Cisco :: WLC 5508 - Configure 802.1 Configuration Commands On Switch
Dec 14, 2011
How to, for the most part, setup 802.1x via wireless. I'm using two 5508 WLCs, and Cisco ACS. I will setup the user account/password information via Cisco ACS and User Identity and Hosts. I know from the WLC 5508 web admin tool that I can choose 802.1x in the security parameters. I only have a few question. We have two wireless networks, one is wide open and provides internet access, the other will provide internal access for select users. I am setting up 802.1x on the internal wireless lan. Do I need to configure any 802.1 configuration commands on the switch in order for this to work, if so where would be the locations to do this at? Also, if there is a MAC isolation configuration option I can configure to not allow other hosts on this specific wireless network to communicate with each other?
View 3 Replies
ADVERTISEMENT
Jun 4, 2012
In our premises i want to configure cisco 2960G 24 port switch using hyper terminal commands.
View 1 Replies
View Related
Jul 23, 2012
I have found some samples on the FlexConnect setup for the controller side. However none of the documents mentioned how the switch port should be configured that goes to the controller and AP.
At this moment I have a Cisco 5508 configured in CAPWAP mode with 20 APs. I would like to use same controller for connecting one of the remote sites with 2 APs in FlexConnect mode. Current the 5508 to switch port is configured as 802.1Q port. All CAPWAP AP ports are configured as "switchport access vlan X" where X=capwap VLAN. Need to know how the switch port should be set for the remote site where flexconnect APs connect.
View 7 Replies
View Related
Apr 14, 2013
In studying and testing SSL VPN on an ASA I have the network as shown in the attached diagram. The configuration is based on an ASA with 8.3 but our ASA is 8.2 and at this time I'm not familiar with the new NAT configuration and commands in 8.3 or later and how to translate the 'nat (inside,outside) source static' for me to an 8.2 version.
View 3 Replies
View Related
Sep 25, 2012
I am looking to configure PBR in Nexus. The current setup in IOS is :
interface Vlan10
ip address 172.27.206.1 255.255.255.0
ip address 172.27.208.1 255.255.254.0 secondary
ip policy route-map Vlan_10_to_Corp
route-map Vlan_10_to_Corp permit 10match ip address Vlan_10_to_Corp
set ip next-hop 172.27.209.250!route-map Vlan_305_to_EFH permit 30
[code]....
But, Nexus PBR will not work with deny statements init. Now, what options do I have ?
View 2 Replies
View Related
Jul 19, 2012
I have configured below SNMP v3 commands in Cisco Router 7206VXR (NPE-G1) . I have tested with all option but it is not working . SNMP server is a SNMPc tool and I have configured user name and piv and authentication credential correctly in both side . Same configurations is working for all Cisco switches but not working for Cisco Router.
SNMP V3 configurations:
access-list 20 permit 43.194.10.0 0.0.0.255
snmp-server view readview iso included
snmp-server group readonly-group v3 priv read readview access 20
[ code]....
Router :
Host Name# sh versionCisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.2(33)SRD7, RELEASE SOFTWARE (fc1)[ code]...
View 3 Replies
View Related
Sep 22, 2012
I'm trying to configure a shell commnds set such that all commands (including under conf t mode) will be allowed, except for administrative commands, such as write, copy, admin, format etc.It's been working for (most) priviliged mode commands (such as write and copy) but has been unsuccessful for any command under conf t mode. It's important in order to prevent the users from performing 'do write' and 'do copy run start' commands, for example.Here's the input of the shell command authorization set (Partial_access):
Unmatched Commands: permit
Command list:
admin
copy
delete
do
[code]....
View 2 Replies
View Related
Jun 7, 2012
I just started a evaluation license for IP Base on my 3850 switches. But i can't configure HSRP cause the commands are not there (I rebooted allready). Do you need enterprise for HSRP on the 3850?
View 2 Replies
View Related
Apr 10, 2012
I am using DHCP/TFTP to autoconfigure a 3945 router. The router properly obtains an IP address and finds the correct TFTP server. The issue lies in the download of the configuration file from the TFTP server. The router downloads the file, gives the "Ok" message, and prompts you to press Return to get started. When I view the running-config, several commands are missing from the Serial 0/0/0 section (HWIC-2T). If I modify the config file on the TFTP server to use Serial 0/0/1 instead and repeat the process, the configuration file loads without any issues and Serial 0/0/1 has all of the commands.
I also tried moving syntax around in my config file, but the end result is still the same. If I use Serial0/0/0 - I don't get all of the commands. If I use Serial 0/0/1, I do.
View 1 Replies
View Related
Oct 6, 2012
We have a 4500x Switch in this ssh commands are not available.its running on (cat4500e- UNIVERSAL-M), Version 03.03.00.SG) IOS XE.
View 2 Replies
View Related
Nov 27, 2012
what are all the CLI commands supported by Cisco SFE 2000 switch?
View 2 Replies
View Related
Oct 30, 2011
I have a 3750E stackable swtch and I need to configure neflow on it. Are there any IOS versions that support netflow on the 3750E? Is there any possible to configure netflow on a 3750E? I do not see any netflow commands available on the switch?
View 2 Replies
View Related
Aug 20, 2012
I am trying to configure 802.1x wired on a 3560 switch and don't see the required commands under the interface. I am running c3560-ipbasek9-mz.122-55.SE6.bin. I was thinking it might not be available on the ipbase image, but I do have the commands on a 3750g running the ipbase image, so I'm not sure about that.
View 4 Replies
View Related
Apr 7, 2013
We have an ASA with 8.4(5) version. we had detected that few ip's were getting shunned ,to overcome the problem no shun was used and the traffic normalised.But, the same problem re-occured a few days after that with logs showing traffic being shunned.
is there any fixed way to get rid of this. what commands can i use to verify related configuration on the firewall.
View 3 Replies
View Related
Jun 28, 2012
I have a problem, i would like todo MACSEC betwwen two switches cisco catalyst 3560-x but I know that for this operation i needed ACS server 5.1 is it possible to encryp dataflow without ACS server and if you have the configuration
View 7 Replies
View Related
Nov 2, 2011
i have an issue to connect a trunk between cisco switch and extreme switch i have many vlans that i want to cross via a link between cisco 3750 switch and a Extreme Alpine 3800 switch
View 12 Replies
View Related
Nov 20, 2009
I have a Catalyst 4006 switch in production and a spare switch of same model. I have to quickly copy the configuration from production switch to spare switch (both L2 and L3 configurations) How do I do that?
View 6 Replies
View Related
May 19, 2011
I am trying to configure my ACS to allow 802.11 phones to authenticate. I have searched high and low for documentation on doing this with no luck. We are using unified wireless with a mix of 5508 and wism controllers. I am able to authenticate windows devices against active directory via the acs but can't seem to get anything working with the phones.
View 3 Replies
View Related
Sep 12, 2012
I am getting little confuse about the configuration of my second WLC .I have a project going on with main office and 10 sites . I have placed my primary WLC 5508 with software 6.0 and all the branches i deployed ap . I put all the AP in Hreap mode did VLAN MAPPING . And i Created Groups based on the location and i put this AP's insde those group .All the sites seems perfectly working. Now I have to place my sedcond WLC in one another branch . I did all the initial configuration of my 2nd WLC .
But am worried if my primary wlc fail how could it can be taken to second WLC . And if i put inside wireless--> hight avaliabilty--primary ip and secondary ip .Again do i need to configure those WLAN , AP GROUPS , everythink in this WLC sepretely or any option . If i need to create the group do i need to select the ap's which already added to primary wlc groups.
View 1 Replies
View Related
Jun 9, 2012
Can we configure the wireless controller 5508 to authenticate the clients using both of MAC address Filtering (layer 2 security) and Web authentication (layer 3 security). and what is the difference between (Web policy --> authentication) and (Web policy --> on MAC filter failure)
View 6 Replies
View Related
Nov 19, 2011
I would like to know whether there is any command that shows the configuration of the wireless controller (5508) like when you upload the configuration file from the GUI of the WLC. In other words, I don't want to show me all the verbose running configuration as the "show running-config", but a brief configuration as for example described below: [code]
View 2 Replies
View Related
Jun 11, 2013
How are certain settings/config transfered across to the AP's from the WLC, e.g. username and passwords, snmp strings etc.... I assume this is when the AP joins the WLC.More to the topic of the original question I had in mind, is it possible and if so, how? - to configure snmp read and write string from the WLC and push this config out to AP's. I can't believe someone will have to sit down (me) and SSH to 150+ AP's per WLC to configure SNMP.
One of the buildings lost connectivity to the WLC's breifly a couple of days ago and all seemed to have lost their SNMP settings. Connectivity was restored, but couldnt poll the APs. When I SSH'd on to a couple of AP's, and manually configured the snmp-server community xxxx ro - SNMP started working again. Since there are many, there must be an easier way of doing it.I've tried resetting the AP from the WLC and also powering down AP's and bringing them back up.
Using WLC 5508 on 7.4.100
Using AP's 2602 on IOS 15.2(2)JB$
View 1 Replies
View Related
Feb 5, 2013
how to backup a Cisco Wireless Access Point Controller 5508.
View 2 Replies
View Related
Sep 15, 2011
So we have a Cisco 5508 controller that is managing 15 AP's in one of our buildings.I am running 2 wlans, one is internal access via (wpa) radius, peap and domain login...that works well now
The other is a guest lan, that is only allowed to surf the web.
The question from our security group, is there a way to restrict wireless access to ONLY a corporate approved list of devices.
As it stands right now, we only support Blackberry's as our mobility device. All local data is encrypted. The issue here is our testing shows that with an Iphone (not approved) it is very easy to connect to the WPA network if a user knows how to enter in their domain credentials. From there they can browse our internal web servers and download corporate data to a non approved, non encrypted device such as the iphone.
View 1 Replies
View Related
Jan 10, 2012
I recently tested the process for a customer of defaulting a Cisco WLC to factory configuration and then restoring the configuration from Cisco NCS. It was not seamless to say the least and I wonder if I have just gone about it the wrong way.
Have have set the NCS platform to configuration sync with the 5508 controllers at 04:00 every day and prior to the controller defaulting I ensured that NCS also reported that the config was in sync. I have also set NCS to complete a tftp backup of the controller every night 23:00 - interestingly though I have no idea where this is stored on the NCS platform ( a VM appliance ) or what it's file name is.
Anyway my experiences where as follows:-
1. defaulted WLC and via serial CLI ended up at the configuration wizard.
2. Set the correct LAG, management IP, host name that NCS knew this controller by.
3. To test things just created a dummy WLAN ( SSID ) as I assumed this would be overwritten ( big mistake ! ).
At this point I connected the controller to the network and tried to restore the configuration from the config sync version.
First problem - you have to remember to set up the SNMP community string you were using as it is needed by the configuration sync process. After adding this to the controller I could push the configuration to the controller.
Second problem - failed to add the first WLAN from the backup as I have added the temporary dummy W LAN via the wizard and NCS reported a conflict. So had to delete WLAN ID 1 from the WLC GUI directly and then the config push no longer reported this error.
Third problem - for some reason did not add the TACACS server details - reported the error that it could not added them. I manually added these via a template via NCS and all was well.
Fourth problem - all but the first WLAN was in the disabled state - had to re-enable all of the WLANs.
Fifth problem - any default items I had disabled or removed have not been saved - therefore I have removed the public and private SNMP communities - but these were still on the WLC after the restore. I have disabled unused ports not in the LAG as they show an error in NCS - these where not disabled after the restore.
So all in all not a very satisfactory restore process from NCS to an defaulted WLC ( meant to simulate to the customer what would be needed if they had to replace a controller due to hardware failure ).
View 1 Replies
View Related
Dec 13, 2011
I have been unable to get IPSec working between my WLC 5508 and a server 2008 NPS radius server. Any luck configuring this? I have opened tickets with both Microsoft and Cisco, but so far have not been able to configure it properly.
View 2 Replies
View Related
Jan 29, 2013
I'm trying to do configuration archiving in Prime Infrastructure 1.2 with a 5508 WLC (7.4).The job always fails (Admin -> Background Jobs) with the following error (see attachement):"SNMP: Failed to establish SNMP connection xxxx - Cause: Device is Unreachable. Check the ReadOnly community string." I double checked the SNMP credentials, they do match. For testing I also added a Public community just for the PI. Same result.Am I missing something?Is this not intended for Wireless Controllers?
View 5 Replies
View Related
Jan 8, 2013
I have WLC 5508 in my office and i am asked to backup file configuration from WLC but when i remote WLC to get the upload configuration file via tftp it doesn't work.
But when I try to use direct connection ( point to point ) with WLC and my laptop i can get the upload configuration file. is there something wrong, actually i have connected with that WLC i can ping and telnet that device
View 8 Replies
View Related
Feb 2, 2012
Any link that will give configuration examples of a wireles anchor config with one controller in a DMZ. I have tried this on my own and have some problems in my test enviorment. I believe my issues were with the firewall but not exactly sure.
View 4 Replies
View Related
Feb 14, 2013
I am trying to come up with a standard way to configure controllers for my field guys. I'd like to just have them paste in a config that has all the settings, like we use to be able to do on aIOS. I am not seeing away to break out of the wizard so that they can just paste in a config. Do you have to go through the wizard in order to get to a CLI ?
View 8 Replies
View Related
Jul 19, 2011
I have 2 Cisco 5508 Wireless LAN Controllers.They are NOT connected to a WCS.Is there a way to configure the 5508's to send email notifications when an AP drops off line?Is not is this functionality available with either a WCS or new NCS?
View 1 Replies
View Related
Dec 14, 2012
We have implemented VSS on Cisco 6504-E switches using the 10GE links on the Sup-720-10GE. Two Cisco WLC 5508 controllers are planned to be connected in a LAG configuration, (consisting of eight links per LAG bundle) to each of the 6504-E chassis( Total of four WLC, two for primary and two for secondary). WLC HA feature may be implemented on the primary and secondary WLC controllers using the 7.3 latest code release.
View 9 Replies
View Related
Aug 30, 2011
I've got a new 5508 wireless lan controller and can ping the ip address of the management interface, but can't access the GUI at the management interface's ip address. I can access the GUI on the service-port interface. No static routes in the controller; trunk appears to be set up correctly.
View 5 Replies
View Related