WLC Trap Receivers

Similar Messages

• Can a WLC have multiple SNMP Trap Receivers with the same cummunity string?

  My Monitoring team want me to send traps to three different trap collectors with the same SNMP Community string.
  I have 2106's, 2504, 4400's, 5500's, 7510 all running either version 6 or 7.
  Is this possible on a Wireless controller? If so, how?

  Read this from my friends blog ..
  http://mrncciew.com/2013/02/14/configuring-snmp-on-wlc/
  "Also you can configure SNMP trap receiver where WLC can send its snmp trap messages.  Community Name means SNMP trap receiver name & that does not have any significance like snmp community value."
  It doesnt appear to have the same significants .. But I havent tested it
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• WLC 5508 Most Recent Traps Duplications

  Hi,
  I have recently noticed that in my WLC traps  I keep finding lots of Mac addresses that have many hits on joining but it's the same MAC ADDRESS.  Example Mac addresss'08:11:96:e4:1a:60
  4
  Wed Mar 27 16:05:56 2013
  Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate
  5
  Wed Mar 27 16:05:45 2013
  Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate
  7
  Wed Mar 27 16:04:53 2013
  Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate
  12
  Wed Mar 27 16:02:51 2013
  Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate
    This has like 20 hits in the traps section and when I check my ISE this is also reflected on the authentication aspect. This is starting to occur with many different client laptops, why does it keep re-authenticatiing into the profile joined?
  Is there a Time to Live TTL setting I can set so it doesn't poll so often? The users aren't doing anything this is all occuring automcatically, I think it's the WLC 5508 controller not the ISE.
  Any ideas?
  Any information would be great.
  Cheers
  Eddy

  Hi Eddy,
  I am not an ISE guy so not sure about ISE config. But I would say couldn't it be roaming that increases the hit count?
  Whenever a client roams it authenticates again with the radius server. There are key caching mechanisms to bypass this process and makes roaming faster.
  You may read this: https://supportforums.cisco.com/thread/2065138
  Now, if for some reason the WLC sends a request to the ISE for every roaming process then that probably explains what you see
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• SNMP OID for AssociatedAPs in Virtual WLC 7.4.100.0

  Hello Guys!
  I need you help for something that I need to do to monitor my Wi-FI network.
  I'm using a Virtual WLC (SW Ver 7.4.100.0) where most that 30 APs are associated with, but I would like to monitor each disaciossiation of APs using SNMP. After some search, I have found this OID .1.3.6.1.4.1.14179.2.1.1.1.38 on some forums but it doesn't work, I see random number in my monitoring tool.
  Do you know if there is any another OID to use with this software version or maybe if I have to upgrade to ver7.6 or ver8?
  Thanks in advance,
  Kevin

  I'm assuming you don't own a license for Cisco Prime Infrastructure
  One thing you can do is send SNMP traps to your monitoring software from the WLC (I've never used virtual WLC but my assumption is most options are the same. If your software doesn't support SNMP Traps consider a different monitoring software...
  Go to Management > SNMP > Trap Receivers and set up your receiver
  Then to to Management > SNMP > Trap ControlsHere is where you set what traps are sent via SNMP. If you see the "AP" tab you can set several things.
  If you only want to see if an AP is dropping off the network and the above doesn't work, you could just put dhcp reservations on your APs and have your software ping it. This of course is only if its off network, not if it simply disassociates.

• PI 1.2.0.103 - Trap Receiver Configuration

  I'm having a rough time getting PI 1.2 to act as a trap receiver.
  I'm working with a 3560E running 12.2(55)SE6, according to the PI 1.2 supported device list the device and code version are supported.
  It appears that I am unable to receive anything but 'config' traps from this switch in PI for some reason. I have two trap receivers setup, one going to my laptop and the other to the PI server. My laptop receives errdisabled/linkup/linkdown traps as expected and the switch indicates it has sent traps to both my laptop and the PI server yet nothing is displayed under "Events" or "Alarms" in PI.
  The ONLY events that are displayed in prime by the switch are informational "configuration management events".
  Is there some additional configuration I need to do on the Prime side to get additional traps to display under events/alarms?
  Any help would be greatly appreciated.

  Ok, I've found the solution. The ftp copy was changing the file each time, so the file was always corrupted once in the defaultRepo.
  On the ftp server:
  # ls -l
  -rw-r--r-- 1 root     root     11734212 Sep 25 16:19 pi_1.2.1.12_update.tar.gz
  On the Prime server, when copied using ftp:
  PRIME-0000-01/admin# dir disk:/defaultRepo
     11733763 Sep 25 2013 16:21:10  pi_1.2.1.12_update.tar.gz
  So, I've copied the file using http, and this solved:
  PRIME-0000-01/admin# copy http://172.16.14.144/pi_1.2.1.12_update.tar.gz disk:/defaultRepo
  PRIME-0000-01/admin# dir disk:/defaultRepo
     11734212 Sep 25 2013 16:23:31  pi_1.2.1.12_update.tar.gz
  PRIME-0000-01/admin# patch install pi_1.2.1.12_update.tar.gz defaultRepo
  Save the current ADE-OS running configuration? (yes/no) [yes] ?
  Generating configuration...
  Saved the ADE-OS running configuration to startup successfully
  Initiating Application Patch installation...
  Patch successfully installed
  Thanks anyway!

• WLC not integrating with Radius Server

  Hello world,
  I have the following situation:
  One WLC 2000 Series (software version 7.0.230.0) with multiple SSID`s, one is with 802.1x integrated with a Radius Server.
  Everything worked fine until fiew days ago, when users were unable to logon via they`re certificates on Windows XP.
  The infrastracture didn`t suffer modifications.
  What i have checked: Radius certification isn`t expired, client certification isn`t expired, the password between controller and Radius is correct.
  There are no ACL`s between the WLC and the remote Server. I can ping the devices, other SSIDs on the same controller (wpa/psk) are working correct.
  The AP`s are 1242.
  I have tried deleting the SSID, configure it back. The OS on Windows Server is  2003 Standard. The AP`s are configured H-Reap.
  I have increased the Server Timeout from Radius Authentication Servers from 2 to 30 sec.
  The message logs recived on WLC Trap Logs:
  RADIUS server X.X.X.X:1812 failed to respond to request (ID 161) for client xx.xx.xx.xx.xx.xx/ user 'unknown'
  The message from the debug dot1x aaa enable:
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_CALLING_STATION_ID(31) index=1
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_CALLED_STATION_ID(30) index=2
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_PORT(5) index=3
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_INT_CISCO_AUDIT_SESSION_ID(7) index=4
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_IP_ADDRESS(4) index=5
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_IDENTIFIER(32) index=6
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_VAP_ID(1) index=7
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_SERVICE_TYPE(6) index=8
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_FRAMED_MTU(12) index=9
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_NAS_PORT_TYPE(61) index=10
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_EAP_MESSAGE(79) index=11
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_RAD_STATE(24) index=12
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Adding AAA_ATT_MESS_AUTH(80) index=13
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df AAA EAP Packet created request = 0x1cff348c.. !!!!
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df Sending EAP Attribute (code=2, length=6, id=10) for mobile xx.xx.xx.xx.xx.xx.
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00000000: 02 0a 00 06 0d 00                                 ......
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.318: 00:15:e9:33:75:df [BE-req] Sending auth request to 'RADIUS' (proto 0x140001)
  *radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df [BE-resp] AAA response 'Interim Response'
  *radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df [BE-resp] Returning AAA response
  *radiusTransportThread: Mar 06 09:37:07.328: 00:15:e9:33:75:df AAA Message 'Interim Response' received for mobile xx.xx.xx.xx.xx.xx.
  *Dot1x_NW_MsgTask_7: Mar 06 09:37:07.329: 00:15:e9:33:75:df Skipping AVP (0/27) for mobile xx.xx.xx.xx.xx.xx.
  The messages on Windows 2003 Standard:
  User Y was denied access.
  Fully-Qualified-User-Name = xx.domain.com/Users_T/user
  NAS-IP-Address = X.X>X.X
  NAS-Identifier = Cisco_
  Called-Station-Identifier = ---------------------
  Calling-Station-Identifier = ---------------------
  Client-Friendly-Name = ---------------------
  Client-IP-Address = ---------------------
  NAS-Port-Type = Wireless - IEEE 802.11
  NAS-Port = 1
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server = <undetermined>
  Policy-Name = Wireless Policy
  Authentication-Type = EAP
  EAP-Type = Smart Card or other certificate
  Reason-Code = 262
  Reason = The supplied message is incomplete.  The signature was not verified.User Y was denied access.
  Fully-Qualified-User-Name = xx.domain.com/Users_T/user
  NAS-IP-Address = X.X>X.X
  NAS-Identifier = Cisco_
  Called-Station-Identifier = ---------------------
  Calling-Station-Identifier = ---------------------
  Client-Friendly-Name = ---------------------
  Client-IP-Address = ---------------------
  NAS-Port-Type = Wireless - IEEE 802.11
  NAS-Port = 1
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server = <undetermined>
  Policy-Name = Wireless Policy
  Authentication-Type = EAP
  EAP-Type = Smart Card or other certificate
  Reason-Code = 262
  Reason = The supplied message is incomplete.  The signature was not verified.
  Can anyone help why i cannot log the users via 802.1x ?

  Okay that is good..... this is what I would do next.  I would create a test ssid that uses PEAP MSchapv2 and create a new policy in IAS that is basic.  Allow 802.1x wireless and user group only and see if you can reconfigure one of the XP machines for PEAP.  Can you also post a screen shot of your polices (connection and network) so we can review it. 

• CSCud17778 - memory leak in middle buffers due to snmp traps

  The bug details list these as the conditions required to cause the symptom.  They don't specify whether these three conditions are an AND or an OR, but I'm assuming that all three must be satisfied:
  Conditions:
  1) more than one snmp-server hosts are configured
  2) "snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart" command is configured
  3) some host sending broadcast SNMP traps
  What I'm confused about is #3 -- how would that be germane?  If some "host" sends SNMP traps to an IP broadcast address, the switch should ignore them because it will not be listening on UDP port 162.  If instead of SNMP traps, the host were broadcasting SNMP GETs, that would make it as far as the community string check, which would require buffer storage for the switch SNMP process.  And assuming that check failed, the generation of an authentication_failed trap to multiple trap receivers would require more buffers.
  Can anyone (especially from the TAC) clarify this?
  TIA,
  - Marty

  Hi Marty,
  Yes, all 3 are required (AND conditions).
  Also note for #2, it is really the "authentication" portion of the command.
  In this case, I believe the IOS devices is actually looking / listening to these received traps.  The receipt of this SNMP trap is definately a required condition to trigger this bug.
  Sincerely,
  David.

• Decrypt Errors on WLC version 7

  Hello
  I am seeing a lot of the following showing up in the WLC trap log:
  Decrypt errors occurred for client <CLIENT-MAC> using WPA2 key on 802.11b/g interface of AP 00:17:0f:81:ad:90
  I have done a fair amount of searching about and I cant seem to find a clear explanation for this message.  Could someone suggest what might be causing these issues and how to resolve them?
  For refernce we are using WLC runninn 7.0.98 and ACS 4.0
  Thanks in advance.

  Its a fair range of clients across several APs in the building.  I havent got an exact list of
  clients but I know its both old and new Lenovo/IBM laptops as well as Macbooks and Macbook Pros.
  Our APs are the 1131AGs if that helps.

• Cisco Prime Infrastrastructure 2.1 HA Configuration

  Hello All,
  Having commissioned and tested failover between a pair of appliances I was rather surprised to discover that they do not share a VIP address.  From an operational support perspective this implies that I need to configure each host to accept snmp queries from two servers and double the number of snmp trap receivers to cater for instances where the Primary appliance is out of service.  This implies that the network is having to cope with twice the volume of snmp udp 162 traps and alerts.  I dare not even think about syslogging!
  Hopefully, I've missed something, but how do fellow community members handle this eventuality?
  Thanks in anticipation
  Michael

  Hi Michael,
  I understand your concern , I have heard similar kind of query before. but this how it has to be implemented.
  we need to have traps send to both the servers though one server is Online at one time :(
  otherwise , we have to take the pain of doing this if in case fail over happened.
  Thanks-
  Afroz
  ****Ratings Encourages Contributors ****

• StorCenter px6-300d SNMP Community String

  Dear Reader,
  We have a NAS (StorCenter px6-300d) and we want to monitor it with our monitoring system.
  On the Iomega website (http://iomega.com/resources/ui/px6-300d-313/help/help.html) i've found the configuration steps (see below) and configured our NAS.
  Configuring SNMP settings
  To enable SNMP, click the switch on.
  Enter a unique username and password to define the community.
  Confirm your password.
  Enter the IP address of the host in the Trap Receivers text box. To grant access to multiple receivers, list all of them in the text box, separating each entry with a space.
  Click Apply to save your settings
  In our monitoring system we get the following msg: SNMP agent down - no response received. I think this is because of the (wrong) community string. In our monitoring system, under configuration tab, I tried 'public', 'username', 'password' etc in the community string field but it is not working.
  I hope someone can help me with this... what is the community string? If i'm doing something else wrong then...
  Thanks in advance.
  With kind regards,
  From the Netherlands
  Solved!
  Go to Solution.

  Hi yunuz,
  The username and password that you set on the NAS device needs to match on the SNMP server that you are trying to connect to. So use the same username and password for the server. Do you know what SNMP version your client is using?
  What is an “SNMP Community String”?
  The “SNMP Community string” is like a user id or password that allows access to a router's or other device's statistics. PRTG sends the community string along with all SNMP requests. If the community string is correct, the device responds with the requested information. If the community string is incorrect, the device simply discards the request and does not respond.
  Note: SNMP Community strings are used only by devices which support SNMPv1 and SNMPv2c protocol. SNMPv3 uses username/password authentication, along with an encryption key.
  By convention, most SNMPv1-v2c equipment ships from the factory with a read-only community string set to "public". It is standard practice for network managers to change all the community strings to customized  values in the device setup.
  Source: http://www.paessler.com/manuals/prtg_traffic_grapher/whatisansnmpcommunitystring
  Have questions and need answers?
  Search the database for answers to FAQ's, software/driver downloads, tutorials, news, features and more!
  LenovoEMC Support & Downloads
  LenovoEMC North America Support Contact Page

• Need assistance to configure ASA-SSM-10

  Hello All,
     Can someone assist me on setting up the IPS ASA-SSM-10 module in ASA 5520 firewall . I have just licensed the box. It would be great if someone can help me with relevant videos\docs to configure the SSM module to enable all the required IPS features for the box to run. I am running ASDM 6.4 and if anyone has the configs to enable via ASDM\CLI whichever is feasible is fine . Kindly assist .Below is the module details.
  ASA 5500 Series Security Services Module-10
  Model:              ASA-SSM-10
  Hardware version:   1.0
  Firmware version:   1.0(11)5
  Software version:   7.1(8)E4
  App. name:          IPS
  App. Status:        Up
  App. Status Desc:   Normal Operation
  App. version:       7.1(8)E4
  Data plane Status:  Up
  Status:             Up
  Regards,
  Karthik

  Do you need the syslogs to be sent or the Events.
  IPS sensors do not support syslog forwarding.  Syslog is fairly
  restrictive in size of messages and is not secure or reliable.
  sensor does support sending of events using SNMP
  (again with the same sets of restrictions:  not full data, clear text,
  not reliable).
  There is a physical ability to send events as traps.  It isn't
  recommended for many reasons (or lets say it isn't recommended in the
  same way that monitoring using SDEE is).  SNMP trap receivers generally
  aren't built to handle, say 200 events per second per device.  The
  sensor isn't capable of sending at the same event rate as it is with
  SDEE.  The traps are in clear text and are not reliably sent.  They
  don't contain the same amount of info as an SDEE event, and can't.
  If you need the events to  be sent to a database you can run cisco IME which can collect all the events generated by the IPS.
  Hope this helps.
  Sachin

• Configure ASA-SSM-10 for Syslog

  How to configure syslog on the following IPS module ?
  I need to send logs from this sensor
  Platform: ASA-SSM-10
  Build Version: 7.0(4)E4
  Os Version: 2.4.30-IDS-smp-bigphys
  Can anybody advise me on this.
  Regards,
  Rohit

  Do you need the syslogs to be sent or the Events.
  IPS sensors do not support syslog forwarding.  Syslog is fairly
  restrictive in size of messages and is not secure or reliable.
  sensor does support sending of events using SNMP
  (again with the same sets of restrictions:  not full data, clear text,
  not reliable).
  There is a physical ability to send events as traps.  It isn't
  recommended for many reasons (or lets say it isn't recommended in the
  same way that monitoring using SDEE is).  SNMP trap receivers generally
  aren't built to handle, say 200 events per second per device.  The
  sensor isn't capable of sending at the same event rate as it is with
  SDEE.  The traps are in clear text and are not reliably sent.  They
  don't contain the same amount of info as an SDEE event, and can't.
  If you need the events to  be sent to a database you can run cisco IME which can collect all the events generated by the IPS.
  Hope this helps.
  Sachin

• SNMP TRAP ON Secondary WLC 5508

  Hi I'm Louis,
  I work on 2 WLC 5508 with version 7.4 and Prime Infrastructure 1.3
  We have activate AP SSO to work with a primary and secondary controller.
  We have added the controller to Prime infrastructure and activated SNMP.
  We receive correctly the alarms on Prime.
  But when we work on Primary WLC, and the secondary crash we haven't got information about that. No SNMP received.
  That is normal ?
  Thx for your reply
  Regards

  I find this, in Monitoring and Troubleshooting the Redundancy States
  http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/user/guide/chgdevconfig.html
  On my primary controller, in SNMP => Trap Log , I can see :
  RF failure notification ErrorType: 34 Reason :Lost Peer, Moving to Active-No-Peer State! => When I unplug RP link
  RF progress notification unitId: -1407319963 peerUnitId :14 unitState: -1407319863 peerUnitState :5
  RF progress notification unitId: -1407319963 peerUnitId :14 unitState: -1407319863 peerUnitState :9  => When I plug the RP link.
  So I can see the trap on my controller but there is nothing in Prime ...

• Cisco WLC 5508 not sending SNMP Traps

  Hello Everyone.
  I'm having a weird error on our WLC environment. We have an HA with two cisco WLC 5508 and i cannot get SNMP Traps working on a Windows PC running Kiwi Syslog server (free ed.).
  I can receive correctly Syslog messages, but not traps.
  I Tried also to send SNMP Traps from WLC to a different PC using Linux with snmptrapd and it works fine.
  I tried then to send from my Linux box a snmp trap to my Windows PC, and it works fine, but i still cannot receive anything from WLC.
  Using Wireshark to detect traffic, i cannot see any packet on udp port 162.
  I cannot figure out any problem with my scenario, but i can see the following errors on syslog:
  *rmgrTrasport: Mar 30 16:08:22.602: #RMGR-3-INVALID_PING_RESPONSE: rmgr_utils.c:270 Ping response from <my_windows_PC> is invalid. Ip address do not match.
  My WLC Version is 7.6.130.0
  Thank you for your support.

  I have gone through your query and found the following fruitful links ,please let me know if it helps and mark it correct answer if it is.
  https://www.manageengine.com/network-monitoring/help/userguide/processing_traps.html
  https://rscciew.wordpress.com/2014/10/12/snmp-configuration-on-wlc/
  Thanks :)

• WLC 7.6.100 traps

  Hello Guyz,
  I have recently upgraded to WLC 7.6.100 on WLC5508 and i am receiving the following trap messages often.
  Cause=Indicates that while the radio state should be updated on controller, no reset should be reported. Status:NA
  Any idea what would be the cause?
  thanks in advance.

  Might be an issue with the code... that version wasn't great.  There is a new version which ifxes some major bugs.... v7.6.110.0.... this is what you should upgrade to.