Well , I'm going to reconfigure the switches and WLC from the beginning .
Could any one help me how to start the configuration in the switches an
controller .
the controller is 5508 7.4
the APs are 3600
Many thanks and best Regards,
Israa
------------------------------
On Wed, Feb 5, 2014 3:28 PM AST (Arabian) Brendon Hwang wrote:
>can you get below again?
>
>show auth-list
>show traplog
>
>Regards,
>Brendon
>
>
>
>
>On 5 Feb 2014, at 11:03 pm, cisco 2006 <[email protected]> wrote:
>
>I put in the mac addr authentication list , but also in vane.
>
>
>
>
>On Wednesday, 5 February 2014, 14:55, Brendon Hwang <[email protected]> wrote:
>I think Raul was going into right direction.
>
>In other email thread you have 6c416a297355 mac addr failing AAA. isn't that
>mac addr of AP in question?
>You should put that mac addr into auth-list if that's the case
>
>Regards,
>Brendon
>
>
>
>
>On 5 Feb 2014, at 10:20 pm, cisco 2006 <[email protected]> wrote:
>
>
>I change the policy as follows because when I use Accept Manufactured
>Installed Certificate (MIC) all APs disappear .
>
>
>
>AP Policies
>
>Policy Configuration
>
>Accept Self Signed Certificate (SSC)
>Accept Manufactured Installed Certificate (MIC)
>Accept Local Significant Certificate (LSC)
>Authorize MIC APs against auth-list or AAA
>Authorize LSC APs against auth-list
>AP Authorization List
>Entries 1 - 2 of 2
>
>Search by MAC
>MAC Address Certificate Type SHA1 Key Hash
>
>
>
>
>
>
>
>All AP
>Entries 1 - 1 of 1
>Current Filter None [Change Filter] [Clear Filter]
>
>Number of APs
>AP Name AP Model AP MAC AP Up Time Admin Status
>Operational Status Port AP Mode Certificate Type OEAP
>Primary SW version Backup SW version AP Sub Mode Download
>Status Upgrade Role (Master/Slave)
>
>
>
>
>
>On Wednesday, 5 February 2014, 14:15, Raul Manzano <[email protected]> wrote:
>Can you attach a screenshot about the AP policies of your WLC???
>
>
>
>
>2014-02-05 <[email protected]>:
>Send CCIE_Wireless mailing list submissions to
> [email protected]
>
>To subscribe or unsubscribe via the World Wide Web, visit
> http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless
>or, via email, send a message with subject or body 'help' to
> [email protected]
>
>You can reach the person managing the list at
> [email protected]
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of CCIE_Wireless digest..."
>
>
>Today's Topics:
>
> 1. Re: CCIE_Wireless Digest, Vol 58, Issue 20 (cisco 2006)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Wed, 5 Feb 2014 10:52:51 +0000 (GMT)
>From: cisco 2006 <[email protected]>
>To: cisco 2006 <[email protected]>, Raul Manzano
> <[email protected]>, "[email protected]"
> <[email protected]>
>Subject: Re: [OSL | CCIE_Wireless] CCIE_Wireless Digest, Vol 58, Issue
> 20
>Message-ID:
> <[email protected]>
>Content-Type: text/plain; charset="iso-8859-1"
>
>Trap Logs ????
>Number of Traps since last reset?? 11635 ??
>Number of Traps since log last viewed?? 5767 ??
>Log
>System Time
>Trap
>0 Wed Feb 5 01:42:43 2014 AP Disassociated. Base Radio MAC:d0:c7:89:0b:1a:b0
>1 Wed Feb 5 01:42:43 2014 AP's Interface:1(802.11a) Operation State Down: Base
>Radio MAC:d0:c7:89:0b:1a:b0 Cause=New Discovery Status:NA
>2 Wed Feb 5 01:42:43 2014 AP's Interface:0(802.11b) Operation State Down: Base
>Radio MAC:d0:c7:89:0b:1a:b0 Cause=New Discovery Status:NA
>3 Wed Feb 5 01:40:17 2014 Configuration Saved from Web Interface
>4 Wed Feb 5 01:38:08 2014 AAA Authentication Failure for UserName:6c416a297355
>User Type: WLAN USER
>5 Wed Feb 5 01:38:02 2014 AAA Authentication Failure for UserName:6c416a297355
>User Type: WLAN USER
>6 Wed Feb 5 01:37:47 2014 AAA Authentication Failure for UserName:6c416a297355
>User Type: WLAN USER
>7 Wed Feb 5 01:37:41 2014 AAA Authentication Failure for UserName:6c416a297355
>User Type: WLAN USER
>8 Wed Feb 5 01:37:26 2014 AAA Authentication Failure for UserName:6c416a297355
>User Type: WLAN USER
>9 Wed Feb 5 01:37:20 2014 AAA Authentication Failure for UserName:6c416a297355
>User Type: WLAN USER
>
>
>
>On Wednesday, 5 February 2014, 13:35, cisco 2006 <[email protected]> wrote:
>
>Yes it is disable
>
>
>
>On Wednesday, 5 February 2014, 12:20, Raul Manzano <[email protected]> wrote:
>
>Ok, but?"authorize mic aps against auth-list or AAA" is enable or disable,
>because this option, unless you want to authorizate your AP against AAA or
>MAc-filtering must be disabled.
>
>Cheers
>
>
>
>2014-02-05 <[email protected]>:
>
>Send CCIE_Wireless mailing list submissions to
>>? ? ? ? [email protected]
>>
>>To subscribe or unsubscribe via the World Wide Web, visit
>>? ? ? ? http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless
>>or, via email, send a message with subject or body 'help' to
>>? ? ? ? [email protected]
>>
>>You can reach the person managing the list at
>>? ? ? ? [email protected]
>>
>>When replying, please edit your Subject line so it is more specific
>>than "Re: Contents of CCIE_Wireless digest..."
>>
>>
>>Today's Topics:
>>
>>? ?1. Re: CCIE_Wireless Digest, Vol 58, Issue 18 (cisco 2006)
>>
>>
>>----------------------------------------------------------------------
>>
>>Message: 1
>>Date: Wed, 5 Feb 2014 09:11:11 +0000 (GMT)
>>From: cisco 2006 <[email protected]>
>>To: Raul Manzano <[email protected]>,
>>? ? ? ? "[email protected]"
>>? ? ? ? <[email protected]>
>>Subject: Re: [OSL | CCIE_Wireless] CCIE_Wireless Digest, Vol 58, Issue
>>? ? ? ? 18
>>Message-ID:
>>? ? ? ? <[email protected]>
>>Content-Type: text/plain; charset="iso-8859-1"
>>
>>
>>
>>Yes , I did the accept manufacture installed certificate but I recieved this :
>>
>>
>>
>>Reason For Last Unsuccessful Attempt ? ?RADIUS authorization is pending for
>>the AP
>>
>>
>>
>>
>>On Wednesday, 5 February 2014, 11:57, Raul Manzano <[email protected]>
>>wrote:
>>
>>Try ti review in Security / AP policies that "accept manufacture installed
>>certificate" are enabled, also "authorize mic aps against auth-list or AAA"
>>are disabled unless you are using a AAA or internal MAC-filter to authorize
>>the join in this WLC.
>>
>>Cheers
>>
>>
>>
>>2014-02-05 <[email protected]>:
>>
>>Send CCIE_Wireless mailing list submissions to
>>? ? ? ? [email protected]
>>
>>To subscribe or unsubscribe via the World Wide Web, visit
>>? ? ? ? http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless
>>or, via email, send a message with subject or body 'help' to
>>? ? ? ? [email protected]
>>
>>You can reach the person managing the list at
>>? ? ? ? [email protected]
>>
>>When replying, please edit your Subject line so it is more specific
>>than "Re: Contents of CCIE_Wireless digest..."
>>
>>
>>Today's Topics:
>>
>>? ?1. Re: AP not joined to WLC (cisco 2006)
>>
>>
>>----------------------------------------------------------------------
>>
>>Message: 1
>>Date: Wed, 5 Feb 2014 08:46:25 +0000 (GMT)
>>From: cisco 2006 <[email protected]>
>>To: Brendon Hwang <[email protected]>
>>Cc: "[email protected]"
>>? ? ? ? <[email protected]>
>>Subject: Re: [OSL | CCIE_Wireless] AP not joined to WLC
>>Message-ID:
>>? ? ? ? <[email protected]>
>>Content-Type: text/plain; charset="iso-8859-1"
>>
>>I can only get these output
>>
>>
>>
>>(Cisco Controller) debug>capwap errors enable?
>>
>>(Cisco Controller) debug>*spamApTask1: Feb 04 22:06:27.284:
>>sshpmFreePublicKeyHandle: freeing public key
>>
>>*spamApTask0: Feb 04 23:40:31.348: d0:c7:89:0b:1f:40 State machine handler:
>>Failed to process ?msg type = 3 state = 0 from 10.128.20.13:8308
>>
>>??
>>(Cisco Controller) debug>
>>(Cisco Controller) debug> ?*spamApTask0: Feb 04 23:40:31.348:
>>d0:c7:89:0b:1f:40 Failed to parse CAPWAP packet from 10.128.20.13:8308
>>
>>*spamApTask1: Feb 04 23:42:01.311: 00:00:00:00:00:00 Invalid event
>>Capwap_heart_beat_timer_expiry & state Capwap_no_state combination
>>
>>*spamApTask1: Feb 04 23:42:01.311: d0:c7:89:0b:1f:40 Event =
>>Capwap_heart_beat_timer_expiry State = Capwap_no_state
>>
>>*spamApTask1: Feb 04 23:42:01.311: Failed to process timer message 1
>>
>>?
>>
>>(Cisco Controller) debug>capwap events enable?
>>
>>(Cisco Controller) debug>*spamApTask1: Feb 04 23:43:31.927: d0:c7:89:0b:1a:b0
>>DTLS connection not found, creating new connection for 10:128:20:12 (38710)
>>10:128:20:10 (5246)
>>
>>*spamApTask1: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 Allocated index from
>>main list, Index: 127
>>
>>*spamApTask1: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 DTLS keys for Control
>>Plane are plumbed successfully for AP 10.128.20.12. Index 128
>>
>>*spamApTask2: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 DTLS Session established
>>server (10.128.20.10:5246), client (10.128.20.12:38710)
>>*spamApTask2: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 Starting wait join timer
>>for AP: 10.128.20.12:38710
>>
>>*spamApTask1: Feb 04 23:43:37.403: d0:c7:89:0b:1a:b0 Join Request from
>>10.128.20.12:38710
>>
>>*spamApTask1: Feb 04 23:43:37.404: d0:c7:89:0b:1a:b0 Deleting AP entry
>>10.128.20.12:38710 from temporary database.
>>*spamApTask1: Feb 04 23:43:37.404: d0:c7:89:0b:1a:b0 MIC AP is not allowed to
>>join by config
>>
>>
>>
>>
>>On Wednesday, 5 February 2014, 11:30, Brendon Hwang <[email protected]>
>>wrote:
>>
>>Hello,
>>
>>You can try below. ?I am not sure what info had been delivered from you to
>>other guys hence I just ask few useful information you can gather if console
>>is possible.
>>
>>show capwap client config
>>show capwap client rcb
>>
>>- do this if AP keeps on rebooting
>>Debug capwap client no-r ??
>>
>>- mainly you can use below for useful info.
>>debug capwap client event
>>
>>
>>Regards,
>>Brendon
>>
>>
>>
>>
>>On 5 Feb 2014, at 6:38 pm, cisco 2006 <[email protected]> wrote:
>>
>>No I don't have .
>>But if it is neccesary need I will try to access the AP . But what outputs of
>>commands do you want.?
>>
>>
>>Please not that all interfaces in the same vlan?
>>
>>Interfaces Entries 1 - 6 of 6
>>Interface Name VLAN Identifier IP Address Interface Type Dynamic AP
>>Management ?
>>?
>>
>>
>>
>>On Wednesday, 5 February 2014, 10:30, Brendon Hwang <[email protected]>
>>wrote:
>>
>>Do you have a console connection to AP by any chance?
>>
>>
>>Regards,
>>Brendon
>>
>>
>>
>>
>>On 5 Feb 2014, at 6:24 pm, cisco 2006 <[email protected]> wrote:
>>
>>It is 5508?
>>
>>
>>
>>On Wednesday, 5 February 2014, 10:15, Andreas di Zazzo
>><[email protected]> wrote:
>>
>>Btw what controller is it? Since it looks like the access-points are running
>>MESH image. The virtual WLC do not support that.
>>?
>>From:[email protected]
>>[mailto:[email protected]] On Behalf Of cisco 2006
>>Sent: den 5 februari 2014 08:03
>>To: Jeff Rensink
>>Cc: [email protected]
>>Subject: Re: [OSL | CCIE_Wireless] AP not joined to WLC
>>?
>>Also see this output?
>>?
>>?
>>(Cisco Controller) >debug capwap errors enable?
>>(Cisco Controller) >*spamApTask1: Feb 04 03:18:49.454: d0:c7:89:0b:1f:40 Join
>>Request: Total msgEleLen = 0?
>>?
>>*spamApTask0: Feb 04 21:58:15.193: d0:c7:89:0b:1f:40 State machine handler:
>>Failed to process ?msg type = 3 state = 0 from 10.128.20.13:8308
>>?
>>*spamApTask0: Feb 04 21:58:15.193: d0:c7:89:0b:1f:40 Failed to parse CAPWAP
>>packet from 10.128.20.13:8308
>>?
>>*spamApTask1: Feb 04 21:58:25.977: d0:c7:89:0b:1a:b0 Echo Timer Expiry:
>>Missing Echo from APd0:c7:89:0b:1a:b0, Closing dtls Connection.
>>*spamApTask1: Feb 04 21:58:42.448: d0:c7:89:0b:1a:b0 State machine handler:
>>Failed to process ?msg type = 3 state = 0 from 10.128.20.12:38711
>>?
>>*spamApTask1: Feb 04 21:58:42.448: d0:c7:89:0b:1a:b0 Failed to parse CAPWAP
>>packet from 10.128.20.12:38711
>>?
>>q*spamApTask0: Feb 04 21:59:08.726: d0:c7:89:0b:1f:40 DTLS connection was
>>closed
>>*spamApTask1: Feb 04 21:59:24.357: d0:c7:89:0b:1f:40 State machine handler:
>>Failed to process ?msg type = 3 state = 0 from 10.128.20.13:8309
>>?
>>*spamApTask1: Feb 04 21:59:24.358: d0:c7:89:0b:1f:40 Failed to parse CAPWAP
>>packet from 10.128.20.13:8309
>>?
>>*spamApTask1: Feb 04 21:59:35.981: d0:c7:89:0b:1a:b0 DTLS connection was
>>closed
>>?
>>?
>>On Wednesday, 5 February 2014, 9:53, cisco 2006 <[email protected]> wrote:
>>The following are the output of the controller . Also notice that the
>>exchange of control data is in plain text as follows
>>?
>>Wireless > all aps > ap > advanced > ?Current Data Encryption
>>Status???????plain text
>>?
>>Please let me know if need any further information .
>>?
>>?
>>(Cisco Controller) >show ap retransmit all
>>Global control packet retransmit interval: 3
>>Global control packet retransmit count: 5
>>AP Name???????????? Retransmit Interval? Retransmit count
>>------------------? -------------------? -------------------
>>AP6c41.6a29.7355?????? N/A(Mesh mode)????? N/A(Mesh mode)
>>?
>>?
>>(Cisco Controller) >show country code
>>Configured Country............................. US? - United States
>>Configured Country Codes
>>??????? US? - United States............................. 802.11a
>>Indoor,Outdoor / 802.11b / 802.11g
>>?
>>?
>>?
>>On Wednesday, 5 February 2014, 2:11, Jeff Rensink <[email protected]>
>>wrote:
>>What do you mean by this? ?Can you give us a screenshot of your Country codes
>>screen? (or a "show country" command in the CLI)
>>
>>
>>Regards,
>>?
>>Jeff Rensink : Sr Instructor : iPexpert
>>CCIE # 24834 :: Wireless / R&S
>>:: World-Class Cisco Certification Training
>>
>>
>>Direct: +1.810.326.1444
>>:: Free Videos
>>:: Free Training / Product Offerings
>>:: CCIE Blog
>>:: Twitter
>>?
>>On Tue, Feb 4, 2014 at 9:22 AM, cisco 2006 <[email protected]> wrote:
>>
>>
>>also when I configured the country code , it appairs not configured in
>>regularity domains.
>>
>>
>>
>>
>>
>>
>>------------------------------
>>On Tue, Feb 4, 2014 6:02 PM AST (Arabian) Maxim Risman wrote:
>>
>>>Hello, what is the WLC version code you are running ?
>>>
>>>Thank you.
>>>
>>>
>>>On Tue, Feb 4, 2014 at 4:56 AM, cisco 2006 <[email protected]> wrote:
>>>
>>> Dear All,
>>> I need you help to solve this issue in my wireless LAN .
>>> When I connect the AP 3600 to the Switch the AP get the IP from the DHCP
>>> but it is not joined with the WLC 5508 and I get
>>?this output from the
>>> controller . I have to mention that the mangement interface , dynamic
>>> interface and APs in the same VLAN .
>>>
>>>
>>>
>>>
>>> ?*All APs*
>>> ? ? *Entries 1 - 2 of 2*
>>>
>>> ?*Current Filter*
>>> ?*None*
>>>
>>> ?[Change Filter] [Clear Filter]
>>>
>>> ? ?*Number of APs*
>>>
>>>
>>> ?*AP Name*
>>>
>>> ?*AP Model*
>>> ?*AP MAC*
>>> ?*AP Up Time*
>>> ?*Admin Status*
>>> ?*Operational Status*
>>> ?*Port*
>>> ?*AP Mode*
>>> ?*Certificate Type*
>>> ?*OEAP*
>>> ?*Primary SW version*
>>> ?*Backup SW version*
>>> ?*AP Sub Mode*
>>> ?*Download Status*
>>> ?*Upgrade Role (Master/Slave)*
>>>
>>>
>>>
>>>
>>> ?*AP Join Stats*
>>> ? ?*Entries 1 - 2 of 2*
>>>
>>> ? ?*Current Filter:*
>>> ?None
>>>
>>> ?[Change Filter] [Clear Filter]
>>>
>>>
>>>
>>??*Base Radio MAC*
>>> ?*AP Name*
>>> ?*Status*
>>> ?*Ethernet MAC*
>>> ?*IP Address*
>>> ?*Last Join Time*
>>>
>>>
>>>
>>>
>>>
>>> ?*AP Join Stats Detail >*
>>>
>>> ? ?*General*
>>>
>>> ? Base MAC Address
>>> ? ? AP Name
>>> ? ? Ethernet MAC Address
>>> ? ? IP Address
>>> ? ? Status
>>> ? ? *Last AP Join*
>>>
>>> ? *Timestamp*
>>> ?*Message*
>>>
>>?? ? ? ?*Discovery Phase Statistics*
>>>
>>> ? Requests Received
>>> ? ? Responses Sent
>>> ? ? Unsuccessful Request Processed
>>> ? ? Reason For Last Unsuccessful Attempt
>>> ? ? Last Successful Attempt Time
>>> ? ? Last Unsuccessful Attempt Time
>>> ? ? *Join Phase Statistics*
>>>
>>> ? Requests Received
>>> ? ? Responses Sent
>>> ? ? Unsuccessful Request Processed
>>> ? ? Reason For Last Unsuccessful Attempt
>>> ? ? Last Successful Attempt Time
>>> ? ? Last Unsuccessful Attempt Time
>>> ? ? *Configuration Phase Statistics*
>>>
>>> ? Requests Received
>>> ? ? Responses Sent
>>> ? ? Unsuccessful Request Processed
>>> ? ? Reason For Last Unsuccessful Attempt
>>> ? ? Last Successful Attempt Time
>>> ? ? Last Unsuccessful Attempt Time
>>>
>>> ?*Last Error Summary*
>>>
>>> ? Last AP Message Decryption Failure
>>> ? ? Last AP Connection Failure
>>> ? ? Last AP Disconnect Reason
>>> ? ? Last Error Occurred
>>> ? ? Last Error Occurred Reason
>>> ? ? Last Join Error
>>?Timestamp
>>>
>>>
>>> _______________________________________________
>>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>>>
>>> iPexpert on YouTube: www.youtube.com/ipexpertinc
>>>
>>>
>>>
>>>
>>>--
>>>Best Regards
>>>
>>>Maxim Risman
>>
>>_______________________________________________
>>Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>>
>>iPexpert on YouTube: www.youtube.com/ipexpertinc
>>?
>>?
>>?
>>_______________________________________________
>>Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>>
>>iPexpert on YouTube: www.youtube.com/ipexpertinc
>>?
>>
>>_______________________________________________
>>Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>>
>>iPexpert on YouTube: www.youtube.com/ipexpertinc
>>-------------- next part --------------
>>An HTML attachment was scrubbed...
>>URL: </archives/ccie_wireless/attachments/20140205/2c65df39/attachment.html>
>>
>>------------------------------
>>
>>_______________________________________________
>>Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>>
>>iPexpert on YouTube: www.youtube.com/ipexpertinc
>>
>>End of CCIE_Wireless Digest, Vol 58, Issue 18
>>*********************************************
>>
>>
>>_______________________________________________
>>Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>>
>>iPexpert on YouTube: www.youtube.com/ipexpertinc
>>-------------- next part --------------
>>An HTML attachment was scrubbed...
>>URL: </archives/ccie_wireless/attachments/20140205/48f384fe/attachment.html>
>>
>>------------------------------
>>
>>_______________________________________________
>>Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>>
>>iPexpert on YouTube: www.youtube.com/ipexpertinc
>>
>>End of CCIE_Wireless Digest, Vol 58, Issue 20
>>*********************************************
>>
>
>_______________________________________________
>Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>
>iPexpert on YouTube: www.youtube.com/ipexpertinc
>
>
>
>_______________________________________________
>Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>
>iPexpert on YouTube: www.youtube.com/ipexpertinc
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: </archives/ccie_wireless/attachments/20140205/cc59d588/attachment.html>
>
>------------------------------
>
>_______________________________________________
>Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>
>iPexpert on YouTube: www.youtube.com/ipexpertinc
>
>End of CCIE_Wireless Digest, Vol 58, Issue 25
>*********************************************
>
>
>_______________________________________________
>Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>
>iPexpert on YouTube: www.youtube.com/ipexpertinc
>
>_______________________________________________
>Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
>
>iPexpert on YouTube: www.youtube.com/ipexpertinc
>
>
>
>
_______________________________________________
Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
iPexpert on YouTube: www.youtube.com/ipexpertinc
