BSOD on Wireless Network
We have recently installed the cisco airespace product at one of our locations. For a while everything was working fine. Recently at one of the locations numerous users are getting blue screens of death while using the wireless network. I would say its about 3% of the population. We are also using Cisco clean access on this segment as well. In any other location, users do not get this BSOD. The error is as follows: Driver_IRQL_Not Less_or_Equal Tech Info: NDIS.SYS If anyone has seen these issues, or may be able to give some insight on why this is happening, that would be great. Thanks in advance. Eric Morgenroth [EMAIL PROTECTED] 917.335.5477 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] BSOD on Wireless Network
Clean Access is not supported on some OSes, like XP Tablet, etc We had this happen with CCA 3.5.5 on XP Home too. Michael Ruiz Network and Systems Engineer, ESSE ACP A+ Hobart and William Smith Colleges ' 1-315-781-3711 [EMAIL PROTECTED] Monday to Friday, 08:30 A.M. 05:00 P.M. ET All support inquiries should be initiated with the IT Services Helpdesk at ' 1-315-781-4357 or on campus x4357 [EMAIL PROTECTED] or http://www.hws.edu/itservices From: Eric Morgenroth [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 14, 2005 10:39 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] BSOD on Wireless Network We have recently installed the cisco airespace product at one of our locations. For a while everything was working fine. Recently at one of the locations numerous users are getting blue screens of death while using the wireless network. I would say its about 3% of the population. We are also using Cisco clean access on this segment as well. In any other location, users do not get this BSOD. The error is as follows: Driver_IRQL_Not Less_or_Equal Tech Info: NDIS.SYS If anyone has seen these issues, or may be able to give some insight on why this is happening, that would be great. Thanks in advance. Eric Morgenroth [EMAIL PROTECTED] 917.335.5477 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] BSOD on Wireless Network
This points to the network card driver. Has the network driver been updated recently? Driver_IRQL_Not Less_or_Equal Tech Info: NDIS.SYS ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Cisco Clean Access over a WAN link
I am wondering if anybody is running the Cisco Clean Access authentication and scan process over a WAN link? We would like to run student machines with the Cisco Clean Access Agent installed, at a remote campus through our Clean Access server here on our main campus. Any setup or performance issues? Thanks for your help. Mike Hanson IT Department The College of St. Scholastica Duluth Minnesota ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
[WIRELESS-LAN] Multiple VLANs configuration
We are currently testing setting up our Cisco Aironet 1100 and 1200 infrastructure with multiple VLANs Our test device is statically configured for VLAN 168. We have another test VLAN 19 which we want to have trunked to the device. The access point is connected to a port on a Cisco 4500 chassis running native IOS. The port configuration that is currently on is: interface FastEthernet2/36 switchport access vlan 168 switchport trunk encapsulation dot1q switchport trunk native vlan 168 switchport trunk allowed vlan 1,19,168,998,999,1001-4094 qos trust cos no snmp trap link-status tx-queue 3 priority high spanning-tree portfast If I do a 'sh vlan id 19' on the same switch it does not show the VLAN active on the same port Should I be configuring the port differently to carry multiple VLANs to the access point? Any clues would be appreciated... Ranjit Philip ITR Network Engineering California State University, Northridge ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Multiple VLANs configuration
On Wed, 2005-12-14 at 14:25 -0800, Ranjit Philip wrote: The port configuration that is currently on is: I would suggest modifying the switch with the following configuration. Reason, you don't need 'swichport access vlan 168' since you are trying to configure a trunk. Also you don't want 'spanning-tree portfast' because you DO want to run spanning tree on that port. interface FastEthernet2/36 no switchport access vlan 168 switchport trunk encapsulation dot1q switchport trunk native vlan 168 switchport trunk allowed vlan 1,19,168,998,999,1001-4094 qos trust cos no snmp trap link-status tx-queue 3 priority high no spanning-tree portfast If I do a 'sh vlan id 19' on the same switch it does not show the VLAN active on the same port The reason why is not showing there is because this interface is a trunk. Is your Cat4500 doing the routing? or if another device is routing then you need to trunk vlan 19 to the 4500. Also do you have vlan 19 created on the 4500? 'sho vlan' should show you if it exists, even though it might not have any interfaces assigned to it. Should I be configuring the port differently to carry multiple VLANs to the access point? Also you ap should be configured for trunking. ** interface FastEthernet0.168 encapsulation dot1Q 168 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled interface FastEthernet0.19 no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ** Hope this helps. --Samuel -- Samuel Petreski Network Systems Analyst Computing and Network Services Kansas State University (785) 532-4943 [EMAIL PROTECTED] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Multiple VLANs configuration
First execute a couple of commands 1) sh int fa2/36 switchport Look at the output from this and see if your interface is actually in trunk mode 2) conf t int fa2/36 switchport mode trunk This will turn trunking on Alternatively, you can do a switchport mode dynamic auto which sets the trunk negotiation to auto, or you can do a switchport mode dynamic desirable which sets the trunk negotiation to desirable 3) no spanning-tree portfast 4) sh vtp stat If you are using a VTP domain, You want to make sure your vtp domain info is correct as well This should get you up and going J. Bart Casey Network Engineer Wofford College -Original Message- From: Ranjit Philip [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 14, 2005 5:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Multiple VLANs configuration We are currently testing setting up our Cisco Aironet 1100 and 1200 infrastructure with multiple VLANs Our test device is statically configured for VLAN 168. We have another test VLAN 19 which we want to have trunked to the device. The access point is connected to a port on a Cisco 4500 chassis running native IOS. The port configuration that is currently on is: interface FastEthernet2/36 switchport access vlan 168 switchport trunk encapsulation dot1q switchport trunk native vlan 168 switchport trunk allowed vlan 1,19,168,998,999,1001-4094 qos trust cos no snmp trap link-status tx-queue 3 priority high spanning-tree portfast If I do a 'sh vlan id 19' on the same switch it does not show the VLAN active on the same port Should I be configuring the port differently to carry multiple VLANs to the access point? Any clues would be appreciated... Ranjit Philip ITR Network Engineering California State University, Northridge ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Multiple VLANs configuration
Thank you all for the responses. The 'switchport mode trunk' actually did the trick. Little mistakes...arrrgh I am going to take out the 'spanning-tree portfast' command nonetheless as most of you have suggested. I however found out that when you have a port configured in trunk mode and you try to enable 802.1x on that port it gives me this message: (config-if)#dot1x port-control auto Command rejected: Trunking enabled on one or more ports. Dot1x is supported only on Ethernet interfaces configured in Access, Routed or Private-vlan Host Mode. (config-if)# *Apr 4 12:16:02.104: %DOT1X-5-ERR_TRUNK: Dot1x can not be enabled on Trunk port This takes us into another subject, but, I was trying to configure the AP in such a way that it has one SSID tied to VLAN 168 which requires MAC based open authentication and no encryption and another SSID tied to VLAN 19 which requires 802.1x based authentication using EAP-PEAP with MS-CHAPv2 and WPA encryption. Do I need to have the port the AP is connected to set for 1x? How would I do it on a trunk port if 1x is configured on the port wouldn't all the SSIDs on the AP require 802.1x based authentication? Thank you. Ranjit Philip ITR Network Engineering California State University, Northridge Original message Date: Wed, 14 Dec 2005 18:21:46 -0500 From: Casey, J Bart [EMAIL PROTECTED] Subject: RE: [WIRELESS-LAN] Multiple VLANs configuration To: [EMAIL PROTECTED], WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU First execute a couple of commands 1) sh int fa2/36 switchport Look at the output from this and see if your interface is actually in trunk mode 2) conf t int fa2/36 switchport mode trunk This will turn trunking on Alternatively, you can do a switchport mode dynamic auto which sets the trunk negotiation to auto, or you can do a switchport mode dynamic desirable which sets the trunk negotiation to desirable 3) no spanning-tree portfast 4) sh vtp stat If you are using a VTP domain, You want to make sure your vtp domain info is correct as well This should get you up and going J. Bart Casey Network Engineer Wofford College -Original Message- From: Ranjit Philip [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 14, 2005 5:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Multiple VLANs configuration We are currently testing setting up our Cisco Aironet 1100 and 1200 infrastructure with multiple VLANs Our test device is statically configured for VLAN 168. We have another test VLAN 19 which we want to have trunked to the device. The access point is connected to a port on a Cisco 4500 chassis running native IOS. The port configuration that is currently on is: interface FastEthernet2/36 switchport access vlan 168 switchport trunk encapsulation dot1q switchport trunk native vlan 168 switchport trunk allowed vlan 1,19,168,998,999,1001-4094 qos trust cos no snmp trap link-status tx-queue 3 priority high spanning-tree portfast If I do a 'sh vlan id 19' on the same switch it does not show the VLAN active on the same port Should I be configuring the port differently to carry multiple VLANs to the access point? Any clues would be appreciated... Ranjit Philip ITR Network Engineering California State University, Northridge ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Multiple VLANs configuration
Just wanted to stress this data point regarding trunked Cisco AP's (Ranjit has it right): Switch ports connected to APs that are trunking must be configured to allow only those vlans that are configured on the AP. This is done using the 'switchport trunk allowed' command on the switch port. ex) switchport trunk allowed vlan 1,314,953 http://www.cisco.com/en/US/customer/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml (this page is for 1100 series, but applies to 1200 series as well) (Not sure if this URL requires CCO login) From that Cisco page: ..If you ignore minor points in these concepts when you deploy VLANs with Cisco Aironet wireless equipment, you will experience unexpected performance, such as: The failure to limit allowed VLANs on the trunk to those defined on the wireless device If VLANs 1, 10, 20, 30 and 40 are defined on the switch, but only VLANs 1, 10 and 30 are defined on the wireless equipment, you must remove the others from the trunk switchport. hope this helps. Mike *** Michael DicksonPhone: 413-545-9639 Network AnalystFax: 413-545-3203 University of MassachusettsEmail: [EMAIL PROTECTED] Network Systems and Services *** Ranjit Philip wrote: Thank you all for the responses. The 'switchport mode trunk' actually did the trick. Little mistakes...arrrgh I am going to take out the 'spanning-tree portfast' command nonetheless as most of you have suggested. I however found out that when you have a port configured in trunk mode and you try to enable 802.1x on that port it gives me this message: (config-if)#dot1x port-control auto Command rejected: Trunking enabled on one or more ports. Dot1x is supported only on Ethernet interfaces configured in Access, Routed or Private-vlan Host Mode. (config-if)# *Apr 4 12:16:02.104: %DOT1X-5-ERR_TRUNK: Dot1x can not be enabled on Trunk port This takes us into another subject, but, I was trying to configure the AP in such a way that it has one SSID tied to VLAN 168 which requires MAC based open authentication and no encryption and another SSID tied to VLAN 19 which requires 802.1x based authentication using EAP-PEAP with MS-CHAPv2 and WPA encryption. Do I need to have the port the AP is connected to set for 1x? How would I do it on a trunk port if 1x is configured on the port wouldn't all the SSIDs on the AP require 802.1x based authentication? Thank you. Ranjit Philip ITR Network Engineering California State University, Northridge Original message Date: Wed, 14 Dec 2005 18:21:46 -0500 From: Casey, J Bart [EMAIL PROTECTED] Subject: RE: [WIRELESS-LAN] Multiple VLANs configuration To: [EMAIL PROTECTED], WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU First execute a couple of commands 1) sh int fa2/36 switchport Look at the output from this and see if your interface is actually in trunk mode 2) conf t int fa2/36 switchport mode trunk This will turn trunking on Alternatively, you can do a switchport mode dynamic auto which sets the trunk negotiation to auto, or you can do a switchport mode dynamic desirable which sets the trunk negotiation to desirable 3) no spanning-tree portfast 4) sh vtp stat If you are using a VTP domain, You want to make sure your vtp domain info is correct as well This should get you up and going J. Bart Casey Network Engineer Wofford College -Original Message- From: Ranjit Philip [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 14, 2005 5:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Multiple VLANs configuration We are currently testing setting up our Cisco Aironet 1100 and 1200 infrastructure with multiple VLANs Our test device is statically configured for VLAN 168. We have another test VLAN 19 which we want to have trunked to the device. The access point is connected to a port on a Cisco 4500 chassis running native IOS. The port configuration that is currently on is: interface FastEthernet2/36 switchport access vlan 168 switchport trunk encapsulation dot1q switchport trunk native vlan 168 switchport trunk allowed vlan 1,19,168,998,999,1001-4094 qos trust cos no snmp trap link-status tx-queue 3 priority high spanning-tree portfast If I do a 'sh vlan id 19' on the same switch it does not show the VLAN active on the same port Should I be configuring the port differently to carry multiple VLANs to the access point? Any clues would be appreciated... Ranjit Philip ITR Network Engineering California State University, Northridge ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion