WLC2106, ASA5510 and Catalyst 2960 trouble creating 2 working wifi-net
New question.
This will be a 2 stage question, where this is stage 1.
I have 2 firewalls at different locations with a site to site VPN configured between them. (Site 1: ASA5505 and Site2:ASA5510 with a Catalyst2960 Layer2 switch).
All is well there.
Now I will add a WLC controller to set up 2 WIFI nets, 1 that works for our internal networl VLAN10 and one that only connects to our VLAN20 (DMZ) which will be a quest VLAN.
In this question I would need help to get this to work.
I have configured the WLC and 1 AP at Site2 and can see the Wifi nets.
The questions here are:
HOW and WHERE should the AP be connected, now it's connected to the Catalyst port FA0/23.
It gets an IP from the subnet 192.168.1.0/24 VLAN1 which is the management network.
The WLC is connected to port 24, a trunk port. BUT I have connected the WLC to port 1 there, since otherwise I cannot connect to it. Seems strange, Port 2 on the WLC is (as far as I understand) configured to allow the vlans associated with the config.(?)
And lastly, What have I configured faultly...
I attach configs for the ASA5510, Catalyst2960 and the WLC here.
ASA5510:
Catalyst 2960
WLC2106
This will be a 2 stage question, where this is stage 1.
I have 2 firewalls at different locations with a site to site VPN configured between them. (Site 1: ASA5505 and Site2:ASA5510 with a Catalyst2960 Layer2 switch).
All is well there.
Now I will add a WLC controller to set up 2 WIFI nets, 1 that works for our internal networl VLAN10 and one that only connects to our VLAN20 (DMZ) which will be a quest VLAN.
In this question I would need help to get this to work.
I have configured the WLC and 1 AP at Site2 and can see the Wifi nets.
The questions here are:
HOW and WHERE should the AP be connected, now it's connected to the Catalyst port FA0/23.
It gets an IP from the subnet 192.168.1.0/24 VLAN1 which is the management network.
The WLC is connected to port 24, a trunk port. BUT I have connected the WLC to port 1 there, since otherwise I cannot connect to it. Seems strange, Port 2 on the WLC is (as far as I understand) configured to allow the vlans associated with the config.(?)
And lastly, What have I configured faultly...
I attach configs for the ASA5510, Catalyst2960 and the WLC here.
ASA5510:
ASA Version 8.2(2)17
!
hostname K2FW
domain-name kc2.se
enable password Q.KgdTx9GGzpKA0m encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 109.104.5.4 255.255.255.240
!
interface Ethernet0/1
no nameif
no security-level
no ip address
!
interface Ethernet0/1.10
vlan 10
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
<--- More --->
!
<--- More --->
interface Ethernet0/1.20
<--- More --->
vlan 20
<--- More --->
nameif dmz
<--- More --->
security-level 40
<--- More --->
ip address 192.168.20.1 255.255.255.0
<--- More --->
!
<--- More --->
interface Ethernet0/2
<--- More --->
shutdown
<--- More --->
no nameif
<--- More --->
no security-level
<--- More --->
no ip address
<--- More --->
!
<--- More --->
interface Ethernet0/3
<--- More --->
shutdown
<--- More --->
no nameif
<--- More --->
no security-level
<--- More --->
no ip address
<--- More --->
!
<--- More --->
interface Management0/0
<--- More --->
nameif management
<--- More --->
security-level 100
<--- More --->
ip address 192.168.1.1 255.255.255.0
<--- More --->
management-only
<--- More --->
!
<--- More --->
ftp mode passive
<--- More --->
dns server-group DefaultDNS
<--- More --->
domain-name kc2.se
<--- More --->
object-group network DM_INLINE_NETWORK_1
<--- More --->
network-object 192.168.2.0 255.255.255.0
<--- More --->
network-object 192.168.20.0 255.255.255.0
<--- More --->
access-list outside_1_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 192.168.3.0 255.255.255.0
<--- More --->
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_1 192.168.3.0 255.255.255.0
<--- More --->
pager lines 24
<--- More --->
logging asdm informational
<--- More --->
mtu outside 1500
<--- More --->
mtu inside 1500
<--- More --->
mtu dmz 1500
<--- More --->
mtu management 1500
<--- More --->
icmp unreachable rate-limit 1 burst-size 1
<--- More --->
no asdm history enable
<--- More --->
arp timeout 14400
<--- More --->
global (outside) 101 interface
<--- More --->
nat (inside) 0 access-list inside_nat0_outbound
<--- More --->
nat (inside) 101 192.168.2.0 255.255.255.0
<--- More --->
nat (dmz) 101 192.168.20.0 255.255.255.0
<--- More --->
route outside 0.0.0.0 0.0.0.0 109.104.5.4 1
<--- More --->
timeout xlate 3:00:00
<--- More --->
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
<--- More --->
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
<--- More --->
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
<--- More --->
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
<--- More --->
timeout tcp-proxy-reassembly 0:01:00
<--- More --->
dynamic-access-policy-record DfltAccessPolicy
<--- More --->
http server enable
<--- More --->
http 192.168.1.0 255.255.255.0 management
<--- More --->
no snmp-server location
<--- More --->
no snmp-server contact
<--- More --->
snmp-server enable traps snmp authentication linkup linkdown coldstart
<--- More --->
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
<--- More --->
crypto ipsec security-association lifetime seconds 28800
<--- More --->
crypto ipsec security-association lifetime kilobytes 4608000
<--- More --->
crypto map outside_map 1 match address outside_1_cryptomap
<--- More --->
crypto map outside_map 1 set pfs group1
<--- More --->
crypto map outside_map 1 set peer 109.104.5.5
<--- More --->
crypto map outside_map 1 set transform-set ESP-3DES-SHA
<--- More --->
crypto map outside_map interface outside
<--- More --->
crypto isakmp enable outside
<--- More --->
crypto isakmp policy 10
<--- More --->
authentication pre-share
<--- More --->
encryption 3des
<--- More --->
hash sha
<--- More --->
group 2
<--- More --->
lifetime 86400
<--- More --->
telnet timeout 5
<--- More --->
ssh timeout 5
<--- More --->
console timeout 0
<--- More --->
dhcpd dns 84.246.88.10 84.246.88.20
<--- More --->
!
<--- More --->
dhcpd address 192.168.2.2-192.168.2.99 inside
<--- More --->
dhcpd auto_config outside interface inside
<--- More --->
dhcpd enable inside
<--- More --->
!
<--- More --->
dhcpd address 192.168.20.2-192.168.20.99 dmz
<--- More --->
dhcpd auto_config outside interface dmz
<--- More --->
dhcpd enable dmz
<--- More --->
!
<--- More --->
dhcpd address 192.168.1.2-192.168.1.254 management
<--- More --->
dhcpd enable management
<--- More --->
!
<--- More --->
threat-detection basic-threat
<--- More --->
threat-detection statistics access-list
<--- More --->
no threat-detection statistics tcp-intercept
<--- More --->
webvpn
<--- More --->
tunnel-group 109.104.5.5 type ipsec-l2l
<--- More --->
tunnel-group 109.104.5.5 ipsec-attributes
<--- More --->
pre-shared-key *****
<--- More --->
!
<--- More --->
class-map inspection_default
<--- More --->
match default-inspection-traffic
<--- More --->
!
<--- More --->
!
<--- More --->
policy-map type inspect dns preset_dns_map
<--- More --->
parameters
<--- More --->
message-length maximum client auto
<--- More --->
message-length maximum 512
<--- More --->
policy-map global_policy
<--- More --->
class inspection_default
<--- More --->
inspect dns preset_dns_map
<--- More --->
inspect ftp
<--- More --->
inspect h323 h225
<--- More --->
inspect h323 ras
<--- More --->
inspect rsh
<--- More --->
inspect rtsp
<--- More --->
inspect esmtp
<--- More --->
inspect sqlnet
<--- More --->
inspect skinny
<--- More --->
inspect sunrpc
<--- More --->
inspect xdmcp
<--- More --->
inspect sip
<--- More --->
inspect netbios
<--- More --->
inspect tftp
<--- More --->
inspect ip-options
<--- More --->
inspect icmp
<--- More --->
!
<--- More --->
service-policy global_policy global
<--- More --->
prompt hostname context
<--- More --->
Cryptochecksum:71649e21859c2c53331679c872e792e6Catalyst 2960
Current configuration : 5051 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname K2SWITH
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$V2iN$ScMFN/t0rgNEwnVaSETPj1
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
mls qos srr-queue output cos-map queue 1 threshold 3 5
--More-- mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
--More-- mls qos srr-queue output cos-map queue 3 threshold 3 2 4
--More-- mls qos srr-queue output cos-map queue 4 threshold 2 1
--More-- mls qos srr-queue output cos-map queue 4 threshold 3 0
--More-- mls qos
--More-- !
--More-- crypto pki trustpoint TP-self-signed-1302944128
--More-- enrollment selfsigned
--More-- subject-name cn=IOS-Self-Signed-Certificate-1302944128
--More-- revocation-check none
--More-- rsakeypair TP-self-signed-1302944128
--More-- !
--More-- !
--More-- crypto pki certificate chain TP-self-signed-1302944128
--More-- certificate self-signed 01
--More-- 30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
--More-- 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
--More-- 69666963 6174652D 31333032 39343431 3238301E 170D3933 30333031 30303031
--More-- 30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
--More-- 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33303239
--More-- 34343132 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
--More-- 8100A2BE 1174752C 0602D27B B8386A0A 9228B32B 47DE0CE4 AE293256 41A6C1FA
--More-- 59051D94 1850D80F 4C78AB57 A9843840 33D9107E 70AB092D F12A9DF0 011D7BAA
--More-- DF313A77 05F0EC6C 6EE863BD DC269A72 94FE84FC D98A7C28 0F3C3384 8C601AED
--More-- 8122AAE1 752A46D0 ACC55679 B46D2F34 14BEA506 27576701 2CA977D7 A3F7B569
--More-- B53B0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
--More-- 551D1104 0C300A82 084B3253 57495448 2E301F06 03551D23 04183016 8014CBC2
--More-- BAA8B1F7 60D31EAD 6BC5F85F A75AF23F 87CA301D 0603551D 0E041604 14CBC2BA
--More-- A8B1F760 D31EAD6B C5F85FA7 5AF23F87 CA300D06 092A8648 86F70D01 01040500
--More-- 03818100 9793A729 72CCD7D0 36DD3D1E E6381A51 8E0C6F17 9866A8B3 B8577422
--More-- 892BE40D 35B0B955 F2D4E32C 4CC44CAA D7F2260C 3C413703 B178BBF4 D0909363
--More-- B77A28D5 1F603DF1 11D057B5 5D5ED894 38ED6A40 11E44676 88E47F65 B243F759
--More-- A1393AA8 96CCEE9D 72C76A94 98BA006E 1A5F9E68 DDD38118 07605D3E E6EFDE7E CF20A2DE
--More-- quit
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- spanning-tree mode pvst
--More-- spanning-tree extend system-id
--More-- !
--More-- vlan internal allocation policy ascending
--More-- !
--More-- !
--More-- interface FastEthernet0/1
--More-- description inside & dmz IN
--More-- switchport access vlan 10
--More-- switchport trunk allowed vlan 10,20
--More-- switchport mode trunk
--More-- !
--More-- interface FastEthernet0/2
--More-- switchport mode trunk
--More-- !
--More-- interface FastEthernet0/3
--More-- switchport access vlan 20
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/4
--More-- switchport access vlan 10
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/5
--More-- switchport access vlan 20
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/6
--More-- switchport access vlan 10
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/7
--More-- switchport access vlan 20
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/8
--More-- switchport access vlan 10
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/9
--More-- switchport access vlan 20
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/10
--More-- switchport access vlan 10
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/11
--More-- switchport access vlan 20
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/12
--More-- switchport access vlan 10
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/13
--More-- switchport access vlan 20
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/14
--More-- switchport access vlan 10
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/15
--More-- switchport access vlan 20
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/16
--More-- switchport access vlan 10
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/17
--More-- switchport access vlan 20
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/18
--More-- switchport access vlan 10
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/19
--More-- switchport access vlan 20
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/20
--More-- switchport access vlan 10
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/21
--More-- switchport access vlan 20
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/22
--More-- switchport access vlan 10
--More-- switchport mode access
--More-- spanning-tree portfast
--More-- !
--More-- interface FastEthernet0/23
--More-- !
--More-- interface FastEthernet0/24
--More-- description Connect to WLC
--More-- switchport trunk allowed vlan 1,10,20
--More-- switchport mode trunk
--More-- !
--More-- interface GigabitEthernet0/1
--More-- !
--More-- interface GigabitEthernet0/2
--More-- !
--More-- interface Vlan1
--More-- ip address 192.168.1.200 255.255.255.0
--More-- no ip route-cache
--More-- !
--More-- ip default-gateway 192.168.1.1
--More-- ip http server
--More-- ip http secure-server
--More-- !
--More-- control-plane
--More-- !
--More-- !
--More-- line con 0
--More-- line vty 0 4
--More-- login
--More-- line vty 5 15
--More-- login
--More-- !
--More-- endWLC2106
System Inventory
NAME: "Chassis" , DESCR: "2100 Series WLAN Controller:6 APs"
PID: AIR-WLC2106-K9, VID: V05, SN: JMX1440Z0H1
Burned-in MAC Address............................ F8:66:F2:62:4C:80
Press Enter to continue or <ctrl-z> to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
RTOS Version..................................... 6.0.199.4
Bootloader Version............................... 4.0.191.0
Emergency Image Version.......................... 6.0.199.4
Build Type....................................... DATA + WPS
System Name...................................... Cisco_62:4c:80
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.828
IP Address....................................... 192.168.1.201
System Up Time................................... 0 days 21 hrs 56 mins 21 secs
System Timezone Location.........................
Configured Country............................... SE - Sweden
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +55 C
--More or (q)uit current module or <ctrl-z> to abort
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ F8:66:F2:62:4C:80
Press Enter to continue or <ctrl-z> to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Press Enter to continue or <ctrl-z> to abort
Network Information
RF-Network Name............................. KC-WIFI
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Multicast Address : 0.0.0.0
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Disable
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or <ctrl-z> to abort
AP Fallback ................................ Disable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or <ctrl-z> to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE
-- ------- ---- ------- ---------- ---------- ------ ------- ---------
1 Normal Forw Enable Auto 100 Full Up Enable N/A
2 Normal Disa Enable Auto Auto Down Enable N/A
3 Normal Disa Enable Auto Auto Down Enable N/A
4 Normal Disa Enable Auto Auto Down Enable N/A
5 Normal Disa Enable Auto Auto Down Enable N/A
6 Normal Disa Enable Auto Auto Down Enable N/A
7 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
8 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
Press Enter to continue or <ctrl-z> to abort
AP Summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
------------------ ----- ------------------- ----------------- ---------------- ---- ------- ------
K2-1 2 AIR-LAP1131AG-E-K9 1c:df:0f:4e:b9:2c K2 1 SE 1
Press Enter to continue or <ctrl-z> to abort
AP Location
Site Name........................................ default-group
Site Description................................. <none>
WLAN ID Interface Network Admission Control
------- ----------- --------------------------
2 kc-guest Disabled
3 inside-k2 Disabled
AP Name Slots AP Model Ethernet MAC Location Port Country Priority GroupName
------------------ ----- ------------------- ----------------- ---------------- ---- ------- -------- --------------------------
K2-1 2 AIR-LAP1131AG-E-K9 1c:df:0f:4e:b9:2c K2 1 SE 1 default-group
Press Enter to continue or <ctrl-z> to abort
AP Config
Cisco AP Identifier.............................. 1
Cisco AP Name.................................... K2-1
Country code..................................... SE - Sweden
Regulatory Domain allowed by Country............. 802.11bg:-E 802.11a:-E
AP Country code.................................. SE - Sweden
AP Regulatory Domain............................. -E
Switch Port Number .............................. 1
MAC Address...................................... 1c:df:0f:4e:b9:2c
IP Address Configuration......................... DHCP
IP Address....................................... 192.168.1.6
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.1.1
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ K2
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or <ctrl-z> to abort
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
S/W Version .................................... 6.0.199.4
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-E-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(21a)JHB1
Reset Button..................................... Enabled
--More or (q)uit current module or <ctrl-z> to abort
AP Serial Number................................. FCZ1440Q1JL
AP Certificate Type.............................. Manufacture Installed
Management Frame Protection Validation........... Enabled (Global MFP Disabled)
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host.................Attributes for S
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration .........................
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ..
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Cisco AP Identifier.............................. 1
Cisco AP Name.................................... K2-1
Country code..................................... SE - Sweden
Regulatory Do
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .............
Management Frame Protection Validation........... Enabled (Global MFP Disabled)
AP User Mode..................................... AUTOMATIC
AP User Name.................
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:3a:99:0d:19
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140
TI Threshold .........
Press Enter to continue or <ctrl-z> to abort
AP Airewave Director Configuration
Number Of Slots.................................. 2
AP Name.......................................... K2-1
MAC Address...................................... 1c:df:0f:4e:b9:2c
Slot ID........................................ 0
Radio Type......................
............... RADIO_TYPE_80211b/g
Sub-band Type.................................. All
Noise Information
Noise Profile................................ PASSED
Channel 1.................................... -82 dBm
Channel 2.................................... -86 dBm
Channel 3.................................... -89 dBm
Channel 4.................................... -93 dBm
Channel 5.................................... -94 dBm
Channel 6.................................... -91 dBm
Channel 7.................................... -90 dBm
Channel 8.................................... -91 dBm
Channel 9.................................... -90 dBm
Channel 10................................... -91 dBm
Channel 11................................... -90 dBm
Channel 12................................... -87 dBm
Channel 13................................... -90 dBm
Interference Information
Interference Profile......................... PASSED
Channel 1.................................... -128 dBm @ 0 % busy
Channel 2.................................... -128 dBm @ 0 % busy
Channel 3.................................... -128 dBm @ 0 % busy
Channel 4.................................... -128 dBm @ 0 % busy
--More or (q)uit current module or <ctrl-z> to abort
Channel 5.................................... -128 dBm @ 0 % busy
Channel 6.................................... -128 dBm @ 0 % busy
Channel 7.................................... -70 dBm @ 1 % busy
Channel 8.................................... -81 dBm @ 2 % busy
Channel 9.................................... -128 dBm @ 0 % busy
Channel 10................................... -128 dBm @ 0 % busy
Channel 11................................... -92 dBm @ 1 % busy
Channel 12................................... -128 dBm @ 0 % busy
Channel 13................................... -128 dBm @ 0 % busy
Load Information
Load Profile................................. PASSED
Receive Utilization.......................... 0 %
Transmit Utilization......................... 1 %
Channel Utilization.......................... 0 %
Attached Clients............................. 0 clients
Coverage Information
Coverage Profile............................. PASSED
Failed Clients............................... 0 clients
Client Signal Strengths
RSSI -100 dbm................................ 0 clients
RSSI -92 dbm................................ 0 clients
RSSI -84 dbm................................ 0 clients
RSSI -76 dbm................................ 0 clients
--More or (q)uit current module or <ctrl-z> to abort
RSSI -68 dbm................................ 0 clients
RSSI -60 dbm................................ 0 clients
RSSI -52 dbm................................ 0 clients
Client Signal To Noise Ratios
SNR 0 dB.................................. 0 clients
SNR 5 dB.................................. 0 clients
SNR 10 dB.................................. 0 clients
SNR 15 dB.................................. 0 clients
SNR 20 dB.................................. 0 clients
SNR 25 dB.................................. 0 clients
SNR 30 dB.................................. 0 clients
SNR 35 dB.................................. 0 clients
SNR 4
Power Level.................................. 1
RTS/CTS Threshold............................ 2347
Fragmentation Tnreshold...................... 2346
Antenna Pattern.............................. 0
Number Of Slots.................................. 2
AP Name.......................................... K2-1
MAC Address...................................... 1c:df:0f:4e:b9:2c
Slot ID........................................ 1
Radio Type..................................... RADIO_TYPE_80211a
Sub-band Type.................................. All
Noise Information
Noise Profile................................ PASSED
Channel 36................................... -95 dBm
Channel 40................................... -96 dBm
Channel 44................................... -96 dBm
Channel 48................................... -95 dBm
Channel 52................................... -96 dBm
Channel 112.................................. -96 dBm
Channel 116.................................. -97 dBm
Channel 132.................................. -96 dBm
Ch
Rogue Histogram (20/40_ABOVE/40_BELOW)
.............................................
Channel 36................................... 0/ 0/ 0
Channel 40
Attached Clients............................. 0 clients
Coverage Information
Coverage Profile............................. PASSED
Failed Clients............................... 0 clients
Client Signal Strengths
RSSI -100 dbm................................ 0 clients
RSSI -92 dbm................................ 0 clients
RSSI -84 dbm................................ 0 clients
RSSI -76 dbm................................ 0 clients
RSSI -68 dbm................................ 0 clients
RSSI -60 dbm................................ 0 clients
RSSI -52 dbm................................ 1 clients
Client Signal To Noise Ratios
SNR 0 dB.................................. 0 clients
SNR 5 dB.................................. 0 clients
SNR 10 dB.................................. 0 clients
SNR 15 dB.................................. 0 clients
SNR 20 dB.................................. 0 clients
SNR 25 dB.................................. 0 clients
SNR 30 dB.................................. 0 clients
SNR 35 dB.................................. 0 clients
SNR 40 dB.................................. 0 clients
SNR 45 dB.................................. 1 clients
--More or (q)uit current module or <ctrl-z> to abort
Nearby APs
Radar Information
Channel Assignment Information
Current Channel Average Energy............... -86 dBm
Previous Channel Average Energy.............. -61 dBm
Channel Change Count......................... 1
Last Channel Change Time..................... Thu Nov 11 18:10:43 2010
Recommended Best Channel..................... 64
RF Parameter Recommendations
Power Level.................................. 1
RTS/CTS Threshold............................ 2347
Fragmentation Tnreshold...................... 2346
Antenna Pattern.............................. 0
Press Enter to continue or <ctrl-z> to abort
Press Enter to continue or <ctrl-z> to abort
802.11a Configuration
802.11a Network.................................. Enabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or <ctrl-z> to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
--More or (q)uit current module or <ctrl-z> to abort
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
V
Video max RF bandwidth....
802.11a Advanced Configur
ation
AP Name
MAC Address
Admin State Operation S
tate Channel TxPower
---
----------------------------
- ------------------ -------
----- ------
----------- ------- --------
K2-1
00:3a:99:0d:19:a0
ENABLED UP
64* 1(*)
Press E
nter to continue or <ctrl-z>
to abort
802.11a Airew
ave Director Configuration
RF Event and Performance Lo
gging
Channel Update Log
ging........................
. Off
Coverage Profile L
ogging......
................. Off
Fo
reign Profile Logging.......
................. Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
--More or (q)uit current module or <ctrl-z> to abort
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... f8:66:f2:62:4c:80
Last Run....................................... 135 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... f8:66:f2:62:4c:80
Last Run....................................... 135 seconds ago
DCA Sensitivity Level.......................... MEDIUM (15 dB)
--More or (q)uit current module or <ctrl-z> to abort
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... -86 dBm
Average...................................... -86 dBm
Maximum...................................... -86 dBm
Channel Dwell Times
Minimum...................................... 0 days, 19 h 14 m 29 s
Average...................................... 0 days, 19 h 14 m 29 s
Maximum...................................... 0 days, 19 h 14 m 29 s
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
Radio RF Grouping
802.11a Group Mode............................. AUTO
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... f8:66:f2:62:4c:80
802.11a Group Member......................... f8:66:f2:62:4c:80
802.11a Last Run............................... 135 seconds ago
Press Enter to continue or <ctrl-z> to abort
--More or (q)uit current module or <ctrl-z> to abort
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or <ctrl-z> to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Pr
CF Poll Request mandatory....
Voice Stream-Size.........
Noise Profile Logging......
Transmit Po
Channel Energy Levels
Multicast Mode ..............
EAPOL-Key Timeout (milliseconds).............
MAC Address..
Quarantine-vlan..............
AP Manager...................
DHCP Option 82...............
CHD per WLAN.................
Accounting................
Client MFP................
NAC-State..................
Radio Policy. Accounting...
Infrastruc
Press Enter to continue or
Idx Type Server Address
Local EAP Configuration
Press Enter to continue
Mac Filter Info
Press Enter
Load Balancing Info
Agg
ressive Load Balancing......
.................. Disabled
Aggressive Load Balancing
Window................. 5 cl
ients
Aggressive Load Bala
ncing Denial Count..........
. 3
Statistics
Total Denied Count............................... 0 clients
Total Denial Sent................................ 0 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count........................ 0 times
Press Enter to continue or <ctrl-z> to abort
Dhcp Scope Info
Scope: Internal scope
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 192.168.2.100
Pool End......................................... 192.168.2.199
Network.......................................... 192.168.2.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 192.168.2.1 0.0.0.0 0.0.0.0
DNS Domain....................................... kc.se
DNS.............................................. 84.246.88.10 84.246.88.20 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Press Enter to continue or <ctrl-z> to abort
Exclusion List ConfigurationUnable to retrieve exclusion-list entry
--More-- or (q)uit
Press Enter to continue or <ctrl-z> to abort
CDP Configuration
Press Enter to continue or <ctrl-z> to abort
Country Channels Configuration
Configured Country............................. SE - Sweden
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
(-,-) = (indoor, outdoor) regulatory doamin allowed by this country.
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11bg :
Channels : 1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
SE (-E ,-E ): A * * * * A * * * * A * * .
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11a : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
--More-- or (q)uit
Channels : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
SE (-E ,-E ): . A . A . A . A A A A A * * * * * * * * * * * . . . . .
Press Enter to continue or <ctrl-z> to abort
WPS Configuration Summary
Auto-Immune
Auto-Immune.................................... Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Press Enter to continue or <ctrl-z> to abort
--More-- or (q)uit
Custom Web Configuration
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
Web Authentication Type.......................... Internal Default
External Web Authentication URL.................. None
Configuration Per Profile:
WLAN ID: 2
WLAN Status................................... Enabled
Web Security Policy........................... Web Based Authentication
Global Status................................. Enabled
WebAuth Type.................................. Internal
Press Enter to continue or <ctrl-z> to abort
Rogue AP Configuration
--More-- or (q)uit
Rogue Location Discovery Protocol................ Disabled
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
MAC Address Classification # APs # Clients Last Heard
----------------- ------------------ ----- --------- -----------------------
00:0b:0e:b3:a1:00 Pending 1 0 Fri Nov 12 13:24:18 2010
00:24:01:f2:6e:b9 Unclassified 1 6 Fri Nov 12 13:24:18 2010
00:24:01:f2:6e:bb Unclassified 1 0 Fri Nov 12 13:06:59 2010
Adhoc Rogue Configuration
Detect and report Ad-Hoc Networks................ Enabled
Auto-Contain Ad-Hoc Networks..................... Disabled
Client MAC Address Adhoc BSSID State # APs Last Heard
------------------ ------------------ ----------------- ------ -----------------------
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
--More-- or (q)uit
MAC Address State # APs Last Heard
----------------- ------------------ ----- -----------------------
00:1c:bf:a2:e3:88 Alert 1 Fri Nov 12 13:18:18 2010
00:21:00:f4:69:24 Alert 1 Fri Nov 12 13:09:18 2010
00:23:df:43:25:b6 Alert 1 Fri Nov 12 13:09:18 2010
00:25:d3:f3:63:bb Alert 1 Fri Nov 12 13:09:18 2010
90:4c:e5:7e:02:67 Alert 1 Fri Nov 12 13:00:19 2010ASKER
I have created two dynamic interfaces on port 2. I guess that is a trunk.
I Would of course like to setup so that the management network works on port 2 as well, but I'm not sure exactly how since the vlan is 0 on the management network.
How do I set up the switchports on the wlc, and how do i show the port configuration from the CLI?
Please check the WLC config and get back to me if you need further data.
All help is appriciated, I'm quite a newbie to Cisco and very newbie to this wifi stuff!
I Would of course like to setup so that the management network works on port 2 as well, but I'm not sure exactly how since the vlan is 0 on the management network.
How do I set up the switchports on the wlc, and how do i show the port configuration from the CLI?
Please check the WLC config and get back to me if you need further data.
All help is appriciated, I'm quite a newbie to Cisco and very newbie to this wifi stuff!
ASKER
I've just played around, and tried to get a hang of the WLC. But don't really get anywhere... Could someone who's built these kind of networks give me some basic advices???
This really needs some to look at this in some details, I am director of a network support organisation in the UK. Would you consider paying for some consulting? Please call 0800 084 5925 and ask for Steven Velletri.
ASKER
Sorry Steven,
I will take in local consulting if I won't get this to work myself (with the help of the guys here at EE).
I will take in local consulting if I won't get this to work myself (with the help of the guys here at EE).
No problem
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just closing this because of no help...
Is the port on the WLC which connects to FA23 configured as a trunk port?
Steven