Cisco :: 5508 AP Configured As Rogue Detector And Configured Switch Port
Jul 21, 2011
I am testing rogue on wire using 5508 WLC and , I have a dedicated AP configured as rogue detector and configured the switch port where the Rogue detector is connected as trunk. I have plugged in an autonomous AP with open authentication to the same switch so that it can act as a rogue. On the WLC, I can see that Autonomous AP as rogue on Wire. But along with that I am seeing another AP as rogue on wire, even though i have plugged in only one Autonomous AP to the switch.
View 3 Replies
ADVERTISEMENT
May 28, 2012
(5508 WLC, 1142N APs).I understand if I enable the AP mode to Rogue Detector from the details page of the AP, the AP stops accepting requests and is now looking for rogue items on the wired network. Is this the same when I enable Rogue Location Discovery Protocol? Will I lose the wireless functionality of all of my APs on the controller?
Next question, when I look at the Rogue Summary on the Monitoring page I see three Adhoc Rogue devices. When I select the Detail link only one shows. I remember the other two were HP mutifuction devices with WIFI enabled but I cannot retrieve that information anymore.
View 9 Replies
View Related
Dec 14, 2012
I'm using a 2504 controller. I dont have WCS.My questions are about the best way to configure a Rogue Detector AP.
In my lab environment I setup the WLC with 2 APs. One AP was in local mode, and I put the other in Rogue Detector mode.The Rogue Detector AP was connected to a trunk port on my switch. But the AP needed to get its IP address from the DHCP server running on the WLC. So I set the native vlan of the trunk port to be the vlan on which the WLC management interface resides. If the trunk port was not configured with a native vlan, the AP couldn't get an address through DHCP, nor could the AP communicate with the WLC. This makes sense because untagged traffic on the trunk port will be delivered to the native vlan. So I take it that the AP doesn't know how to tag frames.Everything looked like it was working ok.
So I connected an autonomous AP (to be used as the rogue), and associated a wireless client to it. Sure enough it showed up on the WLC as a rogue AP, but it didn't say that it was connected on the wire. From the rogue client I was able to successfully ping the management interface of the WLC.
But the WLC never actually reported the rogue AP as being connected to the wired network.So my questions are:
1. What is the correct configuration for the trunk port? Should it not be configured with a native vlan? If not, then I'm assuming the rogue detector AP will have to have a static IP address defined, and it would have to be told which vlan it's supposed to use to communicate with the WLC.
2. Assuming there is a rogue client associated with the rogue AP, how long should it reasonably take before it is determined that the rogue AP is connected to the wired network? I know this depends on if the rogue client is actually generating traffic, but in my lab environment I had the rogue client pinging the management interface of the WLC and still wasn't being picked up as an on-the-wire rogue.
View 4 Replies
View Related
Apr 23, 2012
I would like to know how many port channel can i configured in the switch 3750 X ? and if there is a limitation by IOS ?
View 4 Replies
View Related
Feb 16, 2013
There are 5 VLAN's and all can communicate through all the different subnets, but VLAN5 can not communicate to the RVS 4000.
VLAN Smart Port set to switch and router - this is not working What Smart Port configuration should be set up to talk to the LAN port on a RVS4000?
VPN is set up and connected, but when trying to connect to the client can not connect to remote networks.
View 1 Replies
View Related
Jan 9, 2012
we have cisco 6500 series switch and configured port channel on both switches with 2 gig interfaces on both switches.
When we enable the port channel mode to as desirable to the interfaces on both side and applied the port channel to physical interfaces switch will go down and if we remove on any one side switch will come up. we have enabled globally the following commands. [code]
View 10 Replies
View Related
Mar 9, 2009
If you deploy a Cisco 1242 a/b/g access point as a rogue detector, can this be used for 802.11n wired detection as well.i.e Will the controller send the MAC addresses of the 802.11n clients and APs. url...
View 8 Replies
View Related
Aug 23, 2012
Can the Cisco 3602 APs be configured by a Cisco 5508 WLAN controller to provide client isolation?
View 2 Replies
View Related
Nov 14, 2012
A customer runs a 5508 WLC for quit a while. several dozens AP's are spread all over Europe an run just fine. All the AP's have a VPN based connection over an MPLS service provider, so we are using 10.x.x.x addresses only. We have upgraded to release 7.2.111.3 to support OEAP 600 and we have configured NAT in the Firewall as well a policy to support the home office AP. Everything works fine until the switch where the WLC was attached to crushed. From this moment on, all internal AP's ar no longer able to register at the WLC. A log at the console port on an AP shows that it tries to access the external (NAT) IP address. We had to remove the NAT flag to support the internal AP's.
View 3 Replies
View Related
Jan 23, 2012
I have an old Dlink DI-604 that I'd like to configure to work as a switch. I think this is possible but not sure how to do it. Switches are cheap but if I could save a few bucks with some tweaking I'd prefer that. Plus I figure I'd learn a bit about networking.Dlinks site on the DI[URL]Uverse and I'm out of wired ports on the Residential Gateway. I would like 2 more ports to network my PC and NAS, so my laptop and Xbox can access their files.
View 4 Replies
View Related
Jan 26, 2011
I'm having issues with SSH on my 3750G-12S. I'm not able to SSH to another switch when VRFs are configured.I've tried ip ssh source-interface, ssh -vrf doesn't exsist and I've upgraded the IOS to the latest version.
View 4 Replies
View Related
Feb 25, 2013
such as the SLM2048T can be configured as an managed switch. Our schools have laptop carts and we want to put switches in the carts so that the laptops will be plugged into the network when not in use and software installs, updates, etc. can be pushed to the laptops while they're in the cart instead of waiting for them to be taken out, powered on and pushed over wireless. I can find a 10/100 48-port unmanaged switch, but I really want a gigabit unmanaged switch, but they don't seem to exist so I was wondering if a managed switch can be configured and used as an unmanaged switch. I don't want to have to assign a static IP address to the switch.
View 1 Replies
View Related
Oct 17, 2011
I have a named aggregate policer configured on a 4948 switch running IOS 12.2(53)SG2 but can't seem to be able to monitor it using SNMP as I can't locate the OIDs (using OIDView) - I'm okay with CB and PB QoS.
View 1 Replies
View Related
May 12, 2013
I've been tasked with finding all switch ports that are configured as Trunks. We plan to use LMS 4.2 to push (via Netconfig) new interface level commands to all user (non-trunked) ports. From my experience, this poses a problem because we do not know which ports are configured as trunks -vs- user ports.
Using Netconfig is not going to be easy since there is no way to script this. It would be great if I could run a show command on a switch and then have CWSI peform a change based upon the output.In other words, we need a way to run a job based upon the output of a command.
View 1 Replies
View Related
Nov 1, 2012
We have a 3560 switch behind a ASA 5510 at a site that we are trying to access via telnet over the internet, we find out the switch does not have a default gateway configured. So I configure the following rule on the 5510: [code] Try accessing the switch, and all is good. One of our change control steps is to identify any others are connected to the device via: [code] I see the connection and show users command return 172.16.30.15, as expected. How is it possible that address can connect to that switch.
View 7 Replies
View Related
Apr 14, 2012
I currently have a Cisco 2621 powering a network at our co-location facility... It's a simple setup and is working well. The colo provides a redundant HSRP uplink, so I have their two uplinks going into a Dell switch. From that Dell switch I have a uplink into FastEthernet0/0 on the 2621, configured with my routing network, and then FastEthernet0/1 gets an address from my block of routable IP. FastEthernet0/1 then plugs into another Dell switch where I have all my servers connected. The servers get public routable IP addresses and use the address on FastEthernet0/1 as their default gateway.
It's time to upgrade off the 2621, so I aquired a Cisco 2811 which has two FE interfaces, as well as a modular HWIC-4ESW switch. My question is, can I get rid of the Dell Switch A in the setup above and just use the internal switch on the 2811 to accomplish the same thing? And I if I did this, would my two uplinks from the colo plug into ports 1 and 2 of that HWIC, and then port 3 would physically connect into FE 0/0? Or can I logically do that via configuration in the Cisco? I'm not sure how all this works and haven't received the new router yet, so I thought I'd get a head start and reach out to the experts.
My second question is unrelated, but each port on the HWIC switch cannot be configured as a network interface right? I'm pretty sure they can't as they aren't considered network interfaces but just thought I'd ask.
View 11 Replies
View Related
Jun 18, 2012
I just noticed that i have port 10080 open on my router (wrt160nv3). Port forwarding is not configured and web administrative access is only allowed through https (443). DDNS is also disabled, I was wondering why this port is open.
View 9 Replies
View Related
Oct 16, 2012
I have a Cisco E4200 with a Thecus NAS behind it. I configured port forwarding on port 80, 1080 and 4433 to access the NAS. However it's not working. Also tried to place the NAS in DMZ, but also I cannot connect it from outside my network. Inside my network, there is no problem.I also connected the NAS directly to the internet, and then I can access it from outside my network.I already tried a factory reset, disabled UPnP and IPv6, but nothing seems to work. I also replaced the router with a Cisco E3200, but it makes no difference.
View 9 Replies
View Related
Sep 27, 2012
how my switches are configured, a cisco 3750 and a cisco 4506.[code] i can ping the gateway from the 3750 however cannot get anything past that or enything to it.
View 12 Replies
View Related
Aug 19, 2012
I have two Cisco 4506's running cat4500-ipbase-mz.122-50.SG3.bin. Periodically, when attaching a new workstation to these switches the Mac Address of the device disappears off the port when the device is connected or the port is configured. The only way to correct the issue is to do a hardware reset on the blade or reboot the switch. After resetting the blade or rebooting the switch the devices will start showing up on the port and connect. This does not effect devices that are already connected to the switch, just newly added devices
Both switches are populated with WS-X4148-RJ45, WS-X4148-RJ45V and WS-X4248-RJ45V blades. It doesn't matter which blade the new device is being connected to. I believe that this may be a "Bug" but have been unable to locate one.
View 3 Replies
View Related
Feb 18, 2013
I configured port security on my 2960 switches with the following commands: [code]
The problem is that when I should change someone's PC, first I disable port-secirity, then I clear all the mac addresses learned on the interface, then I plug the new PC and enable port-security. The new PC couldn't connect to the network and it's mac address has not be learned on the interface. Why?Which commands should I use to clear an old mac address and enable port-security with the new mac address.
View 4 Replies
View Related
May 23, 2012
I has a issue about etherchannel beetwen 02 Catalyst 6500 switch, i need your comment about it. if you had any similar experience:
1.- On Catalyst Switch 6500-1: I configured interface port-channel 4 and associated it to G6/29 and G6/30 interface Port-channel4description IUU1_Gn1_HLIMSGSN01_Port_channel_6_29_6_30switchportswitchport trunk encapsulation dot1qswitchport trunk allowed vlan 406,408switchport mode trunkswitchport nonegotiatelogging event link-statusload-interval 30mls qos vlan-basedmls qos trust dscp!
2.- On Catalyst Switch 6500-2: I configured interface port-channel 4 and associated it to G6/29 and G6/30
interface Port-channel4
description IUU2_Gn2_HLIMSGSN01_Port_channel_6_29_6_30
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 407,409
[code]....
and i see output "show interface Po4A" up up on switch-1, "show interface Po4B" up up on switch-2
5.- In the show running-config not appear configured Po4A and Po4B. it only show on outputs
6.- Po4A and Po4 was not configured on neither switches, my question is why appear Po4A and Po4B on switch-1 and switch-2 respectively? and why Po4 appear in down down.
7.- I solved this issue by shutdown and not shutdown to the interfaces on both routers, currently all is OK.
View 4 Replies
View Related
Sep 21, 2011
I've a network with 28 computers and 2 servers. Each server have a double Gbit port configured in Load Balancing & Fail Over.Now, I want to buy two Cisco's Switch SG 200-26 and I would know the best way to connect them and if it's possible to interconnect them with more than one cable to share the trafic.
1. Is this following solution a good one (does the link between swhitches will work when computers will access to servers) ?
2. Is this next solution possible ?
View 3 Replies
View Related
Sep 3, 2012
We have a DHCP SERVER implemented in a cisco router 2610.This router is connected to a switch cisco 2960 configured as DHCP SNOOPING. At the switch appear the next log message: [code] The ip address: 10.100.200.1 belongs to DHCP SERVER configured at router cisco 2610. What to do so these log messages does not appear any more? Do I need to do some configuration changes at some switch or router?
View 11 Replies
View Related
Jan 18, 2012
I have cisco 851 using ccp to configure EASY VPN
I click on TEST VPN SERVER then click start the status shows successfull
when I tried to connect a client I get mm_no_state
When I reviewed the report from the test I found
AAA authentication : Not configured
My AAA
aaa new-model
!
!
aaa authentication login tgcsusers local
aaa authorization network tgcsvpn local(code)
View 24 Replies
View Related
Apr 24, 2012
I have a 5508 controller with 70 AP's ( a mix of 1131 and 1142). On the Monitor tab I can see under the Rogue Summary numerous "Rogue AP's" as well as the clients associated to these AP's. There are no Rogue AP's on my wired network according to the report. My question is this: What actions should I take regarding these "Roague AP's"? Many of them appear to be just other AP's in the residential area near by. I know I can take action to classify them as Friendly or Malicious as well as Internal or External, but what benefit is there to doing this? Will taking these actions keep my AP's from scanning off channel for Rogues? I read that if a "Rogue AP" is not on the wired network that is really is not considered a threat. Any Cisco best practices regarding how to handle detected Rogue AP's ?
View 4 Replies
View Related
Mar 18, 2012
We have recently deployed a wlc5508 & some 40+ 3502i APs at the location.In the wlc I notice quite a few "rogue AP" listed with ssid's.
Is there a way within the wcs or wlc to determine better if any of these rogue AP are on my Lan?If I can locate the mac address of the ethernet port on the rogue AP I can track the port down on the appropriate switch & shut it down.
View 7 Replies
View Related
Apr 7, 2012
I am running Win 7 32-bit for my OS. I am on a desktop PC. I have a Internet modem only without the router. I have a Motorola SurfBoard SB5101.When I go into the Network Connections and do a diagnose. I get the following message. I tried doing netsh int ip reset reset.txt, and restart my PC, but it doesn't fix the error.Your computer appears to be configured, but the device or resource (DNS Server) is not responding.
View 3 Replies
View Related
Apr 18, 2011
I purchased a Cisco 520 and am trying to set it up on my home network.Its ADSL PPPoA for WAN.I am trying to setup 2 LANS. One General Network,One DMZ for webhosting.Now, since this router has 4 ethernet ports, i assumed i did not need VLANS. Except when i try configure an interface with an IP address i get this error: % IP addresses may not be configured on L2 links.Now. Ive looked around on the internet about this error. And it seems that since these interfaces are not Layer 3 interfaces,they need to be associated with VLANS.This would be OK. Except this requires an IP address on an interface on the router! Back to square one.
View 6 Replies
View Related
Aug 9, 2011
I am having an ASA 5510 and have configured Clientless SSL VPN in it. Now I need to allow my SSL VPN user to access on a particular application(like mspaint.exe for example).When the user login to the SSL VPN, he should see only the particular aplication or must be able to access on the particular application.
View 2 Replies
View Related
Jun 13, 2011
I purchased 2 Cisco WAP4410N and i configured them on the network as 192.168.1.241 and .242.I see both SSIDs i created and they are named Cabo1 and Cabo2.
When i initially did the setup I was able to log into the webbased interface through both ip addresses.
I just tried again now, and Im able to log into the interface for .242 but not the .241. I am connect to the router with .241 via wireless because it is with the SSID of Cabo1.
View 1 Replies
View Related
Feb 9, 2013
I would like to know if we can use the following card i.e. WS-X6704-10GE along with SUP-2T which will be configured in VSS.
This line is supported with SUP-2T, however not sure if the sup 2t will be configured in VSS. If any supporting document can be provided for the same , that would be great.
If this is supported than whether i would be getting line rate/non blocking capacity with WS-X6704-10GE. Since SUP-2T provides 80 Gbps bandwidth per slot.
View 5 Replies
View Related
Mar 4, 2012
Can a PA-1GE module in a 7206VXR with an NPE-G2 be configured to negotiate/work with a 100mbps Vendor provided Ethernet Port? The router sees the interface but it is in up/down.
View 1 Replies
View Related
