Cisco :: 2 WLC 2504 With Two Firewalls - Backup Port
Apr 24, 2012
I have a question about 2504 deployment.Two WLC's , one will be acting as primary controller, second as secondary controller.
There will be two firewalls with High Availability between them. Ok, if primary controller will go down, we would need to wait about 2minutes, and AP's would join secondary controller.
But if there is a problem with firewall? Etc. FW 1 goes down. Is it possible with WLC 2504 to use it's second port as backup port ? And use the same IP address between them?
Because if we configure the second port with different IP address, we would need to wait about 2minutes, because AP's is in "rejoining" mode )(To use second port as backup, but have the same IP address on it ( like put these two interfaces into the same "vlan") , because this would be really great, if one Firewall goes down, we would still will be using the same wireless controller.)
View 3 Replies
ADVERTISEMENT
Apr 17, 2013
I can't seem to find and answer to this, but is it possible on a 2504 WLC to trigger a configuration backup when the configuration is saved like on Cisco routers and switches?
View 2 Replies
View Related
Jul 24, 2012
There are three Win 7 laptops on the LAN trying to connect to the ASA5500 Firewall. They generate a Severity Level 3 alert and try the same port three times then move to the next numerical port and try that three times. Is this a malicious Hack.
View 5 Replies
View Related
Jul 20, 2012
i'm trying to use VNC as a remote desktop i was told to forward port 5900 in order to connect. but whatever i do i still an error saying that the port is not forwarded..Connection test failed.VNC Server appears to be behind a NAT router with IP address x.x.x.x. You will need to configure that router to forward port 5900 to this computer before you can connect to VNC Server over the Internet.as you can see here the port is forwarded to the server computers local IP.i have no firewalls active, and no anti-virus software that could be blocking VNC.
View 1 Replies
View Related
May 17, 2011
I've read some conflicting things on the new 2504 WLC's. Some things indicate all 4 ports are fully useable, while others indicate perhaps only 1 or 2. I think I've read in product documentation that it support a max of two ap-manager interfaces. Does, for sure, all 4 ports are useable? I'm thinking of the following configuration:
Port 1: management interface and first ap-manager interface
Port 2: second ap-manager interface
Port 3: first dynamic/client interface
Port 4: second dynamic/client interface
I'm planning on deploying my ap's in h-reap mode with a max of 25 ap's per 2504. Since I'm using h-reap, bandwidth shouldn't be much of an issue so I'm also considering trimming it down to using just two physical ports as follows so I can take up fewer gig switchports which are scarce at many of my locations:
Port 1: management interface and first ap-manager interface
Port 2: first and second dynamic/client interface
I've always deployed 4400's and 5508's with LAG so I haven't had to think about this much until now.
View 4 Replies
View Related
Sep 24, 2012
When i open Skype it try to allow incoming connection to port 57502.
Both times Little Snitch caught it. Attached are two images.
What would this connection be, I read this port is dynamic/private?
View 9 Replies
View Related
Jan 16, 2012
I have D-Link's DSL-2730U modem/router. I've enabled the router's firewall and disabled TR-069 (putting in some dummy ACS URL and login credentials as well). However port scans show 30005 as open. I believe this is used by the TR-069 client. How do I definitively filter this port?
View 9 Replies
View Related
Mar 14, 2012
My company uses Cisco 891's in replacement of the 1811 where we would have DBU used via an external modem and a triggered time of 3 minutes after a primary connection failure was identified. In testing the 891 in a Layer 2 failure environment, it is within milliseconds that the v.92 port is engaging after the layer 2 failure. Has anyone been able to get it to attempt at a more than millisecond rate?
Redacted config from router:
ip sla 1
icmp-echo <%= probeIP1 %> source-interface GigabitEthernet0
[Code].....
View 0 Replies
View Related
Apr 25, 2012
On a WLC 5508 it lists an option to specify a "Backup Port" under the physical information section on an interface. We have two central switched SSID's which are connected to an internal firewall. We are looking at installing a backup/standby firewall and running a virtual firewall between them. Each SSID would have an additional patch from the WLC to the standby firewall.
Does the backup interface port function on the WLC allow traffic to be failed over from a centrally switched SSID via backup interfaces to an alternative device? If this does work will only physical link failure to the primary firewall cause the backup port to be activated or is there configuration parameters which can be specified for load, packet loss or latency which can be used as criteria to cause the backup port to be utilized?
View 1 Replies
View Related
Jun 5, 2012
Is it mandatory to connect Cisco WLC 2504 to a Gigabit port ?? can we connect it to a fasternet port (100 mbps) ?
View 4 Replies
View Related
Sep 25, 2012
is it possible to Manage the 2504 Controller over a separate Interface. Exmaple: Port 1 is used as controller management interface (untagged) - AP's are connected to the same VLAN Port 1 is used for Guest Traffic (VLAN 3 tagged) Port 2 should be used to manage the WLAN Controller from the internal LAN. (tested with untagged, tagged, same issue)
with this Setup it is possible to ping the Port 2 IP-Address from the internal LAN but if you try to connect to the controller, the Browser shows "Site not reachable".
I also enabled "Management via Wireless" but without success. I also tried to add the "management" VLAN as tagged on the management Interface with the same effect, the controller is not manageable from the internal LAN. On 5508 WLAN Controller i have an similar setup, but with LAG Port enabled. There this works.
The only interface were i can manage the WLAN controller is from the management Interface.
View 1 Replies
View Related
Mar 3, 2011
I have a customer with active/standby on a pair of 5510's with the CSC modules. They were inquiring about the AIP/ASA, and since this would NOT work in their current setup, would getting a pair of 5510/AIP configured for transparent failover work placed in front fo the existing units? Would I need to have a switch placed between the AIP and CSC ASA's? Or would I setup the ASA's for context based Active/Active failover to interconnect the ASA's to the existing units, but I still see a need for a switch.
View 1 Replies
View Related
Dec 14, 2012
I'm using a 2504 controller. I dont have WCS.My questions are about the best way to configure a Rogue Detector AP.
In my lab environment I setup the WLC with 2 APs. One AP was in local mode, and I put the other in Rogue Detector mode.The Rogue Detector AP was connected to a trunk port on my switch. But the AP needed to get its IP address from the DHCP server running on the WLC. So I set the native vlan of the trunk port to be the vlan on which the WLC management interface resides. If the trunk port was not configured with a native vlan, the AP couldn't get an address through DHCP, nor could the AP communicate with the WLC. This makes sense because untagged traffic on the trunk port will be delivered to the native vlan. So I take it that the AP doesn't know how to tag frames.Everything looked like it was working ok.
So I connected an autonomous AP (to be used as the rogue), and associated a wireless client to it. Sure enough it showed up on the WLC as a rogue AP, but it didn't say that it was connected on the wire. From the rogue client I was able to successfully ping the management interface of the WLC.
But the WLC never actually reported the rogue AP as being connected to the wired network.So my questions are:
1. What is the correct configuration for the trunk port? Should it not be configured with a native vlan? If not, then I'm assuming the rogue detector AP will have to have a static IP address defined, and it would have to be told which vlan it's supposed to use to communicate with the WLC.
2. Assuming there is a rogue client associated with the rogue AP, how long should it reasonably take before it is determined that the rogue AP is connected to the wired network? I know this depends on if the rogue client is actually generating traffic, but in my lab environment I had the rogue client pinging the management interface of the WLC and still wasn't being picked up as an on-the-wire rogue.
View 4 Replies
View Related
Sep 8, 2012
Since WLC5508 MGMT interface is configured a AP-Mgr at the same time, can I set a Backup Port to WLC5508 MGMT interface? Refer to WLC configuration Guide:
In the Backup Port text box, enter the number of the backup port assigned to the management interface. If the primary port for the management interface fails, the interface automatically moves to the backup port.
Note Do not define a backup port for an AP-manager interface. Port redundancy is not supported for AP-manager interfaces. If the AP-manager interface fails, all of the access points connected to the controller through that interface are evenly distributed among the other configured AP-manager interfaces
if I need to configure the backup port for MGMT interface, i need to remove the AP-manager on MGMT interface and create a network dynamic interface for AP-Manager ?
View 2 Replies
View Related
Mar 28, 2012
I created a wlan just for our wireless IP phones.I assigned an interface I created which in turn was set to a specific port on company 2504 WLC. Connecting switchport is set to trunk. Right now I can't ping the voice wlan interface.
View 1 Replies
View Related
Jul 10, 2012
I have bought an RV180 Firewall/VPN and try to use the Backup Software Crashplan. As per the supplier it needs Port 443 and 4242 open. Port 443 is fine and allows me to use the service to backup to the Cloud. However when I want to allow other users to backup to my computer this traffic is blocked. I tried to open port 4242 on the firewall and forward the traffic to the computer that hosts the service but it does not work. I have tried to Telnet this port from the WAN but I don't get a response. When I check the Open Ports this port is not listed as a LISTEN port either.
View 1 Replies
View Related
Jan 20, 2013
Here's my problem. I'm going to be using Cisco 1941 routers at a bunch of remote sites. All of these sites have 2 comm paths out. Some of them have 2 IP/VHF radios and some have 1 IP/VHF radio and a copper link using Patton ethernet extenders. From the VHF radios the data hit our MPLS network back to our HQ and the sites with copper go directly back to our HQ. Everything ends up at a Cisco 4948 switch. The problem I'm having is that I want the routers at the remote site to use one ethernet port (G0/0) as the primary and the other (G0/1) as the backup interface. I've tried the backup interface command but the problem is that depending on where an outage occurs the ethernet link to either the radio or Patton stays up so it never switches over. We're using OSPF as our routing protocol and I'm sure there's something that can be done with it but I'm not sure what.
View 4 Replies
View Related
Feb 16, 2012
I have a problem discovering some ASA firewalls on a network. I have several ASA firewalls on this /24 network, but some of them I can't discover e.g 149.x.x.107 is discovered ok, but 149.x.x.20 I can't discover. It seems that it's not even trying to discover the devices I have problems with. Nothing is shown in the discovery log.
View 11 Replies
View Related
Jun 25, 2011
For protection of any network architecture,use of firewalls (either hardware or software) only at Network ,Transport and Application Layers of TCP/IP stack. Why not at remaining layers?
View 1 Replies
View Related
Feb 13, 2012
Am I able to legally download and upgrade software versions still on ASA firewalls?I have not had an issue in the past as this has not effected the license.I cant find anything online saying that you cant due to Cisco's new Software license policy changes.
View 1 Replies
View Related
Jan 10, 2012
'm trying to set up a vpn connection through two ASA 5510 firewalls.My network is as follows:
PC | FW A | Internet |FW B| - lan |
I am trying to achieve the following:
PC | FW A | Internet |FW B| - | DMZ | - | FW C| - | lan |
However, I am not sure where the VPNs will need to terminate and how I will achieve this taking into account the WAN IPs.
View 1 Replies
View Related
Dec 16, 2010
I am trying to setup a Cisco ACS 5.2 for both login and enable authentication to asa 5505s, 5510s, and catalyst switches. I am testing with an ASA 5505. The initial authentication to the firewall works, but when I try to enter privileged exec mode using the enable command, it doesn't work. I have the user setup on the ACS with a password and an enable password and privilege level 15, I have the device setup on the ACS, I have the tacacs+ server setup on the firewall and pointed to the correct server address, and the AAA commands for telnet, ssh, and enable.
View 9 Replies
View Related
Feb 13, 2012
I opened my iTunes program today and noticed a roommate's MP3 files were picked up on my network. I think the name of the program is Rocket Tube MP3. Anyway, I came on here because our computers use a Wi-Fi internet connection and I was wondering how much of my web activity (history, cookies, temporary files, etc) he could see from my laptop if his computer was a desktop downstairs. He's very tech-savvy (a former IT guy) and I don't want him snooping through my personal records.
View 2 Replies
View Related
Mar 25, 2011
I was under the impression that those global addresses that we used with NAT were from the outside IP addresses range?Lets say my outside IP address is idk 192.112.40.11 /30 and I only had two usable IPs (since you can't use network and broadcast IPs) so how would I set up NAT for a couple of Inside addresses with a shorting of addresses like this? Idk if that makes sense what I'm trying to say
View 3 Replies
View Related
Sep 21, 2011
I am trying to upgrade all my firewalls to Security Plus but I am not sure what firewalls are needing the upgrade. Is there a SNMP pull I can do to see what license is on my firewall? example: "This platform has an ASA 5510 Security Plus license." via SNMP
View 1 Replies
View Related
Jun 5, 2012
We have a configuration where we go through a firewall (ASA 5510) to a router, which decides if it is internet traffic or another network used for colleges etc in Canada called SR Net. If it is internet traffic it then goes through another ASA 5510 to the internet.
When we tested we were not seeing the speed of our internet (about 1/10th). We tested by putting the laptop before the internet firewall and we get the throughput. We also threw the test laptop before the router and we got the throughput expected. But when the test laptop is before the internal (first) firewall we get about 1/10th the speed. We are Nating on both firewalls, so from the inside we are going from a private IP to a Public IP (so it can go to SR Net is need be), then Nating again to the internet IP on the second firewall.
View 2 Replies
View Related
Nov 29, 2011
We are a non-profit organization that is heavily reliant on interns that use their own laptops a lot here. My concern is they come in and connect to our wireless network with no supervision or anything else. I am worried they will introduce a virus, trojan, or something to our network. What the best way to keep them from introducing unwanted malware from a thumb drive, virus in email, or something to that effect shy of standing over them while they install and run an antivirus software?
View 7 Replies
View Related
Feb 12, 2012
I have problem with the Lan-to-Lan VPN tunnel.the VPN working fines since 9 months ago without any problems.Suddenly got the problem!,In last two days we faced problem the VPN down.in first time the problem in phase-2.. but after that in phase-1... in latest no data packet received to their side.
View 1 Replies
View Related
Apr 27, 2011
I am looking for some resources on what steps would be involved in configuring a Cisco ASA 5500 when obtaining a new ISP. Since our static IP will be changing with the new ISP, just need to know what configurations changes will need to take place. We currently have a working config with DSL, but are switching to cable. We are using a DMZ configuration, and are going to try using ASDM first since that should be easier
View 3 Replies
View Related
May 22, 2012
can i change my nat type from type 3 to type 1
View 19 Replies
View Related
Dec 6, 2011
I have been trying to get into one website (url)The world's best online marketplace, List free Classifieds,buy and sell - auction,post a job and get hire from over 1 million top professionals. | Wanaifieds.com and I can't get into the site from my home I can get into the site everywhere else but here I called the service provider and their telling me it's not them they don't block website and the IP is not stationary so their nothing wrong with their end I called the hosting company of the website and they told me they don't block any IP's I don't know what to do I do remember when it was working about 4 days ago I tried something o the site and I messed up and I clicked back instead of putting my password a little box poped up and said something about a certificate or something but I just clicked off and when I tried to get back on the site.
View 6 Replies
View Related
Aug 26, 2012
I'm working with Cisco ASDM 6.1 for pix. I want some of ip addresses are not shunned thus provide a list of addresses which should not be shunned in threat detection, but some of ip addresses are shunned yet.
View 1 Replies
View Related
May 20, 2012
I want to block 10.0.0.1 and 192.168.1.1 but my router says invalid domain so if will the guess network be able to go to page 10.0.0.1 and 192.168.1.1 even though I don't block it? I have a bypass account but don't want anyone else to access 10.0.0.1 and 192.168.1.1. Also can you tell me some proxy sites I can block?
View 11 Replies
View Related
