of AP Groups........................ 0
Site Name........................................ default-group
Site Description.................................
AP Operating Class............................... Not-configured
RF Profile
2.4 GHz band.....................................
5 GHz band.......................................
WLAN ID Interface Network Admission Control Radio Policy
1 management Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
AP6c20.56a0.b352 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b3:52 default location 1 SA 1
AP6c20.5666.e34a 2 AIR-LAP1262N-E-K9 6c:20:56:66:e3:4a default location 1 SA 1
AP6c20.56a0.b341 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b3:41 default location 1 SA 1
AP6c20.56a0.b4db_(Expiry) 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b4:db Expiry Warehouse 1 SA 1
--More or (q)uit current module or to abort
AP6c20.569a.59da 2 AIR-LAP1262N-E-K9 6c:20:56:9a:59:da default location 1 SA 1
AP6c20.5666.e2db 2 AIR-LAP1262N-E-K9 6c:20:56:66:e2:db default location 1 SA 1
AP6c20.568c.d530_(Expiry) 2 AIR-LAP1262N-E-K9 6c:20:56:8c:d5:30 default location 1 SA 1
AP6c20.5666.e2ca 2 AIR-LAP1262N-E-K9 6c:20:56:66:e2:ca default location 1 SA 1
AP6c20.5666.e354 2 AIR-LAP1262N-E-K9 6c:20:56:66:e3:54 default location 1 SA 1
AP6c20.569a.59fd 2 AIR-LAP1262N-E-K9 6c:20:56:9a:59:fd default location 1 SA 1
AP6c20.56a0.b346 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b3:46 default location 1 SA 1
AP6c20.56a0.b2f0 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b2:f0 default location 1 SA 1
AP6c20.568c.d1ec 2 AIR-LAP1262N-E-K9 6c:20:56:8c:d1:ec default location 1 SA 1
AP6c20.56a0.b425 2 AIR-LAP1262N-E-K9 6c:20:56:a0:b4:25 default location 1 SA 1
Press Enter to continue or to abort
RF Profile
Number of RF Profiles............................ 0
Out Of Box State................................. Disabled
RF Profile Name Band Description Applied
Press Enter to continue or to abort
AP Config
Cisco AP Identifier.............................. 0
Cisco AP Name.................................... AP6c20.56a0.b352
Country code..................................... SA - Saudi Arabia
Regulatory Domain allowed by Country............. 802.11bg:-AE 802.11a:-E
AP Country code.................................. SA - Saudi Arabia
AP Regulatory Domain............................. -E
Switch Port Number .............................. 1
MAC Address...................................... 6c:20:56:a0:b3:52
IP Address Configuration......................... DHCP
IP Address....................................... 192.168.0.111
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.0.220
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ default location
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
--More or (q)uit current module or to abort
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.3.101.0
Boot Version ................................... 12.4.2.4
Mini IOS Version ................................ 7.3.1.73
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1262N-E-K9
AP Image......................................... C1260-K9W8-M
--More or (q)uit current module or to abort
IOS Version...................................... 15.2(2)JA$
Reset Button..................................... Enabled
AP Serial Number................................. FCZ1642Z0A6
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... CUSTOMIZED
AP User Name..................................... dawaa
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 22 h 01 m 44 s
AP LWAPP Up Time................................. 0 days, 01 h 25 m 37 s
Join Date and Time............................... Wed Mar 13 16:10:25 2013
Join Taken Time.................................. 0 days, 00 h 02 m 19 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211n-2.4
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
--More or (q)uit current module or to abort
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 1c:e6:c7:04:7a:20
Operation Rate Set
1000 Kilo Bits........................... SUPPORTED
2000 Kilo Bits........................... SUPPORTED
5500 Kilo Bits........................... SUPPORTED
11000 Kilo Bits.......................... MANDATORY
MCS Set
MCS 0.................................... DISABLED
MCS 1.................................... DISABLED
MCS 2.................................... SUPPORTED
MCS 3.................................... DISABLED
MCS 4.................................... DISABLED
MCS 5.................................... DISABLED
MCS 6.................................... DISABLED
MCS 7.................................... DISABLED
MCS 8.................................... DISABLED
MCS 9.................................... DISABLED
MCS 10................................... DISABLED
--More or (q)uit current module or to abort
MCS 11................................... DISABLED
MCS 12................................... DISABLED
MCS 13................................... DISABLED
MCS 14................................... DISABLED
MCS 15................................... DISABLED
MCS 16................................... DISABLED
MCS 17................................... DISABLED
MCS 18................................... DISABLED
MCS 19................................... DISABLED
MCS 20................................... DISABLED
MCS 21................................... DISABLED
MCS 22................................... DISABLED
MCS 23................................... DISABLED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ SA
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 13
--More or (q)uit current module or to abort
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 3
Phy DSSS parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 6
Extension Channel ......................... NONE
--More or (q)uit current module or to abort
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11,12,
......................................... 13
Current CCA Mode .......................... 0
ED Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... CUSTOMIZED
Legacy Tx Beamforming ..................... ENABLED
Antenna Type............................... EXTERNAL_ANTENNA
External Antenna Gain (in .5 dBi units).... 0
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
A....................................... ENABLED
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
--More or (q)uit current module or to abort
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Radio Extended Configurations
Beacon period.............................. 100 milliseconds
Beacon range............................... AUTO
Multicast buffer........................... AUTO
Multicast data-rate........................ AUTO
RX SOP threshold........................... AUTO
CCA threshold.............................. AUTO
Cisco AP Identifier.............................. 0
Cisco AP Name.................................... AP6c20.56a0.b352
Country code..................................... SA - Saudi Arabia
Regulatory Domain allowed by Country............. 802.11bg:-AE 802.11a:-E
AP Country code.................................. SA - Saudi Arabia
AP Regulatory Domain............................. -E
Switch Port Number .............................. 1
--More or (q)uit current module or to abort
MAC Address...................................... 6c:20:56:a0:b3:52
IP Address Configuration......................... DHCP
IP Address....................................... 192.168.0.111
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.0.220
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ default location
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
--More or (q)uit current module or to abort
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.3.101.0
Boot Version ................................... 12.4.2.4
Mini IOS Version ................................ 7.3.1.73
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1262N-E-K9
AP Image......................................... C1260-K9W8-M
IOS Version...................................... 15.2(2)JA$
Reset Button..................................... Enabled
AP Serial Number................................. FCZ1642Z0A6
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... CUSTOMIZED
AP User Name..................................... dawaa
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
--More or (q)uit current module or to abort
AP Up Time....................................... 0 days, 22 h 01 m 44 s
AP LWAPP Up Time................................. 0 days, 01 h 25 m 37 s
Join Date and Time............................... Wed Mar 13 16:10:25 2013
Join Taken Time.................................. 0 days, 00 h 02 m 19 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211n-5
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 1c:e6:c7:04:7a:20
Operation Rate Set
6000 Kilo Bits........................... MANDATORY
--More or (q)uit current module or to abort
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
MCS Set
MCS 0.................................... DISABLED
MCS 1.................................... DISABLED
MCS 2.................................... DISABLED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
MCS 14................................... SUPPORTED
--More or (q)uit current module or to abort
MCS 15................................... SUPPORTED
MCS 16................................... DISABLED
MCS 17................................... DISABLED
MCS 18................................... DISABLED
MCS 19................................... DISABLED
MCS 20................................... DISABLED
MCS 21................................... DISABLED
MCS 22................................... DISABLED
MCS 23................................... DISABLED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ SA
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 4
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
--More or (q)uit current module or to abort
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 17 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 36
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140
TI Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... CUSTOMIZED
--More or (q)uit current module or to abort
Legacy Tx Beamforming ..................... ENABLED
Antenna Type............................... EXTERNAL_ANTENNA
External Antenna Gain (in .5 dBi units).... 0
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
A....................................... ENABLED
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
--More or (q)uit current module or to abort
CleanAir Capable......................... No
Radio Extended Configurations
Beacon period.............................. 100 milliseconds
Beacon range............................... AUTO
Multicast buffer........................... AUTO
Multicast data-rate........................ AUTO
RX SOP threshold........................... AUTO
CCA threshold.............................. AUTO
Press Enter to continue or to abort
Cisco AP Identifier.............................. 1
Cisco AP Name.................................... AP6c20.5666.e34a
Country code..................................... SA - Saudi Arabia
Regulatory Domain allowed by Country............. 802.11bg:-AE 802.11a:-E
AP Country code.................................. SA - Saudi Arabia
AP Regulatory Domain............................. -E
Switch Port Number .............................. 1
MAC Address...................................... 6c:20:56:66:e3:4a
IP Address Configuration......................... DHCP
IP Address....................................... 192.168.0.39
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.0.220
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ default location
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or to abort
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.3.101.0
Boot Version ................................... 12.4.2.4
Mini IOS Version ................................ 7.3.1.73
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1262N-E-K9
AP Image......................................... C1260-K9W8-M
IOS Version...................................... 15.2(2)JA$
--More or (q)uit current module or to abort
Reset Button..................................... Enabled
AP Serial Number................................. FCZ1642Z09V
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 22 h 03 m 17 s
AP LWAPP Up Time................................. 0 days, 01 h 28 m 23 s
Join Date and Time............................... Wed Mar 13 16:10:26 2013
Join Taken Time.................................. 0 days, 00 h 02 m 04 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211n-2.4
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
--More or (q)uit current module or to abort
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 54:78:1a:f2:51:c0
Operation Rate Set
1000 Kilo Bits........................... SUPPORTED
2000 Kilo Bits........................... SUPPORTED
5500 Kilo Bits........................... SUPPORTED
11000 Kilo Bits.......................... MANDATORY
MCS Set
MCS 0.................................... DISABLED
MCS 1.................................... DISABLED
MCS 2.................................... SUPPORTED
MCS 3.................................... DISABLED
MCS 4.................................... DISABLED
MCS 5.................................... DISABLED
MCS 6.................................... DISABLED
MCS 7.................................... DISABLED
MCS 8.................................... DISABLED
MCS 9.................................... DISABLED
MCS 10................................... DISABLED
MCS 11................................... DISABLED
--More or (q)uit current module or to abort
MCS 12................................... DISABLED
MCS 13................................... DISABLED
MCS 14................................... DISABLED
MCS 15................................... DISABLED
MCS 16................................... DISABLED
MCS 17................................... DISABLED
MCS 18................................... DISABLED
MCS 19................................... DISABLED
MCS 20................................... DISABLED
MCS 21................................... DISABLED
MCS 22................................... DISABLED
MCS 23................................... DISABLED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ SA
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 13
--More or (q)uit current module or to abort
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 2
Phy DSSS parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
--More or (q)uit current module or to abort
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11,12,
......................................... 13
Current CCA Mode .......................... 0
ED Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... CUSTOMIZED
Legacy Tx Beamforming ..................... ENABLED
Antenna Type............................... EXTERNAL_ANTENNA
External Antenna Gain (in .5 dBi units).... 0
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
A....................................... ENABLED
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
--More or (q)uit current module or to abort
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Radio Extended Configurations
Beacon period.............................. 100 milliseconds
Beacon range............................... AUTO
Multicast buffer........................... AUTO
Multicast data-rate........................ AUTO
RX SOP threshold........................... AUTO
CCA threshold.............................. AUTO
Cisco AP Identifier.............................. 1
Cisco AP Name.................................... AP6c20.5666.e34a
Country code..................................... SA - Saudi Arabia
Regulatory Domain allowed by Country............. 802.11bg:-AE 802.11a:-E
AP Country code.................................. SA - Saudi Arabia
AP Regulatory Domain............................. -E
Switch Port Number .............................. 1
MAC Address...................................... 6c:20:56:66:e3:4a
--More or (q)uit current module or to abort
IP Address Configuration......................... DHCP
IP Address....................................... 192.168.0.39
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.0.220
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ default location
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
--More or (q)uit current module or to abort
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.3.101.0
Boot Version ................................... 12.4.2.4
Mini IOS Version ................................ 7.3.1.73
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1262N-E-K9
AP Image......................................... C1260-K9W8-M
IOS Version...................................... 15.2(2)JA$
Reset Button..................................... Enabled
AP Serial Number................................. FCZ1642Z09V
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 22 h 03 m 17 s
--More or (q)uit current module or to abort
AP LWAPP Up Time................................. 0 days, 01 h 28 m 23 s
Join Date and Time............................... Wed Mar 13 16:10:26 2013
Join Taken Time.................................. 0 days, 00 h 02 m 04 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211n-5
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 54:78:1a:f2:51:c0
Operation Rate Set
6000 Kilo Bits........................... MANDATORY
9000 Kilo Bits........................... SUPPORTED
--More or (q)uit current module or to abort
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
MCS Set
MCS 0.................................... DISABLED
MCS 1.................................... DISABLED
MCS 2.................................... DISABLED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
--More or (q)uit current module or to abort
MCS 16................................... DISABLED
MCS 17................................... DISABLED
MCS 18................................... DISABLED
MCS 19................................... DISABLED
MCS 20................................... DISABLED
MCS 21................................... DISABLED
MCS 22................................... DISABLED
MCS 23................................... DISABLED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ SA
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 4
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
--More or (q)uit current module or to abort
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 17 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 64
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140
TI Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... CUSTOMIZED
Legacy Tx Beamforming ..................... ENABLED
--More or (q)uit current module or to abort
Antenna Type............................... EXTERNAL_ANTENNA
External Antenna Gain (in .5 dBi units).... 0
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
A....................................... ENABLED
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
--More or (q)uit current module or to abort
Radio Extended Configurations
Beacon period.............................. 100 milliseconds
Beacon range............................... AUTO
Multicast buffer........................... AUTO
Multicast data-rate........................ AUTO
RX SOP threshold........................... AUTO
CCA threshold.............................. AUTO
Press Enter to continue or to abort
Cisco AP Identifier.............................. 2
Cisco AP Name.................................... AP6c20.56a0.b341
Country code..................................... SA - Saudi Arabia
Regulatory Domain allowed by Country............. 802.11bg:-AE 802.11a:-E
AP Country code.................................. SA - Saudi Arabia
AP Regulatory Domain............................. -E
Switch Port Number .............................. 1
MAC Address...................................... 6c:20:56:a0:b3:41
IP Address Configuration......................... DHCP
IP Address....................................... 192.168.0.120
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.0.220
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ default location
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or to abort
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.3.101.0
Boot Version ................................... 12.4.2.4
Mini IOS Version ................................ 7.3.1.73
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1262N-E-K9
AP Image......................................... C1260-K9W8-M
IOS Version...................................... 15.2(2)JA$
--More or (q)uit current module or to abort
Reset Button..................................... Enabled
AP Serial Number................................. FCZ1642Z09Y
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... CUSTOMIZED
AP User Name..................................... dawaa
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 22 h 07 m 08 s
AP LWAPP Up Time................................. 0 days, 01 h 31 m 05 s
Join Date and Time............................... Wed Mar 13 16:10:26 2013
Join Taken Time.................................. 0 days, 00 h 02 m 19 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211n-2.4
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
--More or (q)uit current module or to abort
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 1c:e6:c7:04:81:f0
Operation Rate Set
1000 Kilo Bits........................... SUPPORTED
2000 Kilo Bits........................... SUPPORTED
5500 Kilo Bits........................... SUPPORTED
11000 Kilo Bits.......................... MANDATORY
MCS Set
MCS 0.................................... DISABLED
MCS 1.................................... DISABLED
MCS 2.................................... SUPPORTED
MCS 3.................................... DISABLED
MCS 4.................................... DISABLED
MCS 5.................................... DISABLED
MCS 6.................................... DISABLED
MCS 7.................................... DISABLED
MCS 8.................................... DISABLED
MCS 9.................................... DISABLED
MCS 10................................... DISABLED
MCS 11................................... DISABLED
--More or (q)uit current module or to abort
MCS 12................................... DISABLED
MCS 13................................... DISABLED
MCS 14................................... DISABLED
MCS 15................................... DISABLED
MCS 16................................... DISABLED
MCS 17................................... DISABLED
MCS 18................................... DISABLED
MCS 19................................... DISABLED
MCS 20................................... DISABLED
MCS 21................................... DISABLED
MCS 22................................... DISABLED
MCS 23................................... DISABLED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String .............. -
WLC 5508 - wlan stability problems
Hi.
I have a WLC 5508 with half a dozen LAPs (AIR-CAP3502I-E-K9).
They have been working but sometimes clients detect conectivity problems with the wlan.
Here is the message log I can obtain from the controller:
Nov 09 12:16:31.886: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!*dot1xMsgTask: Nov 09 12:16:10.286: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 00:26:c6:12:e8:32Previous message occurred 7 times.Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!*apfReceiveTask: Nov 09 11:51:30.788: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *spamApTask2: Nov 09 11:51:20.144: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.23.1.118*dot1xMsgTask: Nov 09 11:50:44.878: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client e0:ca:94:93:be:67*apfReceiveTask: Nov 09 11:50:40.672: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:38.625: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:35.531: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:31.068: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:29.257: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:28.707: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
Can somebody help me to understand these messages?
1)
*apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
2)
Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!
3)
*dot1xMsgTask: Nov 09 11:50:44.878: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client e0:ca:94:93:be:67
Thanks1)
*apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
//APs are rebooting. don't panic, check the up time of AP. This message seen when AP rebooted/freshly joined and waiting for wlc to assign channel.
2)
Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!
//It is cosmetic and can be ignored.
3)
*dot1xMsgTask: Nov 09 12:16:10.286: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 00:26:c6:12:e8:32
//Keys M1-M5 used for wireless auth, here client having struggle completing the auth process.
get output of, WLC>debug client -
WLC 5508: 802.1 AAA override; Authenication success no dynamic vlan assignment
WLC 5508: software version 7.0.98.0
Windows 7 Client
Radius Server: Fedora Core 13 / Freeradius with LDAP storage backend
I have followed the guide at http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml with respective to building the LDAP and free radius server. 802.1x authorization and authenication correctly work. The session keys are returned from the radius server and the wlc send the appropriate information for the client to generate the WEP key.
However, the WLC does not override the VLAN assignment, even though I was to believe I set everything up correctly. From the packet capture, you can see that verfication of client is authorized to use the WLAN returns the needed attributes:
AVP: l=4 t=Tunnel-Private-Group-Id(81): 10
AVP: l=6 t=Tunnel-Medium-Type(65): IEEE-802(6)
AVP: l=6 t=Tunnel-Type(64): VLAN(13)
I attached a packet capture and wlc config, any guidance toward the attributes that may be missing or not set correctly in the config would be most appreciated.Yes good catch, so I had one setting left off in freeradius that allowed the inner reply attributes back to the outer tunneled accept. I wrote up a medium high level config for any future viewers of this thread:
The following was tested and verified on a fedora 13 installation. This is a minimal setup; not meant for a "live" network (security issues with cleartext passwords, ldap not indexed properly for performance)
Install Packages
1. Install needed packages.
yum install openldap*
yum install freeradius*
2. Set the services to automatically start of system startup
chkconfig --level 2345 slapd on
chkconfig --level 2345 radiusd on
Configure and start LDAP
1. Copy the needed ladp schemas for radius. Your path may vary a bit
cp /usr/share/doc/freeradius*/examples/openldap.schema /etc/openldap/schema/radius.schema
2. Create a admin password for slapd. Record this password for later use when configuring the slapd.conf file
slappasswd
3. Add the ldap user and group; if it doesn't exisit. Depending on the install rpm, it may have been created
useradd ldap
groupadd ldap
4. Create the directory and assign permissions for the database files
mkdir /var/lib/ldap
chmod 700 /var/lib/ldap
chown ldap:ldap /var/lib/ldap
5. Edit the slapd.conf file.
cd /etc/openldap
vi slapd.conf
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#Default needed schemas
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
#Radius include
include /etc/openldap/schema/radius.schema
#Samba include
#include /etc/openldap/schema/samba.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# ldbm and/or bdb database definitions
#Use the berkely database
database bdb
#dn suffix, domain components read in order
suffix "dc=cisco,dc=com"
checkpoint 1024 15
#root container node defined
rootdn "cn=Manager,dc=cisco,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
rootpw
{SSHA}
cVV/4zKquR4IraFEU7NTG/PIESw8l4JI
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools. (chown ldap:ldap)
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index uid,memberUid eq,pres,sub
# enable monitoring
database monitor
# allow onlu rootdn to read the monitor
access to *
by dn.exact="cn=Manager,dc=cisco,dc=com" read
by * none
6. Remove the slapd.d directory
cd /etc/openldap
rm -rf slapd.d
7. Hopefully if everything is correct, should be able to start up slapd with no problem
service slapd start
8. Create the initial database in a text file called /tmp/initial.ldif
dn: dc=cisco,dc=com
objectClass: dcobject
objectClass: organization
o: cisco
dc: cisco
dn: ou=people,dc=cisco,dc=com
objectClass: organizationalunit
ou: people
description: people
dn: uid=jonatstr,ou=people,dc=cisco,dc=com
objectClass: top
objectClass: radiusprofile
objectClass: inetOrgPerson
cn: jonatstr
sn: jonatstr
uid: jonatstr
description: user Jonathan Strickland
radiusTunnelType: VLAN
radiusTunnelMediumType: 802
radiusTunnelPrivateGroupId: 10
userPassword: ggsg
9. Add the file to the database
ldapadd -h localhost -W -D "cn=Manager, dc=cisco,dc=com" -f /tmp/initial.ldif
10. Issue a basic query to the ldap db, makes sure that we can request and receive results back
ldapsearch -h localhost -W -D cn=Manager,dc=cisco,dc=com -b dc=cisco,dc=com -s sub "objectClass=*"
Configure and Start FreeRadius
1. Configure ldap.attrmap, if needed. This step is only needed if we need to map and pass attributes back to the authenicator (dynamic vlan assignments as an example). Below is an example for dynamic vlan addresses
cd /etc/raddb
vi ldap.attrmap
For dynamic vlan assignments, verify the follow lines exist:
replyItem Tunnel-Type radiusTunnelType
replyItem Tunnel-Medium-Type radiusTunnelMediumType
replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId
Since we are planning to use the userpassword, we will let the mschap module perform the NT translations for us. Add the follow line to check ldap object for userpassword and store as Cleartext-Password:
checkItem Cleartext-Password userPassword
2. Configure eap.conf. The following sections attributes below should be verified. You may change other attributes as needed, they are just not covered in this document.
eap
{ default_eap_type = peap ..... }
tls {
#I will not go into details here as this is beyond scope of setting up freeradisu. The defaults will work, as freeradius comes with generated self signed certificates.
peap {
default_eap_type = mschapv2
#you will have to set this to allowed the inner tls tunnel attributes into the final accept message
use_tunneled_reply = yes
3. Change the authenication and authorization modules and order.
cd /etc/raddb/sites-enabled
vi default
For the authorize section, uncomment the ldap module.
For the authenicate section, uncomment the ldap module
vi inner-tunnel
Very importants, for the authorize section, ensure the ldap module is first, before mschap. Thus authorize will look like:
authorize
{ ldap mschap ...... }
4. Configure ldap module
cd /etc/raddb/modules
ldap
{ server=localhost identify = "cn=Manager,dc=cisco,dc=com" password=admin basedn="dc=cisco,dc=com" base_filter = "(objectclass=radiusprofile)" access_attr="uid" ............ }
5. Start up radius in debug mode on another console
radiusd -X
6. radtest localhost 12 testing123
You should get a Access-Accept back
7. Now to perform an EAP-PEAP test. This will require a wpa_supplicant test libarary called eapol_test
First install openssl support libraries, required to compile
yum install openssl*
yum install gcc
wget http://hostap.epitest.fi/releases/wpa_supplicant-0.6.10.tar.gz
tar xvf wpa_supplicant-0.6.10.tar.gz
cd wpa_supplicant-0.6.10/wpa_supplicant
vi defconfig
Uncomment CONFIG_EAPOL_TEST = y and save/exit
cp defconfig .config
make eapol_test
cp eapol_test /usr/local/bin
chmod 755 /usr/local/bin/eapol_test
8. Create a test config file named eapol_test.conf.peap
network=
{ eap=PEAP eapol_flags=0 key_mgmt=IEEE8021X identity="jonatstr" password="ggsg" \#If you want to verify the Server certificate the below would be needed \#ca_cert="/root/ca.pem" phase2="auth=MSCAHPV2" }
9. Run the test
eapol_test -c ~/eapol_test.conf.peap -a 127.0.0.1 -p 1812 -s testing123 -
WLC 5508 WPA Authentication Problems
Hello,
We have a WLC 5508 with 7.4.100.0 Firmware.
We are using 1141 and 1142 APs and we are having authentication problems with clients that are connecting to our WLAN with WPA+AES autentication. The clients receive in her laptop a password error, and we receive the following log in wlc:
Client Excluded: MACAddress:f8:f1:eb:dd:ff:cd Base Radio MAC :08:ad:dd:76:4d:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4
The strange thing is that the problem is solved restarting the Access-points.
Anyone had this problem previusly?
Thanks in advance.I made the configuration using the Cisco Recommended settings, the strange thing its that the users connect normally, until they starts with authentication problems. I restart the access points and the problem its solved.
Cisco Recommended and not recommended Authentication Settings
Security encryption settings need to be identical for WPA and WPA2 for TKIP and AES as shown in this image:
These images provide examples of incompatible settings for TKIP and AES:
Note: Be aware that security settings permit unsupported features.
These images provide examples of compatible settings:
Maybe you are looking for
-
Reading files from within helper classes
From within a servlet, I can get the servlet context to get a path to the "web" directory of my project and easily access properties files for my project. If I create another package in my project to hold helper classes that perform some specific fun
-
ORA-01173: data dictionary indicates missing data file from system tablespa
Hello My Database is 11gR1 and Linux is the OS. Thought of posting it as a new thread as things have changed a lot. 2 of my database file were lost due to hardware failure. (the datafile do not belong to SYSTEM TABLESPACE) and and the second was data
-
How to delete songs that are in two playlists?
How do I delete one copy of a song that is in two p[aylists?
-
This is a bug for Visual Studio 2013. There is a bug when you generate a for loop with the tab key. When you have generated it and started typing the list object for the second statement you would like visual studio to type the rest from the suggest
-
Why is the giving me this error (method does not return a value) PLEASE !!
I have this code and it is giving me this error and I don't know how to fix it can anyone out there tell me why I have included the next line of code as I have had problems in the curly brackets in the past. The error is "Client.java": Error #: 466 :