Hello Everyone, I have quick question to wireless experts over here its simple one but the one who has tried/know and tested in cli please let me know the commands.
I have to move around 200 access points from 3 different controller to new series cisco controller , the thing is i can definately do it by GUI by going to each AP and change the HA but am looking for convinient and quick method from CLI to do this . Please let me know what is the CLI command so that i can prepare a script and run it on each of the controller to finish things in quick time. Thanks in advance.. On Thu, Nov 22, 2012 at 10:30 PM, <[email protected] > wrote: > Send CCIE_Wireless mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_Wireless digest..." > > > Today's Topics: > > 1. Re: Non-Root Brdige & Root AP 1142 Association issue with > Repeater 1121 AP (Jason Boyers) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 21 Nov 2012 12:07:53 -0500 > From: Jason Boyers <[email protected]> > To: Kumar Gollapudi <[email protected]> > Cc: [email protected] > Subject: Re: [OSL | CCIE_Wireless] Non-Root Brdige & Root AP 1142 > Association issue with Repeater 1121 AP > Message-ID: > <CALO5k2Stvwc4kGNhj3Y6Umx7TG0Ya= > [email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > You've listed several different requirements, which may or may not work > with what you are wanting to do: > > 1. The 1121 as a repeater > 2. Authenticating the repeater to the 1142 > 3. Authenticating client traffic to the same SSID as the repeater is > authenticating to > 4. Authenticating clients to Active Directory > > As I said previously, you should first remove the security if possible to > verify that the repeater function is working. If you can't use open > authentication to start, because clients are using the 1142, that will > complicate things. I would also remove the MAC list. Also, only list the > Dot11Radio 0 mac address of the 1142 as a parent. The 1121 won't be able > to connect to a 5GHz radio, and the BVI is never the parent. > > What type of EAP are you using for authentication? Keep in mind that the > 1121 will ONLY allow you to use LEAP, EAP-FAST, or EAP-TLS if it is the > client (which is what it is when it is a repeater). You mention Active > Directory. What RADIUS server are you using? You can't authenticate > directly from the APs to AD - you must use RADIUS. If you are using > Microsoft's IAS or NPS, you would only be able to use EAP-TLS for the 1121, > as those RADIUS servers don't support LEAP or EAP-FAST. And, have fun > getting EAP-TLs to work... > > So, in short, what you are trying to do may not be possible with your > current equipment. > > > Jason Boyers, CCIE #26024 (Wireless) > Blog: netboyers.wordpress.com > > > On Tue, Nov 20, 2012 at 1:36 AM, Kumar Gollapudi <[email protected] > >wrote: > > > Hi Jason, > > > > There is no WDS or Wireless Bridge Group in our WLAN. Could you help with > > some config examples to configure on repeater & standalone root station. > > > > The motive is to provide seamless accessibility, the Standalone Repeater > > Station (1121) should associate with Root Station (1142) and all the > mobile > > user's association (MAC-Filtering & AD based Authentication) should be > > happen it from the database/list of the 1142. > > > > Thanks > > Kumar G > > > > > > On Mon, Nov 19, 2012 at 11:55 PM, Jason Boyers <[email protected]> > wrote: > > > >> First - does the 1121 connect and repeat traffic properly without > >> security enabled? Please verify that first. For the 1121 client > config, > >> what form of authentication are you using - LEAP, EAP-FAST, or EAP-TLS? > >> Those are the only three types that the APs can use as clients. Also, > are > >> you using WDS? > >> > >> > >> Jason Boyers, CCIE #26024 (Wireless) > >> Blog: netboyers.wordpress.com > >> > >> > >> On Mon, Nov 19, 2012 at 12:19 PM, Kumar Gollapudi <[email protected] > >wrote: > >> > >>> Hi Jason, > >>> > >>> Sorry, I didn't configured any extra config on 1121 to authenticate > with > >>> 1142.*(Also, your configuration doesn't show how the 1121 is actually > >>> sending credentials to the 1142)*. > >>> > >>> Could you help me with the config what to be configured to > authencticate > >>> with Root device. > >>> > >>> Thanks > >>> Kumar G > >>> > >>> > >>> On Mon, Nov 19, 2012 at 10:35 PM, Jason Boyers <[email protected] > >wrote: > >>> > >>>> The parent should never be a BVI - only radios can be parents. Also, > >>>> have you tried to associate without using encryption and without the > >>>> mac-list on the 1142? That is always the first step - get the > association > >>>> to work, then add security to that. Otherwise, you run into the > issue of > >>>> not knowing what is causing the problem - the wireless component or > the > >>>> security component. Also, your configuration doesn't show how the > 1121 is > >>>> actually sending credentials to the 1142. That needs to be > configured, and > >>>> the configuration will depend on the EAP type used. > >>>> > >>>> Jason Boyers, CCIE #26024 (Wireless) > >>>> Blog: netboyers.wordpress.com > >>>> > >>>> > >>>> On Mon, Nov 19, 2012 at 9:19 AM, Kumar Gollapudi < > [email protected]>wrote: > >>>> > >>>>> Hi, > >>>>> > >>>>> There is a challenge in configuring Cisco Access Point 1121 into > >>>>> Repeater Mode with Root Station AP 1142. The Root station has two > Radio's 0 > >>>>> & 1 (2.4 Ghz & 5.Ghz). We configurfed to associate the Cisco AP 1121 > on > >>>>> both Radio Stations & BVI1. But its trying to assoicate with 1142 > with lot > >>>>> of error's. > >>>>> > >>>>> '%DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Not > >>>>> specified parent > >>>>> > >>>>> %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: No > >>>>> Response > >>>>> > >>>>> %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Rcvd > >>>>> response from > >>>>> > >>>>> Actually the Root Stations has been configured with MAC & AD based > >>>>> authenticatoin to associate the client devices(laptops). Looking for > your > >>>>> valuable suggestions on the issue. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> *On Root Station: (Standalone Cisco 1142 Access Point)* > >>>>> > >>>>> > >>>>> > >>>>> dot11 ssid AC-CORP-WIFI-IND > >>>>> > >>>>> authentication open eap eap_methods1 > >>>>> > >>>>> authentication network-eap eap_methods1 > >>>>> > >>>>> authentication key-management wpa > >>>>> > >>>>> > >>>>> > >>>>> interface Dot11Radio0 > >>>>> > >>>>> no ip address > >>>>> > >>>>> no ip route-cache > >>>>> > >>>>> ! > >>>>> > >>>>> encryption mode ciphers aes-ccm > >>>>> > >>>>> ! > >>>>> > >>>>> ssid XXXXXXX > >>>>> > >>>>> ! > >>>>> > >>>>> speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 > >>>>> > >>>>> station-role root > >>>>> > >>>>> dot1x reauth-period 3 > >>>>> > >>>>> bridge-group 1 > >>>>> > >>>>> bridge-group 1 subscriber-loop-control > >>>>> > >>>>> bridge-group 1 block-unknown-source > >>>>> > >>>>> no bridge-group 1 source-learning > >>>>> > >>>>> no bridge-group 1 unicast-flooding > >>>>> > >>>>> bridge-group 1 spanning-disabled > >>>>> > >>>>> > >>>>> > >>>>> dot11 association mac-list xxxx > >>>>> > >>>>> ip radius source-interface BVI1 > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> *On Repeater Device: (Cisco Access 1121) > >>>>> * > >>>>> > >>>>> > >>>>> > >>>>> dot11 ssid XXXXXXXXXX > >>>>> > >>>>> authentication open eap eap_methods1 > >>>>> > >>>>> authentication network-eap eap_methods1 > >>>>> > >>>>> authentication key-management wpa > >>>>> > >>>>> infrastructure-ssid optional > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> interface Dot11Radio0 > >>>>> > >>>>> no ip address > >>>>> > >>>>> no ip route-cache > >>>>> > >>>>> ! > >>>>> > >>>>> encryption mode ciphers aes-ccm > >>>>> > >>>>> ! > >>>>> > >>>>> ssid AC-CORP-WIFI-IND > >>>>> > >>>>> ! > >>>>> > >>>>> speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 > >>>>> > >>>>> station-role repeater > >>>>> > >>>>> dot1x reauth-period 3 > >>>>> > >>>>> parent 1 xxxx.xxxx.xxxx (BVI1) > >>>>> > >>>>> parent 2 xxxx.xxxx.xxxx (Dot11Radio0) > >>>>> > >>>>> parent 3 xxxx.xxxx.xxxx (Dot11Radio1) > >>>>> > >>>>> bridge-group 1 > >>>>> > >>>>> bridge-group 1 subscriber-loop-control > >>>>> > >>>>> bridge-group 1 block-unknown-source > >>>>> > >>>>> no bridge-group 1 source-learning > >>>>> > >>>>> no bridge-group 1 unicast-flooding > >>>>> > >>>>> bridge-group 1 spanning-disabled > >>>>> Thanks > >>>>> Kumar G > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> For more information regarding industry leading CCIE Lab training, > >>>>> please visit www.ipexpert.com > >>>>> > >>>>> Are you a CCNP or CCIE and looking for a job? Check out > >>>>> www.PlatinumPlacement.com > >>>>> > >>>>> > >>>> > >>> > >> > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_wireless/attachments/20121121/dfc3d457/attachment-0001.html> > > ------------------------------ > > _______________________________________________ > CCIE_Wireless mailing list > [email protected] > http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless > > > End of CCIE_Wireless Digest, Vol 43, Issue 10 > ********************************************* > -- Regards Abhishek Das
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
