Necessary mandatory STP on wlc?
Hello
We use several wlc440x that bind each with two links to two different basic switches that are interconnected; one of the basic switches is stp root for all the VLANS.
Is there a need for the wlcs to have stp enabled on their ports? AFAIK they don't bridge between their ports, in my opinion, it is not mandatory.
Thank you very much
Thorsten
Take a look at this link... I never activated PLEASE on any of my installs WLC.
Tags: Cisco Wireless
Similar Questions
-
Reference Dell Powerconnect 5324/5424 STP Configuration Question...
Hey guys,.
I have a basic > intermediate understanding of networking. I recently loaded the research in what seems at first sight be an STP issue on our corporate network. Without going into too much detail, I think I found the cause of the problem. Within our network, we have our basic switching infrastructure and then a second pair of switches / second a lot, much smaller network that "needs" to be completely isolated from the base and core STP network.
However, I have discovered recently that this second network / set of switches are not as isolated as we thought. The second, network supposed to be isolated was installed by a 3rd party company - their statements being that the network should be completely independent of our core network and the only link between the two must be access / management connection so that we can telnet to these switches in the network of base if necessary. However, I recently discovered that these switches on the isolated network are part of our STP! Not only that, but one of these switches is as root (as it has the smallest MAC address). It is through the management / access ports I think of BDPU must be get sent and received. Is there a way that I stop BDPU being sent and received during these management / access of connections between these two networks - therefore isolate the secondary network and making it create two instances of STP - one for the main network and the other for the secondary. We always request the ability to Telnet to these core network switches - I just need to block/filter STP on Internet access / management ports.
Thank you in advance to anyone who takes the time to read and respond to this.
With protocols spanning tree disabled on the port should not send BDPU frames.
-
Cisco WLC license evaluation of Access Point
Hello
I would like to know what is happening to access connected to a Cisco WLC points if the evaluation license reached its expiration date and other licenses have not yet been installed all connected access points would cease immediately operation?
Kind regards
Mark
Yes, they would stop working.
Note: when you add licenses a reboot is required. Even if the number of supported the HA increases on reset controller is always necessary for these devices to register on the controller under the permanent license. I once added licenses and when I saw the number of the AP increase - I experimented with the restart - and when evaluating lic. expiration of my AP dropped the controller.
-
Wireless converged access (new) Mobiliity between WLC 5508
Hello
I have 3 WLC 5508 which is upgraded to version 8.x and I can see this feature when searching on the web I find that this new feature is necessary when we have new models of WLC 5760 or 3850 in the network and must contact 5508.
So my question is in my current scenario, I only 5508
1. can I activate this function and use this function between 5508 - If Yes, in the configuration, I just create mobility than in the old configuration groups and it should work right or is there additional configuration is required?
Also in my network current fflexconnect is activated and allow this will affect my flexconnect?
Please notify.
Kind regards
Anjaz
If you want to, you can migrate to the new mobility without any problem, but must be allowed to all of your WLC at the same time. This will have no impact for your flex-connect communication or configuration and influence the way in which the tunnels between of WLC are under construction. No changes are necessary in this configuration either.
Please rate helpful messages... :-)
-
WLC Collection failed - Config - no APs running no.
Hello
I was not able to collect successfully with our wireless LAN controllers. SNMP and SSH work correctly and one set of very limited data are collected, but he did not provide the AP inventory which is necessary in order to obtain these WAP portal of the NMP. I tried everything at my disposal, but still does not accumulate the WLC AP inventory. The WLC shows as "Managed" and collection is successful, less inventory of the AP. Please help and if possible the Dataset that will collect this inventory so I can create a special Collection profile for our WLCs. Thank you.
Perfect. Thank you. This sysobjectid should be part of the WLC platform (settings > manage platform definitions). This platform will be referenced in the dataset (settings > manage data sets) called AIRESPACE-without THREAD-MIB_bsnAP. If you look inside the data group, you will see the WLC platform here.
Collection profile was executed?
Where are you not see the APs? On the portal of the NMP or in the results of the collection on the CSPC (reports > Collection profile summary Run), choose the profile Collection and the date, and select Action > view data. You can find the device in question and click it and search for the set of data listed above and then see the raw data. If you see the LWAP here, so this isn't a matter of collection and we need to check if it is a problem of back-end processing.
-
WLCs manage LWAPPs to use chs overlapping?
I'm a beginner with the wireless and more, the WLC. (I use a WLC module in a search report international No. 2851). I have a few general questions about the WLCM:
(1) I will deploy five laps out of the WLCM in a floor of a building. It's true that I don't have to worry of duplication of canals as the WLCM detects contention and change the channel? Don't I have to configure anything in particular about channels, on the side of RF?
(2) I have will be also using 7920 s in my deployment and want to ensure call quality when a user walks/wanders between the towers. I'll use static and 7920 WEPs s are on the same VLAN. Since all APs are associated with the same WLCM, is it true that I will not make additional configuration in order to ensure smooth roaming?
Thank you!
Greetings,
It is what it is supposed to do. It has been my experience and other institutions, this is not necessarily the case.
Regarding the allocation of channels, this device did a mediocre job, even though I have many more AP 5, so your mileage may vary. Be on the lookout for the same location co channel features where is not necessary to be.
Power settings also not are managed properly. Almost each AP in my installations are power 2 (17dBm or 50mW) level and it is only because I do not allow the maximum power in option. There is a wonderful document you must download if you want to be anywhere near LWAPP - http://www.cisco.com/warp/public/114/rrm.pdf
read especially the emission power algorithm and the algorithm of hole in coverage. I took the third AP of any AP has a threshold by default - 65, which means that if this criterion is satisfied that the power will not come down. My investigations are at 11 Mbit/s to-65dBm, that would mean my third AP since my first AP location will be at the edge of the first cell in the AP. If you draw three circles on paper, your first circle is where you want, the radius of the third circle must pass through the edge of the first circle... so now that you have to enter the second circle somewhere in there. This scenario is called duplication of 50% - where two AP (two 50% (a 100%) overlap to another AP. If in the case of a failure of AP - two others can pick up the slack. Well, if I draw my networks as such, what the hell do need me LWAPP for? I opened a TAC case and vain quickly actually, I got nowhere at all.
My solution for me is to redesign the existing infrastructure in order to have 20-30% overlap and have 11 Mbps cell boundries to-65dBm. The only way I'll be able to maintain the allocations of power and the channel will remove auto channel RF and power capabilities. I'll harcode that in. Perhaps, once the design, I get up and functional, I'll experiment with sections of the installation and let auto RF have a chance in a properly designed environment and see what happens. Unfortunately, I'm in a production of high-profile health care environment, and I'm not comfortable, especially given the results that I've seen so far.
I hope that you have determined that the 5 you need the AP was based on a valid poll, preferably using the 7920 as the survey tool.
If you have determined your coverage, throughput requirements, and plans for future growth, and read about what rate you can get each access point in the scenarios of data and voice and has determined that some areas may or may not be more densely populated with users using voice or data or both - then you should be ok.
Please think of voice being on the same vlan as data, which should be separate even more data wired people.
If you have many users then go ahead. If you think that the user density could bite you in the pants, he will and he won't let go.
If I have not scared the crap out of you yet, I hope to have given you some things to think about and tools to use so that you are not in the situation that I am currently.
However, being the payer cleaner remarkably well. I'm kind of the wireless "Mr. Wolf" in the film of our network.
Well - being
-
Privilege in WLC management needs first 2.2
The word Hello,
After you install a Cisco first 2.2 and added several WLC, my client wants to just a reading only the first management. Then, when I added WLC I provided SNMP v3 RO and no username/password / activate telnet/SSH.
The problem is that my customer wants to manage guest users of premium, I have of course some write type of privilege is necessary. Changing SNMP of ro to RW would be enough? Or maybe I need to add a user/password / activate SSH/telnet to manage? Or maybe I'll be times RW SNMP and telnet/SSH?
Thank you very much!
David
Hi David,
most likely, you would need RW and ssh\telnet as well, but it depends on what type of operations, your guest user will have access to.
Thank you-
Alya
Ratings encourage contributors *.
-
Connecting WLC to 6509 Core... Connectivity issues
Hello
I have four ports of a WLC 4404 connected to a 6509 through fiber optic cables. However, I'm not able to ping the WLC or see.
I have a few questions about this... First of all, if I want to TRAIN it is necessary that all ports are active and connected, correct?
Secondly, in the configuration of switch, to my knowledge, all the ports should be ports of junction, however, the customer has configured them as 'switchport trunk encapsulation isl' instead of "switchport trunk encapsulation dot1q"... does it matter? I've never used the isl command then I really wonder if this is supported in the WLC?
Any help would be greatly appreciated!
Thank you!
The controllers are not ISL. You will need to change the dot1q encap. Also, in order to support the LAG, the switchports will be setup in etherchannel
-
WLC Campus Design - 10 controllers etc.
Hi guys,.
If I have the following scenarios,
2 sites and each site will be broken up by 100km (just an example to show that wireless reached between them) and have 100 APs in each site.
Please see the attached diagram.
Both sites have two controllers on site or a domain controller centralized (if there is a preferred method)?
Anyway,.
Two controllers for site1 (1 on each DC for example) should be in the same group of mobility.
Site controllers 2 should be in a different group of mobility?
Also, if this design developed by a factor of 5, and we had now 20 + controllers, controllers each either on one VLAN separate in the domain controllers or could I create a controller wireless VLAN that has all the controllers connected to?
Please note that, on the previous point, the domain controllers have NO VLAN for layer 2 between them, so that each set of controllers (by site, one in each ms) are sensitive to the layer 3 wanders, but the basic principle, we will use is that each site will have a PDC and a BDC and all items should be on the same controller.
Also, for most small Wireless deployments, is better to have a set of controllers of nmanager small sites, say for APs 5 to 10 per site? BUT then, you can't have a group of mobility for the controller so would this cause a problem? Oh, now I'm confused?
Anyone can comment on the above drawings?
Thx a lot.
Ken
REAP H works well in the code of 4.2. I have about 30 sites with the up to 5 1252 mode operation REAP H return to the a single domain controller. The domain controller has 2 4404-100 and I divided the primary one and secondary to the other sites.
As for redundancy, should watch how you manage the clients ip address. N + N is the most popular because you always have 100% redundancy. It can either be on site or to the domain controller.
Now you can also make N + 1, one in the local site and the other in the domain controller. Now, you have to look at what ip address users will get when they are on the wlc primary and when the primary fails and AP, go to wlc backup. Now, you have clients getting and the ip address on the central site (DC) and the traffic here. So now, you have to watch the traffic flow and how you configure your acl, if necessary.
N + N + 1 can work for you if you have a WISN in the two DC. Then for the site 1:
Primary school DC1WISM1-WLC1
High school DC2WISM1-WLC1
Tertiary DC1WISM1-WLC2
Or you can have a 4404-100 on each site that primary and a 4404-100 on each secondary and tertiary domain controller. You will need one at each site and two on each controller domain just for two remote sites. Now, please understand what is needed for smaller remote sites.
It boils down to cost and is it better to keep the wlc on site since if the wan goes down, resources is not available on the domain controller. Also if you place the different primary and secondary or tertiary in ip subnets, how will you manage ip addressing customer will get from the wlc.
Also... Stick with the 4.2 If you need to deploy h - harvest. Do not go with the 5.0 or 5.1 again. %.0 is the worst and 5.1 is too new and could focus on the issues raised in the 5.0 and could introduce more.
-
WLC use Management Interface &; more get started Questions
Hello
I am yet to implement Wireless LAN in one seat of our customers. There are 40 x 1130AG LWAPP AP and WLC 4404 with ACS 4.x for authentication of Wireless Clients attempting to access the LAN.
For the WLC to connect to the Dual Core Switch, I need to use only a Management Interface with port 1 being the main and mapping Distribution system the DS 2 Port as the backup for the Management Interface port. Is this correct? or can I have configure dynamic Interfaces as well. Is the interface of access management / management and configuration only? Management interface will communicate with ACS for AAA and AP who wish to associate with the WLC, is this true?
Note: WLC, AP, Wireless customers & AP are in the same IP subnet.
Some other question of WLAN is so it helps me during the implementation.
Can • I use the 802. 1 x authentication applications saved in Windows XP for the Wireless Interface; instead of the Client Application from Cisco. For this purpose; I have to configure the WLC / Wireless Client use EAP algorithm; is that correct?
• With the help of MRR, interference between of multiple (3-4 AP) AP in the same area is controlled by the WLC by changing the channels used by the AP, that isn't even on of the AP is it good?
• How many users Client will connect by channels. 802.11 a / g will provide 11 channels, it is right?
• I'm putting in the WLC to limit client connections by AP to 25, can this be achieved?
Please, can someone help me calrifying the points above.
Kind regards
Keshava Raju
Unless this has changed recently, you can't. The ports must be then break into individual groups. You can the controller mode layer 3 as Cisco is the support Layer 2 stop. The Director of the PA is necessary in all cases in LWAPP layer 3 transport mode. Do a search on Cisco.com to the configuration guide for the version of the code you are running. This will give you a step by step installation instructions.
-
Hello
We run 3xWLC controller with 800 AP using ISE 1.2 for authentication wireless 802. 1 x. I was looking in the config of the ISE and notice of 400 edge cheating only 2x2960s are configured with 802. 1 x (ISE RADIUS config) and SNMP and only 2 of the port is 2 ap tie with swtich remaining ports.and the 3XWLC in network devices.
I do not understand how an access point is to do this work (802.1 x) because it is location on different site and people are connecting to various different locations. ISE almost run/do 11 876 profiled ends.
version 12.2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ fokm$ lesIWAaceFFs.SpNdJi7t.
!
Test-RADIUS username password 7 07233544471A1C5445415F
AAA new-model
Group AAA dot1x default authentication RADIUS
Group AAA authorization network default RADIUS
Group AAA authorization auth-proxy default RADIUS
start-stop radius group AAA accounting dot1x default
start-stop radius group AAA accounting system by default
!
!
!
!
AAA server RADIUS Dynamics-author
Client 10.178.5.152 server-key 7 151E1F040D392E
Client 10.178.5.153 server-key 7 060A1B29455D0C
!
AAA - the id of the joint session
switch 1 supply ws-c2960s-48 i/s-l
cooldown critical authentication 1000
!
!
IP dhcp snooping vlan 29,320,401
no ip dhcp snooping option information
IP dhcp snooping
no ip domain-lookup
analysis of IP device
!
logging of the EMP
!
Crypto pki trustpoint TP-self-signed-364377856
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 364377856
revocation checking no
rsakeypair TP-self-signed-364377856
!
!
TP-self-signed-364377856 crypto pki certificate chain
certificate self-signed 01
30820247 308201B 0 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031325 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 30312E30
69666963 33363433 37373835 36301E17 393330 33303130 30303331 0D 6174652D
305A170D 2E302C06 1325494F 03550403 32303031 30313030 30303030 5A 303031
532D 5365 6C662D53 69676E65 642D 4365 72746966 69636174 652 3336 34333737
06092A 86 4886F70D 01010105 38353630 819F300D 00308189 02818100 0003818D
B09F8205 9DD44616 858B1F49 A27F94E4 9E9C3504 F56E18EB 6D1A1309 15C20A3D
31FCE168 5A8C610B 7F77E7FC D9AD3856 E4BABDD1 DFB28F54 6C24229D 97756ED4
975E2222 939CF878 48D7F894 618279CF 2F9C4AD5 4008AFBB 19733DDB 92BDF73E
B43E0071 C7DC51C6 B9A43C6A FF035C63 B53E26E2 C0522D40 3F850F0B 734DADED
02030100 01A 37130 03551 D 13 6F300F06 0101FF04 05300301 01FF301C 0603551D
11041530 13821150 5F494D2B 545F5374 61636B5F 322D312E 301F0603 551D 2304
18301680 1456F3D9 23759254 57BA0966 7C6C3A71 FFF07CE0 A2301D06 03551D0E
04160414 56F3D923 75925457 BA09667C 6C3A71FF F07CE0A2 2A 864886 300 D 0609
F70D0101 5B1CA52E B38AC231 E45F3AF6 12764661 04050003 81810062 819657B 5
F08D258E EAA2762F F90FBB7F F6E3AA8C 3EE98DB0 842E82E2 F88E60E0 80C1CF27
DE9D9AC7 04649AEA 51C49BD7 7BCE9C5A 67093FB5 09495971 926542 4 5A7C7022
8D9A8C2B 794D99B2 3B92B936 526216E0 79 D 80425 12B 33847 30F9A3F6 9CAC4D3C
7C96AA15 CC4CC1C0 5FAD3B
quit smoking
control-dot1x system-auth
dot1x critical eapol
!
pvst spanning-tree mode
spanning tree extend id-system
No vlan spanning tree 294-312,314-319,321-335,337-345,400,480,484-493,499,950
!
!
!
errdisable recovery cause Uni-directional
errdisable recovery cause bpduguard
errdisable recovery cause of security breach
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause FPS-config-incompatibility
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable cause of port-mode-failure recovery
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-AI-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery cause psp
!
internal allocation policy of VLAN ascendant
!
!
interface GigabitEthernet1/0/10
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguardinterface GigabitEthernet1/0/16
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard
interface GigabitEthernet1/0/24
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard
!
interface GigabitEthernet1/0/33
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard
interface GigabitEthernet1/0/34
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard
!
interface GigabitEthernet1/0/44
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard!
interface GigabitEthernet1/0/46
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguardinterface GigabitEthernet1/0/48
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard
!
interface GigabitEthernet1/0/49
Description link GH
switchport trunk allowed vlan 1,2,320,350,351,401
switchport mode trunk
MLS qos trust dscp
IP dhcp snooping trust
!interface GigabitEthernet1/0/52
Description link CORE1
switchport trunk allowed vlan 1,2,29,277,278,314,320,401
switchport mode trunk
MLS qos trust dscp
IP dhcp snooping trust
!
!
interface Vlan320
IP 10.178.61.5 255.255.255.128
no ip-cache cef route
no ip route cache
!
default IP gateway - 10.178.61.1
IP http server
IP http secure server
IP http secure-active-session-modules no
active session modules IP http no
!
!
Access IP extended ACL-AGENT-REDIRECT list
deny udp any any domain eq bootps
permit tcp any any eq www
permit any any eq 443 tcp
IP extended ACL-ALLOW access list
allow an ip
IP access-list extended by DEFAULT ACL
allow udp any eq bootpc any eq bootps
allow udp any any eq field
allow icmp a whole
allow any host 10.178.5.152 eq 8443 tcp
permit tcp any host 10.178.5.152 eq 8905
allow any host 10.178.5.152 eq 8905 udp
permit tcp any host 10.178.5.152 eq 8906
allow any host 10.178.5.152 eq 8906 udp
allow any host 10.178.5.152 eq 8909 tcp
allow any host 10.178.5.152 eq 8909 udp
allow any host 10.178.5.153 eq 8443 tcp
permit tcp any host 10.178.5.153 eq 8905
allow any host 10.178.5.153 eq 8905 udp
permit tcp any host 10.178.5.153 eq 8906
allow any host 10.178.5.153 eq 8906 udp
allow any host 10.178.5.153 eq 8909 tcp
allow any host 10.178.5.153 eq 8909 udp
refuse an entire ip
Access IP extended ACL-WEBAUTH-REDIRECT list
deny ip any host 10.178.5.152
deny ip any host 10.178.5.153
permit tcp any any eq www
permit any any eq 443 tcpradius of the IP source-interface Vlan320
exploitation forest esm config
logging trap alerts
logging Source ip id
connection interface-source Vlan320
record 192.168.6.31
host 10.178.5.150 record transport udp port 20514
host 10.178.5.151 record transport udp port 20514
access-list 10 permit 10.178.5.117
access-list 10 permit 10.178.61.100
Server SNMP engineID local 800000090300000A8AF5F181
SNMP - server RO W143L355 community
w143l355 RW SNMP-server community
SNMP-Server RO community lthpublic
SNMP-Server RO community lthise
Server SNMP trap-source Vlan320
Server SNMP informed source-interface Vlan320
Server enable SNMP traps snmp authentication linkdown, linkup cold start
SNMP-Server enable traps cluster
config SNMP-server enable traps
entity of traps activate SNMP Server
Server enable SNMP traps ipsla
Server enable SNMP traps syslog
Server enable SNMP traps vtp
SNMP Server enable traps mac-notification change move threshold
Server SNMP enable traps belonging to a vlan
SNMP-server host 10.178.5.152 version 2 c lthise mac-notification
SNMP-server host 10.178.5.153 version 2 c lthise mac-notification
!
RADIUS attribute 6 sur-pour-login-auth server
Server RADIUS attribute 8 include-in-access-req
RADIUS attribute 25-application access server include
dead-criteria 5 tent 3 times RADIUS server
test the server RADIUS host 10.178.5.152 auth-port 1812 acct-port 1813 username test-RADIUS 7 key 03084F030F1C24
test the server RADIUS host 10.178.5.153 auth-port 1812 acct-port 1813 username test-RADIUS 7 key 141B060305172F
RADIUS vsa server send accounting
RADIUS vsa server send authenticationany help would be really appreciated.
I'm not sure that completely understand the question; But if LSE is only political wireless, then none of the wired switches need any configuration of ISE.
Access points tunnel all wireless traffic to the WLC on CAPWAP (unless you use FlexConnect). This is the configuration 802. 1 x on the WLC that implements policies defined in ISE.
Switches wired never need to act as an access network (n) device and so do not need to be defined in ISE unless or until you want to apply policies of ISE for wired devices...
-
Cisco ISE 2.0 and WLC 5508 with 7.6.130.0
I have looked on the release notes and compatibility n for ISE 2.0 and have not seen the answer to that. For the WLC 5508, the minimum AirOS is 7.0.116.0 but he limited the AAA authentication and support for comments. The recommended version of AirOS is 8.0.121.0.
http://www.Cisco.com/c/en/us/TD/docs/security/ISE/2-0/compatibility/ISE _...
What airos 7.6.130.0? I know that AirOS release works with 1.3 and 1.4, even if they show the same support for version 2.0. I'm just afraid that something may have changed with 2.0. I am concerned only about the AAA authentication and guest access. No BYOD, posture or MDM is necessary.
No change. Works well.
-
WCS: Is the name of the controller of tertiary sector mandatory?
Hello
I have improved my WCS to 4.2. After that, whenever I want to configure an access point I get an error message "" name of the controller of tertiary: this attribute is MANDATORY. "." Please specify ".
How can I disable the which? Thank you
Hi Tobias,.
It seems that this Bug has been postponed;
CSCsi24972 Details of bug
Controller of tertiary sector - is not not required
Symptom:
WCS 4.1.83.0 with 3 or more linked WLC.
Try to change the configuration of an access point, and if you do not have a defined tertiary you get an error saying that it is mandatory.
Conditions:
WCS 4.1.83. Status
Fixed
Gravity
4 minor
Last modification
In the last 2 weeks
Product
Cisco wireless control system
Technology
1 found-In
4.1 (83.0)
Fixed in
4.2 (26.0)
WCS information related Bug 4.1.83.0 tertiary controller requires fixed for AP
Symptom: WCS 4.1.83.0 with 3 or more linked WLC. Try to change the configuration of an access point, and if you do not have a defined tertiary you get an error saying that it is mandatory. Conditions: 4.1.83.0 with 3 or more WLC WCS related Workaround: define the secondary or primary as the tertiary
I hope this helps!
Rob
-
Problem with WLC and a 3rd-party NMS SNMP AP Assoc/cancellation interruption
Hello
I'm troubleshooting an issue, why our NMS is not able to automatically clear an alarm generated trap of an AP that has been separated and is associated with again.
When debugging on the WLC snmp trap generation, I discovered that when the AP disassociates the WLC sends the trap of bsnAPDisassociated , which is perfectly defined and I can also find in the SNMP Object Navigator. However when the AP reassociates again the WLC sends the ciscoLwappApAssociatedtrap.
Part 3 NMS is not able to understand it, but our WCS system does, that's why I then took a peek in the MIB file installed.
I discovered that ciscoLwappApAssociated is a sheet of ciscoLwappApMIBNotifs (1.3.6.1.4.1.9.9.513.0. 4), which I have neither
Cannot be found in the Cisco SNMP Object Navigator or the downloadable MIB.
As the MIB in the WCS is a XML file I didn't how to get information in the 3rd-party NMS.
Anyone have any idea on how to solve this problem or there at - it update CISCO-LWAPP-AP-MIB available somewhere?
Our WLCs are running the latest version of the software (7.0.116.0) as well as our WCS (7.0.172.0)
Thanks in advance!
Kind regards
Patrick
Such discrepancies sometimes occur. Best is a matter of TAC in order to tackle the problem through a bug or have a new MIB published on cisco.com if necessary
-
Anchor WLC in DMZ, FW does not support mulit-static Rts.
Hi gang,.
Not looking for someone to hold me hand, but you can use some advice.
We work through our deployment of a WLC guest. Our WLC anchor is in our DMZ.
Management and the AP Manager are on the same subnet. The dynamic interface "VLAN" is on a different subnet from the other interfaces, and its Portal is the DMZ Firewall interface.
Problem, the firewall does not support multiple static routes.
Always do the management and dynamic interfaces must be on different subnets?
Someone at - it experience with this type of configuration?
I understand the value of the time, if I appreciate honestly all help I get.
Best regards
Larry feet
Just to clarify, we're talking wireless access visitor right? Wired not invited?
Wired allows you to create a custom in a vlan port specific necessary (but not when you configure this on the controller of anchorage)
In any case... just make sure that the WLAN you want to dock is configured the same as on the controller of the DMZ. Make sure you anchor this controller to the DMZ and make sure you anchor the wlan dmz to himself.
Maybe you are looking for
-
Apps cannot access the images after 9.3.2
Until recently I had not being updated in a very long time and noticed that some applications I tried needed updates higher than mine, so I did and now none of my apps can access my images. When I try to get a picture it will show all my images for a
-
Error 0 x 00000709 when I try to install my default printer
I have a printer of H. P. 5600-, it will not print because it is not my default printer, so when I try to do my default printer this error comes in - 0 x 00000709 and don't let me do this my default printer printer. -HELP From Internet Explorer (IE7)
-
I can synchronise y playsecure pero has the grabar cd o dvd hora me esto muestra help me please
-
How to find my restore point name
I tried to create the control system, but I don't know what the cription I should put
-
Hi I had a problem with my graphics card setting when I'm playing in world of warcraft
My computer is Alienware 17 x. My graphics card is Nividia 9400 M model 260 m. and 4 Giga RAMIs processer Duo T9500 * address email is removed from the privacy *.my computer is very fast with this game. However, when the player are longer, the fps in