To use AAA override the SSID must be mapped to the management interface. You will also need the following Attributes set in you RADIUS server. [064] Tunnel-Type [065] Tunnel-Medium-Type [081] Tunnel-Private-Group-ID
Austin On 7/29/12 6:54 PM, "[email protected]" <[email protected]> wrote: >Send CCIE_Wireless mailing list submissions to > [email protected] > >To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless >or, via email, send a message with subject or body 'help' to > [email protected] > >You can reach the person managing the list at > [email protected] > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of CCIE_Wireless digest..." > > >Today's Topics: > > 1. Re: CCIE_Wireless Digest, Vol 38, Issue 20 (Tariq Mahmood) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Sun, 29 Jul 2012 15:54:29 -0700 (PDT) >From: Tariq Mahmood <[email protected]> >To: "[email protected]" > <[email protected]> >Subject: Re: [OSL | CCIE_Wireless] CCIE_Wireless Digest, Vol 38, Issue > 20 >Message-ID: > <[email protected]> >Content-Type: text/plain; charset="iso-8859-1" > >hi : >? >I one question about aaa override feature.? I have end filter configured >on the radius server and client vlan is not changing client is staying in >the same wlan mapped to same vlan.? there is any benefit of configuring >aaa override ? > >From: "[email protected]" ><[email protected]> >To: [email protected] >Sent: Monday, June 25, 2012 1:28 PM >Subject: CCIE_Wireless Digest, Vol 38, Issue 20 > >Send CCIE_Wireless mailing list submissions to >??? [email protected] > >To subscribe or unsubscribe via the World Wide Web, visit >??? http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless >or, via email, send a message with subject or body 'help' to >??? [email protected] > >You can reach the person managing the list at >??? [email protected] > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of CCIE_Wireless digest..." > > >Today's Topics: > >? 1. Re: 1242 capwap with poe module and switchport in vlan trunk >? ? ? mode (Kristj?n ?lafur E?var?sson) >? 2. Re: 1242 capwap with poe module and switchport in vlan trunk >? ? ? mode (Kristj?n ?lafur E?var?sson) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Mon, 25 Jun 2012 17:08:15 +0000 >From: Kristj?n ?lafur E?var?sson <[email protected]> >To: Jason Boyers <[email protected]>, "Victor Platov (viplatov)" >??? <[email protected]> >Cc: "[email protected]" >??? <[email protected]> >Subject: Re: [OSL | CCIE_Wireless] 1242 capwap with poe module and >??? switchport in vlan trunk mode >Message-ID: <2426A68554621145BDCFB71806B8FB6F1F8B140B@EXCH> >Content-Type: text/plain; charset="iso-8859-1" > >I simply am managing to break this simply by changing from trunk to >access mode >and back again. The mac address disapears as soon as I change to trunk >mode. > >I checked all HREAP configuration for that AP and it is in native vlan >113. > >I just tested to set the AP to local mode with vlan trunk native on 113 >on the switch. >which should work but the same results. > > >From: Jason Boyers [mailto:[email protected]] >Sent: 25. j?n? 2012 16:18 >To: Victor Platov (viplatov) >Cc: Ron Marosko; Kristj?n ?lafur E?var?sson; >[email protected] >Subject: Re: [OSL | CCIE_Wireless] 1242 capwap with poe module and >switchport in vlan trunk mode > >True. Victor, that when connected to the power injector, he wouldn't be >able to check the WLC config.? However, it appears to be working when in >access mode, so he can connect that way, then check the WLC config, > >The other show commands would be helpful as well. > >Jason Boyers, CCIE #26024 (Wireless) >Blog: netboyers.wordpress.com<http://netboyers.wordpress.com/> > >On Mon, Jun 25, 2012 at 11:52 AM, Victor Platov (viplatov) ><[email protected]<mailto:[email protected]>> wrote: >I've seen that due to power injector misconfiguration AP doesn't bring up >its radio interfaces but not being stuck. Moreover, It had being >connected to the WLC before, hence I think it's not the issue. >If the switch isn't showing the AP's MAC I suppose CAPWAP tunnel is >down...so I'm afraid Kristj?n could not check it through WLC. > >Kristj?n, > >What are the outputs of the following commands from the switch: >Show cdp neighb >Sh run intf ... >Sh int .... >Sh intf .... Switchport >Sh intf ... trunk >Sh vlan > >From: >[email protected]<mailto:ccie_wireless-bounces@onl >inestudylist.com> >[mailto:[email protected]<mailto:ccie_wireless-bou >[email protected]>] On Behalf Of Jason Boyers >Sent: Monday, June 25, 2012 6:59 PM >To: Ron Marosko >Cc: Kristj?n ?lafur E?var?sson; >[email protected]<mailto:[email protected] >> >Subject: Re: [OSL | CCIE_Wireless] 1242 capwap with poe module and >switchport in vlan trunk mode > >What does "show cdp neighbor" show from the console of the AP when >connected in the fashion you are describing?? This may also be an issue >in terms of the WLC config of the AP.? What do you have for the "Power >Injector State" and "Power Injector Selection" under the AP config >Advanced tab? > >Jason Boyers, CCIE #26024 (Wireless) >Blog: netboyers.wordpress.com<http://netboyers.wordpress.com/> >On Mon, Jun 25, 2012 at 9:31 AM, Ron Marosko ><[email protected]<mailto:[email protected]>> wrote: >Make sure you define "switchport trunk native vlan x" to define the vlan >upon which untagged packets should reside. By default, this will be vlan >1, and if you are using a different vlan id in your access vlan command, >then that would be why the mac address isn't showing up in the expected >vlan.? The access point in default or unconfigured mode has no idea about >any vlan tags, and thus is always sending untagged packets. Only when you >configure the access point in HREAP mode will it start to even attempt to >use 802.1q tags, if appropriately configured. > >Regards, >? Ron > >-- >Ron Marosko, Jr. >. . . . . . . . . . . . . . . . . . . . . . . . . . >CCIE No. 4526 (R/S), CWNA, ACMA, NN5DX >Consulting Network Architect >Global Technology Resources,Inc. >1108 West Dickinson Blvd, Suite A >Fort Stockton, TX 79735 USA >o: +1 432 336 5600 x110<tel:%2B1%20432%20336%205600%20x110> >c: +1 720 233 3147<tel:%2B1%20720%20233%203147> >e: [email protected]<mailto:[email protected]> >pgp pubkey: 0x58AB8B5C >"To know me is to fly with me." > > > >-----Original Message----- >From: >[email protected]<mailto:ccie_wireless-bounces@onl >inestudylist.com> >[mailto:[email protected]<mailto:ccie_wireless-bou >[email protected]>] On Behalf Of Kristj?n ?lafur E?var?sson >Sent: Monday, June 25, 2012 8:16 AM >To: >[email protected]<mailto:[email protected] >> >Subject: [OSL | CCIE_Wireless] 1242 capwap with poe module and switchport >in vlan trunk mode > >I have been troubleshooting a capwap ap connectivity. >The ap is 1242 with poe injector (if it is relevant) and works fine on a >access vlan. >Now puting the port to trunk mode (native vlan correct and the same as it >was on access) However when I change to trunk mode the AP Mac address >disapears from the interface mac table and I cant communicate get an DHCP >or whatever. > >Has anyone seen something like that ? > >I tried clear capwap private config, >reload the switch, >shut un shut ports. > >Still the MAC address just isn?t learned and this is the core of the >problem. Its a 3560 switch. >As soon as I change to access mode the mac is learned instantly. > >I have never seen this issue before, wonder if someone knows anything. > >regards. Kristjan >_______________________________________________ >For more information regarding industry leading CCIE Lab training, please >visit www.ipexpert.com<http://www.ipexpert.com/> > >Are you a CCNP or CCIE and looking for a job? Check out >www.PlatinumPlacement.com<http://www.platinumplacement.com/> >This message contains confidential information and is intended only for >the individual named. Please notify the sender immediately by e-mail if >you have received this e-mail by mistake and delete this e-mail from your >system. Any opinions presented in this email are solely those of the >author and do not necessarily represent those of the company. E-mail >transmission cannot be guaranteed to be secure or error-free; the sender >therefore does not accept liability for any errors or omissions in the >contents of this message, which arise as a result of e-mail transmission. >_______________________________________________ >For more information regarding industry leading CCIE Lab training, please >visit www.ipexpert.com<http://www.ipexpert.com/> > >Are you a CCNP or CCIE and looking for a job? Check out >www.PlatinumPlacement.com<http://www.platinumplacement.com/> > > >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ></archives/ccie_wireless/attachments/20120625/7e6964a5/attachment-0001.htm >l> > >------------------------------ > >Message: 2 >Date: Mon, 25 Jun 2012 17:28:44 +0000 >From: Kristj?n ?lafur E?var?sson <[email protected]> >To: Jason Boyers <[email protected]>, "Victor Platov (viplatov)" >??? <[email protected]> >Cc: "[email protected]" >??? <[email protected]> >Subject: Re: [OSL | CCIE_Wireless] 1242 capwap with poe module and >??? switchport in vlan trunk mode >Message-ID: <2426A68554621145BDCFB71806B8FB6F1F8B145E@EXCH> >Content-Type: text/plain; charset="iso-8859-1" > >Guys I have found the problem. > >no vlan dot1q tag native >it was configured on my switch before ! >so the AP wants to send untagged packets on vlan113 >but the switch tags native vlan packets so this way the communication >doesn?t? work. > >it was a tricky one :D > >regards. Kristjan > >From: Jason Boyers [mailto:[email protected]] >Sent: 25. j?n? 2012 16:18 >To: Victor Platov (viplatov) >Cc: Ron Marosko; Kristj?n ?lafur E?var?sson; >[email protected] >Subject: Re: [OSL | CCIE_Wireless] 1242 capwap with poe module and >switchport in vlan trunk mode > >True. Victor, that when connected to the power injector, he wouldn't be >able to check the WLC config.? However, it appears to be working when in >access mode, so he can connect that way, then check the WLC config, > >The other show commands would be helpful as well. > >Jason Boyers, CCIE #26024 (Wireless) >Blog: netboyers.wordpress.com<http://netboyers.wordpress.com/> > >On Mon, Jun 25, 2012 at 11:52 AM, Victor Platov (viplatov) ><[email protected]<mailto:[email protected]>> wrote: >I've seen that due to power injector misconfiguration AP doesn't bring up >its radio interfaces but not being stuck. Moreover, It had being >connected to the WLC before, hence I think it's not the issue. >If the switch isn't showing the AP's MAC I suppose CAPWAP tunnel is >down...so I'm afraid Kristj?n could not check it through WLC. > >Kristj?n, > >What are the outputs of the following commands from the switch: >Show cdp neighb >Sh run intf ... >Sh int .... >Sh intf .... Switchport >Sh intf ... trunk >Sh vlan > >From: >[email protected]<mailto:ccie_wireless-bounces@onl >inestudylist.com> >[mailto:[email protected]<mailto:ccie_wireless-bou >[email protected]>] On Behalf Of Jason Boyers >Sent: Monday, June 25, 2012 6:59 PM >To: Ron Marosko >Cc: Kristj?n ?lafur E?var?sson; >[email protected]<mailto:[email protected] >> >Subject: Re: [OSL | CCIE_Wireless] 1242 capwap with poe module and >switchport in vlan trunk mode > >What does "show cdp neighbor" show from the console of the AP when >connected in the fashion you are describing?? This may also be an issue >in terms of the WLC config of the AP.? What do you have for the "Power >Injector State" and "Power Injector Selection" under the AP config >Advanced tab? > >Jason Boyers, CCIE #26024 (Wireless) >Blog: netboyers.wordpress.com<http://netboyers.wordpress.com/> >On Mon, Jun 25, 2012 at 9:31 AM, Ron Marosko ><[email protected]<mailto:[email protected]>> wrote: >Make sure you define "switchport trunk native vlan x" to define the vlan >upon which untagged packets should reside. By default, this will be vlan >1, and if you are using a different vlan id in your access vlan command, >then that would be why the mac address isn't showing up in the expected >vlan.? The access point in default or unconfigured mode has no idea about >any vlan tags, and thus is always sending untagged packets. Only when you >configure the access point in HREAP mode will it start to even attempt to >use 802.1q tags, if appropriately configured. > >Regards, >? Ron > >-- >Ron Marosko, Jr. >. . . . . . . . . . . . . . . . . . . . . . . . . . >CCIE No. 4526 (R/S), CWNA, ACMA, NN5DX >Consulting Network Architect >Global Technology Resources,Inc. >1108 West Dickinson Blvd, Suite A >Fort Stockton, TX 79735 USA >o: +1 432 336 5600 x110<tel:%2B1%20432%20336%205600%20x110> >c: +1 720 233 3147<tel:%2B1%20720%20233%203147> >e: [email protected]<mailto:[email protected]> >pgp pubkey: 0x58AB8B5C >"To know me is to fly with me." > > > >-----Original Message----- >From: >[email protected]<mailto:ccie_wireless-bounces@onl >inestudylist.com> >[mailto:[email protected]<mailto:ccie_wireless-bou >[email protected]>] On Behalf Of Kristj?n ?lafur E?var?sson >Sent: Monday, June 25, 2012 8:16 AM >To: >[email protected]<mailto:[email protected] >> >Subject: [OSL | CCIE_Wireless] 1242 capwap with poe module and switchport >in vlan trunk mode > >I have been troubleshooting a capwap ap connectivity. >The ap is 1242 with poe injector (if it is relevant) and works fine on a >access vlan. >Now puting the port to trunk mode (native vlan correct and the same as it >was on access) However when I change to trunk mode the AP Mac address >disapears from the interface mac table and I cant communicate get an DHCP >or whatever. > >Has anyone seen something like that ? > >I tried clear capwap private config, >reload the switch, >shut un shut ports. > >Still the MAC address just isn?t learned and this is the core of the >problem. Its a 3560 switch. >As soon as I change to access mode the mac is learned instantly. > >I have never seen this issue before, wonder if someone knows anything. > >regards. Kristjan >_______________________________________________ >For more information regarding industry leading CCIE Lab training, please >visit www.ipexpert.com<http://www.ipexpert.com/> > >Are you a CCNP or CCIE and looking for a job? Check out >www.PlatinumPlacement.com<http://www.platinumplacement.com/> >This message contains confidential information and is intended only for >the individual named. Please notify the sender immediately by e-mail if >you have received this e-mail by mistake and delete this e-mail from your >system. Any opinions presented in this email are solely those of the >author and do not necessarily represent those of the company. E-mail >transmission cannot be guaranteed to be secure or error-free; the sender >therefore does not accept liability for any errors or omissions in the >contents of this message, which arise as a result of e-mail transmission. >_______________________________________________ >For more information regarding industry leading CCIE Lab training, please >visit www.ipexpert.com<http://www.ipexpert.com/> > >Are you a CCNP or CCIE and looking for a job? Check out >www.PlatinumPlacement.com<http://www.platinumplacement.com/> > > >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ></archives/ccie_wireless/attachments/20120625/bf42828c/attachment.html> > >------------------------------ > >_______________________________________________ >CCIE_Wireless mailing list >[email protected] >http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless > > >End of CCIE_Wireless Digest, Vol 38, Issue 20 >********************************************* >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ></archives/ccie_wireless/attachments/20120729/d2413f61/attachment.html> > >------------------------------ > >_______________________________________________ >CCIE_Wireless mailing list >[email protected] >http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless > > >End of CCIE_Wireless Digest, Vol 39, Issue 13 >********************************************* _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
