Cisco :: 2504 Configure Rogue Detector AP And Trunk Port?
Dec 14, 2012
I'm using a 2504 controller. I dont have WCS.My questions are about the best way to configure a Rogue Detector AP.
In my lab environment I setup the WLC with 2 APs. One AP was in local mode, and I put the other in Rogue Detector mode.The Rogue Detector AP was connected to a trunk port on my switch. But the AP needed to get its IP address from the DHCP server running on the WLC. So I set the native vlan of the trunk port to be the vlan on which the WLC management interface resides. If the trunk port was not configured with a native vlan, the AP couldn't get an address through DHCP, nor could the AP communicate with the WLC. This makes sense because untagged traffic on the trunk port will be delivered to the native vlan. So I take it that the AP doesn't know how to tag frames.Everything looked like it was working ok.
So I connected an autonomous AP (to be used as the rogue), and associated a wireless client to it. Sure enough it showed up on the WLC as a rogue AP, but it didn't say that it was connected on the wire. From the rogue client I was able to successfully ping the management interface of the WLC.
But the WLC never actually reported the rogue AP as being connected to the wired network.So my questions are:
1. What is the correct configuration for the trunk port? Should it not be configured with a native vlan? If not, then I'm assuming the rogue detector AP will have to have a static IP address defined, and it would have to be told which vlan it's supposed to use to communicate with the WLC.
2. Assuming there is a rogue client associated with the rogue AP, how long should it reasonably take before it is determined that the rogue AP is connected to the wired network? I know this depends on if the rogue client is actually generating traffic, but in my lab environment I had the rogue client pinging the management interface of the WLC and still wasn't being picked up as an on-the-wire rogue.
View 4 Replies
ADVERTISEMENT
Jul 21, 2011
I am testing rogue on wire using 5508 WLC and , I have a dedicated AP configured as rogue detector and configured the switch port where the Rogue detector is connected as trunk. I have plugged in an autonomous AP with open authentication to the same switch so that it can act as a rogue. On the WLC, I can see that Autonomous AP as rogue on Wire. But along with that I am seeing another AP as rogue on wire, even though i have plugged in only one Autonomous AP to the switch.
View 3 Replies
View Related
Mar 9, 2009
If you deploy a Cisco 1242 a/b/g access point as a rogue detector, can this be used for 802.11n wired detection as well.i.e Will the controller send the MAC addresses of the 802.11n clients and APs. url...
View 8 Replies
View Related
May 28, 2012
(5508 WLC, 1142N APs).I understand if I enable the AP mode to Rogue Detector from the details page of the AP, the AP stops accepting requests and is now looking for rogue items on the wired network. Is this the same when I enable Rogue Location Discovery Protocol? Will I lose the wireless functionality of all of my APs on the controller?
Next question, when I look at the Rogue Summary on the Monitoring page I see three Adhoc Rogue devices. When I select the Detail link only one shows. I remember the other two were HP mutifuction devices with WIFI enabled but I cannot retrieve that information anymore.
View 9 Replies
View Related
Feb 27, 2012
What is network port ? I want to configure a trunk port as network port, so that the trunk port becomes the network port for all the VLAN associated to the port.
View 18 Replies
View Related
Feb 12, 2012
we recently aquired a managed services job and have to do a overhaul of the vlan configs and have a whole dozen WC2948G's trunk between a set of ports as well as trunk out a LAG channel setup to non cisco equipment. the deal is the lacp-channel works properly on both ends but no routing of vlans between ports and between the lag trunk are working.
theres alot of settings in the config and im planning on clearing it and starting from scratch but before i do i want to know where my problem lies.
[code]...
View 6 Replies
View Related
Apr 11, 2013
Is there really any reason why you wouldn't use spanning-tree portfast on a trunk port other than a trunk between two switches? We have it enabled on all ports except for the fiber trunk between two non-stacked switches and the trunk ports connected to our Astaro firewall.I'd like to enable it on the ports to the firewall unless that would cause issues.
View 9 Replies
View Related
Feb 18, 2013
I have a 3750g connected to a "core" switch stack of 7 other 3750g's via 2 GigE ports in a trunk. This is currently in a switchport mode access port- channel so only the default vlan data is sent over. Now we have a need due to physical location of these switches, to allow vlan20 (DMZ) from this 3750g to the switch stack. I will configure a few ports on the switch stack for vlan20 and they need to be able to talk to the stand alone 3750g.To do this I will change the port channel on both endpoints to
-switchport trunk ecapsulation dot1q
-switchport mode dynamic desirable
also making the appropriate change on the interfaces belonging to this trunk.My question is, now that its a trunk port that carries multiple VLANs, how much is the bandwidth reduced on that 2gbps link?I have a very active VLAN (10) on the stand alone switch, but on the core I'm not going to be assigning VLAN 10 to any ports. So does traffic from VLAN10 even come across the trunk (wasting bandwidth) if no ports on the core side are assigned to it? I really just need vlan 1 and 20 (for now).
View 11 Replies
View Related
Apr 24, 2012
I'm trying to configure a 2940 switch to trunk. I just can't get it to work.On the interface I have added: switchport mode trunk The default is encap for this switch is dot1q, so there is no need, or ability to add/change the encap mode. Also all vlans are being allowed by default. I still can't get any port to trunk. Need to get G0/1 to trunk, have also tried to trunk f0/6 to the switch in my office. Also can't find the command to change the management VLAN. I do not use vlan 1 for management. Can I change the Mang VLAN on this switch?
View 7 Replies
View Related
Oct 8, 2012
After reading a bit about interVLAN routing got a doubt regarding how trunking takes place at router and at switch.In case of switch we configure a port interface as trunk port and say all vlan's are allowed here but in case of router we configure sub interface as trunk saying particular vlan belongs to particular subinterface .Can't we configure only a single port interface on router just like Switch and say all vlan's are allowed here on this interface ,why to go for sub interfaces?
View 2 Replies
View Related
Feb 12, 2013
i have plan to deploy cisco WAP321 on my customer, and after rading the document about WAP321, it said the WAP321 support for VLAN ID feature, but i cant find whether it support for trunk port because i would like to connect the WAP 321 LAN port to the cisco SMB switch SG300/SG200. is the trunk port already enable on the WAP 321 LAN port so i dont need to configured it or not ?
View 4 Replies
View Related
Jun 29, 2012
I'm trying to obtain the vlans on a trunk and also whether the port is a trunk. Ive seen VTP mib, but these dont appear present on my switch (2950).
View 4 Replies
View Related
Apr 20, 2012
1- Cisco Router
Eth0/0 : Ip address 192.168.1.1 /24 == connected my laptop of 192.168.1.2
/1: Ip address : 192.168.2.1 /24 = connected cisco swith
2 - Cisco Switch
VLAN 2 Name : Sales : ip address 192.168.3. 1 = connected computer 192.168.3.2
VLAN 3 Name : Marketing : ip addres 192.168.4.1 = connected computer 192.168.4.2
So I want my laptop that connected the router Eth0/0 Interface should access both VLAN 2 and VLAN 3 computers
View 4 Replies
View Related
Jul 19, 2011
How can I add devices onto the customizable group1? I am trying to creat a group of trunk ports and monitor just the up/down.
View 1 Replies
View Related
Sep 1, 2011
Running Cisco NAC 4.1.6 OOB on the LAN. For some reason in the middle of the night, the snmp trap mac-notification added command appeared on the trunk uplink port of one of our switches.
I don't know exactly when the command was added but at 2am when the backup of the config was taken, it was there. At around 4:30am, the uplink went off-line. Is there anything within NAC that would push a change like that automatically to a switch. We do have NAC Profiler running on the network also.The problem was in a branch office so I only got the information second hand what was on the switch itself. We moved the uplink to a different port which allowed the switch to show up on the CAM again, however when I viewed it, the uplink port was set to controlled!
Does this make any sense?
how long devices will stay in the certified device list if no timer is configured to clear it out?
View 2 Replies
View Related
Feb 24, 2011
Currently I have a 4510-48g HP3COM switch as a core switch for my 4 VLAN network (which I hope to send back cause it doesn't do what I wanted it to do... PBR, which is what I need to route specific VLAN's to specific interfaces on the sonicwall,.. cause sonicwall dont understand trunk or spanning tree,. meh!) This may not happen so I've dug out an old CISCO 1800 sdsl router that has 1 FE0 port and 8 other ports, FE 1-8.
The first thing I need to do is get everything to talk to each other. So I plugged the switch into it via its configured trunk port, and configured 4 sub interfaces on the router 1800 and all seemed happy as larry and working. The problem I have is I dont seem to be able to create sub interfaces on the other ports!?
[Code]...
View 6 Replies
View Related
Oct 2, 2011
I am new in networking. All my knowledge is based on books and no real life experience.At my job I am required to set up the network and configure all apparatus I never worked,before with.We have regular cable internet in the office. Modem is connected to Apple router (time capsule). No trouble. Now we are getting fibre optic in the office. Mngmnt has abought the following Cisco:
Cisco Wireless Controller 2504
Cisco 3501 AP 802.11g/n Ctrlr based AP
Cisco ASA 5510 Firewall appliance
Cisco Power Injector AP3500 Series
View 1 Replies
View Related
Sep 2, 2012
Is it possible to use Port Security mechanism between two switch (3750 or 3560) ports while trunk has been configured? If it's not possible, is there any other way to ensure that no other Switch can be connected other then the one switch which has been configured/placed by a network engineer?
View 4 Replies
View Related
Apr 22, 2012
I have 2 Cisco 6509 switches linked together via single Fibre as a trunk.I want to change this to a port channel where I will add another 3 fibre ports to the port channel but what order do I do this to minimise any disruption.
1-Configure PortChannel and add the 3 new ports, this will bring up the Port Channel but what effect will this have on traffic currently going over the single Trunk link? Will spanning tree go mad, how will switches react?
2-Convert existing Trunk link to Portchannel then add in new ports to PortChannel, I guess in doing this there will be a small hit on traffic as it changes to a port channel.
View 2 Replies
View Related
Nov 13, 2012
I have got 2 Cisco switches (3560G and a 3560X) connected by a trunk port. see config below:
3560G#sh run int gi0/26
Building configuration...
Current configuration : 130 bytes
[Code].....
I can't seem to get VLAN 79 through to the first switch (3560G). Beyond this switch there is a router with acts as default-gateway for the respective VLANs. For VLAN 79 it is 192.168.79.1. I can ping this from the first switch but can't ping it from the second (3560X) switch but can ping 192.168.25.1 which also is the default gateway for this switch.
View 7 Replies
View Related
Nov 3, 2012
It,a possible configure 2 ssid with wlc 2504 and lap 1042n? It,s possible configure 2 ssid with support 802.11n?
View 1 Replies
View Related
Oct 26, 2012
I have WLC 2504 controller and six access points AIR-LAP1042N. I reading Cisco 2500 Series Wireless Controller Deployment Guide url...trying to set up along the lines.
It is also possible to have multiple AP-managers in a different subnet than the management interface. However, in this case, it is recommended that you disable the AP-manager from the management interface and create another AP-manager interface on different physical ports in a different subnet than the management interface. All multiple AP-managers in this scenario should be in the same subnet.
I maping management interface on physical port 1 and disabled ap-manager on it. Set up 192.168.7.0 subnet with non tagged vlan. This iface/port I want to use only for access to WLC web-interface. Then I create dynamic interface ‘dynamic1’, map him on port 2, enable ap-manager on him, and set up 192.168.110.0 subnet with vlan 10. Then I tryed map wlan1 to this iface, but I can’t because in the choice was only management iface to map wlan1.
There is three dynamic interfaces on same subnet and vlan, in example above. But when I try to add dynamic iface with the same vlan/subnet as an existing dynamic interface, I get an error, and can’t adding.
View 5 Replies
View Related
Aug 14, 2012
I've recently set up a PC-based IP PBX in our small business which uses a SIP Trunk for up to 3 simultaneous voice calls. Ports needed to operate include 5060 (SIP-UDP) and then a huge range of high-number UDP ports which I believe is for the 'media' or audio. Let's call the range UDP 49,152 to 64,512. I only know a little about the SIP protocol but my understanding is that each call will randomly use a few ports from this range across which will pass audio, Is there a need to have such a wide range of ports open? If my SIP trunk is only capable of 3 simultaneous calls then it seems only 9 or so of those open ports could get used at once. Could I not just open, say a range of 100 ports and be fine, thereby reducing the security risk?
View 4 Replies
View Related
Dec 6, 2012
can i have 4 links from an ESX server to 6500 , each link represents a trunk link carries each the same 2 VLAN , 100 and 101 , keep port-channel out of the picture , does it work well?
View 12 Replies
View Related
Sep 21, 2012
We have 7 3560's in 7 different locations connected to our providor for wan access. Our provider has given us a copper cable at each point and we have connected it directly to our 3560 switch at each location. Each port is configured the same way at each location. Each switch is running eigrp.All of the switch ports on each switch are configured as a trunk and vlan 299 had the ip address for the eigrp connection: [code] This setup is working as each switch see's all of the other switches as an eigrp neighbor. We have also made sure that the switch at our head office has spanning tree priority for vlan 299.
So the problem is, if there is a change in the topology at one of the locations it usually causes one or more of the other connections to go down for some reason. We just cannot pinpoint what is causing this change. There are no log's or anything other than an eigrp hold time expired message.?
View 9 Replies
View Related
Jul 10, 2012
I have a pair of 3560's configured with dot1q trunks between them carrying a number of VLANs.
Once deployed there will be a requirement for these physical trunks to be disconnected from time to time. Knowing that this is inevitable I am trying to minimise the period of time for the trunks to recover once the physical connectivity is reinstated.
All of the VLANs on the switches are configured for Spanning Tree Rapid PVST. Current time for the trunks/VLANs to come up is around the 4 second mark.
View 11 Replies
View Related
Oct 3, 2012
Is it possible to rate limit on a L2 trunk port on a 3750?
current port config and ios are as follows;
interface GigabitEthernet1/0/50
description *** Connection to Fiber Link ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,172
switchport mode trunk
end
flash:c3750-advipservicesk9-mz.122-46.SE.bin
i was wondering if the "srr-queue bandwidth limit 10" command would work to limit the output from this interface to be 10 % of the port bandwidth and then the same command could be done on the other side.
View 1 Replies
View Related
Jan 20, 2013
Can I configure the Port at the ASA 5050 from Mode: access Port to trunk during the FW is running in a production area without console access ?As I know at the 5505 ist should work?
View 3 Replies
View Related
Jan 8, 2013
I have cisco 2504 WLAN controller with 7.4 IOS. My query is can I configure the MAC authentication with certificate based. And without using any external servers like Radius, ACS and LDAP.
May I know, If there is a option on WLC…
View 4 Replies
View Related
Jun 26, 2012
trunk port connecting but not allowing access to tree; i connected 4506 port to 3550 port; and i set both to switchport mode dynamic desirable; the 4506 port was set with switchport mode access and switchport mode access vlan ?; i used the command default switchport access vlan to remove the vlan; the ports are up but as I stated I cannot connect ot our workgroup tree
View 4 Replies
View Related
Mar 15, 2012
we have a scenario that consists of a Cisco 4507 series core switch with more than 20 vlans which is connected to a C2960G switch( in a nearby building) using a trunk by a fiber connection. Up to this point everyhting is fine . VTP domain is configured on the core switch and we have all of the 20 vlans present correctly on the edge 2960G wich is part of course of this same VTP domain.the fiber connection goes from core switch to a "in the middle location" where we have a fiber patch panel that is connected in a jumper style to another fiber patch panel going to the destination building where the C2960G sits.
Now imagine that Fiber connection from this middle location to the destination C2960 edge switch is down for any possible reason meanwhile the fiber connection from Core switch 4507 to the middle location is still intact.In the same time, in this middle location , we do have a wireless connection which links 1 Cisco 3750G switche ( a different infrastructure and different VTP domain) to another C3560G switch which sits on the same Room in the nearby destination building where we have the edge C2960G, An idea came to me is to connect one of the fiber port (core) in the intact fiber patch panel coming from Core switch 4507 TO an access vlan configured switchport in the 3750G switch ( this switchport will belong to a vlan designed only to trasmit the vlans on the trunk coming from 4507 core switch say VLAN 10) then connect one VLAN 10 access switchport to the destination C2960 edge switch ( the switchport on the c2960G is still a trunk)Will this solution work and all of the 20- 4507 core switch vlans arrive to the destination C2960G ? Or we do need something that tags the 2 VLAN 10 switchports like switchport dot1q tunnel like QinQ
View 2 Replies
View Related
Jun 6, 2012
I have several closets with Cisco 3560 on the edge that I'd like to change the vlan that's used for the management vlan on each. In the core I have a Cisco 6509 with Sup720's.
I'd like to do this by changing the native vlan on the trunk port on the core 6509 interface that connects to the 3560. and leave the management vlan on the 3560 as vlan 1.
Seems trivial but what I tried didn't work and I didn't have the window to troubleshoot. I'll paste the simplified configs for the interfaces below
!
6509 configs:
!
interface Vlan50ip address 172.16.50.2 255.255.255.0!interface FastEthernet
[Code]....
View 5 Replies
View Related
Feb 6, 2013
So I took a laptop with wireshark and plugged it into a nexus 5000 port that is configured as a trunk with 3 vlans allowed on it. The laptop was seeing all kinds of traffic on the wire, most of it was not involving my laptop.
For example: Server A VLAN 10= 10.10.10.1 Server B VLAN 20= 10.20.20.1 and wireshark laptop is plugged into a trunk port which is allowing those vlan's. The vlan's are routable.
10.10.10.3 is seeing the entire conversation when 10.10.10.1 backs up 10.20.20.1 even though it has no reason to see it. It is as if the trunk is spanning traffic to the laptop port. No span is setup however. It's really weird. This is not just broadcast traffic, but actual tcp taffic between Server A and B. Why would a trunk port see traffic between 2 other servers talking to each other on the vlan.
Trunk port configuration below:
Interface Ethernet 141/1/3
switchport mode trunk
switchport trunk allowed vlan 10, 20
View 5 Replies
View Related
