WLC 5508 integration with fortigate and Guest Vlan

Similar Messages

• CRM 5.0 Integration with Twitter and facebook

  HI Experts,
  i am working with SAP CRM 5.0 version,
  My existing client want to set up SAP CRM with twitter and Facebook specially customor services ,
  Does SAP CRM 5.0 has tight integration with twitter and facebook ,
  if yes will you please share iinformation in terms of
  1)Effort Estimation :manpoer
  2)Costing details 
  Thanking you in advance
  Pravin shete

  @sherrysarath:  Could you share some documents to understand how standards works for this issue? And if there aren't standards requirements, could you share your custom solution.
  @pravin wipro : Could you explain what are your requirements?

• DMS integration with PP and PS.

  Hi SAP PLM experts,
  I would like to know how mySAP PLM's DMS module  is integrated with PS and PP module.
  Any small scenario with T codes and configuration help is highly appriciated.
  If you guyz have any documents/materials for this question, please mail the same to sudhu03 at gmail dot com.
  Thanks in advance,
  S.Achar.

  It is only through the object linkwhich you provide.
  In the business perpective, we attach the contract documents, design drawings and other doucuments to the project for ready referance.
  You can create the DIR directly from PS transaction or you can create it in DMS and attach it to the Project.
  We do have the red lining to identify teh changes reqd in the document.

• Quality Center 11 (ALM) Query - Integration with Subversion and Jenkins

  Hi OHPCPaT Forum,
  Are there any restrictions to enabling the QC integration with Subversion and Jenkins when the QC server is a SaaS cloud instance? Is there any additional config I should be aware of?
  Thanks in anticipation

  Hi,
  Yes all the users are facing the issue. Please find more details for the issue.
  Currently we are upgrading Quality Center 10.0 to 11.0 with HP Enterprise Integration module for SAP applications. The project successfully upgraded from QC 10.0 to 11.0 but there are some error popup for the project for which Application Module and Enterprise Integration for SAP applications Version 2.6 was enabled
  Quality Center Details:
  HP Application Lifecycle Management 11.00
  ALM patch level: 07
  Quality Center 11.00 Enterprise Edition
  Component     Build
  OTA Client     11.0.0.6051
  User Interface     11.0.0.6051
  WebGate Client     11.0.0.6051
  Test Run Scheduler     11.0.0.6051
  Execution Flow     11.0.0.6051
  Site Administration Client     11.0.0.6051
  Extension Version     
  Enterprise Integration for SAP applications     2.6.0.3232
  Sprinter     11.0.0.6051
  Application Model     2.6.0.917
  Installation Steps followed:-
  1.Installed HP ALM
  2.Installed Patch Service Pack 2 (Patch 2,3,4)
  3.Installed Patch 6
  4.Installed Patch 7
  5.Installed the Extensions HP Enterprise Integration module for SAP applications using Extension Deployment Tool by following the steps provided in the Addin Page
  6.Created new project in HP ALM
  7.Login to the project (no issue)
  8.Enabled the Project Extensions
  9.Login to the project (able to access the project but error message is popup when we access Test plan and Defect module)
  Note: There is no error when we access the project for which the HP Enterprise Integration module for SAP applications EI not enabled. QC 11.0 is not integrated with any tools.
  Let me know is there any step we missed or we need to do any manual steps we need to do before enabling EI

• Exchange 2013 owa integration with ADFS and cooexistance with exchange 2007

  Team,
  I have successfully integrated adfs 3.0 and Exchange 2013 owa and ecp.  However, we have a coexistence environment with exchange 2007.  When you access owa, which then redirects you to adfs, sign-in, and then get redirected back to owa. If your
  mailbox is still within exchange 2007, you get a blank login page.  If you mailbox is in exchange 2013 then you successfully get the owa page for 2013.  The problem is that all exchange 2007 mailbox users get blank pages at login. So I have determined
  that exchange 2013 cas is not doing the service location lookup on the mailbox to determine if a redirect to the legacy owa address is needed.  Is there a configuration setting that I might be missing? Or does the integration with adfs and owa not support
  the much needed mailbox lookup for a coexistance environment?  A side note: if we enable FBA with owa, both login scenarios work just fine (legacy and new 2013). The legacy namespace has been created, and applied to the exchange 2007 urls.  

  Hi,
  Try using AD FS claims-based authentication with Outlook Web App and EAC
  http://technet.microsoft.com/en-us/library/dn635116(v=exchg.150).aspx
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• WLC 5508 issue with 4 ports in portchannel

  Hi,
  We have one WLC 5508 and LAG is enabled on it but when we connect 4 cables to a distribution switch only 3 links are sending and receiving traffic and the 4th one is up with outgoing traffic from the distribution switch to WLC but nothing incoming.
  Some APs went down and refuse to be registered back to the WLC. when we shut down the 4th port everything is back to normal.
  the etherchannel config is identical and I can see all ports are active and not suspended :
  interface GigabitEthernet2/2/1
  description PortChannel-WLC1-Port1
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 60-67,2808,2922,2923,2932
   switchport mode trunk
   channel-group 99 mode on
  interface GigabitEthernet2/2/2
  description PortChannel-WLC1-Port2
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 60-67,2808,2922,2923,2932
   switchport mode trunk
   channel-group 99 mode on
  interface GigabitEthernet2/2/3
  description PortChannel-WLC1-Port3
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 60-67,2808,2922,2923,2932
   switchport mode trunk
   channel-group 99 mode on
  interface GigabitEthernet2/2/4
  description PortChannel-WLC1-Port4
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 60-67,2808,2922,2923,2932
   switchport mode trunk
   channel-group 99 mode on

  sh etherchannel 99 sum
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      N - not in use, no aggregation
          f - failed to allocate aggregator
          M - not in use, no aggregation due to minimum links not met
          m - not in use, port not aggregated due to minimum links not met
          u - unsuitable for bundling
          d - default port
          w - waiting to be aggregated
  Number of channel-groups in use: 38
  Number of aggregators:           38
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  99     Po99(SU)         -        Gi2/2/1(P)     Gi2/2/2(P)     Gi2/2/3(D)     
                                   Gi2/2/4(P)     
  Last applied Hash Distribution Algorithm: Fixed
  Gi2/2/3 is down becasue we had to shut down the interface because when it is up many APs refuse to register.

• WLC 5508 Problem with #DOT1X-3-INVALID_REPLAY_CTR

  Hi all,
  I have WLC 5508 with version 7.4.110.0 and with 13 AccessPoints.So 12 of this AP are  AIR-LAP1142N-E-K9 and 1 is AIR-CAP3602I-E-K9.
  Logs of my WLC are:
  *Dot1x_NW_MsgTask_1: Jan 11 01:15:05.167: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 90:c1:15:c6:c3:49 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_4: Jan 11 01:09:41.015: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 5c:0a:5b:c1:16:34 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_3: Jan 11 01:03:32.269: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 40:b3:95:13:da:cb - got 00 00 00 00 00 00 00 03, expected 00 00 00 00 00 00 00 04
  *Dot1x_NW_MsgTask_3: Jan 11 01:03:32.266: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 40:b3:95:13:da:cb - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 04
  *Dot1x_NW_MsgTask_0: Jan 11 01:03:31.648: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 24:77:03:67:01:48 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_5: Jan 11 01:03:31.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:da:c1:cd - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_2: Jan 11 01:03:31.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client cc:78:5f:29:cc:82 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_4: Jan 11 01:03:31.633: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 08:11:96:55:81:c4 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_0: Jan 11 01:03:31.631: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 84:3a:4b:56:36:50 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_1: Jan 11 01:03:31.630: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:e2:d4:91 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_0: Jan 11 00:59:52.593: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client a0:88:b4:60:20:f8 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *apfRogueTask_3: Jan 11 00:59:32.168: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 2, Requested containment level 4
  *apfRogueTask_3: Jan 11 00:58:38.635: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 1, Requested containment level 4
  *Dot1x_NW_MsgTask_0: Jan 11 00:50:06.885: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 10:68:3f:46:4e:e8 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_0: Jan 11 00:50:06.883: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 10:68:3f:46:4e:e8 - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 02
  *dot1xMsgTask: Jan 11 00:49:05.842: #DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:618 Client c8:e0:eb:19:2a:97 may be using an incorrect PSK
  *apfRogueTask_3: Jan 11 00:40:42.576: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 3, Requested containment level 4
  *Dot1x_NW_MsgTask_3: Jan 11 00:40:17.471: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client c4:43:8f:f1:8c:8b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_4: Jan 11 00:40:03.368: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client f0:d1:a9:8e:1a:dc - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_1: Jan 11 00:39:30.528: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:d8:84:09 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  I already go to this link to check the Description of errors-
  http://www.cisco.com/en/US/docs/wireless/controller/message/guide/msgs4.html#wp1000139
  Appreciate all feedback. Thank you.

  Hi Ruben,
  a) After successful dot1x authentication, session keys are derived from pairwise master key.
  b) When the AP transmits a key to a station by default, it expects a response back within a set timeframe.
  c) If the station does not respond, the AP increments the counter and retransmits the key.
  d) If the AP receives a response to first message just after the retransmission of the key, a mismatch occurs in the counter.
  This in most of the cases will be a client driver problem.
  Solution :
  1) try to increase the EAPOL-Key Timeout ( config advanced eap ).
  2) Upgrade the client driver.
  *****Help out other by using the rating system and marking answered questions as "Answered"*****

• WLC not integrating with Radius Server

  Hello world,
  I have the following situation:
  One WLC 2000 Series (software version 7.0.230.0) with multiple SSID`s, one is with 802.1x integrated with a Radius Server.
  Everything worked fine until fiew days ago, when users were unable to logon via they`re certificates on Windows XP.
  The infrastracture didn`t suffer modifications.
  What i have checked: Radius certification isn`t expired, client certification isn`t expired, the password between controller and Radius is correct.
  There are no ACL`s between the WLC and the remote Server. I can ping the devices, other SSIDs on the same controller (wpa/psk) are working correct.
  The AP`s are 1242.
  I have tried deleting the SSID, configure it back. The OS on Windows Server is  2003 Standard. The AP`s are configured H-Reap.
  I have increased the Server Timeout from Radius Authentication Servers from 2 to 30 sec.
  The message logs recived on WLC Trap Logs:
  RADIUS server X.X.X.X:1812 failed to respond to request (ID 161) for client xx.xx.xx.xx.xx.xx/ user 'unknown'
  The message from the debug dot1x aaa enable:
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_CALLING_STATION_ID(31) index=1
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_CALLED_STATION_ID(30) index=2
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_PORT(5) index=3
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_INT_CISCO_AUDIT_SESSION_ID(7) index=4
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_IP_ADDRESS(4) index=5
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_IDENTIFIER(32) index=6
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_VAP_ID(1) index=7
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_SERVICE_TYPE(6) index=8
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_FRAMED_MTU(12) index=9
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_PORT_TYPE(61) index=10
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_EAP_MESSAGE(79) index=11
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_RAD_STATE(24) index=12
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_MESS_AUTH(80) index=13
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df AAA EAP Packet created request = 0x1cff348c.. !!!!
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Sending EAP Attribute (code=2, length=6, id=10) for mobile xx.xx.xx.xx.xx.xx.
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00000000: 02 0a 00 06 0d 00                                 ......
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df [BE-req] Sending auth request to 'RADIUS' (proto 0x140001)
  *radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df [BE-resp] AAA response 'Interim Response'
  *radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df [BE-resp] Returning AAA response
  *radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df AAA Message 'Interim Response' received for mobile xx.xx.xx.xx.xx.xx.
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.329: 00:15:e9:33:75:df Skipping AVP (0/27) for mobile xx.xx.xx.xx.xx.xx.
  The messages on Windows 2003 Standard:
  User Y was denied access.
  Fully-Qualified-User-Name = xx.domain.com/Users_T/user
  NAS-IP-Address = X.X>X.X
  NAS-Identifier = Cisco_
  Called-Station-Identifier = ---------------------
  Calling-Station-Identifier = ---------------------
  Client-Friendly-Name = ---------------------
  Client-IP-Address = ---------------------
  NAS-Port-Type = Wireless - IEEE 802.11
  NAS-Port = 1
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server = <undetermined>
  Policy-Name = Wireless Policy
  Authentication-Type = EAP
  EAP-Type = Smart Card or other certificate
  Reason-Code = 262
  Reason = The supplied message is incomplete.  The signature was not verified.User Y was denied access.
  Fully-Qualified-User-Name = xx.domain.com/Users_T/user
  NAS-IP-Address = X.X>X.X
  NAS-Identifier = Cisco_
  Called-Station-Identifier = ---------------------
  Calling-Station-Identifier = ---------------------
  Client-Friendly-Name = ---------------------
  Client-IP-Address = ---------------------
  NAS-Port-Type = Wireless - IEEE 802.11
  NAS-Port = 1
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server = <undetermined>
  Policy-Name = Wireless Policy
  Authentication-Type = EAP
  EAP-Type = Smart Card or other certificate
  Reason-Code = 262
  Reason = The supplied message is incomplete.  The signature was not verified.
  Can anyone help why i cannot log the users via 802.1x ?

  Okay that is good..... this is what I would do next.  I would create a test ssid that uses PEAP MSchapv2 and create a new policy in IAS that is basic.  Allow 802.1x wireless and user group only and see if you can reconfigure one of the XP machines for PEAP.  Can you also post a screen shot of your polices (connection and network) so we can review it. 

• LAG WLC 5508 7.0.235 and Nexus 7K 5.2(3a)

  I can't get the WLC to form a LAG, the 5508 has 2 SFPs direct to Nexus 7k.  Enabled LAG and rebooted.  The 5508s port 2 just stays Link Down in WLC.
  hostname n7k-01
  int port-channel 31
  vpc 31
  int eth1/12
  description WLC-5508-Port1
  switchport
  switchport mode trunk
  channel-group 31 mode active
  no shut
  show run int eth1/12
  Ethernet1/12 is up
    Dedicated Interface
    Belongs to Po31
  hostname n7k-02
  int port-channel 31
  vpc 31
  int eth1/7
  description WLC-5508-Port2
  switchport
  switchport mode trunk
  channel-group 31 mode active
  no shut
  show run int eth1/7
  Ethernet 1/7 is down (Link not connected)
    Dedicated Interface
    Belongs to Po31

  Controller cannot establish SXP connection with a Cisco Nexus 7000 Series switch.
  Symptom: An SXP connection from the controller to the Cisco Nexus 7000 Series switch reports the On state on the controller side while the switch reports the Waiting for Response state.
  Conditions: Establishing SXP connection between the controller and ASA.
  Workaround: Add an intermediate device that supports SXPv2 between the controller and the Cisco Nexus 7000 Series switch.

• 802.1x Auth-Fail VLAN and Guest-VLan not available

  Hi Pros,
  Having an issue with an 881 I have recently acquired. I'm wanting to setup a Virtual Office scenario. Everything is working fine except for 802.1x...
  I can get the 881 to authenticate things connected to it, but I don't have the options of guest-vlan or auth-fail vlan.
  Idea is if the users takes the router home and someone, either accidentally or on pupose, connects an unauthorized Laptop, they stay off the Corp network but can get to the internet still.
  I found this link on Cisco's site:
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660/ps6808/deployment_guide_c07_458259_ns855_Networking_Solutions_White_Paper.html
  That link shows them configuring a guest vlan right on the fa0-3 ports of an 881W. I dont have that option on mine. I can only configure 802.1x on the vlan interface. I have 802.1x working, for things that connect to vlan1, but I would like to have a "fallback" setup.
  EZVPN_Remote(config-if)#int fa1
  EZVPN_Remote(config-if)#dot
  EZVPN_Remote(config-if)#dot1?
  dot1q
  EZVPN_Remote(config-if)#dot1
  EZVPN_Remote(config-if)#int vlan1
  EZVPN_Remote(config-if)#dot1x ?
    default           Configure Dot1x with default values for this port
    host-mode         Set the Host mode for 802.1x on this interface
    max-reauth-req    Max No.of Reauthentication Attempts
    max-req           Max No.of Retries
    pae               Set 802.1x interface pae type
    port-control      set the port-control value
    reauthentication  Enable or Disable Reauthentication for this port
    timeout           Various Timeouts
  Any thoughts why I'm seeing this behavior? Feature-set? IOS Version?
  EZVPN_Remote#sh ver
  Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.1(2)T4, )
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2011 by Cisco Systems, Inc.
  Compiled Tue 12-Jul-11 21:02 by prod_rel_team
  ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
  EZVPN_Remote uptime is 6 hours, 1 minute
  System returned to ROM by reload at 14:53:21 UTC Thu Oct 13 2011
  System restarted at 14:52:47 UTC Thu Oct 13 2011
  System image file is "flash:c880data-universalk9-mz.151-2.T4.bin"
  Last reload type: Normal Reload
  Last reload reason: Reload Command
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  Cisco 881 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memor.
  Processor board ID FTX153482GK
  5 FastEthernet interfaces
  1 Virtual Private Network (VPN) Module
  256K bytes of non-volatile configuration memory.
  126000K bytes of ATA CompactFlash (Read/Write)
  License Info:
  License UDI:
  Device#   PID                   SN
  *0        CISCO881-SEC-K9       xxxxxxxx
  License Information for 'c880-data'
      License Level: advipservices   Type: Permanent
      Next reboot license Level: advipservices
  Thanks in advance!

  Shamless bump...

• 802.1x / dot1x Authentication, including Voice-Vlan and Guest-Vlan

  Hello,
  i have tried to configure a dot1x based Authentication.
  With an single host including guest-vlan, everything works fine.
  But i want to use an IP-Phone (wich is every times authenticated) and behind the Phone an Client.
  Is there a possible solution? And unfortunately IP-Phones are Avaya-Phones.
  i have  just tried so...
  interface GigabitEthernet0/4
  switchport access vlan 121
  switchport mode access
  switchport voice vlan 200
  authentication event fail action authorize vlan 99
  authentication event server dead action authorize vlan 121
  authentication event server alive action reinitialize
  authentication host-mode multi-host
  authentication order dot1x
  authentication port-control auto
  authentication periodic
  authentication violation restrict
  dot1x pae authenticator
  dot1x timeout quiet-period 10
  dot1x timeout tx-period 1
  spanning-tree portfast
  Thanks, for any possible solution!

  unfortunately because they are Avaya phones, the easy answer CDP-Bypass fails in this instance. When you plug in the phone, the switch will assume it's the 'single host' for this port, and restrict the port due to the authentication for the phone failing. Maybe you can just hard-code the voice-vlans on each phone, but that could get tedious depending on the amount of phones.
  I believe there is a DHCP option you can pass back that indicates the phone should be running on vlan 200, but for this to work you'd also need to set up a pre-auth ACL that would allow DHCP to work in the unauthorized state. I think it's 147 off the top of my head.
  Another solution (which isn't what you originally wanted, but it would work) is to just use multi-domain instead of single-host, and authenticate both the phone and the PC. The raduis server should be able to distinguish between what is configured as a phone and what is a host, and will send back the appropriate vlan if configured correctly.
  What are using for a radius server?

• WAP321 and Guest VLAN

  I am struggling to remember how to configure a small biz client of mine who just purchased four of these WAP321 APs. They want to have two SSIDs one being for private LAN access along with internet and one that can only access the internet. With that said I setup the private SSID to be on VLAN 1 (default or basically untagged) and the guest SSID on VLAN2. At this point my problem would lie in the fact that since that since packets on the guest SSID are tagged with VLAN 2 it is not going to receive an IP address from the DHCP server which is actually a Windows server on the private LAN. THis makes sense but I think in other situations I have simply utilized the layer 3 switch and setup a DHCP scope on the switch which leaves us without any need to access an internal DHCP server. Can this be configured on the WAP321 access points...ie provide DHCP services to a specified VLAN...in this case VLAN 2?
  In either event, the switches are managable and have VLAN capabilities but no VLANs have been setup. Each ports sees all packets on any VLAN. What is the best way to set this up? Oh and the firewall/router is a medium end SonicWALL, not sure if that matters.
  Thanks for any assistance in advance.

  Hi [email protected], thank you for using our forum, my name is Johnnatan I am part of the Small business Support community. I apologize for the delay; in this case the server should be able to assign DHCP to Vlan2 once you setup the pool of address. I advise you to check all the devices if there are created the Vlan2, also check if there is any access rule for Vlan2.
  If you assign multiple DHCP servers you can get few issues with the addresses. I advise you try to assign DHCP from one server to avoid any issues.
  I hope you find this answer useful
  “Please rate useful posts so other users can benefit from it”
  Greetings, 
  Johnnatan Rodriguez Miranda.
  Cisco Network Support Engineer.

• Excel integration with Entry and Approval for SSM not working

  Iu2019m having trouble getting excel integrated with E&A for being able to enter large number of historic data points into a cube-built model u2013 Iu2019ve gone through all the docs several times and there is no good concrete explanation on how to do this. I keep getting the following error message:
  Error opening Excel Automation server can't create object. This can be caused by:
  1. - The application is not installed on your machine
  2. - The browser security does not support ActiveX scripts.
  3. - Your were prompted to run ActiveX and you said No, if that is the cause close all browser instances and reopen.
  However, I've done the following:
  -          Iu2019ve installed the excel add-in on both the server and my local machine, and Iu2019ve enabled the add-in part in Excel on my local machine.
  -          The browser security is definitely set to accept all active X scripts
  -          I am never prompted to run activeX when I select u201CHistorical Datau201D within entry/approval. I just get the above error message.
  -          Iu2019ve flushed cache and restarted listener several times.
  What am I missing? I donu2019t see it in any of the docs.
  Thanks!

  Robb,
  Looking at what you've done, there doesn't seem to be an obvious answer. The best suggestion I can make is to fill out a support ticket on this. There must be other factors at work here that will require a deeper look.
  Regards,
  Bob

• SocialMiner Integration with Linkden and Whatsapp

  Hi Everybody,
  One of my customers wants to integrate Cisco SocialMiner with Linkden and Whatsapp but I did not find integration information in product guides. One of my team members told me that we can achieve Linkden integration through REST APIs, but I am still doubtful because it was not mentioned anywhere in the documents. So please guide me, how can we achieve it.Thanks in advance 
  Cheers :)
  Regards
  Qamar Khan

  I had the client implement a DMZ and have part of the public IP block be assigned to the it. We then placed the SocialMiner server in the DMZ and only opened the necessary ports from the OUTSIDE to DMZ and from the DMZ to the INSIDE. PDI said that doing NAT to the SocialMiner server is not currently supported. Also, we are doing this without setting up the optional proxy server.

• JSF integration with Webwork and Freemarker ?

  My company is investing a lot in an application that uses Webwork and Freemarker. I'd like to reuse chunks of that but with JSF components for new development. I know it's possible to link to and from external URLs using JSF's navigation, but I don't think that buys me much in this case. Is it possible to use the JSF View (as in Model-View-Controller) with someone else's (Webwork's) front controller? I'm guessing JSF can coexist with Freemarker as it does with JSP and HTML. Or, does anyone know of any successful approach to Webwork integration anywhere?
  thx!

  My company is investing a lot in an application that uses Webwork and Freemarker. I'd like to reuse chunks of that but with JSF components for new development. I know it's possible to link to and from external URLs using JSF's navigation, but I don't think that buys me much in this case. Is it possible to use the JSF View (as in Model-View-Controller) with someone else's (Webwork's) front controller? I'm guessing JSF can coexist with Freemarker as it does with JSP and HTML. Or, does anyone know of any successful approach to Webwork integration anywhere?
  thx!