Cisco Wireless :: 6504-E VSS And WLC 5508 Integration Configuration Required

Dec 14, 2012

We have implemented VSS on Cisco 6504-E switches using the 10GE links on the Sup-720-10GE. Two Cisco WLC 5508 controllers are planned to be connected in a LAG configuration, (consisting of eight links per LAG bundle) to each of the  6504-E chassis( Total of four WLC, two for primary and two for secondary). WLC HA feature may be implemented on the primary and secondary WLC controllers using the 7.3 latest code release.

View 9 Replies


ADVERTISEMENT

Cisco Switching/Routing :: 6504-E VSS And WLC 5508 Integration?

Dec 14, 2012

We have implemented VSS on Cisco 6504-E switches using the 10GE links on the Sup-720-10GE. Two Cisco WLC 5508 controllers are planned to be connected in a LAG configuration, (consisting of eight links per LAG bundle) to each of the  6504-E chassis( Total of four WLC, two for the primary location and two for secondary location). WLC HA feature may be implemented on the primary and secondary WLC controllers using the 7.3 latest code release.
 
In this scenario, i would like to seek clarification on some of the design /configuration requirements  on the 6504E switches:
 
1. VLAN 100 - 200 is configured for the Active Primary 6504-E switch and VLAN 200-300 for the Standby 6504-E switch. The IP scopes for the VLAN are defined in the 172.16.x.x range on the Primary and 172.17.x.x on the secondary. As there no cross links(Multichassis LAG) from the WLC controllers to the 6504-E switches, is it better off implementing a single common VLAN range on a single subnet block for the VSS, which in the event of say Primary switch failure, the Wireless APs do not have to re-associate with a different IP range on the secondary? What is the best design practise in this case?
 
2. What is the best practise for implementing a single management loopback address for the VSS domain-  is this implemented using a port channel (Layer 3 MEC) as below?  and is the loopback IP address on a totally different IP range reference to point 1 above?
 
Can the VLAN IP ranges on the 6504-E VSS be assigned in two different subnets say 172.16/12(100-200) and 17.17/12(300-400) and  the common loopback (lo0) in 172.18.x.x/32 or is it better to have one common 172.16/12 subnet spanning the entire VLAN range (100-400). Cisco documentation describes creating port channels from the line card card physical ports as opposed to just creating lo0 and advertising this into the IGP.

int g1/x/1
desc VSS Management
channel-group mode 101 active
int gi2/x/1
channel-group mode 101 active
int po101
desc VSS Management
ip ad 172.18.x.x/32

View 2 Replies View Related

Cisco Application Networking :: 6504 - Virtual IP Configuration In ACE Module

Jun 3, 2012

I am in the process of configuring load balancing on ACE module but struggling to configure virtual IP address for ACE module. I'm working on ACE30 module and using software version A5 (1.2). ACE module is in slot of Catalyst 6504 switch.

View 5 Replies View Related

Cisco :: For RADIUS Integration Between WLC 5508 And MS NPS

Nov 3, 2012

We are trying to integrate Cisco WLC 5508 and Microsoft NPS 2008 to allow users to use their AD username and password to authenticate to the wireless network.I basically followed the following document but with no luck (Appendix B): URL I'v went through some threads in this forum but also with no luck,Basically, we are recieving the follwoing error in NPS event viewer:A RADIUS message was received from RADIUS client a.a.a.a with an invalid authenticator. This is typically caused by mismatched shared secrets. Verify the configuration of the shared secret for the RADIUS client in the Network Policy Server snap-in and the configuration of the network access server.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: 5508 And Active Directory Integration Using EAP?

May 24, 2011

I have just recently purchased a 5505 Controller and 30 3502i AP's. On my main corporate WLAN, I would like to allow users to be able to authenticate via Active Directory username and password.I am also looking for as little client side set up as possible. From what I have researched, I will need to use some type of EAP method.
 
I have come across two methods that appear to be the top contenders.
 
EAP-FAST - The method seems to be a possibility but I see that it uses certificates. If I use this method, does it mean that I would have to import the certificates to each machine manually? Also, can I configure thsi to work with just the 5508 Controller and an AD Database server or do I need an intermediary like IAS or ACS?
 
PEAP/GTC - This method is also a possibility and I think that it does not require certificates. Does this also require an intermediary like ACS or IAS.

View 3 Replies View Related

Cisco :: WLC 5508 Active Directory / LDAP Integration For Authentication?

May 18, 2011

I am deploying Redundant WLC 5508 with 4 VLANs and 4 SSIDs Match to it, Everything works Fine, now i need to do the below:
 
1. I need All Wireless Users need to authenticated with Existing Active Directory/LDAP

2. I will Create Guest Accounts in my AD , and pass to Guests, Then Guest should only Access Internet except Corporate Resources

2. How can i secure my Voice VLAN for Wireless Phones. I want only WIreless Phones to Connect to Voice VLAN.No internet Access on Voice VLan

View 4 Replies View Related

Cisco AAA/Identity/Nac :: 5508 ISE Integration With PEAP (Server Side Cert)

Oct 20, 2012

We are currently evaluating ISE and I am stuck with the PEAP authentication (with Server side Cert).Our current setup consists of two 5508 controllers, 30+ access point. For authentication we are using PEAP with (server side Cert). We have an IAS server which is also acting as a CA server. We are using Cisco’s NAM as a supplicant on Windows XP & 7 workstations. I would like to use ISE for authentication. I would like to use PEAP with Server side Cert (similar setup like IAS). I want ISE to perform the same function in addition to profiling etc.....
 
I was able to integrate ISE with Active Directory but could not get it working with PEAP (server side Cert). I would also like to know if they used Microsoft’s CA server or Open SSL CA server or a third party CA server (Go Daddy, VeriSign etc.)Can you we ISE as a CA server just the way we used Microsoft’s IAS Server as a CA Server?

View 8 Replies View Related

Cisco Wireless :: 5508 Mobility Service Engineer / WCS Required Or Not?

Feb 4, 2013

I have Cisco Wireless Lan Controller 5508 with 35 (3600 Series Access Points.  Do i need to purchase Mobility Service Engine for this or no need?  Do i need WCS server for this or no need?

View 1 Replies View Related

Cisco :: One UserID / Device Login Required On Wireless 5508

Jun 4, 2013

I am deploying Cisco 5508 with Cisco 1602 Access Points at one of my client's office. User authentication will be done through Microsoft IAS Server working as RADIUS Server. There is a requirement from my client is that the user over wireless can only be able to login to One device using its user ID. I want to inquire if this can be done through WLC or it can be restricted on the RADIUS server? Looking forward for comments.

View 4 Replies View Related

Cisco Wireless :: 5508 Client Stuck In DHCP Required State

Aug 31, 2011

User is connecting to 5508, running 7.0.116.0.  Previously worked on another AP.  TV (client) is set to use dhcp.  As other posts have mentioned, "DHCP Addr. Assignment" checkbox is not checked for this wlan, but I also switched it to Required for this wlan but it did not make any difference.  Seems to be a problem with just this client as many other clients are on this AP with no problems.
 
Users have to register their MAC to get on our wireless system, but there is no encyption or security enabled once the device has been registered. 

View 34 Replies View Related

Cisco Wireless :: AP 1142N-K9 Configuration Required

Feb 9, 2012

How can I have access to the cisco "AP#" prompt? When I try to acees the AP through hyperterminal, it gives me the attached messages. The message keeps looping and not letting me access the AP# command prompt to assign an IP address so that I can control it in mode HTTP.

View 2 Replies View Related

Cisco Wireless :: WLC 5508 - Separate DHCP Server Required To Get Option 43 Setup Properly?

May 7, 2012

I am using a WLC 5508 and its internal DHCP server. I cant find anywhere I can setup option 43. However, the access points are connected in just fine. Do I need to worry about setting up a seperate DHCP server to get option 43 setup properly?

View 7 Replies View Related

Cisco Wireless :: 1941W Basic Configuration Required

Apr 22, 2012

I am replacing a cisco linksys router with a 1941w.
 
I have the 0/0 accepting a DHCP from the ISP then I have 0/1 going to a switch and hosting a dhcp server.
 
Where I have an issue is:
 
A) Finding a way to turn on the wireless and make it use the same DHCP as wired and setting up a user name/wep password
 
B) Turning on the GUI that is supposed to be embedded on this.
 
C) Finding a way to make the DNS point to the default gateway so that I don't have to set the address everytime we move the box.
 
Here is my current configuration, and with it I can get onto the wired network and get to the internet.
 
Current configuration : 4712 bytes
!
! No configuration change since last restart
version 15.1
[Code]...

View 6 Replies View Related

Cisco Wireless :: WLC5508 Required For Outdoor Mesh Configuration?

Jan 3, 2012

I want to start implementing a small outdoor mesh network of 3 APs Aironet 1550 in order to grow afterward with more APs. Is there any way to configure those 3 APs in an outdoor mesh configuration (for example, only one RAP and two MAPs) without a Wireless LAN Controller or I have to have at least, one WLC? My idea is to have a WLC 5508, but at the very beginning I don't know if my budget is gonna allow me to cost the WLC.

View 7 Replies View Related

Cisco Wireless :: 1200 Connecting Access Point With Configuration Required

Apr 30, 2007

I have a cable broadband installed in my home i just bought cisco 1200 series access point...now how to configure my access point. I believe I have to plugged fastethernet cable coming out of my cable modem to access point after that? What I have to do ....do I have to configure the cable modem as wlel or not???

View 2 Replies View Related

Cisco Firewall :: Pix 515 Configuration Required

Oct 18, 2011

I am very confused on how I setup a Pix 515 that I just got to route traffic out a cable modem. First, let me give you a little details on my current network setup and what I am trying to accomplish with this Pix 515. Currently all my users go out the proxy for any internet access, however I have certain users that need to go out the cable modem instead of the proxy server. Below is an example of the current IP setup of a user A:The cable modem that we currently have has DHCP so I would need the external PIX address to accept a DHCP address. I also don't really understand what else I need to setup so if I have say four users hitting the cable modem through the pix how do I direct their web traffic to the correct computer (NAT ?),I will be plugging the PIX into a cisco switch that all ports are in VLAN 48 so hopefully a static internal address on the pix of 10.24.48.254 will keep me from having to do any routes since all traffic will be originating from the 10.24.48.0 network.

View 1 Replies View Related

Cisco Firewall :: Websense PIX 515 Configuration Required

Jun 6, 2012

We have purchased a new Websense 10000 Appliance and I'm not a hundred percent how to set this up. I see that URL Filtering is a possibility and WCCP, which way to move forward on implementing this?

View 4 Replies View Related

Cisco WAN :: 520 Basic Firewall Configuration With DMZ Required

Apr 19, 2011

I am trying to set up my Cisco 520 router with a firewall that will: Allow port 80 traffic to the vlan 20,Block all other incomming ports to vlan 20 (unless initalised from inside),Allow all outgoing ports on vlan 20,Block all access from vlan 20 to vlan 10 (unless initalised from vlan 10)

View 35 Replies View Related

Cisco Firewall :: ASA 5505 Configuration Required

Apr 29, 2013

I have a problem with the configuration of the ACL of my ASA 5505 router.However, the syntax seems okay,access-list 121 extended deny icmp 192.168.0.0 255.255.255.0 .

View 3 Replies View Related

Cisco WAN :: 2921 Router - Configuration Required As NAT / PAT Gateway

Jan 14, 2013

I have a Cisco 2921 Router,with 3 giga interfacesi have a leased line for the internet with a public ip address and i want to configure this router as NAT /PAT gateway, so that users in my network can ue the internet by the router,my wan interface is g0/0 - ip 122.xx.xx.xx lan is g 0/1 -- 192.168.1.1 /24 . i have tried doing nat once but i was not able to make the wan port up.using cisco CP when i test the interface it givves error and i dont get internet to my users.

View 10 Replies View Related

Cisco Firewall :: ASA 5510 Dual ISP Configuration Required

Jul 13, 2011

I have existing Sonic FW in my company we are moving from sonic FW to ASA 5510 Security plus lice. I have two ISP currently connected to sonic Firewall I am planning to implement Dual ISP configuration on ASA5510.

View 12 Replies View Related

Cisco WAN :: 2600 Sample Subnet Configuration Required

Sep 5, 2012

I have a /25 block of public ips from my ISP which I'd like to subnet into two /26  blocks. I have a Cisco 2600 with 2 ethernet ports in it. What are the commands I'd need to take my 200.180.200.0  255.255.255.128, gateway 200.180.200.1 and turn it into 200.180.200.0  255.255.255.192, gateway 200.180.200.1 and 200.180.200.64  255.255.255.192, gateway 200.180.200.65? One of the interfaces will be connected to the ISP & the other to a switch, and then we could access the two subnets through the switch.

View 6 Replies View Related

Cisco :: LMS4.1 SNMPV3 Configuration Template Required

Apr 6, 2013

Who can give me a SNMPv3 configuration template.I tried many times has been a problem

View 5 Replies View Related

Cisco Routers :: RV082 Dual WAN Configuration Required

Jun 12, 2012

RV082 configured for Dual WAN [Code]....

(2) identical DSL connections, configured as Static IP (not PPPoE) with modems in bridged mode. Static IP's are /25 subnet and same gateway  ** this may be a problem? Dual WAN set for Load Balance, network service detection is OFF
 
We have a 2003 terminal server running and successfully receiving connections through both WAN connections.  Depending on location, half the users are connecting to WAN1 IP and the other half to WAN2 IP.  We are getting sporadic disconnects of the remote users when they are idle for a couple minutes and automatic reconnection of the session takes over a minute.  If they close the (locked up) session and reconnect manually it will let them in right away. 
 
Could the handling of the Dual-WAN be the culprit?   Could the same gateway for both WAN's create this issue upstream (out of my control)?I am going to move everyone to connecting through WAN1 and then change to Smart Link Backup and see if the issues persist.
 
Another thought is to use a secondary IP on the terminal server and use Protocol Binding to match "All traffic" for IP1 to WAN1 and IP2 to WAN2, which theoretically would stabilize the situation?

View 36 Replies View Related

Cisco Routers :: SRP527w Static Routes Configuration Required

Feb 20, 2012

We have 2 sites with 2 internet connections at each site. All are SRP527w routers. 1 is for internet and 1 is for a site to site VPN as,Currently we are using Static Routes on the PC's so they can access each server no matter what site they are at. I have looked at using the Static Routes section on the SRP's but cannot get it to work.

View 2 Replies View Related

Cisco Firewall :: ASA 5520 SSL VPN LDAP Authentication Configuration Required

Oct 16, 2012

I've gotten to the point where I can test against active directory and get in, also I can get AD groups from my server on the ASA. My problem, I can't connect in via my AnyConnect client on my Android. I immediately get a "log in failed" and I know I'm using the right username/pass. Doing a little troubleshooting, I have attached my AnyConnect debug log and the results of the "debug ldap 255" command on the ASA. Also, I've used ldp.exe to determine I can connect in with the username/password combo I'm using.Combing through the AnyConnect logs I see a few instances of "global error unexpected" but no Google searches have brought up anything useful.

View 7 Replies View Related

Cisco Switching/Routing :: 4900M Management Configuration Required

Dec 8, 2011

I am just going to deploy some new 4900Ms for a customer. Want to know if configuring management for 4900 (everything like NTP, AAA, SNMP , DNS ) is doable through management interface in management VRF and there are no caveats to be aware of.

View 1 Replies View Related

Cisco Wireless :: WISM2 No Port-Channel On 6504-E?

Jan 18, 2013

I have just been setting up a WISM2 in a test lab and for some reason the Supervisor is not creating a port channel on my 6500 as suggested in the WISM2 Deployment Guide. WISM2 is installed in an appropriate slot (according to same doco) and have attempted reset to factory defaults, removing and power cycling several times.

View 1 Replies View Related

Cisco Switching/Routing :: Nexus 5000 Device Logging Configuration Required

Apr 7, 2013

This is regarding CISCO logging configuration.We palnned to implement enable logging on all the cisco nexus switchs.we are running HP arc sight in our DC this device monitor all the CISCO devices.We want to enable logging with this Arc sight device.Just I would like to know about config commands for Nexus device, what is the command to enable logs which is include "who is login & logout?, interface down information?,who was did conf t ? & every logs"

View 8 Replies View Related

Cisco Wireless :: Backup Configuration On WAP 5508?

Feb 5, 2013

how to backup a Cisco Wireless Access Point Controller 5508.

View 2 Replies View Related

Cisco :: Getting 5508 Wireless Controller Configuration

Sep 15, 2011

So we have a Cisco 5508 controller that is managing 15 AP's in one of our buildings.I am running 2 wlans, one is internal access via (wpa) radius, peap and domain login...that works well now
 
The other is a guest lan, that is only allowed to surf the web.
 
The question from our security group, is there a way to restrict wireless access to ONLY a corporate approved list of devices.
 
As it stands right now, we only support Blackberry's as our mobility device. All local data is encrypted. The issue here is our testing shows that with an Iphone (not approved) it is very easy to connect to the WPA network if a user knows how to enter in their domain credentials. From there they can browse our internal web servers and download corporate data to a non approved, non encrypted device such as the iphone.

View 1 Replies View Related

Cisco Wireless :: Cannot Upload Configuration On WLC 5508 Via Tftp

Jan 8, 2013

I have WLC 5508 in my office and i am asked to backup file configuration from WLC but when i remote WLC to get the upload configuration file via tftp it doesn't work.

But when I try to use direct connection ( point to point ) with WLC and my laptop i can get the upload configuration file. is there something wrong, actually i have connected with that WLC i can ping and telnet that device

View 8 Replies View Related

Cisco Wireless :: 5508 Anchor Configuration With One Controller In DMZ

Feb 2, 2012

Any link that will give configuration examples of a wireles anchor config with one controller in a DMZ. I have tried this on my own and have some problems in my test enviorment. I believe my issues were with the firewall but not exactly sure.

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved