I have found that there are only few configuration to the Cisco Aironet 600 OEAP. The settings are just for basic configuration for a wireless network when it is in autonomous mode.
A need for a Wireless LAN Controller to perform advance settings.
Also, there are no firmware available in Cisco. No upgrade/downgrade firmware avalaible for download.
Does the AP is able to configure 2 public ip address of the DMZ-WLCs?
like ip 1.1.1.1 in my US data center, whereas a second ip 2.2.2.2 in my EU data center?
We have cisco 5508 office extend in dmz running code 7.3.112. 1132 AP seems to register and authenticate fine but OEAP 600 series dont seem to authenticate. they seem to join the controller and download the SSID but just wont authenticate ? not even registering on the AAA server
View 9 Replies View RelatedHere's the list of equipments:
Pool of oeap 600 aps
1x 2504WLC as OEAP WLC (@DMZ)
1x ASA 5515
Scenario:
My OEAP WLC located at ASA - DMZ is NATted to a public ip (primary internet ISP), then my pool of OEAP-600 were configured to communicate with this OEAP WLC.
My question is:
I want to automate the failover of OEAP-600 (I don't know if this is possible) to the secondary internet ISP whenever the primary internet ISP fails. The secondary ISP is terminated on the same ASA 5515-X doing PBR and IP SLA stuff.
I know that OEAP 600 can only be pointed to one WLC ip address I know that the WLC can only be NATted to one public IP address.
What would be the best solution to perform the OEAP backup connectivity? Or just buy another set of WLC/ASA then just manually configure the OEAP-600 APs to point to the secondary ISP.
I have a customer looking to deploy OEAP & wants to know if it possible to disable the local ports 1-3? Reason being, they don't want the home user connecting devices & causing more support tickets to troubleshoot an Xbox or Google TV just b/c it's connected to a company provide AP/Switch. I have read all the docs & it makes no mention of this.... I can see in 7.2 the ability to disable the local SSID but no mention of the ability to shutdown ports 1-3..Also see support in 7.2 for Dual RLAN... but that still leaves 2 local ports.
View 5 Replies View RelatedI have some trouble with the setup of an oeap 600 ap. The ap has joined the controller as it should and the remote-lan connection to my corporate network works well, but i can't connect to the corporate wlan.
When i check the event log on the ap it says:
"
*Oct 02 07:36:56.662: (Re)Assoc-Req from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
*Oct 02 07:36:56.665: received assoc-rsp for wireless client, status=0011
*Oct 02 07:37:11.712: DisAssoc-Req/DeAUTH from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
*Oct 02 07:37:11.713: WTP Event: Delete Mobile sent to wlc00:1a:73:d2:82:8c"
and a debug on the controller gives me:
apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Adding mobile
on LWAPP AP ec:c8:82:c2:3a:20(0)
*apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Association received from mobile on AP ec:c8:82:c2:3a:20
*apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Sending Assoc Response to station on BSSID ec:c8:82:c2:3a:20 (s
tatus 17) ApVapId 1 Slot 0
[code]....
Possible to assign reslient WLCs to an OEAP 600?
The web GUI of the OEAP itself only has a single field to enter the address of a single controller.
But, I wonder if once the OEAP is talking to your WLC across the Internet, you can allocate HA settings to the OEAP so that it can fall back to a secondary WLC if your main WLC fails.
This is sort of hinted at in the docs I have read, but I have not been able to find it explicitly stated anywhere.
It would be nice to have 2 DMZ-based WLCs at two different data centres to allow remote users to have a fail-over solution, but I need to be sure that this is supported before implementing.
I have a TAC case open, but it doesn't seem to be making any progress.I upgraded my 5508 controller from 7.2.111.3 up to 7.4.100.0..Most of my APs are fine. 3500s, 1100s etc.except for 602i APs. The APs associate, they update software etc, but they won't broadcast the WLAN.An interesting thing, on the 602 AP, in the log, I see this:*Mar 06 15:08:12.667: SSID remote, WLAN Profile Name: RemoteOEAP, added to the slot[0], disabled..So the AP is definately talking to the WLC and being pushed the correct WLAN profile.On the controller, the AP shows the the Admin status of the radios is showing DOWN, but the Admin status on the AP itself shows UP
I've done a factory reset on the APs to no avail. I have a 2504 WLC as well that i'm in the process of implementing in a DMZ specificially for these APs, and for testing purposes, I associated the 602 Ap to that WLC as well. This one is running 7.4.100.0 too, same results. It would appear to be a problem with this version of software?
Only fifteen users are allowed to connect on the WLAN Controller WLANs provided on the 600 series at any one time. A sixteenth user cannot authenticate until one of the first clients de-authenticates or a timeout occurred on the controller. Note: This number is cumulative across the controller WLANs on the 600 series. For example, if two controller WLANs are configured and there are fifteen users on one of the WLANs, no users will be able to join the other WLAN on the 600 series at that time. This limit does not apply to the local private WLANs that the end user configures on the 600 series designed for personal use and clients connected on these private WLANs or on the wired ports do not affect these limits. This is from the Configuration Guide for teh 600 series Office Extend AP. Is this count per AP or total per WLC? If I have 10 APs deployed to our remote users, can each AP support two simultaneous users? Would I need to use separate WLANs for each OEAP?
View 8 Replies View RelatedI've got a strange problem here. In the office, my OEAP 600 can join WLC if there is no MAC authentication. When i enable MAC authentication at WLC, AP will fail to register. However, I try it at home and it works with both MAC authentication enable or disable. I suspect it is because of firewall in my office, but there shouldn't have any different in discovery and joining procedure for AP with MAC authentication enable or disable.
View 18 Replies View RelatedFlex 7500
Software Version: 7.2.103.0
I have a Flex 7500 with 200 1142AP's working fine in remote office and local setup. We have since purchased 3 OEAP 602's and looking to distribute to teleworkers.
I have configured the OEAP to point to the NAT'd IP of the WLC, the OEAP does connect and is listed briefly in the WLC wireless listing but I am not able to make any configuration changes, it will then dissassociate and try the join process all over again. I have attached below the OEAP 600 event log. I see that the WLC does not support data DTLS encryption and looking to make this work.
I have tried to install the DTLS license file from the Cisco website, but says license failed to install, with no other errors.
*Jun 18 15:18:43.938: Build version 7.0.112.72 (compiled Feb 3 2012 at 01:56:39, [L]).
*Jun 18 15:18:47.859: CAPWAP State: Init.
*Jun 18 15:18:47.860: CAPWAP State: Discovery.
[Code]....
I have established dual-rlans on different segments.I have a 2960g switch. I created vl2 (management) and vl3 (data).I connected rlan1 (port4) to vl2 and rlan2 (port3) to vl3.My laptop receives a dhcp address on vl3 and the switch (in dhcp mode) receives it's proper address on vl2.Unfortunately a MAC is assigned to each vl and to the management interface. Thats 3 out of the 2 sets of 4.
So a managed switch is NOT the desired device to have on the back side of an OEAP600.In any case doing a show mac address-table revealed that all the vl2 MAC addresses were duplicated on vl3.To the tune of 216 addresses. 108 in each vlan. Which is a close match to the current host counts for each segment 98 + 18.Obviously this application is not what was envisioned by the OEAP team during work-up.The goal of 4 host devices on the rlan is proving difficult to achieve.The client wants 2 pc's and 2 digi-port servers.
Is there any limitations of network size for an interface in a WLC 5508? Any recomendations of netmask size? Maximum /24, maximun /21?
View 5 Replies View Relatedwith FW 7.4.100.0 a 2500 controller works as anchor controller, now.I have 3 questions.
1) What are the limitations? 15 EoIP tunnel, Clients? something else?
2) Have Cisco a compatibility matrix about Anchor - Foreign Firmware? (Example works 7.4.100.0 anchor with 7.0.x.x foreign?)
3) A controller works only as anchor. A controller version with lowest AP licence is needed. Right?
I have two 5508 and a few hundred 1142 in our internal net. Now I bought some OEAP 600 to do tests in some small branch offices, but I would like to enable AP policies with MAC filtering to block that anyone else can connect an OEAP through our firewall. If I enable 'Accept Self Signed Certificates (SSC)' and 'Authorize MIC APs against auth-list or AAA' as suggested in Cisco document 'Aironet 600 Series OfficeExtend Access Point Configuration Guide', will that effect only my OEAP 600 or will I have to also include the MAc addresses of my internal 1142?
View 2 Replies View RelatedJust installed the E3200 and use to have a WRT54G. Wanted the N Band.Noticed two major deficiencies.
1) this device does not have Internet Access Policy option and the Parental Control interface is unbelievably poor?There are very few options to work with in terms of time of day to turn on and off blocking access. (Half hour increments only, not 5 minutes increments that I was use to). The "FROM" Field has AM only and the "TO" filed has PM only. This means if you wish a device to have access pass Midnight, you can't, or if you wish to block beginning in the AM, you can't. Furthermore there are no day selections, just School Night and Weekend Night. What if you just want to block school Night. You can't "turn off" weekend. Is there a way to gett full Internet Access firmware into this device.
2) When using Parental Control the devices to restrict access are only displayed by default names. I have 8 devices on the LAN and half of them say Network Device. Any way to identify them by a device name or MAC ID?
I have a Fiber to Ethernet connector from my ISP. The Ethernet cable goes to an iSP issued Zyxel router. Into this router the landline phoneservice connects to give us VoIP landline service (which is cheaper). An Ethernet cable goes from the Internet port on the E4200 to a LAN port on the Zyxel router. That works great but I had to put the E4200 into Bridge Mode to get it to connect to the Internet via the Zyxel router which I need to use the phone services my ISP provides. I bought the E4200 because I wanted to use the dualband functionally and get a 802.11N 5GHz network setup and to give me the ability to block certian websites and services which I knew Cisco/Linksys is famous for - the abillity to control your network.
Well then imagine my surprise when I could not use the Parental Control settings when the router is in Bridge Mode... This was the reason I bought this router over an Apple Airport Exreme. Is there anyway to get it to let me use the Parental Control anyway while in Bridge Mode or a better way for me to connect the router with the rest of my network?
We have the following architecture for Internet access:
LAN ---- CISCO-CHASSIS----FIREWALL-----INTERNET
My concern is about PAT, for LAN users Internet access: I would like that PAT is performed by Cisco chassis(in my case, a C4500), not by firewall (which means: local IP addresses for flows from LAN to Internet are all natted with the same public IP address).Are there some drawbacks to this design? I guess there is no problem for classical flows, but what about flows with specific comportment (such as FTP) on Cisco routers?
I'm currently running 8.3(2) on my 5520s in an active/standby config. The 5520s have the 2GB RAM upgrade and 256MB flash card. Are there any CPU limitations in going to 8.4? I read the release notes but didn't seen anything about CPU. I heard through the grapevine that a 64-bit processor may be needed. We currently have the Pentium 4 Celeron 2000 MHz CPU.
View 1 Replies View RelatedI'm trying to use a 5520 to test something but the bandwidth seems pretty low for the product I'm testing over it. Can anyone tell me if there is a bandwidth limitation by default? I'm seeing 1.5mb/s average with spikes to 6mb/s or so. On the ASA5550 I was seeing usage up to 80mb/s.
View 5 Replies View RelatedWhat is the throughput of a 7246 UBR? I have 2 in service and it appears I can only get a maximum of 40Meg .
I am using MC16C card and NPE225 engines each card has approx. 700 customers on it.
If we upgrade to a 7246vxr with NPEG1 and MC28U.
I am experimenting with a Cisco 871 router. The router has 4 LAN ports and 1WAN port.What are the limitations wrt to the LAN ports when it comes to routing. Is the WAN port the only port that supports routing?
View 5 Replies View RelatedI've setup a Cisco Secure ACS server 5.1 in VMware ESXi everything seems to be working fine, however under the options for Policy Elements > Authorization and Permissions > Device Administration > Command Sets there is a command called "DenyAllCommands" that was there when i first installed the ACS. Is there any way to remove this? When I try to remove it i get an error that thats it can't be removed or modified. I'm writing a report on the Cisco ACS for university, if this is a limitation of the evaluation licence I will need to reference it. If this is a limitation and provide a link to a cisco page that confirms this.
View 2 Replies View Relatedwe have a RV082 and have the DMZ option enable for a range of IPs within the same subnet of WAN IP and this works great. I have another range of Public IPs from our ISP that is not in the same subnet of the WAN IP and do not see a way on the RV082 to include this 2nd bank of Public IPs in the DMZ. Our ISP internet feed plugs into the RV082 WAN port and we have a switch pulgged into the DMZ port of the RV082 that is used to connect the public devices in the current DMZ. Both banks of Public IPs from our ISP come over via the ISP internet feed plugged into the WAN Port. My question is, if I cannot configure a DMZ rule to allow this 2nd range of Public IPs to "travel" to the RV082 DMZ port.
View 0 Replies View RelatedWe are looking into replacing our current Windows NLB configuration with a SLB solution as NLB creates some nasty multicast traffic.
We are currently curious about the limitations for running SLB without a dedicated ACE Module, will it handle line-rate speed (1 and 10 gbit) with SLB?
Does VSS introduce any limitations for SLB? Any other pitfalls/limitations we should be aware of?
Hardware info: 2x WS-C6509-E in VSS with VS-S720-10G (VS-F6K-PFC3C) running s72033-ipservicesk9_wan-mz.122-33.SXI7
What are the limitations of Net flow v9 support on the 7600 platform for the SR code releases?
I know that Flexible Net flow is only available on newer releases with some newer hardware. Flexible Net flow gives you the ability to provide full support for Netflow v9 as well as IPFIX.
However, the documentation indicates that Net flow v9 is still supported in the SR code. So I am just trying to find out what are the limitations in how Net flow v9 is implemented without "Flexible Net flow". The Cisco TAC was unable to provide me any documentation about this.
on ACSv5.2...are there any limitations on the number of users that can be imported via CSV file...i.e. will the ACS handle 250,000 internal users for example?
View 1 Replies View RelatedI have a ASA5505 that i have running asdm 6.4 on it and have tried setting up some DHCP scopes for the interfaces.I have the security plus key.I set up 4 interfaces all with different subnets and all with different DHCP being doled out by the firewall for the time being.Anyway, 3 of the 4 work.I have tried to change interfaces wondering if there was an issue with that phy device.I tried enableing the subnet that would not work first and it didnt matter still would not issue dhcp.the other 3 work fine.Is there a limitation to the amount of scopes that will issue dhcp for an asa5505 ?
View 3 Replies View RelatedOur company is planning to buy one of cisco ASA 55xx series.But there is still one question left about DHCP pool limitations.Here I found some information about licensing for DHCP on ASA 5505: [URL]In other words, we don't have any information about ASA 5510, which contains DCHP pool licensing.
View 9 Replies View RelatedI wanted to find out how many times can I apply a healthcheck in a single context. I have 50 farms that are using the same port and instead of creating 50 different healthchecks, I want to just create 1 healthcheck for the 50 farms and apply it to each farm. I also need to know if the same limitations (whatever they may be) is the same for the 4710, ACE20 and ACE30.
View 1 Replies View RelatedI came across this site. I wanted to produce a better incoming ACL at home and work to prevent known bad sites
Here is their list of the Top 10 Global Spammers is out. The biggest surprise on the list is Korea, as it takes over the number one global spammer spot from China. With the improved high speed internet infrastructure in Korea and ease of network access, who knew Korea would be on the rise.
Here is the complete Global Spanner Top Ten List for the first quarter
[URL]
Korea
China
India
Russia
Turkey
Viet Nam
Ukraine
Brazil
Venezuela
Pakistan
When I sort the list, it is over 16k lines of ACL!
My question relates to what performance limits I would find.
Can I actually put that many lines in an ACL?
Will the router choke and do any other work
I have attached the sorted ACL list for you to review
Any of the following router lines will accept a list that large and still run acceptably?
2811
2911
3925
2945
I recently got a Static IP from my service provider, I'm working from home & configured a FTP server in my PC.
I have to transfer huge files say around 40 GB of data as I'm a Multimedia professional. I was using my web server, before for file transfers but there are lot of limitations to huge transfers.
My client, who is downloading using my Local Server says, it takes 3 mins to download a 9 Mb file, which took 17 sec before, when it was done with the webserver.
Does this have anything to do with my Internet connection speed as my speed is 1 - 2 Mbps. If not is there a possibility to increase my transfer speed ?
So, using a standard off the shelf UNMANAGED gigabit switch (just a cheapie), I have a scenario that I need to know about before I go and buy a whole lot of equipment.Ok so let's start off and say it's a perfect world and the workstations connect at a full 100 Mb/s and the server connects at 1000 Mb/s.So I'm looking at having say, four or five workstations connected to the gigabit switch (at 100Mb/s) and also a gigabit connection from the switch to the server. In this scenario, taking into account everything I've said above, would each of the workstations get a full 100 Mb/s to the server, or would everything be limited to 100 Mb/s total? I could see potential for the server to only talk to one of the workstations at a time and only at 100 Mb/s, but hopefully all four could communicate to the server simultaneously.
View 3 Replies View Related
