Cisco Wireless :: 5008 Company Redesign - WLC Implementation
Sep 16, 2012
Nowadays my Company works with autonomous APs (AP1142 most of them.We have a WLC 5008 and I am working on the implementation project... So far so good.BUT, I have just realized that the Company didnt buy a second WLC (this project started 1 year ago and I wasnt an employee here yet...).If I transform all autonomous APs we have (around 25, locally and some of them remotes)... And then If I have a HW problem with our single WLC... those APs will continue working ?
I have a WLC 5008 running with 40 AIR-LAP1042N-E-K9 and country code BE (Belgium) configured.I also have some AIR-AP1142N-C-K9 which I converted to CAPWAP OS.Unfortunattely only 1 of the 2 radio interfaces is working because of regulatory reasons.(the AP's are -C models which stands for China - although they were bought in Belgium too).I tried to activate the country codes for BE and China, but the WLC won't accept both.Is there a way to get the 2nd radio interface working ?
Can I use the access point 1242 to do clients location using WLC 5008, NCS 1.1 and MSE3310?On this moment I doesn´t need of CleanAir features. I want just to do location for clients and rogue aps.
i wanted to know if i could setup a netgear wireless router to my ethernet cable that is coming out of the wall. is it as easy as plugging the cable coming out of the wall into the internet port on the router?
We have 25 remote sites that use MPLS back to the company HQ that has one connection to the internet.Also at the HQ we have a seperate ISP connection.The remote sites and HQ have AP's which provide internal company access. We would like to have a seperate Guest WLAN at these remote sites to provide access to the ISP connection at the HQ's. Do we need to have an anchor controller? From documentation I have been reading it looks like anchor controllers are mostly used for networks that have a single connection to the internet and they use the FW to control/ secure the guest and company network from each other. Is there a differnt way of seperating the guest wireless and company wireless network securely from each other but use the same WLC's and AP's??
I have just moved and my ISP is the same ( Comcast) but I'm in a different region of the country. The former service (modem) was a cisco (1 port) that I connected my EA 2700 Cisco router to and it worked like a charm. My IP phones came right up as well. Now I have an modem/router combo (provided by my ISP) and when ever I attempt to connect to my VPN it will give me an error and not connect. I was told by my ISP that I could bridge the router and try that way.Do I need to set up all over again? or have the settings remained. Also I am unable to access my router with admin/password. How do I reset the password?
I have a problem in understanding how LLQ is implemented in different platforms of Cisco.QoS should kick in only when there is a congestion in the link irrespective of queueing / scheduling (LLQ and CBWFQ).But in certain platforms like GSR and IOS-XR, LLQ is confiugred only with priority and police command not with "prioirity percent <value>" command. In priority and police command since policer is used, LLQ is always on even there is no period of congestion. Of course with police you can re-mark the exceed traffic to different marking but thats not the requirement in my case.
In platforms like 7206, LLQ is configured with "prioirty percent <value>" which works ideally only when there is a period of congestion. When there is no congestion, LLQ class can use scanvenge other classes as well.Would like to know is there any specific reason why there is a difference in the implentation of LLQ between different platforms of Cisco.
Just a few questions. We are looking to deploying Cisco ASA 5545 into a network. I have a couple of issues with designing the network correctly.
We need to be able to scale out to more hosts than a single VLAN, we would also be considering adding 4948E switch behind the ASA and potentially a stack in front.
The problems are:
1) If we have an outside stack of public 4948E (so we can connect some hosts outside the firewall, such as additional ASA's running in NAT mode) for VPN. Is this a reliable, recommended configuration? The reason being we need to have the ability to add other seperate ASA protected networks that we don't want going through the 5545 as it's going to quickly run it out of capacity. If I have the L3 switch stack in front I'm guessing we would have a small subnet to link upstream and then sub-subnetwork into two blocks, one on the inside interface and one on the L3 switch for the other hosts? Or would it be better to let the upstream provider do this, and then just get them to provide us with two smaller subnets rather than one big one? As below if we do L3 stack ourselves we would need to small subnets, one to communicate with upstream and one to link ASA subnets. This seems like a waste of IP's. I was wondering if I could use Internal IP space on the L3 > ASA link, but I thought that could be an issue for BOGONS list.
2) If I want to extend the inside network (Cisco ASA would not run NAT, just public IP's on the inside, routed to the outside interface of the ASA) there are two ways. Use the ASA to create subinterfaces/VLANs (but that would be routed via the ASA - may be a performance hit?) or use a L3 switch behind the ASA. How does one accomplish running L3 switch behind ASA properly?
I would like to have implementation of two ASA 5520 (in failover). Architecture Context
-The ASA are used as VPN concentrator only.In a first time ASA will be in charge to take in charge VPN IPSec Host-to-LAN connexion (with the IPSec VPN client) and I think VPN SSL anyconnect client will be setup in a near futur.
-We must define two categories of users (student and researcher), for each one we want define : + An IP address pool + ACL + Split Tunneling (only LAN traffic will go in the VPN tunnel)
-The ASA will perform authentification via RADIUS server (the radius server is linked with a LDAP server) + In the RADIUS server we want define the category of user (each one user is a student or a researcher)
-The VPN clients use the internal DNS to request LAN ressources.
-A timeout of the VPN if no traffic during 60 minutes
-The VPN user perform authentification with PSK (no certificate)
the RADIUS server software is IETF compatible (url...)The architecture is the following :
-One internet connexion -A corporate firewall with 3 DMZ : + 1 DMZ Public ; which is connected the ASA "outside" interface (encrypted traffic) + 1 DMZ Private ; which is connected the ASA "inside" interface (uncrypted traffic) + 1 DMZ LAN ; there is some VLANs routed by 6500 routers. -On the LAN there is the radius servers -On the corporate firewall : +The https and ipsec will be opened between the internet and the ASA +The RADIUS traffic between ASA and the radius servers and the traffic between the pool VPN users and the LAN.
I recently changed webhosting partners for my company's website. With the Change I can view my company's website from inside the LAN but can outside of the LAN.
I need implementation of the AirCap 3602i wireless access points. Is there a way to manually configure a AirCap 3602i to function without a WAN controller?, I have an older 4402 WAN controller that will upgrade to 7.0.235 firmware, since the AIrCap 3602i requires 7.2.X firmware, is there a workaround for this.
I have a network with four 6509s in a ring with 10Gb links. Two adjacent switches are at the home office, the other two at the DR site. The switches at each location are physically similar to each other with respect to what blades are in them. We went through an upgrade from SUP-720's to VS-SUP-720's recently, only at the DR site - basically a practice, with the home office conversion hopefully taking place next weekend.
We initially just brought up the two chassis separately, in non-VSS formation (stand-alone). So far, so good - everything was connected, all traffic was passiing, all links were up, everything was reachable: EVERYTHING worked. Then we made the conversion: step-by-step from the cisco.com page; create a virtual domain, make one switch switch 1, the other switch 2, create differently numbered port-channels on each 6509, add the SUP 10Gb links to the port-channel, do the conversion.
Here's where the trouble started. First of all, the two 10Gb links back to home office created a spanning-tree loop and we had to shut down one of the links. (Is there something that needs to be configured on those links to turn spanning tree on? Does VSS conversion turn stp off?) Secondly, though it worked while in stand-alone mode, the copper blade in the standby 6509 stopped passing traffic - it would take config, the links would come up, but you could not ping across those links. Interestingly enough, there was an access switch with links to each of the copper blades, and having them both up also caused a spanning-tree loop. adding a new port-channel and putting both links in it did nothing to alleviate the loop. This leads me to believe that stp is not working properly. I reiterate, that even though the loop occurred, nothing else plugged into that blade was pingable.
Unfortunately I didn't discover any configuration switches concerning an IPv6 firewall! So the important question is: Is there any firewall implemented at all? And if so, does it confirm to RFC6092.
I am running a smaller hosting company and i am currently looking at a Cat6506 switch with a SUP720 Supervisor Engine. I have also been looking at a Cat6509 with a SUP2-GE Supervisor Engine. At the moment i am getting my connection from a ISP but i am going to get my own BGP AS now.. My question is just, how much will the SUP720 be able to route, and how many routes will i need to get it to route my packets in and out of my AS? I have seen that the full BGP table is over 400,000 and the SUP720 is only capable of 256,000, but do i really need the full table? I
major differences between the SUP720 and SUP2-GE Supervisor Engines?
I have a ASA 5505 that I have been using to test run the IPSec VPN connection after studying the different configs and running through the ASDM I keep getting the same issue that I can't receive any traffic.
The company LAN is on a 10.8.0.0 255.255.0.0 network, I have placed the VPN clients in 192.168.10.0 255.255.255.0 network, the 192 clients can't talk to the 10.8 network.
On the Cisco VPN client I can see lots of sent packets but none received.
I think it could be to do with the NAT but from the examples I have seen I believe it should work.
I have attached the complete running-config, as I could well have missed something.
FWBKH(config)# show running-config : Saved : ASA Version 8.2(2)
however recently when i check my internet usage log on my wireless company (Rogers) the usage is totally off from what my bandwidth tracker shows me. So i decide to turn off my wifi and see what happens, there has always been this weird wifi connection appearing whenever my wifi appears, then afterwards when i turn off my wifi the suspicious wifi connections disappear. is this possible that someone is using our wifi? i might just be overreacting but it has brought me to concern that if the usage continues my family will have to end up paying over $30 for extra internet use. it is very frustrating me because when i check my DHCP client table it only shows 3 connection, ethernet - my desktop which is not turned on, 2 wireless connection - my laptop and my sister's laptop.
Just wanted to get a few answers in regards to VLAN implementation (thinking about doing this for a large network)...VLAN's always sound good on paper, but how hard/easy are they to implement to a live and running network?
1.) Have successfully implemented VLAN's into a production environment (e.g. placed servers, production, printers, etc. on separate VLAN's)?
2.) How much of a pain is it to do this? If you are on a 192.168.1.x subnet, do you have to re-IP all of your printers, switches, etc. This sounds like a lot of work – especially since re-IP’ing domain controllers is a royal pain.
3.) Have you seen much of a performance increase when implementing VLAN’s (i.e. chatty protocols and broadcasts?)
I'm planning to separate voice and data traffic with two vlans. I have a COR switch catalyst 3750, a UC560 for VOIP with SIP trunk and SGE2000P as access switches. The thing is i had configured VLAN1 (data vlan) and VLAN8 (voice vlan), i've created the vlan 8 in the database on 3750 and let pass those vlans through a TRUNK port. In the SGE2000P configuration i've created the VLAN8 and the the ports as trunk for letting pass the two vlans for the PC and the IP phone. This works but some phones aren't registering, and for example i've unplugged a register phone and plug and doesn't registering anymore.
I'm looking to try and implement ipv6 HSRP on a series of IOS-XR Routers running 4.2.1 following on from successfully setting up IPv6 HSRP on a few cat6509s on VLAN Interfaces in other parts of the network. I have entered the "router hsrp" configuration menu and gone into the interface in question that I'm looking to setup with IPv6 HSRP. Unfortunately, there version 2 or address-family ipv6 commands are not available.
We are going to be expanding our Shoretel phone system in our HQ and I need to get QoS configured correctly. All of our offices are connected via MPLS and I need to make sure that we are sending QoS tagged traffic to our provider. The phones are tagged by the director, but there is other traffic for call control that needs to be tagged. I don't have access to our CPE router as it is managed by Sprint. The Sprint router is connected to our internal network. We have our data network running on (4) 3750x switches running 12.2(55) with IP feature set.
The problem is that many of these commands don't work on the 3750 (priority, bandwidth, match protocol, etc...) and the configuration assumes you are applying this to an outbound queue which is not supported on the 3750. I think I have to do this with policing, but I'm not sure what interfaces need to have this applied.
I am planning an implementation of VSS on our two 6509 switches, and would like some feedback on things to look out for, and any issues encountered by others that have done this already.
We have the 10Gig port installed on the Management blades, but not configured yet.
Main questions would be:
1: What kind of "down time" am I looking at for the migration? (Reboots, configuration reloads, etc.)
2: I will be saving the configurations on both devices before-hand, but how does the VSS migration "merge" the configurations of both devices?
3: L2 VLANS - we have some on one switch, others on the second switch. Will these be combined, or would this be a manual process?
Any other things of note that I should know about before planning this migration?
By default SBS 2011 places a shortcut on the desktop to companyweb and adds shortcut in the start menu under Windows SBS to companyweb as well.
I found the instructions to edit out the xlm file for SBS 2008 to prevent this from happening but that does not work with SBS 2011 as I do not see those settings.
I did also find the login script for SBS 2008 settings to remove those after the fact all of the time and that is easy enough to change to make it work with SBS 2011; but I would much rather just prevent the shortcuts from being placed in the first place.
- Second question is about EIGRP, when I configure EIGRP on the main switch that is AVG with the following commands, will I also have to run the same commands on the second 4948 E too?
I need to implement LACP HP servers mostly DL 380 g7 with Intel based dual port with two types of Cisco equipment first scenario server connected to 3750x stack of 4 switch's .second scenario same server type connected to two Cisco Nexsus 5596 . My question regarding two type of connection.Is it possible to do active active ?Would it give fault tolerance ?With HP LACP implementation is there known issue or should i expect latency with such configuration?What is the maximal lag- channel group that is possible per type?
I need to use the company laptop to connect to home broadband. However, when it is connected, it shows "no or limited connectivity".All the other laptops/computer at home can connect without any problem.When I try to use my iPhone as hotspot. My company laptop can connect and browse websites (but extremely slow because is 3g speed).
I'm no network security expert but have been asked to "investigate" someone who has been connecting their personal laptop to the company network and using our internet to do "questionable" activities.
Basically I have this information taken from our domain controller's logs:
- DHCP address that was leased to the laptop at the time of the "infractions".
- Computer name of the laptop.
- Precise date and time of when this person was connected to our network.
Based on the DCHP address, I can somewhat narrow it down to a few different switches at different locations in the building, but there's no way to pinpoint it exactly. If I can figure out which switch they connected to, I would know who did it.
our company backbone is hp 5406, and desktop switches are hp 2510 currently we are working with ipv4.if we want to start use IPV6 for test environment, what’s things we need to enable in our backbone/regular switches.i mean for example if we want to set static IPV6 address for 2 servers and send ping between them, or even make new vlan with IVP6 subnet, and use it like regular vlan but with static ip's(until we got ipv6 dhcp).i have hp 5406 manual for IPV6 but i can't understand what i really need to do for start using IPV6.
I am getting crazy with our Cisco Linksys RV016. It handles 3 simultaneous connections to the internet using 3 ISP. All our company goes to the internet using this cisco linksys RV016, our corporate switches are connected as clients to the router. Sometime ago, this router started to drop POP3 connections to our network, when this problems is present, all users get Receiving' reported error (0x80042108) in Outlook 2007-2010. Currently i have setup POP3 service to use the First ISP connection, but when this problem is present, the only way to eventually resolve it is to switch the link POP3 Service from the First to the Third ISP, sometimes it works immediately, sometimes don't. We are using this router since 2007 but this problems started to arise from this month.
Our switch is the latest firmware available is Cisco website, this is the Firmware Version: 3.0.2.01-tm.