Cisco :: 4404 TX Power Levels Are Low After WLC Upgrade To 7.0.98.0
Oct 7, 2010
I recently upgraded our WLC 4404 to release 7.0.98.0. The process was very smooth with no issues. The controller manages access points in two buildings. Prior to the upgrade the access points were maintaining high TX power levels...typically between 1 and 3. After the upgrade the power levels all droped to 6 and 8. I have confirmed that the correct external antenas have been set for each access point. I have not done a site survey to see if the lower power levels are acceptable. But the environment has been very consistent for the past year with regards to TX power levels. For the time being I have manually set a power level of 2 to prevent any service outages. Is there any explanation as to why the power levels have changed so drastically?
I would like to check if it may be possible to hot-upgrade/swap the 4506E power supplies? Based on the configuration guide; I have summarized the steps as follows:
1. Switch has 2 existing power supplies to be upgraded
2. Remove right side/bay 2 power supply and install new power supply
3. At this point; the new power supply will be in err-disabled due to different power supplies on the switch
4. Remove the left side power supply and install new power supply
For item 4; during the removal of the old power supply in bay 1/left side and installation of the new power supply; I am wondering if the switch would lose power even though the new power supply is installed in bay 2?
while upgrade NME-NAM module IOS on 2821, as a result of sudden disorder in power system nam helper image crashed and it seems
i have to fix this !
(as you may know without helper image you cant load IOS image of NAM so it doesn't work !!) on the other hand in Cisco documents it's mentioned besides upgrading NAM IOS we can upgrade helper image too. but i couldn't found in Cisco downloads the appropriate link to download either older version or latest version of , Nam helper image. (even with CCO Account)
in addition i have a brand new NAM Module that contains NAM Helper Image but I couldnt find a way to tranfer this image via ftp to ftp server
*By default, the interface with higher security level can access "interfaces" with lower security level*By default , lower security level interface has no access to higher security level interface (access list needed to permit access
I have a customer with an ASA5510. We have an SSL VPN (tunnel-based, or "SVC") that we use for remote access. That works great.They want to be able to use this same functionality, but add users who will not have the full access that the current SSL VPN users have. So in other words we currently have a small group of users who get full access to the LAN. Then they want to have a second group of users who will only have access to certain nodes.I'm wondering if there's some way to do this using LDAP between the firewall and the Radius server? The user gets put in a different tunnel group depending on what the FW learns from the server?We only have the Anyconnect Essentials license, so unfortunately we can't do a clientless SSL VPN, which otherwise might work well here.
I have a DMZ (50) from where I need to allow some protocols to inside zone (level 0). I am doing that with ACL, but after having done that the implicit security level rule to lower level (outsite level 0) is not working anymore, I guess by the implicity deny after the acl. I'd need allow traffic to the outside zone from DMZ, as well as the inspect traffic from the inside one. Is there anyway to have both ACL and Security levels?
If not, what do I need to do to just allow some protocols going to higher level and leave the higher-to-lower traffic inspected allowed, same schema as we have with security levels.
I'm trying to make a setup on my Cisco 881 router, but I'm having some trouble.I've managed to configure logging in with a Public-Private key pair over SSH, but it's also still possible to log in over SSH with just a username and password. I'd like to prevent this, if possible. I imagine I might have manually configured this to be allowed at some point, but I can't quite figure out how I did this, as no matter what I've tried to remove, it keeps allowing this option. I still need to be able to log in with a username, because I want users to have different privileges.
Once I've logged in using the Public-Private key, I don't automatically go into privilege mode, even though the user is configured with a privilege level. I'd like to configure that users that I've configured to use a certain privilege mode, automatically go into privilege mode without a password prompt. I know it did this before I started using the Public-Private key (or before I used AAA, which was configured around the same time), so I wondered if it's possible to do this still.
I've got tons of fibre in my network. However, tbh, my knowledge about correct light levels isn't great. I generally wait until my router complains about a light level before I do anything. I would like to set up SNMP monitoring for light levels, but I need some kind of baseline.Anyone with extensive fibre experience? What light levels should I be looking at for both multimode and singlemode fibre?
I purchased a Epson Artisan 835, which I am runnung wireless. When I try to check the ink levels from my laptop they are all greyed out. Epson tech said the Dir-655 was the problem and that I needed to get the router to give permission for the ink levels to go through.
In CLI we have users log in at priv 1 and use "enable" to increase privilege and do configurations. This allows "accounting" of command history. On the AIR-AP1121G-A-K9 (12.3(8)JED1) I cannot duplicate this for http login.
I can log in as a user at priv 1. When I try to go to a privileged link like "Security" I get prompted for a second login/pw. Nothing works here unless I have a second user defined at priv 15 and enter that login/pw. The problem is - that login/pw can be used to log in via http in the first place which bypasses accounting of the actual user. It also allows login to the CLI at priv 15 which I cannot permit.
I have FWSM's in Cat 6513's. I have a need to be able to session from the switch to the FWSM by using default account (not local user), at privilege level 15 I further have a need to allow a user read only access by ssh'n into the FWSM...
I believe I need to setup a local user, at, say privilege level 5, assign the show command only to privilege level 5, then set the authorization command for that user. So, i think my command sets are as follows to accomplish this: username <username> password <pw> priv 5 priv command level 5 mode exec command show aaa auth ssh console LOCAL aaa auth enable console LOCAL aaa authorization command LOCAL
I think, that this will allow the user at privilege 5 to run only the show command and only by SSH to the FWSM while allow the priv 15 level default login to continue to function properly.
We had a core switch(4503) in our environment and recently we tried to enable syslog in the switch. But the syslog server doesnt receives all the configured level messages from the switch. Following is the only message getting in syslog server after the configuration change in switch.
%SYS-5-CONFIG_I: Configured from console by CWLMS onvty1
(No Traffic related messages like acl deny traffic, spanning tree events etc are getting to syslog server as well as log buffer of the switch)
Following are the logging configuration for the core switch
211540: Jun 10 10:45:17.935 UTC: %PLATFORM_STACKPOWER-4-UNBALANCED_PS: Switch 4's power stack has unbalanced power supplies 211541: Jun 10 10:46:18.045 UTC: %PLATFORM_STACKPOWER-4-UNBALANCED_PS:
After stacking two 3750X switches, with four equal power-supply's, with StackWise and PowerStack , still got the next message every few hours %PLATFORM_ENV-1-FRU_PS_ACCESS: FRU Power Supply is not responding (gn4m-rt1p08-04-2)( note that the message revers to the second switch in the stack ) although the stackwise and powerstack on the switches is oke and are working correctly. !
Config : Stack-power in power-sharing mode/strict With CLI on the switch : All the power supply's and stack-power details, prio look OK.
Only: LMS prime /inventory/cisco-view/configure/power supply status result : some power supply's are marked as disabled.with the command > power supply 2 slot a off/on I manage to get the status back to "normal", but after a few hours some power supply's are again marked as "disabled".
I keep getting alerts from our WCS stating that our 1252s are drawing low power. Now I am aware that they require enhanced PoE (up to 20W) but as we only have standard PoE in that building we purchased the 1252 series power injectors to go with them.
However, even with the correct power injectors the WCS still reports the draws low power error.
Is this a bug? Running WCS 7.0.172 at the moment.
Forgot to say we are using the PWR-INJ4 and the injector status is enabled and you see the injector MAC address when you drill in to the AP status.
We have two switches of the same model (WS-C3560-48PS-S) that are not providing PoE. I'm trying to remotely determine what the cause of the issue is.
Here is some output.
Hostname#show power inlineAvailable:0.0(w) Used:0.0(w) Remaining:0.0(w) Interface Admin Oper Power Device Class Max (Watts)--------- ------ ---------- ------- ------------------- ----- ----Fa0/1 auto off 0.0 n/a n/a 15.4Fa0/2 auto off 0.0 n/a n/a 15.4Fa0/3 auto off 0.0 n/a n/a 15.4Fa0/4 auto off 0.0 n/a n/a 15.4Fa0/5 auto off 0.0 n/a n/a 15.4Fa0/6 auto off 0.0 n/a n/a 15.4Fa0/7 auto off 0.0 n/a n/a 15.4Fa0/8 auto off 0.0 n/a n/a 15.4Fa0/9 auto off 0.0 n/a n/a 15.4Fa0/10 auto off 0.0 n/a n/a 15.4(code)
I have a 6500 chassis with 2 power supplies. At the moment I am using the default configuration:
power-redudancy mode redundant
The problem is that an inserted module is in "power deny" state due too insufficient power.
I know, that It's not a good idea to change into combined mode (loss of redundancy), but my customers requested this anyway.
So I will change to combined mode. So here's the 1 million dollar question: "Which modules will go into power deny, if one of my power supplies fails?"
The 6500 config guide states:
"Power supply is removed withredundancy disabled • System log and syslog messages are generated. • System power is decreased to the power capability of one supply. • If there is not enough power for all previously powered-up modules, some modulesare powered down and marked as power-deny in the show power oper state field."
Well, do you know if there's any way to configure some kind of priority? E.g. I definetly don't want by 10Gig Module or WiSM module to be in power deny. Can i statically make sure, those module will be powered on for sure? Like: "power enable module slot_number" How is this calculated? Or is random?
In a stand alone 3750x switch configuration, can the secondary power supply only act as a redundant power supply (active/standby), or can it become a "pool" of power similar to power sharing mode for StackPower (somewhat active/active)? I understand there is no stack involved here but I'm curious if this functionality is possible.
I want to create a user who only has access to "router>" prompt on the CLI. this user should not be able to do enable command and by no other means be able to go to global configuration mode. I know the command router(conf t)# username ABC privilege 1 password ABCPASS, but even with this command, this user gets privilege 15 access.
I need to upgrade our Wireless Lan Controller to support new APs. I was able to get the new code due to a security advisory on the code we are running now. I am upgrading from 6.0.196.0 to 7.0.220.0 (MD). I have read in some of the technical docs that the WCS has to match the WLC. I cannot find any documentation as to what this entails on the WCS.
I have a Cisco WLC 4404 with version software 7.0.230.0 and it gived me a this logg
Oct 9 15:43:08 192.168.122.34 WLC_4404_CC: *osapiReaper: Oct 09 15:41:49.549: %OSAPI-3-FILE_OPEN_FAILED: osapi_file.c:370 Failed to open the file : /proc/895/stat.(erno 24)
I have a WLC 4404 installed and we would like to manage the bandwidth per SSID. Today we have configured many SSID because our campus has a lot of wireless users and any SSID has only one class C subnet (/24).
We would like to configure each SSID with more subnets. is this possible ?
Additionally we need to restrict the bandwidth per SSID. is this possible ? We have some SSID for less important users and we would like to assign the bandwidth per SSID.
I have a Cisco 4404 WLC that is up, has green status light, the interfaces are showing activity. I see it connected to my Cisco 6500, (Sh port status) it shows connected and trunking,; I also see a lot of activity on the interfaces. Also it will not let me console in, I can console in on my other Cisco 4404 WLC's with out and issues, so I know my cables and configure are correct. The only change a I made today was the time zone. I noticed the time was off by a hour and noticed that the time zone wasn't set so I set it correctly. Shortly after that I saw the WLC go belly o up in my WCS. I tried rebooting the WLC several times without luck. Since I can not gain access via the console I can not really trouble shoot.
Trying to upgrade my Wireless LAN controller model 4404, I'm running 4.1.190.4 code and want to upgrade to 6.0.202. Looking at the release notes for 6.0.202 and the compatibility matrix, the matrix indicates I two intermediate loads first. One is 4.1.192.35m and the other is 6.0.182.0 then I can load 6.0.202 code. My problem is I can't find the 4.1.92.35m code. Looking at the software download the highest 4.1 folder has is 4.1.185.0. where to find the 4.1.192.35m code for 4404 WLC?
WLC 4404 is configured as Anchor controller, the MAC violation are captured by Controller. the Violated MAC are deleted manually through GUI, but when tried deleting through CLI using command
>Config exclusionlist delete <mac address>
we get error message as error deleting user <mac address>
