WLC and syslog broadcast from AP

Similar Messages

• Unterstanding syslog messages from our wlc

  Hello,
  we use two wlc 4402 (4.1.181.0) and several leightweight accesspoints (AIR-AP1010-E-K9 and AIR-AP1030-E-K9 ) connected to them.
  On our syslog server we get a lot of messages from the two wlc, and there are 3 message types which I am a little bit afraid of.
  1. ca. 10 times per hour we get the message
  apf_80211.c:4792 APF-6-NO_CONFIG_CHANGES: Not saving 'apf.cfg' - no config changes."
  Cisco system message guide:
  Error Message %APF-6-NO_CONFIG_CHANGES: Not saving '[chars]' - no config changes.
  Explanation Not saving - no config changes.
  Recommended Action No action is required.
  Does anybody know why we get this messages and if it's possibly to suppress them?
  2. Intermittently (several times a day) we get the following message types:
  a) [ERROR] spam_l2.c 723: Max retransmissions reached on AP 00:0B:85:56:63:40 (CONFIGURE_COMMAND^M , 2)"
  b) [ERROR] spam_tmr.c 569: Did not receive hearbeat reply from AP 00:0b:85:56:ae:40"
  The MAC address is not every time the same but one of our accesspoints.
  On our network management system we get the following trap messages with nearly exactly the same timestamp:
  14.01.2008 04:21:56 CET
  AP ''00.0b.85.56.63.40'', interface ''0x1'' is down.
  When Airespace AP's interface operation status goes down this trap will be sent.
  bsnAPDot3MacAddress = 00.0b.85.56.63.40
  bsnAPIfSlotId = 0x1
  14.01.2008 04:21:56 CET
  AP disassociated from Switch.
  When an Airespace AP disassociates from a Airespace Switch, the AP disassociated notification will be sent with the dot3 MAC address of the Airespace AP. This will notify the management system to remove Airespace AP from this Airespace Switch.
  bsnAPMacAddrTrapVariable =
  14.01.2008 04:22:25 CET
  AP associated with Switch.
  When an Airespace AP Associates to a Airespace Switch, the AP associated notification will be sent with the dot3 MAC address of the Airespace AP. This will help the management system to discover the Airespace AP and add it to system.
  bsnAPMacAddrTrapVariable =
  bsnAPPortNumberTrapVariable = 1
  Cisco system message guide:
  a) Error Message %LWAPP-3-TX_ERR3: Max retransmissions for LWAPP control message reached on AP [hex]:[hex]:[hex]:[hex]:[hex]:[hex] for [chars] (number of pending messages is [dec])
  Explanation Maximum number of times an LWAPP control packet is transmitted before declaring the AP dead has been reached for this AP. The AP may not be on the network, or might have rebooted.
  Recommended Action Check if the AP has rebooted or if it has been removed from the network, or if there are connectivity issues between the AP and the controller.
  b) Error Message %LWAPP-3-ECHO_ERR: Did not receive heartbeat reply; AP: [hex]:[hex]:[hex]:[hex]:[hex]:[hex]
  Explanation Controller did not get a response for the AP heartbeat message. There may be connectivity issues between the AP and the controller.
  Recommended Action Check if the AP has rebooted or if it has been removed from the network, or if there are connectivity issues between the AP and the controller.
  Because we don't see any network problems I'm wondering why the connection is lost.
  Does anybody have an idea, perhaps CSCsh13928 (http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsh13928, but we don't have much traffic on the wlans) ?
  Is there any possibility to remotely check if the accesspoint rebooted?
  If you need further information please give me a short feedback.
  Many thanks in advance,
  Thorsten Steffen

  Thanks for the help.
  I have set up to send email and syslog messages from the RME applications. LMS server immediately started to send messages to the email server but syslog messages are not forwarded to the syslog server. Everything was done according to your instructions except that the name of the first script (syslog_forward.pl) is made consistent with what the second script (.bat) refer to (forward1.pl). What's the problem?  Do RME sends the standard syslog messages via UDP port 514?
  Sincerely.

• Getting Data from SAP ECC & BI to Crystal Reports and then Broadcasting.

  Hi,
  I need to get the data from SAP ECC & BI to Crystal reports and then after formating data in Crystal reports, my requierment is to send via email (Broadcasting). Is there any option to  Broadcast from Crystal reports?
  I read Ingo Hilgefort blogs, but I need in detail steps such as to verify Integration Kit is installed or not and also how to create connections in between SAP ECC and Crystal. What are the Security setups(User IDs and Authorizations) involved?
  What is best option for email/broadcasting for Crystal Reports?
  Your help is appreciated.
  Thanks.
  SVK.

  Hi,
  I would suggest you then start with the installation and user guide fr the SAP Integration Kit.
  Ingo

• Recivining and analyzing syslog messages from facility local3 on LMS4.2 soft appliance.

                     HI,
  all of our enterprise switches are sert to send syslog messages from facility local3. this is partly because our linux syslog server loggs its boot syslog  messages from  facility local7 an we could't use the default  facility of local7 on our cisco switches. LMS4.2s syslog daemon is set to recieve syslog messages from facility local7. how can i change it so that it can listen for facility local3 and also make sure the syloganalyzer and automated action  work fine.
  thanks,
  Kerim

  Hi All,
  I thought it is a good idea to share the workaround my colleague came up with for this prolem. there is a file called syslog-entries.txt under /opt/CSCOpx/conf. he added all the entries we needed like :
  local3.*     /var/log/syslog_info
  local5.*   /var/log/syslog_info
  the change was automatically reflected on syslog.conf
  now we receve alerts from facilities 3 and 5 besides 7.  hope this helps anyone who run into the same issue.

• How to change IP addresses of APs and WLC to the ones from different VLAN

  I'm trying to figure out what is the best practice to change IP addresses on all my access points connected/managed by the WLC.
  I have one WLC2504 controler and three AIR-LAP1041N access points the idea is to change management IP of the WLC from 192.168.2.100 (vlan1) to 192.168.12.100 (vlan79) and all access points accordingly:
  ap1 192.168.2.101 (vlan1) to 192.168.12.101 (vlan79)
  ap2 192.168.2.102 (vlan1) to 192.168.12.102 (vlan79)
  ap3 192.168.2.103 (vlan1) to 192.168.12.103 (vlan79)
  FYI all my APs obtain IP from DHCP server which sits in the vlan1 and each AP is connected to trunk port on Catalyst switch, trunk port (vlan1, vlan79, vlan80, vlan81, vlan82) carries traffic for different WLANs, so my question is what is the best way to change management IP on each device with the minimal downtime.
  Thank you for your advice,
  Luu Manioro

  Well, you will have downtime anyways, but how I would do this is the following:
  Make sure the WLC trunk port has vlan 79 being allowed
  Change the high availability on each AP to point to the hostname of the WLC and the new ip address, you don't need the old ip address anymore
  Console into the WLC or use the service port and change the management ip address and at the same time if possible, move the AP's to the new vlan 79, since they have already joined the WLC, they will know of the ip address of the WLC
  Reboot the AP by shutting down the PoE port or powering off/on the AP
  The AP will find the WLC since you have defined the high availability and also since the AP and WLC are on the same subnet.
  Scott

• How to let AP1262 download from WLC and been managed.

  Hi Friends,
  Some days ago, I download standard IOS image for 1262 and installed, now this 1262 AP can start up without WLC. but I don't know how to recovery this AP image, and let's startup / download the image from WLC and has been managed...
  Is that ONLY remove the existence image ? and it's will be auto find WLC ?
  Thanks.

  Okay... here are the steps:
  1. Install an external TFTP tool such as tftpd32 tool from http://tftpd32.jounin.net/
  2. Assign IP address in the range 10.0.0.2 - .254 ( Ex : 10.0.0.2) to the tftp server (your laptop or pc).
  3. Download the IOS to lwapp image onto the tftp's root directory. Use http://www.cisco.com
  The filename that you need to rename will show up when you are consoled into the AP
  4. Rename ap3g1-rcvk9w8-tar.124-23c.JA3.tar to ap3g1-rcvk9w8-tar.default
  5. Make sure you set the IP address on the BVI interface of the AP if not set. Set it in the 10.0.0.x range. Default is 10.0.0.1.
  6. Connect the Ethernet port on AP to your TFTP Server ( Laptop ) DISABLE YOUR FIREWALL
  7. Hold the mode button and power off the AP.
  8. Power back the AP while continually holding the mode button for 20
  seconds.

• WLC 5508 Syslog send to custom port

  We have added Splunk to a monitoring systems and I would like to send my wlc 5508 log messages to it.  We have the Syslog Data Inputs on that server are all TCP and we would like to maintain tcp only if possible. I do need to be on a custom port other than 514.  We are on 7.4.100.60 on a HA pair of 5508's.  Does any on have any insight on changing the syslog port number in the WLC config?

  I too am using Splunk for capturing WLC Syslog.  With regards to the destination port of the Syslog, I don't know how to change it.  However, to get around this I have set up a Splunk Forwarder with Syslog-NG.  Basically Syslog-NG listens on any port number/protocol you define and writes logs to a log file name $hostname$.log.  This means I could have x different WLCs sending Syslog to Syslog-NG on UDP 514 and Syslog-NG will write the syslog from each host to it's individual file.
  From their I've configured Splunk forwarder to monitor each file and forward the logs on to Splunk.  You can forward to any port/protocol you wish.
  Also remember to do this
  config logging debug syslog enable
  On the controller.  Otherwise you won't see the messages you expect.

• Help required to implement Cisco 2504 WLC and 1042 Access Points

  Hi,
  My name is Vidya Sagar. I am new to Wireless technology. We are planning to implement Wireless in our office. I have given the requirements below. Kindly go through the details and let me know how to start.
  We have purchased Cisco 2504 Wireless Controller (One) and Ciscon 1042 Access Points (Five). At present I am going to use 3 access points only.
  I have attached a simple diagram of our office network. We have more than 30 VLANs configured in Core Switch, we are planning to give wifi access to only 3 VLANs.
  1. VLAN 121 ( IP Segment - 10.52.121.0 /24)
  2. VLAN 116 ( IP Segment - 10.52.116.0 /24)
  3. VLAN 100 ( IP Segment - 192.168.100.0 /24) (Guest)
  Please give me a implementation plan to do this. I would like to use LDAP or ACS for authentication purpose.
  Regards,
  Vidya Sagar

  Lets just do this simple first before you start using ACS as that will require a certificate installed on the ACS for using PEAP.
  So first off, the WLC we will say is in vlan 10. When you are going through the startup wizard, make sure you define the vlan tag to 10 on the management interface. Make sure your virtual interface is an IP address that is not routed in your network, like an out of band IP.
  Make sure the WLC time is correct or use NTP!!!!
  Now you should be able to http or https to the WLC. I would upgrade the code to v7.4 and install the FUS image. Please reference this link for the upgrade procedure. You don't have to upgrade now... I would wait till you get everything working first.
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
  Now I would connect the APs on the same vlan as the WLC for now. Make sure there is dhcp on that subnet. Once the APs have joined, then you can move them to any subnet you want. Since you don't have many APs it would be okay to leave them in the same vlan as the WLC management or out them on any other vlan you choose. The APs will be connected to an access port NOT a trunk port!!!!
  The WLC will need to be connected on a dot1q trunk port only allowing vlans 10,100,116,121. The 2504 running v7.4 will support LAG (etherchannel). Any ways, your switch port should look like this for example only
  Interface gigabit1/0/1
  description WLC2504
  switch port trunk encapsulation dot1q
  switchoort mode trunk
  switch trunk allowed vlans 10,100,116,121
  spanning-tree portfast trunk
  channel-mode group 10 mode on << only for v7.4 if you use lag
  Don't connect all four ports right now, just port one!!!!
  Your Guest vlan, you will need to create an ACL to block traffic from accessing the internal network. You might want to allow dhcp and DNS bit I would leave it open first until you can verify everything is working.
  Now on the WLC you need to create a dynamic interface for vlan 100, 116, and 121. If you click on the Controller tab in the GUI and click on interfaces on the left hand side, that will take you to where you can add/delete/modify your interfaces. When creating these interfaces, make sure you add the dhcp server IP address for the primary and or backup.
  Now that you have your dynamic interfaces created, its time I create your SSID. Now click on the WLAN tab on the GUI and click on WLAN and then on the too right select Create New and then click go. Select WLAN on the drop down menu and then for the profile name I would use the SSID name also for simplicity.lean e the WLAN id to 1 for this and 2 for the next and so on. After defining these and clicking Apply you can now define your SSID. On the General tab, enable the status and leave the radio policy to all for now, you can decide later what you want to use. Choose your interface you wan to place this SSID on and enable Broadcast SSID for now and leave everything else alone. Now click on the Security tab and on the layer 2 Security, leave it at WPA + WPA2, only check WPA2 Policy and for WPA2 encryption choose AES only. Now go to the bottom of that screen and choose PSk. We will do pre shared key for now so you get to understand the setup and make sure everything is working first. Now on the PSK format, choose ASCII and put your pre shared key in the input box. Make this simple to for testing. You don't want to put in symbols or anything like that. When you are don with that, check apply on the top right and test.
  Now you can repeat this with your other SSIDs just to test. Your guest network you can leave open for now to test open authentication.
  Here are some links for the WebAuth feature:
  https://supportforums.cisco.com/docs/DOC-13954
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b1a506.shtml
  Now if you want to use ACS with PEAP, here is some links for that:
  https://supportforums.cisco.com/videos/2499
  http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bd1100.shtml
  https://www.google.com/url?sa=t&source=web&cd=8&ved=0CFQQtwIwBw&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWk_bRdmsQlA&ei=_BEyUeCYM8TdqAHHsICAAw&usg=AFQjCNF8PiVBQK1Kipb4j8AzD153bKtmgA&sig2=smHhNVmCr2of2NzbnDhGmw
  Well that is it, hopefully you can get the wireless up for testing and verifying everything works!
  Sent from Cisco Technical Support iPhone App

• RME 4.3.1 on new server - 2 issues with Inventory and syslog

  Hi,
  I recently installed new server 2003 with LMS3.2 and after the problems with DevicePackages i resubmitted all device and the device center tasks that was missing now reappeared.
  So I went on and added my two VPN3030 VPN Concentrators.
  This device is supported for RME inventory and syslog
  I got the config-archive running (!) so thats fine (Runs via HTTPS login)
  I have two issues:
  1. I can not get inventory to work .
  I have communication going, and a packet trace/sniff show I have syslog going into RME and i see SNMP GET and respones to/from device
  I see some java error logs in ic_server.log fil
  I have tried with two different LMS32-servers
  I have increased SNMP timeout etc
  I tried deleted the device and rediscover
  log are like this:
  [ Thu Aug 19  10:12:30 CEST 2010 ],ERROR,[Thread-14],com.cisco.nm.rmeng.inventory.ics.core.CollectionController,761, Collection failed for the device : 3748
  com.cisco.nm.xms.xdi.ags.system.CollectionFailed: com.cisco.nm.lib.snmp.lib.SnmpException: SnmpResponseNoSuchName on 10.3.6.2 while performing SnmpWalk(*) at index = 10
      at com.cisco.nm.xms.xdi.pkgs.LibInventory.PortInterfaceAGI_RFC1213_HelperMethods.getIfTableEntriesFromDevice(PortInterfaceAGI_RFC1213_HelperMethods.java:639)
      at com.cisco.nm.xms.xdi.pkgs.SharedInventoryVPN3000.PortInterfaceAGI_RFC1213_Mib.g$eval(PortInterfaceAGI_RFC1213_Mib.java:77)
      at com.cisco.nm.xms.xdi.ags.PortInterfaceAGI.g$eval(PortInterfaceAGI.java:21)
      at com.cisco.nm.xms.xdi.SdiEngine.initAndEvalAGIs(SdiEngine.java:383)
      at com.cisco.nm.xms.xdi.SdiEngine.request(SdiEngine.java:309)
      at com.cisco.nm.xms.xdi.SdiEngine.getDevRepr(SdiEngine.java:302)
      at com.cisco.nm.rmeng.inventory.ics.core.CollectionController.run(CollectionController.java:539)
      at java.lang.Thread.run(Thread.java:595)
  [ Thu Aug 19  10:12:30 CEST 2010 ],INFO ,[Thread-14],com.cisco.nm.rmeng.inventory.ics.core.CollectionController,841,Device collection failed for 10.3.6.2
  2.:I can not get syslog into the devices syslog reports
  This is wierder than issue 1: I have two VPN3030, one actually does syslog fine, but one VPN 3030 does not
  I havent done any thing different for the two device ...
  one simply works, one doesnt ...
  I get no syslog msg in device center for one of the device.
  The syslogs ARE infact in the syslog.log
  The syslog msg DO show up, but in Unexpected device report  ...
  The same VPN device does work with my second server so I think this is related to RME database on one specific server.
  But i have tried delete device and rediscover etc ...
  please help ...

  ok - looks like i need TAC again ...
  As for the syslog issue - this happens only for one device on one of my servers ...
  That is what is strange ... So IP is coorect and ok - (they do get syslogs into DevCenter on one server and on other device)
  Thank you for your reply - really nice that you take your time into this forum !

• Subnet vs VLAN, L2 broadcast and L3 broadcast

  Hi all,
  I understand what are subnets and VLANs in which subnet breakup a network into different smaller segment, whereas VLAN is the logical breaking of a physical switch into several logical ones.
  By right, each subnet and VLAN belongs to its own broadcast domain.
  However, there are still some grey areas which i am not able to fully grasp and hope gurus here can advice further
  q1) is VLAN and subnet a 1:1 relationship ? can multiple subnets belong to a single VLAN, or multiple VLANs share a same subnet ?
  The reason being I have come across a design specs which lay down "Production environment" , inside it has multiple subnets which is okay, but I am not sure are the subnets belonging to the same VLAN ? or rather can they ?
  q2) if devices are from a same subnet/connected to the same switch does not need to be routable to another other subnet/network. there is no need to set a gateway ip in the devices already am i right ? But do they still need IP addresss to communicate with one another ?
  q3) Technically, can a frame be send from a device to another device connected to the same switch without "IP addresses" assuming both the source and destination MACs are made known ?  (meaning that the src and dest ip in the frame is empty)
  q4) If multiple devices from different subnets  (e.g. device a,b are from subnet ab, device c,d are from subnet cd) are connected to the same switch, are they still technically consider to be in the same broadcast domain ? 
  q4.1)  I would assume that an arp request is a L2 broadcast am i right ? and it will affect all the devices above (a,b,c,d) despite them being in different subnet . e.g. [src mac a.b.c.d] [dst mac f.f.f.f]  [src ip 192.168.1.1] [dst ip 192.68.1.10], am i right ?
  q4.2) Above arp request is a L2 broadcast with specific L3 destination address but L2 broadcast address,
  Is there any example on L3 broadcast (255.255.255.255) which have specific L2 destination mac address ?
  q5) if mutiple devices from different subnets are connected to the same switch, is there any possibilities that frames from one subnet will inter-cross to devices on other subnet beside L2 broadcast ?  Is there any other impact ?
  Hope my questions make sense.
  Regards,
  Noob

  Duplicate post, please add any answers into the other thread -
  https://supportforums.cisco.com/discussion/12471861/subnet-vs-vlan-l2-broadcast-and-l3-broadcast
  Jon

• Problem share folder WLC and pc macbookpro

  I am doing a migration from my wireless network in the old network in the PC MacBookPro I can see shared files on the network. But when I connect to the SSID configured on the WLC and I can not see shared files on the network. I have no ACL configured on the SSID.

  Bonjour is a non-routabe multicast based service. A trick I use sometimes is to configure the WLAN to be in hreap mode if the ap is located locally to the target bonjour device.if your running in local mode, make sure they are on the same vlan and global multicast is enabled.
  Sent from Cisco Technical Support iPad App

• Bex Broadcasting and trying broadcast email

  Hi Gurus,
  Iam Using Bex Broadcasting and trying broadcast email.
  but it is raising an Error.
      -->Settings were started from the BEx Broadcaster 
      -->Processing for user SUMANB, language EN 
      Processing setting 
     -->The query was successfully generated. 
    -->Error: com.sap.ip.bi.webapplications.runtime.controller.MessageException: The Web template "0QUERY_TEMPLATE_BROADCAST_PDF" does not exist in the master system.
  How to assign a printer. to print the reports.
  Points are assigned for proper answers.

  Hi,
  Trying a 'Find' in the 'Web Application Designer', for this template.
  If not available, go to 'RSA1', 'BI Content', choose 'BEX Web Template' and double-click on 'Select Objects'. The template should be here.
  Highlight and 'Transfer Selections' and you will install the template.
  Now try your broadcasting again.
  If it still does not work, you will need to go via 'SPRO' - just reply and I will explain if the first part above does not solve it.
  Thanks
  Scott

• Transport KM rooms as entry point for broadcasting from Portal 7.01 to Portal 7.4 possible?

  Hallo together,
  is it possible to transport entry points (for broadcasting) from one portal to another?
  For our upgrade BW 7.01 to BW 7.4 we want to transport the KM Content (including the rooms).
  Transporting the rooms and room structures is no problem, but the transported rooms are not visible in ENTRY POINTS -> My Room Folders.
  Only rooms that are newly created in the 7.4 Portal are visible in that folder.
  Is there are way to make the transported rooms also visible there?
  Thanks and best regards!
  Christian

  Hi Ramakrishna!
  I know that WP-PI 6.00 will work fine with R/3 4.6C but my doubt is if I can use WP-PI 6.00 (which is
  EP 6.00 plug-in) to connect the R/3 4.6c with an EP 7.00. 
  I didn´t find anything like WP-PI 7.00 in SAP Marketplace. I´ve already read the note you pointed out but it refers to EP 6.00. It also says you can use WP-PI 6.00 por EP 5.0 or Sap Workplace. But can I also use it with EP 7.00?
  Thanks for your help.
  Fernando

• Cisco 8510 WLC and RTU licence

  Hi Guys,
  I have a simular issue where is shows the status as active, not-in-use.
  What does this mean and how do I get this to be in use.
  This is a Controller with HA-SKU license.
  The licenses has been inherited from the Primary Controller.
  Any license on HA-SKU controller is disregarded.
  Feature name: ap_count (adder)
  License type: Permanent
  License state: Active, Not-In-Use
  License Nodelocked: No
  RTU License Count: 50
  Hope to hear from you soon.
  Regards,
  Clifton.

  Hi,
  since this is a HA-SKU WLC, and the license is inherited from the active then no need to have a permenant license on it.
  is the HA working fine?
  please review the following link for the HA licensing requirements
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#licensing

• Cisco wlc and steel belted radius

  we have cisco wlc controller  that have  two ssid  one for user and one for guest
  we need the  user in ssid 1 take user name and password from  user group in active directory through steel belted radiu
  please send to me any integrated guide between cisco wlc and steel belted radius
  regards

  Hi                                                      Mohammad,
  I am unaware of a specific Steel Belted RADIUS intrgration guide for the WLCs, however the configuration process on the controller will be the same:
  Cisco WLC Configuration Guide 7.0 - Configuring RADIUS:
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70sol.html#wp1388328
  You may wish to contact your RADIUS vendor for additional configuration steps on the server.
  Best,
  Drew