Cisco :: Managing WLC 4404 Running Version 6.0.202
Feb 27, 2013
I've downloaded Prime Infrastructure 1.2 eval and wanted to see what it looked from WCS that I am currently using to manage the wireless network and I added the WLC (4404) device but it list the device as "Managed with Warning" and I can't find what the warning is.
My WLC 4404 runs with Software Version 5.2.193.0. The built-in IOS for AP is Version 12.4(18a)JA2.I run into problem same as in CSCta29484 Bug (Radio stops beaconing for 10-second period).I would like to try fixed image for LAP without upgrade WLC. Is it possible?
I'm not sure how to tell if I'm running ssh version 1 or ssh version 2, or both.I thought a show run would show a line like, "ip ssh version 2" or "no ip ssh version 1", but I don't see these anywhere.
I have 2x WLC 5508 running version 7.2. 1st one is setup and running. My questions is: If I want to setup Active-Passive redundancy, do I need to manually setup the 2nd one exactly as the 1st one and put them in the same group? Or is it a way to copy all of the configs I made on the 1st one over to the 2nd one?
I need to confirm that the 4510R+E switch with the SUB7-E/2 running version 15 IOS will not support NAT. I am 99% convinced that it does not but i am looking for confirmation, as i am a bit surprised by the lack of NAT support on this platform.
I have several older 2950's running on my network. This one in particular became of interest to me because I couldn't set up SSH on it or enable any QoS features on it, so I did some research. What I found was there are basically 2 versions of the IOS, c2950-i6q4l2 or c2950-i6k2l2q4. I also read that the c2950-i6q4l2 IOS versions (like the one in the switch I am referring to) have both the SI and EI feature sets integrated, but the one that gets enabled is entirely dependent upon the switch model you are running it on. Did I understand this correctly? Does the IOS check the hardware on the switch and then decide with feature set to use? If so, what is prohibiting the EI feature set from being enabled on this switch? Is there a way to force the EI feature set to be enabled since it is integrated in this image?
Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA12, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 07-Jul-08 23:39 by amvarma Image text-base: 0x80010000, data-base: 0x80570000
using a Cisco 5508 controller (code version 7.4.100.0) with an ACS appliance running version 4.1 or 4.2?I've found that the ACS constantly reports a 'Bad request from NAS' (Invalid message authenticator in EAP request). message. This usually indicates a mismatched shared secret but this isn't the case.The controller works fine opposite a Microsoft NPS Radius Server.
I am wondering if it's possible to convert a Pix 501 configuration running version 6.3(5) to a new ASA5505 which we just purchased? We have site to site VPN on this device and i am just trying to save some time. I believe Cisco TAC might have a tool to do this but i am not sure.
I have a DIR-655 Version B running the stock 2.0 firmware and a Motorola SB6120 cable modem and my ISP is comcast. I have had comcast come out and test my line and everything is fine. I have a desktop directly wired to the internet and several portable devices accessing the router.I cannot connect to the internet. My network is available and none of my devices ever indicate the network isn't available. When I try to load a website it just says "waiting for reply..." and nothing happens. The solution that always works is rebooting both the modem and the router. What is odd is that this problem comes and goes, I will go a week with zero issues, then I go all week with rebooting my stuff 5-8 times a day..What have I tried? I tried the settings that are recommended by Furrynuts to users complaining. I have also tried changing the wireless band settings to different channels as well.
I set up my new WAG320N yesterday. I have no problems connecting with my notebook running windows 7 or my IPad. My Mac Mini running Mac OS x version 10.6.6 simply won't connect.
I have an ASA 5510 running ASDM 6.4(9) and Cisco Adaptive Security Appliance Software Version 8.4(4)1.I am trying to configure for the first time and I am accessing the ASA via its Management Interface.I am successfully able to connect to the device and get to the Cisco ASDM 6.4(9) page.When I try to run the startup wizard, a couple of prompts displays up to the point where the java applet runs and aks me to enter my IP, username and password.As it is a new system, password and username is blank so I enter and I get a message saying "loading software from cache" which later changes to "software Update completed" and then nothing happens.I am running MacOSX 10.7 Lion, Java version 1.6.0_33.I did try and run this on a Windows system and i was able to load the interface.
McAffee scan of acs 1113 appliance running the 4.2 build 124 patch 12 version reports that a medium vulnerability exists because the system has SSH version 1. Any way to specify only version 2 or turn off SSH?
We just got a new ASA5510 (straight out of the box). I’m new to the Cisco but feel we followed the directions. We connect to the management port and have our workstation set to get an ip via dhcp. A cat5 is connected to the management port, that goes into a hub (tested to work) and a cat5 is connected from the hub to the workstation (tested to work). Nothing else is connected. The workstation does not get an ip address. (assigns APIPA) Both the 5510 and workstation have been rebooted.The workstation works otherwise. We have also connected both a crossover and straight through cable from the 5510 to the workstation. We have statically assigned an ip of 192.168.1.2 to the workstation and cannot ping the cisco (192.168.1.1).
The application here is a wind power project, built in two phases, without any effort to coordinate or integrate the two sites during the design phase. All operations activities for both phases are performed by one staff out of a common location. This is a rural area and Internet connectivity is mission critical due to contractual obligation with Electrical Utilities.
The client has a need to reconfigure a network which has grown over time in a layer by layer approach, whereas at every point in time that an additional T-1 or other changes occurred to address a specific need, no thought was ever put into integrating the entire site as a whole. It is at best a dysfunctional solution which somewhat accomplishes thier needs, and at worst, a kludgy, grossly security compromised, and difficult to use infrastructure. There is every kind of equipment one can imagine, each installed by some entity providing needed services on the site, but forced to make uninformed decisions because the client really has no IT department to coordinate with. Over time, every vendor just provided their own switch, router, or maybe figured out how to reconfigure another existing device to also provide the routing or access needed, To say the least, it's a mess.
The client requests a solution which provides a means to accomodate 6 internet connections (4 T-1 lines, and 2 satellite) in a manner which aggregates available bandwith and provides redundancy. The T-1 lines will be the main internet access, with the satellite connections only used if available bandwidth falls below some threshold, say 3Mb. There are many internal networks which need to be routed to and between, in total, about 20 subnets. There are 2 SCADA (Control) networks which have a mandatory requirement of 1Mb each, a VoIP system which does not use any internet connetivity as there are 6 POTS lines dedicated to it, an internal office LAN and a turbine manufacturers site LAN.
The T-1 lines, at 1.5Mb x 4 = 6Mb.
The 2 SCADA networks require a guaranteed 1Mb each, the remaining 4Mb is to be allocated between the office LAN and the turbine manufacturer site LAN. The satellite connection are only to be active in the event bandwidth falls below 3Mb.
There are 2 Cisco 2801 routers on site which could be reutilized if appropriate. Each T-1 has it's own Adtran CSU with Ethernet out. All T-1 lines are /29 IP Blocks. 2 of the T-1 lines are adjacent IP Blocks, for what its worth.
Everything here is open to reconfiguration. The client wants this finally integrated correctly with the ability to address emerging Electrical Utility cybersecurity requirements in the immediate future.
An ideal solution would be fully redundant to eliminate the single point of failure at the edge router. As to whether there needs to be separate edge and interior routers, I just don't know that. I would guess everything could be done with just a pair of redundant routers at the edge, but perhaps it is better to do the interior routing between subnets on a different router(s).
Again, the goal is a well integrated, redundant, and secure solution. My part is mostly complete, with the OSP part of the network finally at 100% after 5 years of stupid and careless misconfigurations and bad fiber splicing (by others).
I'm absolutely covered up in business at Layer 1 & 2 on these sites, as the physical plant and associated network elements are typically very poorly designed, specified, and implemented. The complexity of this job leads me to seek outside advice and ultimately a more qualified Cisco professional than me. I'm experienced enough with Cisco to know when I'm in over my head. I know a diagram would be nice, but at this point I've only got a very detailed diagram which reveals too much site identity information to make public. I'll wait to see a few comments and in the meantime work on removing site identity info so I can post a good diagram for everyone to see.
I have an interesting SVPN challenge that I'm asking the subject experts here to assist me in solving.A customer in Domain A wants to transmit data to Domain B. The customers have agreed to establishing a secure vpn connection from Domain A to Domain B to transmit real time data. The challenge comes from sending unencrypted data from nodeA to nodeB & nodeC withing an encrypted VPN tunned to node d.The challenge is sending non-encrypted data from NodeA to NodeB where an encrypted VPN session is active. Every time I attempt to configure the interface (AppC) the VPN session is terminated, and the interface can no longer "see" nodeD via IP mapping. An engineer recommended adding a second NIC card to NodeB thereby permitting control of the AppC even when the VPN is up and running.Can I send live non-encrypted data to NodeB data buffer, while AppC sends data to NodeD in a VPN tunnel ?
I want to create a network with a bunch of routers and switches to be used as a test network for company employees to remotely login and learn networking.I don't want this network to interfere with the rest of the network in any way.I am basically trying to create a stub network or a passive network!!
I am trying to manage my Dell switch that is trunked from my Cisco 2950, I have trunked vlan 251 (management vlan) and 252,configs below
Cisco 2950 :-
Current configuration : 4794 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption
Running Cisco NAC 4.1.6 OOB on the LAN. For some reason in the middle of the night, the snmp trap mac-notification added command appeared on the trunk uplink port of one of our switches.
I don't know exactly when the command was added but at 2am when the backup of the config was taken, it was there. At around 4:30am, the uplink went off-line. Is there anything within NAC that would push a change like that automatically to a switch. We do have NAC Profiler running on the network also.The problem was in a branch office so I only got the information second hand what was on the switch itself. We moved the uplink to a different port which allowed the switch to show up on the CAM again, however when I viewed it, the uplink port was set to controlled! Does this make any sense?
how long devices will stay in the certified device list if no timer is configured to clear it out?
I have been trying to convince my bosses, the IT department, and others where I work, in a small call center, to switch to a different browser other than IE. The reason is IE times out on the techs a lot and freezes up constantly. I am able to use Firefox and Chrome at the lead station and do not have any issues, but the only browser currently allowed on the techs computers is IE. The reason I am getting as to why this is not possible is that with IE, IT is able to block certain options in IE from being changed such as proxy settings, add-ons, and advanced settings, but that these settings cannot be blocked or managed in firefox and chrome.
I have a small lan of around 10 computers in my office which are connected through a switch connected to a airtel broadband connection. I want to configure a network server so that I could manage an control the internet traffic used by all the workstations in the lan through that server. All the workstations have either WinXP or Windows 7 on it. I haven't purchased a server. I want to use a desktop(having some good configuration) as my network server.
We are currently using several AP's in our organization. And in this one AP i want to give a user the power to change the password of the wireless network to prevent miss use. I was wondering if it was possible to create an account who only has the privilege to change the WPA key?? I want to prevent that he will accidently change other settings.
This is a newbie question regarding CSS11500 series loadbalancers as I trying to get up to speed with managing them as part of my job. I noticed that there are a couple of CSS "clustered together" since I see they are managed using a single ip address.
My question is around how to establish a session to each individual device in this cluster, if at all possible? If is not possible, how do manage the secondary device in this cluster to perform tasks such as copying new software to it, backing it up, etc.?
I am currently managing an ASA5510 using ASDM through the management port but I would like to manage the ASA through the internal port.
My concern is that I thought I remembered reading someplace that if you setup an internal port for management that it can't be used for anything else. Is this correct?
I only configured one internal port and it is the path to my LAN. I would hate to configure the port for management only to find that I disconnected my firewall from my internal network in the process. Can I use my one and only configured internal port for both ASA management and route from my LAN thru the ASA firewall?
I currently have the management port set to 192.168.1.1 and my internal interface is 10.1.1.1. If I open ASDM and connect thru the management port and select Configuration/Device Management/Management Access/ASDM/HTTPS/Telnet/SSH
select "ADD" select access type "ASDM/HTTPS" select interface "internal" IP Address "10.1.1.0" Mask "255.255.255.0"
Will that give me access to ASA management thru my internal network but cripple my network access to the ASA?
I have 30 switched in my corporate network it’s all up and running all switches running by default configuration and connected to WS-C4506 core switch our dhcp server pooling 192.168.100.1/27 network. Now we need to configure new Vlan for finance department this department has more than 200 users. If my server distributes 192.168.200.0 range ip can vlan2 automatically assign ip 200.0 addresses to finance department.All switches running default config no ip address assigned.
I need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
I have a 2911 router connected to a 3750 switch. I have configured vlan interfaces on the 2911 router:I am using the vlan 89 (89.2) as the management ip address for me to remotely get to the switch. Is this a proper configuration or could this cause issues in the future.
I've got the E2000 at home for our private network.
We are three guys sharing a flat. We have personal laptops, work laptops, mobile phones, games consoles, tablets etc that connect to the internet.
Problem is that when someone downloads stuff, the speed is slow for the rest of us. So i was hoping i could set up something like three "channels" so each of us could have the same download speed, ie 1 mbs each regardless if others are using the network at the same time. And then maybe a guest network for all the mobiles and tablets etc. MAC filtering for access for our personal laptops should work.