Basic configuration of 4402 WLC
I have a WLC4402 attached to the trunk switch port 2950. The switch has 3 VLAN, 300, 400 and 500. Management and AP interfaces are marked on 500. I use a router 2600 on a stick that is also connected to the 2950 through another trunk. The AP Manager and IP address management are 172.16.20.1 and 172.16.20.2. The VLAN switch 2 have an IP subnet 10.10.10.0/24 and 10.10.11.0/24. I can ping to the management interface a PC on each VLAN without problem. As soon as I create a dynamic interface that is mapped to an IP to the VLAN 300 or 400, pings stop, unless I tag dynamic interfaces with 500 VLAN! I suspect it has to do with the VLAN native on the trunk but can't figure out how to get the dynamic interfaces for work.
You want to keep vlan 500. If you then leave without tag your management will be the vlan 1 is not recommended. When you configure the switch (trunk) port to vlan native 500, that means that andy untagged frames will be put on the vlan 500. The interfaces that you create must be referenced...
Configure the interface of management to '0' first of all, then set up the trunk with vlan native 500. then go back and set up the PA - manager without label '0 '.
Tags: Cisco Wireless
Similar Questions
-
question about configuration transfer 4402 WLC
Hello world
I am thinking to replace an AIR-WLC4402-25-K9, which runs on the code 4.2.61.0 with an AIR-WLC4402-50-K9 running on 7.0.116.0. Can I back up the configuration of the AIR-WLC4402-25-K9 and restore it on AIR-WLC4402-50-K9? Otherwise, what is the best way to set up the AIR-WLC4402-50-K9? What I have to set it up from scratch?
Thanks for any input.
Robert
Hello
Nope! many new features is different in the code! the best way is to upgrade the WLC 4.2 to atleast 5.2 and more... coz the format of config backup is completely different in the two entities...
Let me know if that answers your question and please do not forget to note the useful messages!
Concerning
Surendra
-
Basic configuration of TFS 2012 fails on the data layer.
Hello
I have a new installation of sql server 2014 and has the last update 7 on it.
Installed TFS 2012 update 4 and I tried the basic configuration to help start Wizard.
I am getting...
"TF255146: Team foundation server requires SQL server 2008 Rs (10.50.1600) or higher." The SQL server instance xxxxxxx you provided is the version 12.0.2495.0.
I couldn't find much online research help. Any ideas how to solve this problem?
Thank you
Vinciane
This issue is beyond the scope of this site and must be placed on Technet or MSDN -
Aironet 1600 I have the Basic Configuration
Hello, someone to share the basic configuration to a SSID and security with WPA with the phrase password not numers
Because I have a problem, I can only see the SSID if I put on the guest mode.
Excellent. You can disable the 2.4 Ghz on the AP all together.
If you think that I helped it would be great if you could evaluate and score the answer.
-
What are the basic element of basic configuration of an oracle database?
What are the basic element of basic configuration of an oracle database?It consists of
one or more data files.
one or more files of control.
two or more redo log files.
The database contains
multiple users/schemas
one or more rollback segments
one or more storage space
Data dictionary tables
User objects (table, index, views etc.,)
The server who access the database consists of
SGA (dictionary database Cache buffers, a Redo buffers of the newspaper, shared pool SQL buffer)
SMON (System MONito)
PMON (Process MONitor)
LGWR (LoG Write)
DBWR (data writing)
ARCH (archive)
CKPT (Check Point)
RECO
Dispatcher
Associate the user with PGS process -
Hi all
We have 3 WLC 4402 all with identical config and we use Lobby Admin to create guest accounts.
Problem with this is that the guest account must be created on 3 WLC.
I installation WCS and want to know how to extract the 3 existing wlc and their config in the WCS.
Can the admin of lobbay can create accounts on the WCS and grow them into all wlc
Hi RR,.
>I install WCS and want to know how to extract the 3 existing wlc and their config in the WCS.
It's pretty easy. You must add a new controller via the configuration-> page controllers. The option 'Add the new controller' is in the drop-down list at the top right of the screen. You can use a list separated by commas of IP addresses to add all three at the same time. WCS audit of the controller software and get to the bottom of the config.
>Also can the admin Hall can create accounts on the WCS and grow them into all wlc
I have not used the account Admin Hall (it is not really appropriate in the office where I work), but I know that you can create a guest account in the controller model launch pad. It is under Security in the sidebar. This model can then be applied to all three WLCs at the same time, that will simplify things. I guess you would need to make sure that your Hall administrator can access this particular part of the WCS.
Hope that helps.
-Jason
-
4402 wlc move from 4.1.171 to 4.2.130
It is my first upgrade of wlc. I have 2 4402 s with 12 AP1242s lwaps divided between two controllers. What is the best practice in upgrading wireless LAN controllers? Here I have a controller powered off while I upgrade to another or keep both during the upgrade process?
Thanks in advance.
I don't think that it really matters if 1 or both are on the upgrade. Cisco recommends that all radio is disabled before the upgrade... it is an interruption scheduled wireless! I advise you to read this guide for that: -.
http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00805f381f.shtml
HTH >
-
Hi guys,.
I am trying to upgrade the software for my WLC 4402, but it keeps saying "Failure" while storing Flash, the only way to upgrade this box is using TFTP, so I changed to a new tftp server (tftpd32 it can handle files larger than 32 MB), the new software is AIR-WLC4400-K9-4-2-176-0.aes (39 MB).
It seems that the WLC have no more room for another file, and I want to delete the old software to install a new, could someone point me in the right direction?
Help, please!
Thanks in advance
Hello
What is the version of the software of the WLC? I mean, from what version of what version are we trying to upgrade?
What is the result after using tftpd32?
TFTPd32 is a very handy tool and prefer to use when we use the file that is larger than 32 MB
The lower needs can help you...
I would like to know how it works for you.
Concerning
Surendra
-
Hello
I have 2100 wlan controller and wlapp ap connected to switch (catalyst 3560).
When I configure the controller with base configurations, I can't access the webmode more with the ip management interface.
can you help me please.
BR
Yamani
Hey James,.
The command "Display summary network" on the WLC cli and check if the WEBMODE is enabled... If not, then run the command...
'activate the network webmode config' and try to access the GUI... If we activated the Webmode and assigned still can not access, then find the IP address in double...
Concerning
Surendra
-
Regarding the file of configuration on the WLC
Hi all
I would like to replace an AIR-WLC4402-25-K9 with AIR-WLC4402-50-K9 because of the amount of AP problem. The two controllers are running on the same version of the software 4.2.61.0. Just out of curiosity, can I just backup the old configuration and download to the new controller? I guess it should work. Correct me if I'm wrong.
Any input will be appreciated.
Robert
Robert,
It should work, because the difference between them is at a level of asic and not a config. As long as you don't have two of them on the wire at the same time there should be no problem.
Alternatively, you can shoot the show running-config to the WLC-25 and then download that the WLC-50 in the config > mode
See you soon,.
Steve--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
-
Hello
I have some experience with sensors but this is my first time setting up a C6500 with JOINT-2, and I have a few questions of design. The first question is this: can I mix the VACL and large-scale use to capture traffic in the same configuration?
Customer actually uses VACL to capture traffic of some machines, but he wants now to monitor all traffic from and external partner via a VPN concentrator, so I guess in this case I should use SPAN to monitor VPN port: I'm wrong?
The config that the customer is more or less the following:
detection of intrusion data 1-port module 1 module 1-port data 1 intrusion detection capture captures allowed - vlan 1 intrusion detection module 1 data port 2 capture allowed - vlan 1
Plan ID to access VLAN 10
corresponds to the ip address in
direct capture of action
Plan ID to access VLAN 20
corresponds to the ip address to
action forward
VLAN ID vlan-list filter 1
extended IP access list
IP enable any host 192.168.1.1
allow a host ip 192.168.1.1
...
extended IP access list
allow an ip
If I want to use SCOPE, which is the limitation of the number of source ports I can put in the order to "monitor the session?"
Should I send this "span" traffic detection interface 8 (data-port 2) or I can always send to the data port 1 (detection interface 7)?
Why there are two sensing interfaces?
Thanks in advance...
Ruben
First thing to understand is that the customer should not configure data 1 and data-port port 2 to see the same traffic.
The sensor will get duplicate packets and minimize the overall performance of the detector (spending cpu just to throw duplicates) and at worst could cause false positive and negative or even false.
So the first thing to do is to remove the capture set up configuration data-port 2, so only 1 data port is the packet capture.
Now that the data port 2 is released until you can configure data ports 2 for something else.
So if you want to use the span then Yes you can now configure data-port 2 as a destination span port
Can mix you VACL and Span configurations?
Yes, but not on the same data port. A data port can be a vacl capture port and the second data port a destination span port.
However, you want to try to avoid as much as possible of the duplicate packets. So you will want to try and set it up so that traffic will be normally visible on the destination span port will not also view the vacl capture port (means generally change the VACL to not only capture the traffic).
If you use Span to monitor VPN port?
Duration is usually the best way to ensure you get all the packages in and out of a specific port. You will need to make sure that you use a port range (instead of a span of vlan) and make sure cover you the tx and rx traffic so that you get both in and out of traffic.
Also make sure that the traffic that you are covering the traffic not encrypted and non encrypted traffic (which would be ignored by the sensor).
What is the limitation on the number of source ports?
I don't know, and I think he can differ depending on your version of IOS and the type of controller. So you must read the configuration for your cat guide 6K determine the limits of your specific switch.
Should send you traffic to "merged" to 2 ports data or data port 1?
A data port may not be as well a VACL Capture pore and a destination Span port. So if data-port 1 is configured for the VACL Capture then it cannot be a Span destination port. Configure a port as a VACL Capture port and the port other than the destination Span port.
Why are there 2 remote sensing interfaces?
To do similar things to what you ask. So, you can use 2 different surveillance techniques that would not be on a single port. Or to be able to make promiscuity on a port monitoring, while inline vlan pair monitoring IDE oucederomsurlesecondport. Or use 2 ports set inline interface pair followed.
-
basic configuration question IPSec GRE
the Sub test config has been entered at R1 (router left mostly). R4 has a similar to the inverse IP address config. R1 is able to ping R4 loopback at the present time.
crypto ISAKMP policy 10
BA aes
preshared authentication
Group 2
life 120
address of cisco crypto isakmp 203.115.34.4 keys
!
!
Crypto ipsec transform-set MY_TRANSFORM ah-sha-hmac esp - aes
!
MY_MAP 10 ipsec-isakmp crypto map
defined by peer 203.115.34.4
game of transformation-MY_TRANSFORM
match address 100
!
!
!
!
interface Loopback0
192.168.10.1 IP address 255.255.255.255
!
interface Tunnel0
IP 192.168.14.1 255.255.255.0
source of tunnel Serial1/2
tunnel destination 203.115.34.4
card crypto MY_MAP!
!
interface Serial1/2
IP 203.115.12.1 255.255.255.0
series 0 restart delay
!
!
Router eigrp 100
network 192.168.0.0 0.0.255.255
Auto-resume
!
router ospf 100
router ID 1.1.1.1
Log-adjacency-changes
network 203.115.0.0 0.0.255.255 area 0
!!
access-list 100 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 connect
!
!
I see cisco samples configurations include an access list entry as follows...
access-list 100 permit gre 203.115.12.1 host 203.115.34.4
I understand the purpose of the ACL above regarding the test configuration that I posted here.
Let me explain.
LAN - router - WAN - router - LAN
Communication between the two LANs can be on a GRE tunnel to an IPsec tunnel or IPsec/GRE tunnel.
If you simply want to communicate between them unicast IP traffic, IPsec is recommended because it will encrypt the traffic.
If you need non-unicast or non - IP traffic through, then you can create a GRE tunnel.
If you want IPsec encryption for the GRE tunnel and then configure IPsec/GRE.
The ACL you mention will not work because the GRE traffic is only between tunnel endpoints.
The traffic that flows between local networks is the IP (not the GRE traffic) traffic where a permit GRE ACL will not work.
It will be useful.
Federico.
-
Basic configuration of NAC appliance
I have a small project to authenticate users about 100 to access the network. We plan to use the Cisco NAC appliance. Just to clarify (I saw some post but I'm not sure of the correct answer) do I need 2 separate devices, one as a server and the other as a controller; or I just need a do two tasks?
Thank you
-Arturo
Hi Arturo,.
You need two devices to operate. A Manager and a server.
There is a great Cisco Press book on the ANC by James Heary device that will give you a lot of details and information on the configuration of the devices.
I hope this helps.
Paul
-
Hello...
I would ask the Expert whether my set is correct or not... Pls help beginners
I have pix506E...
214.xxx.xxx.161 line fixed IP connected to the router to 192.168.1.2 and then connected to the PIX506E Firewall outside Interface 192.168.1.1.
The inside of the firewall Interface IP is 10.1.1.1, connected to spend... Switch to client/server with the ip address 10.1.1.10/50.
My problem is inside and outside user is not connect (also can not ping) although I do a few rules about it. I can't also even surf the internet... the firewall is blocking everything. I don't know if my setup is correct...
I have my connection setup... Pls Browse...
Thank you
Tonny
Distribution of Excellence WT
You test now with only the 10.1.1.2 PC? you have activated natting only for this PC now... so make sure that test you it with this IP address.
Sure you have opposite roads to 202.196.169.170 - 202.196.169.190 on the internet router point to the PIX outside 192.168.1.1? Make sure that your access provider forwards this IP range.
to allow the ping, configure an access list and apply it to the outside, as icmp is disabled by default.
outside to allow icmp an entire access list
Access-group outside in the interface to the outside.
all the best!
-
Basic configuration problem - please help!
Hello
I'll put up my first PIX firewall in a network of trial right now, and it is supposed to go into production in the next few days.
I am trying to open some ports for a server inside, doing everything 'by the book' (cisco e-learning, to be exact), but I had no success with that. Basically, I'm trying to map an inside Server (192.168.254.199) to (xxx.115.215.1) external IP address that is assigned to the external interface. The type of traffic that must be passed inside the server is http and remote desktop. (Other users are PATed to xxx.115.215.2) So I tried to use the static/conduit pairs, according to e-learning stuff...
public static xxx.115.215.1 (Interior, exterior) 192.168.254.199
conduct permitted tcp xxx.115.215.1 eq www host everything
driving permit host xxx.115.215.1 eq tcp 3389 everything
After I type this, I can't access the internet from the server, or ping to the outside... and of course can not access office remote/web server from outside, which is the main goal.
Here is the config:
6.3 (5) PIX version
interface ethernet0 car
interface ethernet1 100full
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
activate the password xxx
passwd xxx
hostname pix
fixup protocol dns-length maximum 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names of
pager lines 24
Outside 1500 MTU
Within 1500 MTU
IP address outside xxx.115.215.1 255.255.255.0
IP address inside 192.168.254.1 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
history of PDM activate
ARP timeout 14400
Global 1 xxx.115.215.2 (outside)
NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
allow icmp a conduit
Route outside 0.0.0.0 0.0.0.0 xxx.115.215.125 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
AAA-server GANYMEDE + 3 max-failed-attempts
AAA-server GANYMEDE + deadtime 10
RADIUS Protocol RADIUS AAA server
AAA-server RADIUS 3 max-failed-attempts
AAA-RADIUS deadtime 10 Server
AAA-server local LOCAL Protocol
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd address 192.168.254.100 - 192.168.254.150 inside
dhcpd dns 192.168.254.199 199.185.225.10
dhcpd wins 192.168.254.199
dhcpd lease 28800
dhcpd ping_timeout 750
dhcpd field test.local
dhcpd allow inside
Terminal width 80
Cryptochecksum:xxx
: end
PIX #.
I am sure that the problem is something simple, as I'm just a newbie...
Your help will be GREATLY apprechiated!
Thanks in advance
good news... I'm glad it works now!
Please solve the case, while it appears on the list as "checked"... See you soon,.
Maybe you are looking for
-
FCPX - export of timeline issues
Hello I can't export my calendar from FCPX. My export destinations are grayed out for this project and the error message - 'a missing titles or offline, effect or the generators.' appears. He said - "this item can be shared while it's still media ref
-
How and where can I find my Macbook Pro using the model number
How and where can I find my Macbook Pro "using the MODEL number" NOT the serial NUMBER please... Hello world: I would like to know more about my MacbookPro using model # is if there is a website or a program that I can type my model # so she'll tell
-
How to access the photo files in the Finder?
I just updated my system to the picture and I can't access my images in the Finder - the show in Finder option file is not available. What should I do?
-
Desktop Pavilion 500 - 200 t: Asus Geforce 950 compatible for Pavilion 500-200 t
I just upgraded my memory from 8GB to 16GB and I was wondering if the (long name) Asus GeForce 950 - M - 26 d 5 128 bit GDDR5 PCI Express 3.0 HDCP ready graphics card would work on my p/c or HP there an equivalent for it?
-
Hello I know that it is possible to synchronize a cRIO with SNTP server controller (condition: operating system on cRIO is VxWorks): http://digital.NI.com/public.nsf/allkb/F2B057C72B537EA2862572D100646D43?OpenDocument Is it possible to do the same th