Cisco :: 6509 - Unable To Tenet / SSH / HTTP To WISM
Feb 26, 2013I have issue to access one of the wism on 6509 switch however other wism is ok both wism on switch are up and functional how to enable remote access on wism.
View 13 RepliesI have issue to access one of the wism on 6509 switch however other wism is ok both wism on switch are up and functional how to enable remote access on wism.
View 13 RepliesOn a Catalyst 6509 switch I have configured wccp protocol in order to redirect the Http traffic to a Bluecoat SG8100. It was working fine until a new L3 interface implementation.Thereafter I was unable to redirect the http traffic due to an error reported from the Cat6509: [code] After some checks I supposed that the problem should be the UDP 2048 port connection between the Switch and the Bluecoat while the switch L3 port and the bluecoat are on the same Lan. A deep analysis found that the WCCP protocol seems to be as follow:
-Proxy address 10.64.28.240 to Switch Port 10.64.28.250 Here I Am
-Switch Port 10.64.28.250 to Proxy address 10.64.28.240 I See You
-Switch Port 10.66.0.251 to Proxy address 10.64.28.240 UDP 2048 packet (dropped by firewall)
It's strange to me that the first dialog is correctly handled by the correct Cat6509 interface while the UDP packets are flowing from another Vlan interface not configured with the WCCP and apparently not involved on the protocol.Last of all the WCCP is now disabled and unusable?
I am getting an alarm on WCS where a one controller is down, unreachable from WCS, while the other one is reachable on the same WiSM module. Upon investigation, Status of controller is shown as "Oper-Up" for all controllers on Supervisory engine. Hardware platform is Cisco 6509-E.
WLAN
Slot Controller Service IP Management IP SW Version Status
----+-----------+----------------+----------------+-----------+---------------
2 1 192.167.10.11 172.19.47.65 6.0.196.0 Oper-Up
2 2 192.167.10.12 172.19.47.66 6.0.196.0 Oper-Up
However, I can not ping the managment interface of the down controller while the other controller management interface is pingable. All these interfaces are in the same VLAN.
ping 172.19.47.65
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.47.65, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Problem is fixed when I reboot the problematic Controller. However, this problem re-appears after some time. I am not able to figure out why controller is not able to ping its default-gateway which is an SVI interface on Supervisory card on the same chassis, and showing status UP/UP. Is it a software bug or backplane fault or any other reason ?
We have a WISM in a 6509. The 6509 lost power (the UPS failed) and upon reboot the WISM isn't allowing AP's to connect. The WISM is blade 4. Upon consoling in, I get this error message for all 8 ports: 42w6d: %EC-SP-5-CANNOT_BUNDLE2: Gi4/1 is not compatible with Po407 and will be suspended (trunk mode of Gi4/1 is dynamic, Po407 is trunk)
View 13 Replies View RelatedI have the following on my 6509:
Mod Port Model Serial # Versions
---- ---- ------------------ ----------- -------------------------------------
1 10 WS-SVC-WISM-1-K9 XXXXXXXXXXX Hw : 2.2
Fw : 12.2(14r)S5
Sw : 12.2(18)SXF16
Sw1: 8.6(0.306)R3V39
WS-SVC-WISM-1-K9-D XXXXXXXXXXXX Hw : 2.1
There are few documents that tell me different requirements for the WISM cards to configure VSS.
I have been having some issues trying to stand up an older WiSM that has been incorrectly configured by my predecesssor and has a bad Mgt IP so I am unable to telnet or SSH into it, nor can I console or session into it.
What I would like to do is to change the Mgt address for the WiSM controllers (1 and 2) by way of the Sup (not sure that is possible) because as it stands they are set to 169.254.1.1 and are unreachable even when directly consoled into them.
Core-A#sh wism status
Service Vlan : 52, Service IP Subnet : 10.104.52.2/255.255.255.0
WLAN
Slot Controller Service IP Management IP SW Version Status
-------------------------------------------------------------------------------------------------------
3 1 10.104.52.3 169.254.1.1 4.0.217.0 Oper-Up
3 2 10.104.52.4 169.254.1.1 4.0.217.0 Oper-Up
Core-B#sh wism status
Service Vlan : 52, Service IP Subnet : 10.104.52.1/255.255.255.0
WLAN
Slot Controller Service IP Management IP SW Version Status
-------------------------------------------------------------------------------------------------------
3 1 10.104.52.50 10.104.30.254 7.0.116.0 Oper-Up
3 2 10.104.52.51 10.104.30.250 7.0.116.0 Oper-Up
I hope to get this WiSM setup on Core A and get it configured like I have my Core B and then run them in a dual failover design with load balancing between the two.
although cisco sw advisor said that the best IOS for my hardware 6509 Sup720 IOS: (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(18)SXF16 suits the WiSM; And I tested it already with WiSM version 5.0 but when I've upgraded the WiSM to version 6.0 the service interface from the switch side says:
B5_Noc2_CS1(config)#int gig 4/9
% This interface cannot be modified
as the customer refuse to upgrade the switch IOS & He wants to use the latest ED WiSM sw 6.0;
I try to access to WS-SVC-NAM-2 module in the Switch 6509. But is not work although the HTTP port is enabled (I tested with the command telnet @ip 80).
I try telnet access to the module to check the config , but I always the message that the lo gin / password is wrong even though they are valid.
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies View RelatedI was unable to access my ASA 5520 using HTTP/HTTPS even on the management interface. I had upgrade the ASA IOS to asa832-k8.bin and ASDM to asdm-634-53.bin. But, the issue still the same.
My browser show the error message as attach image.
PGA-Firewall-02# sh run: Saved:ASA Version 8.3(2)!hostname PGA-Firewall-02enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface GigabitEthernet0/0 nameif public security-level 0 ip
[Code]....
I am not able to access https sites (like banking etc.). Once I plug my old router back I have no such problem. I guess it must be router settings that I cannot figure out.
View 7 Replies View RelatedI am testing out some inspection options on an ASA 5505, and I am running into a situation in which applying a http inspection is dropping all outbound http traffic. I get a "protocol violation" error in the logs.
Here is the setup: I'm not sure why the web traffic is getting dropped.
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
[Code].....
This is a new install of LMS 4.2 evaluation. I have a current install of LMS 3.2 which is working. When I run an Add job for our core 6509 in Software Repository using cisco.com on the 3.2 LMS it works normally. When I attempt the same job in LMS 4.2 for the same device the device is not selectable in the left hand window and it has a message that says (This operation requires Containment data in Inventory. Either this is unavailable) Or (Add Image from CCO not supported). Also and probably related is that LMS 4.2 cannot complete an inventory update on the 6509s that we have and does not say why the inventory job collection failed. So far as I can tell the other devices inventory and offer IOS updates correctly. I ran a job to get all device package updates before I ran any of the jobs. The devices all pass credential checks except for HTTP, which is not activated on the devices.
View 4 Replies View RelatedWe are unable to login at Cisco 6509 switch, due to username and password not working. We have tried to recover the password as per Cisco document, but that is also not working. This switch is our Primary Switch in our network.
View 8 Replies View RelatedWe have ACE module intergrated in cisco 6509 switch. We have performance issue for specific url while accessing through ACE, but it works normal when works with direct url.The users are getting error at middle of works , " applications are unable to get data ". We have configured http-cookie sticky like below, [code]
We are using two rserver in serverfarm and enabled port-80 services.
I have a vlan defined in FWSM for server farm there is a one server with two IP addresses and teaming has done on it how ever from FWSM i am able to ping both IP addresses but from core 6509 switch i am only able to ping one ip address. from FWSM show ARP command displays the same virtual mac addresses against both IPS of the same server.
View 2 Replies View RelatedI have a 6509-E chassis that was prevoius in a VSS configuration. Due to some VSL failures I had to cobvert it to a standalone chassis but would like to bring it back to a virtual system.
Whenever I try to convert it by using the command "switch convert mode virtual" I get the msg %Please configure local switch number first". After doing so by entering the CLI cmd "switch set switch_num 1 local" I still get the same message.
Platform:
cisco6509-E with FWSM
Supervisor Engine 32 PISA 8GE
sup-bootdisk:s32p3-adventerprisek9_wan-mz.122-18.ZY2.bin
command:
(config)#ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
(config)#no ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
#clear ip nat tran *
(config)#ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
%Port 14029 is being used by system
Or %Static entry in use, cannot change
But when I perform "sh ip nat tran" command,There is nothing
Is Ciscoworks LMS 3.2 supports WISM 2?
View 3 Replies View Relatedweb authentication when using Android devices. I've been testing it and it seems to be caused by certificates (as it has been said in others discussions). With https disabled in the WLC (Wism 6.0.196.0), the portal authentications loads, but no with https. In addition, another issue I've detected is the DNS resolution of my controller by 1.1.1.1 when redirection takes place. With https enabled, DNS resolution and redirection works fine, so I don't think DNS server misconfiguration is the cause of the problem.I've only been able to see the portal with https disabled and entering manually 1.1.1.1/login.html
View 13 Replies View Relatedis there a way for pre deploying the new ap images? We have around 500 APs and my inspection windows isnt long enough to upgrade via controller......
View 6 Replies View RelatedWe are currently upgrading from WISM-1's to individual 5508 WLC's. Is it possible to export the config from controller on the WISM to the 5508?
View 5 Replies View RelatedI dont think my cards are faulty (4 cards in 2 6500 switches),I connect directly to my WISM cards, boot them (insert them), I see it turning on, enabling services, and as soon as the "username:" prompt apears, the Status led turns off and I lose console. [code]
View 21 Replies View RelatedThere are 8 existing W LAN's in our WISM controller & it is working fine without any problem. Now the problem is any new W LAN's are not broadcasting from WISM to APs, I am able to create & enable it in WLC but it these W LAN's are not reflecting in associated APs.
FYI: WISM controller is in 6500 switch & FWSM module also in the same switch, earlier there was rule with any any traffic in the FWSM but recently we have removed the FWSM & all rules moved to checkpoint. We have check the in firewall there is traffic is blocking.
we have two wisms in a cat6500, I wonder how can you log into the wism from the switch. to be more specifically, how can I know the processor number?
View 4 Replies View RelatedWe have Cisco WiSM modules on our 6500 switch. I tried to register a 1142 access point to the WiSM. Is there any difference in the way an AP registers and appears on the WiSM as compared to the Wireless Lan controller?
I could see the AP get an ip from dhcp pool ( configured on the switch ) and Ap was visible on the cdp neighbor of switch.
However, i could not locate the new AP on the WiSM module. Do i need to add MAC address to the WiSM as same as WLC.
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
I currently have a vlan/SVI on my 6506 for the WiSM service-port. The WiSM has an address on the same subnet. To manage the WiSM, I either https to the Management interface address or use 'session slot X proc Y' from the the 6506. Since I am essentially only using two addresses from a subnet for this service-port I would like to free up the subnet. Can I keep my current functionality by having a vlan only (with the wism service-vlan XX command) with no SVI?
View 7 Replies View RelatedI have a facility, where all the access points almost 250 of them are connected to two WisM's (One in each core switch ) . They are running in 6.0.199 firmware . These two WisM's are managed by WCS , which is running 6.0.188.
As i need to add more access points and to make fully redundant , 5500 controller was ordered and it has with firmware 7.0 installed. Couple of queries related with it .
1. Can 5500 be added in the WLC group, so that existing Access Points can be configured to use primary controller as 5500 and secondary / tertiary controller as WISM ?
2. Will 5500 be able to be detected by WCS , as the version of 5500 is 7.0 and WCS version is 6.0.188 ?
3. As WCS was already deployed and live, is it possible to upgrade, if the client has support contract like SUSA ?
WISM v7.0 VLAN Select. If the VLANs subnet to be configured under interface group MUST be having the same subnet.
Eg. VLAN1 - mask 255.255.255.248
VLAN2 - mask 255.255.255.120
Would these two VLANs be able to work together in interface grouping?
In our setup we have WiSM modules installed on cisco 6506-E, ACS 5.3 virtual appliance. We are trying to implement EAP-FAST for our Wireless using WPA/WPA2 802.1x on the WLC side.
I have followed the instructions in the following document step-by-step: [URL]
Still I have no success. Tried most of the permutations on ACS EAP-FAST configuration.
WiSM WLAN Service Module WS-SVC-WISM-1-K9 in 6509e running VSS IOs s72033-ipservicesk9_wan-mz.122-33.SXI2a.bin having trouble to get the IP from service-vlan DHCP.The pertinent config is as follows.
!
vlan 300
name WiSM_Service_Vlan
!interface Vlan300
description *** WiSM Service-Vlan
ip address 192.168.200.1 255.255.255.0
[code]....
The service IP is supposed to have been populated with an address from the dhcp pool. I am also unable to connect to it by doing a session switch 1 slot 4 processor 1. I get the following upon attempting to do so:
HO2NET0001##session switch 1 slot 4 proc 1
The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session Trying 0.0.0.0 ...