[OSL | CCIE_Wireless] Lab 5 or how to die trying.

Tue, 14 Jun 2011 11:35:44 -0700 

Hi Guys.

I just finished the lab5, It is the hardest I made and I need more speed and
clearly my knowledge, but surprise I really did not have too much errors.

I want to share the doubs or possibly mistakes I think I found in this lab.

5.1: CPU acl. In my lab if I don´t create an ACL permitting the LWAPP
control traffic from the AP subnet to the AP-manager the AP can not register
in the WLC. The DSG talks about to create this acl but permitting LWAPP data
traffic for this interface and LWAPP control for management interface, even
more if I delete the LWAPP control  for management interface the AP is still
associating to the WLC:

(WLC1) >SHOW acl detailed MANAGEMENT
                   Source                        Destination
Source Port  Dest Port
I  Dir       IP Address/Netmask              IP Address/Netmask
Prot    Range       Range    DSCP Action Counter
-- --- ------------------------------- ------------------------------- ----
----------- ----------- ---- ------ -----------
 1 Any    10.10.112.10/255.255.255.255    10.10.111.10/255.255.255.255   17
16666-16666 16666-16666  Any Permit        3274
 2 Any   10.10.120.140/255.255.255.255    10.10.111.10/255.255.255.255   17
16666-16666 16666-16666  Any Permit        3151
 3  In     10.10.113.0/255.255.255.0      10.10.111.10/255.255.255.255
17     0-65535 12223-12223  Any Permit           0
 4  In     10.10.113.0/255.255.255.0      10.10.111.11/255.255.255.255
17     0-65535 12222-12222  Any Permit           0
 5  In     10.10.114.0/255.255.255.0      10.10.111.10/255.255.255.255
17     0-65535 12223-12223  Any Permit           1
 6  In     10.10.114.0/255.255.255.0      10.10.111.11/255.255.255.255
17     0-65535 12222-12222  Any Permit           0
 7  In     10.10.210.0/255.255.255.0      10.10.111.10/255.255.255.255
6     0-65535   443-443    Any Permit       28510
 8  In    192.168.10.0/255.255.255.0      10.10.111.10/255.255.255.255
6     0-65535   443-443    Any Permit           0
 9  In     10.10.210.0/255.255.255.0      10.10.111.10/255.255.255.255
6     0-65535    22-22     Any Permit        1225
10  In    192.168.10.0/255.255.255.0      10.10.111.10/255.255.255.255
6     0-65535    22-22     Any Permit           0
11 Any     10.10.210.6/255.255.255.255    10.10.111.10/255.255.255.255
17    49-49        0-65535  Any Permit           0
12 Any     10.10.210.6/255.255.255.255    10.10.111.10/255.255.255.255   17
1812-1812      0-65535  Any Permit         183
13 Any     10.10.210.6/255.255.255.255    10.10.111.10/255.255.255.255
17   123-123       0-65535  Any Permit          12
14 Any   10.10.120.140/255.255.255.255    10.10.111.10/255.255.255.255
97     0-65535     0-65535  Any Permit           0
15 Any    10.10.112.10/255.255.255.255    10.10.111.10/255.255.255.255
97     0-65535     0-65535  Any Permit           0
16  In         0.0.0.0/0.0.0.0                 0.0.0.0/0.0.0.0
17    68-68       67-67     Any Permit          74
17  In     10.10.210.6/255.255.255.255         0.0.0.0/0.0.0.0
17    53-53        0-65535  Any Permit           0
18 Any    10.10.111.10/255.255.255.255    10.10.111.10/255.255.255.255
Any     0-65535     0-65535  Any Permit           0
19  In     10.10.210.5/255.255.255.255    10.10.111.10/255.255.255.255
17     0-65535     0-65535  Any Permit           0
20  In     10.10.113.0/255.255.255.255    10.10.111.12/255.255.255.255
17     0-65535 12222-12222  Any Permit           0
21  In     10.10.114.0/255.255.255.0      10.10.111.12/255.255.255.255
17     0-65535 12222-12222  Any Permit           0
22  In     10.10.114.0/255.255.255.0      10.10.111.11/255.255.255.255
17     0-65535 12223-12223  Any Permit          49
23  In     10.10.114.0/255.255.255.0      10.10.111.12/255.255.255.255
17     0-65535 12223-12223  Any Permit       10977
 DenyCounter : 189

In the same way, the WLC does not sycn with the NTP server if I use the ACL
propposed by the DSG, I need to add src/ntp/port 123 dst/wlc/port any as you
can see above in acl 13.

Thoughs??

5.2: I don´t know if is a lab requirement, but really strange issue with
interface vlan 11 on WLC1, the configuration file creates an interface in
WLC1 with no mapping to any port, in this way although you configure all
correct you don´t receive any traffic, simply mapping this port to p1 or 2
starts to work.  Because it is not explicitily explained in DSG (there is a
screenshot of how to create VLAN11 interface on WLC1) I don´t know if it is
a predefined issue.

5.6: TSPEC is only supported for platinum profile???, I´m suppose so that
Sec1 SSID uses this profile instead Gold as DSG tell us. In this way I don´t
understand why Platinum profile is used in SSID Guest2 on WLC1 when the
profile should be gold (I understand as DSG indicates in the requirements of
the exercise, in fact, the rest os WLC configured with this SSID are using
gold profile). Can be a mistake???

Cheers!!!

Raul.

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to