Cisco :: Configure A Secondary Port For Management Interface WLC 2112
Oct 16, 2011
how to configure the backup port for the management interface for a WLC 2112. I see in the documentation that it states:
"Each interface is mapped to at least one primary port, and some interfaces (management and dynamic) can be mapped to an optional secondary (or backup) port. If the primary port for an interface fails, the interface automatically moves to the backup port. In addition, multiple interfaces can be mapped to a single controller port."
But nowhere can I find where it says how exactly to do it. Google seaches have come up empty as well. I am connecting the WLC to a 3750 stack, and would like to have a secondary port from the WLC connected to the second node of the 3750 stack. So far I have connected port 1 (management) of the WLC to a port on node 1 of the stack which is configured as a trunk and everything is workign fine. I have also connected port 2 from the WLC to a port on node 2 in the stack that is configured the same as the port on node one. how to tell the WLC to use port 2 as the management backup if needed.
[URL]
View 2 Replies
ADVERTISEMENT
Nov 24, 2012
We already have a subnet defined to inside interface and is in produciton. the default gateway is this interface ip. In that setup now I have to add one more subnet and as the first subnet is been defined in ASA indside interface, I have to assign secondary Ip to the inside interface so that new subnet users can easily reach here and go outside.
View 1 Replies
View Related
Feb 12, 2013
I have 4 public IPs on Router 3845 interface FastEthernet 0/0/1. IP as below.
50.200.2.2
50.200.2.3 secondary
50.200.2.4 secondary
50.200.2.5 secondary
I wan to allow ports 80 to 90 on 50.200.2.3 for my webserver (192.168.10.50)
View 5 Replies
View Related
Feb 8, 2011
I am having a problem using my Windows IAS radius server to validate management users for my 2112 Wireless Lan Controller.I have defined the radius server and it works ok with the policy for validating wireless clients but not for WLC management users.The Remote access policy seems to be set up correctly as the event viewer on the server shows:-
Event Type: InformationEvent Source: IASEvent Category: NoneEvent ID: 1Date: 09/02/2011Time: 11:06:06User: N/AComputer: UK01DC07Description:User xxxxxx was granted access. Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxx NAS-IP-Address = 10.10.45.210 NAS-Identifier = UK03NM01 Client-Friendly-Name = UK03NM01 Client-IP-Address = 10.10.45.210 Calling-Station-Identifier = <not present> NAS-Port-Type = <not present> NAS-Port = <not present> Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = Windows Authentication-Server = <undetermined> Policy-Name = UK03NM01 - login Authentication-Type = PAP EAP-Type = <undetermined>
....
But, the WLC log shows:
*Feb 09 11:06:06.612: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed. User:xxxxxx. Service-Type is not present or it doesn't allow READ/WRITE permission..
The WLC just returns the login screen
View 7 Replies
View Related
May 6, 2013
I have 2 x 5508 Wireless Controllers, 1 mgmt port on each as standard. I noticied something different between these controllers running the same code.I can bound a physical port to the mgmt interface on one controller but not the other (both interfaces are untagged)see below, this config appears on one controller but not the other? Is this something to do with the initial setup? How can I add Phyiscal information to the other controller mgmt interface, I cannot delete the mgmt interface. Physical InformationPort Number Backup Port Active Port Enable Dynamic AP Management?
View 2 Replies
View Related
Apr 7, 2011
We recently reset a 4400 controller in a school. Although all access points associated, clients could not get the Internet. On investigating we suddenly lost connection to the web interface. We tried hyperterminal connections to reset, but found that the managament interface had the ports "unconfigured". We finally reset the configuration, and when we tried to start from scratch it now does not allow a port designation. It asks for 1 or 0 but says both are invalid when entered.
View 2 Replies
View Related
Mar 2, 2012
Airlap 1041n i have air lap 1041n(soft version 12) and wlc 2112 i dont have dhcp server perhaps i use tftpd32 to act as a dhcp server.
my problem is
1. i have configured the wlc 2112 and it's ip is :172.25.1.1
2. i cant configure the air lap 1041n. when i enter the cli mode the following message comes ****continuously***:
Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Mar 1 01:44:11.310: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
3. my question is how to stop this continuous mgs ?
4. how can i assign an ip to my AP ?
5. how can i join my AP with MY wlc ?
I have to show my office that i can control two ari lap 1041n-k9 with my WLC 2112 and my laptop's wifi and cellphone's wifi are able to get connected with the Access points.
View 1 Replies
View Related
Jan 4, 2012
we are trying to configure WLC 2112 with LAP 1042 but getting following erros on LAP1042. It show the Ap is not supported in controller version 6.0.199.4
*Jan 5 16:52:13.397: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.2.101 peer_port: 5246*Jan 5 16:52:13.398: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.2.101*Jan 5 16:52:13.399: %CAPWAP-
[Code]....
View 1 Replies
View Related
Dec 1, 2012
This is the RVS 4000
Firmware version 1.3.3.5
STAR 9202 Chipset
64 MB DRAM
8MB Flash
DOS, Block WAN Rq, Remote mgmt all OFF
IPSec Tunnel none used
[code].....
Every day or so the Router becomes unresponsive to the HTTP mgmt interface, as well as it no longer offers DHCP services.then this happens the only remedy is to power reboot.
Everything comes back online just fine, however, the LOGS are initilaized so no data to figure out what`s going on.My next step is to setuo a syslog server and have the logs copied out.( No, I have no Torrents running at all, but I do have several devices like AppleTV, PS3s etc that run streaming Video plus I have the SPA3102 )
View 1 Replies
View Related
Jan 12, 2012
how to configure this. I did it in the past but kind of forgot how I did it.I have a stacked 3750 (two physical switches) connecting to a 2960.
I am creating trunk ports with limited access to VLAN 300, 600, and 700.
There is two interfaces connected from the 3750's(one on each physical stack member) to the 2960.I have the physical interfaces configured exactly the same.
3750 Config:
interface Port-channel2
!
interface FastEthernet1/0/46
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1, 300,600,700
switchport mode trunk
speed 100
[code]....
Should I keep the configuration on the physical ports and not configure the Port-Channel Interfaces? Do I need to configure port-channel load balancing? Is the channel-group mode sufficient? Goal is to basically create 2 links to the 2960 to double the bandwidth and provide redundancy.
View 7 Replies
View Related
Sep 14, 2012
I am trying to configure a loop back interface like so: [URL], on the following device:
C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(50)SE, RELEASE SOFTWARE (fc1on port gig0/1 which is using a 1000Base-SX adapter. This is for troubleshooting purposes and it does not appear to be a feasible option. Is there another way to accomplish in the IOS?
View 1 Replies
View Related
Jan 8, 2012
I currently have the managment interface set to my internal network using our DHCP server. We also provide another interface to WLAN for a chartity organization. Their interface and WLAN are locked out of our network (no routes, no nothing) with only VLAN tagging sending out over our backup internet connection. I have been tasked to take over their DHCP scope (255.255.240.0). I added the scope into the 4404 just fine but can't seem to assign it. So, for the sake of argument lets say:
Interface:
management VLAN 10 10.10.10.10 DHCP = 10.10.10.15
charity VLAN 20 192.168.160.2 DHCP = ????
[Code].....
If I tell the charity interface to use 192.168.160.2 for the dhcp scope it errors out. I also tried the DHCP override in the WLAN with no success. If I set either DHCP option for the charity to aim at the managment interface it does nothing as it can't find it..
View 2 Replies
View Related
Mar 3, 2013
I have two ASA 5520s in Active/Standby. I try and test this quartely to ensure it is working correctly. Everything works fine, except I have an issue with one interface. When doing a show failover, it shows the interface as failed on the secondary unit, and I am not sure why. It shows it as normal on the primary.
This host: Primary - Active
Active time: 9277305 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.2(4)) status (Up Sys)
Interface WaterworksCanopy (192.x.x.x): Normal
[code]....
View 15 Replies
View Related
Jun 19, 2012
We are trying to configure vrf aware GET VPN with COOP having primary and secondary key servers and also 3 GM routers. All GM routers we use are Cisco 888 and Key servers we use cisco 2911 routers. All GMs crypto maps have been applied into Vlan interface as there's no L3 interface on 888 routers.
Always members can form a tunnel with primary KS, we have configured redundancy with secondary key server and listed on each GM primary and secondary KS on GDOI group.
The issue we facing is that whenever we shutdown the primary or secondary servers the tunnel is not forming with available KS unless otherwise we mannually clear the crypto session. In another way when primary KS down it doest not fall back to secondary KS and no GM get registered. We have already played with all the timers such as DPD, SA lifetimes, GDOI rekey lifetime etc and also exchanging the keys (import/export) with KS and COOPs but there's no luck. We could see the following message was seen on both KS.
[code] 192.168.1.3 is the primary KS and 192.168.1.6 is the secondary KS.I captured attached debug output from 1 GM and secondary KS while I shutdonw the primary KS and also attached is our senario we were trying get work.
Also attached is the show output from both KSs when it form a tunnel with GM.
View 2 Replies
View Related
May 23, 2013
i never see this before, but on newly purchased just configured firewall.when i do wrtie standby.All interfaces on standby unit flaps.is it some IOS bug? my firewalls are [code] what could be the reason? FYI i am using LAN base failover and not doing any statful fail-over.
View 3 Replies
View Related
Jul 15, 2012
I have just updated a VLAN interface on my router. I have two 6500's with GLBP configured. The particular interface had a primary and secondary IP address. I shutdown the interface on one router and deleted the secondary address then assigned the orignal secondary address to be the be the only address associated with the interface and enabled the interface and it came right back up...all looks good. I proceeded to do the same thing to the other router and once again all looked good. Now, I am able to PING the devices in the subnet from router, but am unable to ping them from any place else. [code]
View 2 Replies
View Related
Jan 30, 2012
I have an all gigE 3560. I don't use the management FE0 port on the back. I was thinking to use that for a 100Mbps WAN connection.
Seems to work just fine when I plugged in an test. But I am not routing across that link yet as I still need to setup the far end.
Is there any reason this would not work? I would like to not burn a gig port if the max throughput of the circuit is 100Mbps.
View 1 Replies
View Related
Jan 2, 2012
I have got ASA 5520. How to use the management port as a normal port on ASA. What are the basic reqirements for that.
View 3 Replies
View Related
May 15, 2013
Management purchased a HA package from Cisco consisting of 2 5508's with pre installed 500 users license on the Primary WLC and none on the secondary WLC. We have 5508's already so I am familiar with setting them up and so forth. What I am not familiar with is setting them up using HA for failover and license sharing. I've looked and looked and can't find documentation online showing how to set this up. I have found some but nothing that is complete. I have spent 2 days spinning my wheels.
View 2 Replies
View Related
Mar 26, 2012
I have the above firewall which is working as it should but I have came across an issue with a recent upgrade to Microsoft Exchange 2007 and Outlook 2010 Autodiscovery due to the way the port forwarding has been configured for Outlook Web Access (OWA) on the router.
The router is forwarding OWA requests to the exchange server on port 8080 and the default website in IIS on the Exchange Server under which OWA sits and unfortunately Autodiscovery has been set with an SSL port of 8080. I think the reason for this is that we have an RDP server and the router is forwarding all port 443 requests to this server. Due to this Outlook clients cannot connect to Exchange through autodiscovery and cannot therefore get FREE/BUSY and a few other things.
I have 5 public IP addresses and only use two at the moment, one on the ADSL router and one on this firewall. I have no spare interfaces on either the router or the ADSL router.
My question is, is it possible to have a secondary ip address set on the public facing interface and set different rules for this IP which would allow me to forward requests on that IP to a different server?
Cisco IOS Software, 2801 Software (C2801-ADVSECURITYK9-M), Version 12.4(16b), RELEASE SOFTWARE (fc3)
Building configuration...
Current configuration : 4778 bytes
!
version 12.4
service timestamps debug datetime msec
[Code].....
View 1 Replies
View Related
Nov 5, 2012
I'm trying to separate my management traffic from regular traffic by splitting the management and "outside" interface to separate vlans but I'm hitting a routing issue. Say I have have a management network of 192.168.1.0 255.255.255.0 running across vlan 1 and I want to use 192.168.2.0 255.255.255.0 running across vlan 2 for the outside interface to send all the other traffic excluding the management traffic across. Tag both vlans on the external interface, say Eth0/0 Default route of route outside 0.0.0.0 0.0.0.0 192.168.2.1, With this, you can not hit the management interface because there is no route defined for the 192.168.1.0 network. However of course if you try to set one, you'll get the "connected route exists" error. How can I set the default route or gateway of the 192.168.1.0 network on the ASA. Switches just don't complain like the ASA does.
View 8 Replies
View Related
Dec 3, 2012
We acquired recentlty a new Cisco 6509 with Sup-2T supervisor card
My question is the following : we have a management subnet on a Copper-based switch; we manage all equipments through this network. I planned to configure the management interface on the 6509 to connect this switch & monitor the VSS through it However, since it is a CMP interface, most of the actions (SNMP, IOS upgrade.. won't be possible through this link) Moreover, I don't think LMS would be able to get the configuration through it (except by configuring a script running "attach" command & show run
Is there something I miss or must I add another interface of the Catalyst to this network (the problem being that I have no copper line card)
View 2 Replies
View Related
Jan 27, 2011
We have recently purchased a Cisco Small Business Pro SRP 527W router, all seems good and it is running smoothly, no disconnections or sync issues like our last router. However, after a certain amount of time the web management interface is unavailable through the browser (accessing it via 192.168.1.254 or the alternative we set-up 1.1.1.1) It is totally unavailable and timeouts in the browser yet there is still internet access and network is still alive. The web management interface was accessible before though and the only solution I have been able to do to access it again is to reboot this router.Could it be possible that because port 80 is forwarded to a different IP it interferes with the Web management interface? And how wcould the interface port access be changed?
View 2 Replies
View Related
Jun 7, 2011
I have running a Wireless LAN Controller Cisco 2006.Today my management IP its public with Internet access. I am thinking in use a private IP without internet access. I have certains Access-Points in other building, that connect to AP Manager interface using Internet . When i see the tcp connections, i look that the access-point not only have TCP connections to AP Manager interfaces, it have TCP connections to Management interface too!!!.If i shutdown the connection between Management interface and Access-Points (mantaining the connection between Access-Point and AP Manager interfaces)?
View 1 Replies
View Related
Apr 25, 2012
Am trying to replicate the managment interface functionality of a CSS on ACE 4710 but have problem with it being treated as a general routed interface.
Scenario
On ACE 4710 I have a front-end interface for client facing VIPS and a back-end interface facing a server farm, taking care of load balancing flows
Non load-balance system traffic for the back-end servers also flows through these two ACE interfaces, following a default route path (the back-ends use the ACE as default gateway) i.e. dns requests from the servers flow through the ACE egressing the front-end interface to hit a firewall and route to an internal dns server.
Issue
If I add a "management interface" to the ACE 4710 and give it an IP address for management access, the interface by default assumes 'routed' mode and as the ACE treats this as a general interface it will route traffic out of it. For example if the IP address of this management interface is on the same network as the internal dns server, it breaks that connectivity. This as the ACE will see the "management" interface as best route to directly connected network and send traffic to dns server over that, however dns server response traffic will follow its defult route path via firewall and ACE front-end interface to get reply to back-end server. The firewall will block this traffic as traffic is asymmetrically routed and firewall not seen the initial dns request packet.
Question
Is there a way of making an ACE interface a 'non routed' management only interface for out of band management use? That is ACE will not attempt to route general traffic through the interface
I realise I could achieve this with multiple contexts but want to have a single context for various reasons - i.e. to have a kind of like for like CSS replacement using ACE 4710
View 3 Replies
View Related
Feb 13, 2012
I am having issues with the ASA 5510 management interface. I can't communicate with this interface. It is showing DOWN/DWON even if I type NO SHUT several times.
My existing config is as follows
our-asa-01# sh run
Saved
ASA Version 7.2(5)
hostname our-asa-01
names
dns-guard
interface Ethernet0/0
[code]....
View 5 Replies
View Related
Jun 30, 2010
How to configure SSH on a ASR 1002 and apply it to the Management Interface?
View 3 Replies
View Related
Apr 16, 2012
I have a number of WLCs/WiSM2 running 7.0.230.0 (still using WCS for management). The management interfaces for the controllers are on a purely private subnet. While going through the intenet edge ASA logs I noticed some traffic drops for the controllers on the Inside interface. I took a packet capture from the controllers and found that they were sending TCP traffic to a number of IP addresses (Microsoft, Hotmail and Google) - always with a src port 2028 (submitserver) with the ACK/FIN flags set. Why this traffic is coming from the management interfaces? The management interface is not used by any wireless clients and is not the default interface for any of the SSIDs.
View 4 Replies
View Related
May 22, 2013
I have a number of WLCs/WiSM2 running 7.0.230.0 (still using WCS for management). The management interfaces for the controllers are on a purely private subnet. While going through the intenet edge ASA logs I noticed some traffic drops for the controllers on the Inside interface. I took a packet capture from the controllers and found that they were sending TCP traffic to a number of IP addresses (Microsoft, Hotmail and Google) - always with a src port 2028 (submitserver) with the ACK/FIN flags set.
View 2 Replies
View Related
Aug 1, 2010
I'm setting up a new 5508. I've used the config from a 4402, have successfully connected to the Service port to manage the device, but for some reason cannot connect to the Management interface. In this case, port 1.
The service port is connected to a Catalyst switch and grabbed an ip address (10.2.x.x subnet) no problem. I can access the 5508 via https using the SP. However, port 1 is connected to the same Catalyst switch, but on a different vlan (subnet 10.20.x.x). Both ends show that the interfaces are up, I can ping the interface from any other host on the network, but when I try to manage the device via https I cannot connect. We are using WCS and I cannot add the device from the WCS. About all I can do is ping that interface.
View 6 Replies
View Related
Jun 28, 2012
I have a brand new ASA5512-X running 8.6.1, and am trying to do an initial setup using the Quick Start Guide that came with it. However, the Management Interface is not working. I have a PC connected and set to use DHCP, but the port is not active. I connected a console cable and can see in the config that the interface is shutdown. So I set it to active, and the port is now active, but is not giving out a DHCP address as the guide says it should.I would like to use the ASDM Startup Wizard to configure this device, so how do I get it to work the way the instructions say it should?
View 2 Replies
View Related
May 9, 2011
How does one allow /31 mask for an management interface on an ASA5540 using version 8.3(1)?
I need to configure a 192.168.x.y /31 on the management 0/0 interface of a ASA5540 and it is providing me with the following error:ERROR: /31 mask is not allowed
View 1 Replies
View Related
Mar 29, 2012
I'm working on creating an open wireless scheme and we are simply going to use WPA with a key. What I'm getting a little stuck on is preventing access, by the guests that will connect to the WAPs, to the gateway/management webpage. I've been looking into seperating with VLANs and trunks (internal with management access and external for guests) but having a hard time with the configuration scheme.
Not sure if there is an easy way to just block that in the config or what.
View 1 Replies
View Related
