I've read some conflicting things on the new 2504 WLC's. Some things indicate all 4 ports are fully useable, while others indicate perhaps only 1 or 2. I think I've read in product documentation that it support a max of two ap-manager interfaces. Does, for sure, all 4 ports are useable? I'm thinking of the following configuration:
Port 1: management interface and first ap-manager interface
Port 2: second ap-manager interface
Port 3: first dynamic/client interface
Port 4: second dynamic/client interface
I'm planning on deploying my ap's in h-reap mode with a max of 25 ap's per 2504. Since I'm using h-reap, bandwidth shouldn't be much of an issue so I'm also considering trimming it down to using just two physical ports as follows so I can take up fewer gig switchports which are scarce at many of my locations:
Port 1: management interface and first ap-manager interface
Port 2: first and second dynamic/client interface
I've always deployed 4400's and 5508's with LAG so I haven't had to think about this much until now.
i must configure a secured wireless network with access restriction based on SSID. the equipements are : cisco wlc 2504 (soft 7.3) cisco secure acs aplliance 1121 (soft 5.4) . the users that will connect to the network are regrouped by identity groups, each identity group having it's own SSID. Clearly each group of users must access only one SSID. i followed the procedure below to configure it:
-- creating user identity groups;
-- creating users and assigning them to the groups;
--- creating authorization profiles for each SSID under policy element/ authorization and permission/network access/authorization profiles and putting the Airespace-Wlan-Id(the SSID number) in the radius tab.
--- assigning the authorization profiles to the identity groups under access policies.
after all these config the users can access the network using there userid/password configured. But the problem is Every user can access every SSID, seems like the restriction is so not very well configured.
i found some documentation on this kind of config but the version of ACS used seems older than the one that i use, so menu are very different.
I am currently experiencing an issue with a WLC that I am trying to connect 3 new Access Points to of the type AIR-LAP1142N-E-K9 running Cisco IOS Software, C1140 Software (C1140-RCVK9W8-M), Version 15.2(2)JA
I had the controller on firmware 22.214.171.124 and just upgraded to 126.96.36.199 in the hopes to solve my issue. The already connect APs running 12.4 was upgraded without any issues (apart from one - I'll get to that one) and it is now running as before. But the issue with the 3 new APs still persists. I have supplied a screenshot of the AP Join page.
Another issue that arose from the said upgrade was that a previously shutdown AP (of the same type and software version as the ones that upgraded perfectly) got turned on after the WLC firmware upgrade and is now not able to join the controller.
I am actually working in configuring a wireless controller 2504 integrated a windows 2008 server as radius server for authenticating the network users registered in a windows active directory database. The Radius server is a Windows 2008 Server with the rol of Network Policy Server.
I have been following a pair of documents in Internet, but it doesn't work yet.
Which authentication method should i use?...the Windows 2008 NPS doesn't work wtih LEAP, should i use PEAP or there is an another recomendation to authenticate the windows active directory users?
configuration tested working between a cisco wireless controller and Windows 2008 NPS as Radius Server for authenticating the windows network users.
I've got a question concerning the configuration of multiple AP manager interfaces on -for example- a cisco WLC 2504. I've read the configuration guide but I'm not sure whether this is the way the protocol works. Say I want to distribute AP's (and traffic) across various AP Manager interfaces on the WLC. I would configure the following:
Create one management interface (which will automatically also be an AP-Manager interface)Configure 1 (or more) Seperate ap-manager interfaces, assign them to a port number, and select "Enable dynamic AP Management". VLAN ID's will be the same.Create a WLAN and configure it's interface to "management" Is it correct if I state that the LWAPP protocol takes care of the discovery from the Access Point and sends information about the available AP-manager interfaces back to the AP and the AP knows which ap-manager interfaces are available, connecting to the least loaded one?
I have a question about 2504 deployment.Two WLC's , one will be acting as primary controller, second as secondary controller.
There will be two firewalls with High Availability between them. Ok, if primary controller will go down, we would need to wait about 2minutes, and AP's would join secondary controller.
But if there is a problem with firewall? Etc. FW 1 goes down. Is it possible with WLC 2504 to use it's second port as backup port ? And use the same IP address between them?
Because if we configure the second port with different IP address, we would need to wait about 2minutes, because AP's is in "rejoining" mode )(To use second port as backup, but have the same IP address on it ( like put these two interfaces into the same "vlan") , because this would be really great, if one Firewall goes down, we would still will be using the same wireless controller.)
is it possible to Manage the 2504 Controller over a separate Interface. Exmaple: Port 1 is used as controller management interface (untagged) - AP's are connected to the same VLAN Port 1 is used for Guest Traffic (VLAN 3 tagged) Port 2 should be used to manage the WLAN Controller from the internal LAN. (tested with untagged, tagged, same issue)
with this Setup it is possible to ping the Port 2 IP-Address from the internal LAN but if you try to connect to the controller, the Browser shows "Site not reachable".
I also enabled "Management via Wireless" but without success. I also tried to add the "management" VLAN as tagged on the management Interface with the same effect, the controller is not manageable from the internal LAN. On 5508 WLAN Controller i have an similar setup, but with LAG Port enabled. There this works.
The only interface were i can manage the WLAN controller is from the management Interface.
I'm using a 2504 controller. I dont have WCS.My questions are about the best way to configure a Rogue Detector AP.
In my lab environment I setup the WLC with 2 APs. One AP was in local mode, and I put the other in Rogue Detector mode.The Rogue Detector AP was connected to a trunk port on my switch. But the AP needed to get its IP address from the DHCP server running on the WLC. So I set the native vlan of the trunk port to be the vlan on which the WLC management interface resides. If the trunk port was not configured with a native vlan, the AP couldn't get an address through DHCP, nor could the AP communicate with the WLC. This makes sense because untagged traffic on the trunk port will be delivered to the native vlan. So I take it that the AP doesn't know how to tag frames.Everything looked like it was working ok.
So I connected an autonomous AP (to be used as the rogue), and associated a wireless client to it. Sure enough it showed up on the WLC as a rogue AP, but it didn't say that it was connected on the wire. From the rogue client I was able to successfully ping the management interface of the WLC. But the WLC never actually reported the rogue AP as being connected to the wired network.So my questions are:
1. What is the correct configuration for the trunk port? Should it not be configured with a native vlan? If not, then I'm assuming the rogue detector AP will have to have a static IP address defined, and it would have to be told which vlan it's supposed to use to communicate with the WLC.
2. Assuming there is a rogue client associated with the rogue AP, how long should it reasonably take before it is determined that the rogue AP is connected to the wired network? I know this depends on if the rogue client is actually generating traffic, but in my lab environment I had the rogue client pinging the management interface of the WLC and still wasn't being picked up as an on-the-wire rogue.
I created a wlan just for our wireless IP phones.I assigned an interface I created which in turn was set to a specific port on company 2504 WLC. Connecting switchport is set to trunk. Right now I can't ping the voice wlan interface.
We just installed a hosted VOIP system using Cisco 7900 series IP phones. We are having a strange issue with a few computers where they pull DHCP information from our VOIP provider's DHCP server on the Internet and not our LAN DHCP server.
The switchports areconfigured as: switchport mode access
My rationale behind this is that the phones would use CDP to get their VLAN info from the providers Cisco router and the PCs would just ride on the default VLAN. But this is not the case. Computers randomly keep getting DHCP info from the provider's router. Do I have to use voice vlan x and make the switchports trunks?
My client would like to have a wireless deployment between several differented offices in the city. There is connectivity between the different sites...but my main issue is, is this option really feasible. I was thinking of a centralized WLC like the 2504 coz of price + 36 APs, 2 at each site. The main worry is the network setup considering the fact that the APs have to communicate with the WLC so unpredictable network issues i believe will have a very huge impact.
I am switching out our old WRVS4400 router to the Cisco 891. Having a problem configuring the Cisco 891 router. I changed the V LAN port on the 891 from 10.10.10.1 to 192.168.2.1 and the ip address saves but when I try to rediscover it through the CCP to the new Ip address 192.168.2.1 I get the message discovery failed.
The sub net mask I used is 255.255.255.0 The only thing connected to the 891 router is our linksys 48 port switch which is SL248G and my laptop is connected to the switch. The port its connected to is FE LAN 0 . How do discover the 891 so I can do further configuration and to enable the FE8 port for using it for our internet connection?
I'm having troubles setting up a separate VLAN for wireless on a SG-200-26. My first question is why did Cisco not make the VLAN setup like they have all their other business class switches? Anyways, the Access and General modes on these SG class switches are throwing me for a loop.
Right now I just have one port (g10) on the SG-200 switch that needs to be in VLAN 6, which is our wireless VLAN. All other ports are in their default VLAN, which is 1.
Here's what I've done...
Configured port G1 (trunk to another switch) as the trunk port and Port G10 (attached to WAP) as a general port. All other ports stayed in their default configuration. This is what it looks like now...
I'm pretty sure port G1 is configured correctly, but I have no idea about what port g10 should look like. Common sense tells me it should be an Access port and assign it to VLAN 6, but apparently you cannot tag the traffic within an Access port on SG switches, which makes it useless because how will other switches recognize what VLAN the packets are in? So the next logical mode would be General mode, which I put in VLAN 6. I switched that port from being 6U (untagged) to 6T (tagged), but neither seemed to work.
VLANs on SG switches, how port g10 should be configured for VLAN 6 traffic.
We are using 3750 switches as WAN router facing the WAN cloud. To configure QoS for its WAN port, should I use 'auto qos voip trust" or treat it like a router port and configure class-maps, policy-maps, and attact service-policy input or output?
Because switches have different queuing and dropping methods than routers, auto qos can generate QoS configs that are considered most appropriate for 3750 switches. However the switch functions as WAN router. Maybe it should be configured using router type of QoS with policy-maps and service-policy?
I have worked on cisco switches only..I want to configure nortel5510 have configured vlan.but Switch Ip address is changing when I am giving ip address to port. and i cant see port ip configuration in show runn also i want to configure loopback.I am configuring switch ip address 192.168.123.1/24 but when I give ip address to port 192.168.120.17/29(PORT IN DEFAULT VLAN) switch ip address changes automatically.I have port 1-4 configured in vlan 1 other ports are in L3 vlan.I want see port ip address details Like we see in cisco (SHOW IP INTERFACE BRIEF ) what is command in NORTEL??
I've configured port forwarding on an ASA 5505 to connect to an Access Point web administration.This Is for testing purposes only. I've followed the guidelines for port forwarding and I've created an access list but I can't connect to the AP.I know It's working because It connects fine when connected to my speedtouch router.I've attached a running-config.I'm getting hit counts on the ACL and I'm getting untranslate_hits on the nat but no translate hits.
I have recently replaced an RV082 router that had failed with a new RV082. The previous router was set up to forward port 443 ssl requests to a server in the network. Worked flawlessly for years and that is why I replaced it with same model. The new router is also set up to forward port 443 ssl requests to the new server. The issue is that the router responds with its own certificate and does not forward the request to the server.
I recently configured CISCO 3310 box with MSE version 7.2. Services are up and running in the box, I could add the MSE to WCS and also able to track the location using WCS. However, I could not connect the third party software to MSE web services to get the location information there. When I hit the server url "https://<my mse>" I get list of possible services like:
Error 404 - Not Found.No service matched or handled this request. Known services are:
I browsed through the documentation (CAS_71.pdf) and found a text saying:
Note Port 80 will be enabled on the MSE if the enable HTTP command was entered on MSE. Ports 8880 and 8843 will be closed on the MSE when the CA-issued certificates are installed on the MSE. I am running the test system so I do not really want to install CA signed certificate, so I used self signed certificate and restarted the server, but it did not work.
I have an RV082 V2 with 2.0.2.01-tm and I am having trouble with getting my Sprint Airvana to connect properly to the mobile service. I've read on the Sprint forums indicate putting the Airvana in the DMZ generally allows the device to work properly; however, none have the RV series routers for tips on how to do this appropriately. This device used to work fine behind the RV082, but I reset it one day and it no longer works.
The Airvana is a femtocell/router device with a WAN port and 3 LAN ports. If I connect the Airvana directly to my cable modem, I get the appropriate connection and can then make calls through the device instead of through the Sprint connection; I live in a basement unit and get crappy signal without the device. This proves the device works and that my ISP is not blocking the ports. Sprint indicates the device uses UDP 53, 67, 68, 500 and 4500. Their support sucks and they insist I put the Airvana before my router. I absolutely do not want to use the Airvana as the router. There are almost no configuration options in the router interface and it needs to be rebooted somewhat regularly, which would drop internet access throughout the house for 10-15 minutes while it reboots and finally establishes an internet connection.
As soon as put the Airvana behind the RV082, I no longer get the appropriate connection. I can, however, plug my computer into one of the LAN ports on the Airvana and connect to the internet in general. I have the router assign a static IP to the Airvana, and tried forwarding the required UDP ports to the IP. This did not fix the problem.
I can certainly troubleshoot the port forwarding issues, but I would also like to look into putting the device into the DMZ, if possible. I've not worked much in this area, so I am unsure how to appropriately configure the router to allow this to happen. Is it possible to have the Airvana in the router DMZ without having a public IP for the device itself?
I have an issue/doubt regarding the configuration of a modem + router. The modem is a netopia-3000 (who care ) and the router is a netgear WGR614V9, The first has the address 192.168.1.1, the second 192.168.0.1 My pc in dhcp take the address from the router (192.168.0.x) and internet work, but if I set the ip manually 192.168.1.x it stop to work, why?
I want to port forward, so i can broadcast using icecast but it requires me to access my router. I follow the steps from Setting a Static IP Address in Windows 7 - PortForward.com but from step 4 where i have to access my router in my browser,i write my ip which is: 10.0.0.4 according to cmd, and i just get a "Oops! Google Chrome could not connect to 10.0.0.4" message.I have attached a picture showing info from my cmd. It's in danish but i don't think that should be a problem.
I'm trying to configure cisco 1811 with dual isp internet connections. Everything is working fine till i get to setting up port forwards.The port forwards for 2nd ISP do not work while connection to 1st isp is active. If if shutdown the connection to isp1 the port forwards work fine.
here's relevant section of the config
Code: track 123 ip sla 1 reachability delay down 15 up 10 ! track 456 ip sla 2 reachability delay down 15 up 10
I can access the 192.168.2.131 web server using the ISP1 ip but not ISP2 ip If i shutdown ISP1 interface the server becomes accessible through ISP2.Also while ISP1 is active I can't remote desktop to 192.168.1.210There are no acls, firewall zones or anything else.
I have found some samples on the FlexConnect setup for the controller side. However none of the documents mentioned how the switch port should be configured that goes to the controller and AP.
At this moment I have a Cisco 5508 configured in CAPWAP mode with 20 APs. I would like to use same controller for connecting one of the remote sites with 2 APs in FlexConnect mode. Current the 5508 to switch port is configured as 802.1Q port. All CAPWAP AP ports are configured as "switchport access vlan X" where X=capwap VLAN. Need to know how the switch port should be set for the remote site where flexconnect APs connect.
I'm trying to configure a mirror port on a 3750. This configuration needs to replicate data from local ports, but I need that also act as a regular access port.
With the initial configuration, SPAN port, there is no problem, all the data of the configurated ports is replicating in the configurated port. On the port configurated as mirror there is a PC connected for audio recording. When the port is not operating as SPAN there is communications without problem over the LAN. But when I configure the port as SPAN, communication is interrupted.
Here is the actual configuration:
SWITCH1-PISO7#sh monitor session 1 Session 1 --------- Type : Local Session