Solved

WLC2106, ASA5510 and Catalyst 2960 trouble creating 2 working wifi-net

Posted on 2010-11-12
8
1,483 Views
Last Modified: 2012-08-13
New question.

This will be a 2 stage question, where this is stage 1.

I have 2 firewalls at different locations with a site to site VPN configured between them. (Site 1: ASA5505 and Site2:ASA5510 with a Catalyst2960 Layer2 switch).

All is well there.

Now I will add a WLC controller to set up 2 WIFI nets, 1 that works for our internal networl VLAN10 and one that only connects to our VLAN20 (DMZ) which will be a quest VLAN.

In this question I would need help to get this to work.

I have configured the WLC and 1 AP at Site2 and can see the Wifi nets.

The questions here are:

HOW and WHERE should the AP be connected, now it's connected to the Catalyst port FA0/23.
It gets an IP from the subnet 192.168.1.0/24 VLAN1 which is the management network.

The WLC is connected to port 24, a trunk port. BUT I have connected the WLC to port 1 there, since otherwise I cannot connect to it. Seems strange, Port 2 on the WLC is (as far as I understand) configured to allow the vlans associated with the config.(?)

And lastly, What have I configured faultly...

I attach configs for the ASA5510, Catalyst2960 and the WLC here.

ASA5510:
ASA Version 8.2(2)17 
!
hostname K2FW
domain-name kc2.se
enable password Q.KgdTx9GGzpKA0m encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 109.104.5.4 255.255.255.240 
!
interface Ethernet0/1
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1.10
 vlan 10
 nameif inside
 security-level 100
 ip address 192.168.2.1 255.255.255.0 
<--- More --->
              
!
<--- More --->
              
interface Ethernet0/1.20
<--- More --->
              
 vlan 20
<--- More --->
              
 nameif dmz
<--- More --->
              
 security-level 40
<--- More --->
              
 ip address 192.168.20.1 255.255.255.0 
<--- More --->
              
!
<--- More --->
              
interface Ethernet0/2
<--- More --->
              
 shutdown
<--- More --->
              
 no nameif
<--- More --->
              
 no security-level
<--- More --->
              
 no ip address
<--- More --->
              
!
<--- More --->
              
interface Ethernet0/3
<--- More --->
              
 shutdown
<--- More --->
              
 no nameif
<--- More --->
              
 no security-level
<--- More --->
              
 no ip address
<--- More --->
              
!
<--- More --->
              
interface Management0/0
<--- More --->
              
 nameif management
<--- More --->
              
 security-level 100
<--- More --->
              
 ip address 192.168.1.1 255.255.255.0 
<--- More --->
              
 management-only
<--- More --->
              
!
<--- More --->
              
ftp mode passive
<--- More --->
              
dns server-group DefaultDNS
<--- More --->
              
 domain-name kc2.se
<--- More --->
              
object-group network DM_INLINE_NETWORK_1
<--- More --->
              
 network-object 192.168.2.0 255.255.255.0
<--- More --->
              
 network-object 192.168.20.0 255.255.255.0
<--- More --->
              
access-list outside_1_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 192.168.3.0 255.255.255.0 
<--- More --->
              
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_1 192.168.3.0 255.255.255.0 
<--- More --->
              
pager lines 24
<--- More --->
              
logging asdm informational
<--- More --->
              
mtu outside 1500
<--- More --->
              
mtu inside 1500
<--- More --->
              
mtu dmz 1500
<--- More --->
              
mtu management 1500
<--- More --->
              
icmp unreachable rate-limit 1 burst-size 1
<--- More --->
              
no asdm history enable
<--- More --->
              
arp timeout 14400
<--- More --->
              
global (outside) 101 interface
<--- More --->
              
nat (inside) 0 access-list inside_nat0_outbound
<--- More --->
              
nat (inside) 101 192.168.2.0 255.255.255.0
<--- More --->
              
nat (dmz) 101 192.168.20.0 255.255.255.0
<--- More --->
              
route outside 0.0.0.0 0.0.0.0 109.104.5.4 1
<--- More --->
              
timeout xlate 3:00:00
<--- More --->
              
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
<--- More --->
              
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
<--- More --->
              
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
<--- More --->
              
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
<--- More --->
              
timeout tcp-proxy-reassembly 0:01:00
<--- More --->
              
dynamic-access-policy-record DfltAccessPolicy
<--- More --->
              
http server enable
<--- More --->
              
http 192.168.1.0 255.255.255.0 management
<--- More --->
              
no snmp-server location
<--- More --->
              
no snmp-server contact
<--- More --->
              
snmp-server enable traps snmp authentication linkup linkdown coldstart
<--- More --->
              
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
<--- More --->
              
crypto ipsec security-association lifetime seconds 28800
<--- More --->
              
crypto ipsec security-association lifetime kilobytes 4608000
<--- More --->
              
crypto map outside_map 1 match address outside_1_cryptomap
<--- More --->
              
crypto map outside_map 1 set pfs group1
<--- More --->
              
crypto map outside_map 1 set peer 109.104.5.5 
<--- More --->
              
crypto map outside_map 1 set transform-set ESP-3DES-SHA
<--- More --->
              
crypto map outside_map interface outside
<--- More --->
              
crypto isakmp enable outside
<--- More --->
              
crypto isakmp policy 10
<--- More --->
              
 authentication pre-share
<--- More --->
              
 encryption 3des
<--- More --->
              
 hash sha
<--- More --->
              
 group 2
<--- More --->
              
 lifetime 86400
<--- More --->
              
telnet timeout 5
<--- More --->
              
ssh timeout 5
<--- More --->
              
console timeout 0
<--- More --->
              
dhcpd dns 84.246.88.10 84.246.88.20
<--- More --->
              
!
<--- More --->
              
dhcpd address 192.168.2.2-192.168.2.99 inside
<--- More --->
              
dhcpd auto_config outside interface inside
<--- More --->
              
dhcpd enable inside
<--- More --->
              
!
<--- More --->
              
dhcpd address 192.168.20.2-192.168.20.99 dmz
<--- More --->
              
dhcpd auto_config outside interface dmz
<--- More --->
              
dhcpd enable dmz
<--- More --->
              
!
<--- More --->
              
dhcpd address 192.168.1.2-192.168.1.254 management
<--- More --->
              
dhcpd enable management
<--- More --->
              
!
<--- More --->
              
threat-detection basic-threat
<--- More --->
              
threat-detection statistics access-list
<--- More --->
              
no threat-detection statistics tcp-intercept
<--- More --->
              
webvpn
<--- More --->
              
tunnel-group 109.104.5.5 type ipsec-l2l
<--- More --->
              
tunnel-group 109.104.5.5 ipsec-attributes
<--- More --->
              
 pre-shared-key *****
<--- More --->
              
!
<--- More --->
              
class-map inspection_default
<--- More --->
              
 match default-inspection-traffic
<--- More --->
              
!
<--- More --->
              
!
<--- More --->
              
policy-map type inspect dns preset_dns_map
<--- More --->
              
 parameters
<--- More --->
              
  message-length maximum client auto
<--- More --->
              
  message-length maximum 512
<--- More --->
              
policy-map global_policy
<--- More --->
              
 class inspection_default
<--- More --->
              
  inspect dns preset_dns_map 
<--- More --->
              
  inspect ftp 
<--- More --->
              
  inspect h323 h225 
<--- More --->
              
  inspect h323 ras 
<--- More --->
              
  inspect rsh 
<--- More --->
              
  inspect rtsp 
<--- More --->
              
  inspect esmtp 
<--- More --->
              
  inspect sqlnet 
<--- More --->
              
  inspect skinny  
<--- More --->
              
  inspect sunrpc 
<--- More --->
              
  inspect xdmcp 
<--- More --->
              
  inspect sip  
<--- More --->
              
  inspect netbios 
<--- More --->
              
  inspect tftp 
<--- More --->
              
  inspect ip-options 
<--- More --->
              
  inspect icmp 
<--- More --->
              
!
<--- More --->
              
service-policy global_policy global
<--- More --->
              
prompt hostname context 
<--- More --->
              
Cryptochecksum:71649e21859c2c53331679c872e792e6

Open in new window


Catalyst 2960
Current configuration : 5051 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname K2SWITH
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$V2iN$ScMFN/t0rgNEwnVaSETPj1
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
mls qos srr-queue output cos-map queue 1 threshold 3 5
 --More--                           mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
 --More--                           mls qos srr-queue output cos-map queue 3 threshold 3 2 4
 --More--                           mls qos srr-queue output cos-map queue 4 threshold 2 1
 --More--                           mls qos srr-queue output cos-map queue 4 threshold 3 0
 --More--                           mls qos
 --More--                           !
 --More--                           crypto pki trustpoint TP-self-signed-1302944128
 --More--                            enrollment selfsigned
 --More--                            subject-name cn=IOS-Self-Signed-Certificate-1302944128
 --More--                            revocation-check none
 --More--                            rsakeypair TP-self-signed-1302944128
 --More--                           !
 --More--                           !
 --More--                           crypto pki certificate chain TP-self-signed-1302944128
 --More--                            certificate self-signed 01
 --More--                             30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
 --More--                             31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
 --More--                             69666963 6174652D 31333032 39343431 3238301E 170D3933 30333031 30303031 
 --More--                             30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
 --More--                             4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33303239 
 --More--                             34343132 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
 --More--                             8100A2BE 1174752C 0602D27B B8386A0A 9228B32B 47DE0CE4 AE293256 41A6C1FA 
 --More--                             59051D94 1850D80F 4C78AB57 A9843840 33D9107E 70AB092D F12A9DF0 011D7BAA 
 --More--                             DF313A77 05F0EC6C 6EE863BD DC269A72 94FE84FC D98A7C28 0F3C3384 8C601AED 
 --More--                             8122AAE1 752A46D0 ACC55679 B46D2F34 14BEA506 27576701 2CA977D7 A3F7B569 
 --More--                             B53B0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603 
 --More--                             551D1104 0C300A82 084B3253 57495448 2E301F06 03551D23 04183016 8014CBC2 
 --More--                             BAA8B1F7 60D31EAD 6BC5F85F A75AF23F 87CA301D 0603551D 0E041604 14CBC2BA 
 --More--                             A8B1F760 D31EAD6B C5F85FA7 5AF23F87 CA300D06 092A8648 86F70D01 01040500 
 --More--                             03818100 9793A729 72CCD7D0 36DD3D1E E6381A51 8E0C6F17 9866A8B3 B8577422 
 --More--                             892BE40D 35B0B955 F2D4E32C 4CC44CAA D7F2260C 3C413703 B178BBF4 D0909363 
 --More--                             B77A28D5 1F603DF1 11D057B5 5D5ED894 38ED6A40 11E44676 88E47F65 B243F759 
 --More--                             A1393AA8 96CCEE9D 72C76A94 98BA006E 1A5F9E68 DDD38118 07605D3E E6EFDE7E CF20A2DE
 --More--                             quit
 --More--                           !
 --More--                           !
 --More--                           !
 --More--                           !
 --More--                           !
 --More--                           spanning-tree mode pvst
 --More--                           spanning-tree extend system-id
 --More--                           !
 --More--                           vlan internal allocation policy ascending
 --More--                           !
 --More--                           !
 --More--                           interface FastEthernet0/1
 --More--                            description inside & dmz IN
 --More--                            switchport access vlan 10
 --More--                            switchport trunk allowed vlan 10,20
 --More--                            switchport mode trunk
 --More--                           !
 --More--                           interface FastEthernet0/2
 --More--                            switchport mode trunk
 --More--                           !
 --More--                           interface FastEthernet0/3
 --More--                            switchport access vlan 20
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/4
 --More--                            switchport access vlan 10
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/5
 --More--                            switchport access vlan 20
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/6
 --More--                            switchport access vlan 10
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/7
 --More--                            switchport access vlan 20
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/8
 --More--                            switchport access vlan 10
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/9
 --More--                            switchport access vlan 20
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/10
 --More--                            switchport access vlan 10
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/11
 --More--                            switchport access vlan 20
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/12
 --More--                            switchport access vlan 10
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/13
 --More--                            switchport access vlan 20
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/14
 --More--                            switchport access vlan 10
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/15
 --More--                            switchport access vlan 20
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/16
 --More--                            switchport access vlan 10
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/17
 --More--                            switchport access vlan 20
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/18
 --More--                            switchport access vlan 10
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/19
 --More--                            switchport access vlan 20
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/20
 --More--                            switchport access vlan 10
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/21
 --More--                            switchport access vlan 20
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/22
 --More--                            switchport access vlan 10
 --More--                            switchport mode access
 --More--                            spanning-tree portfast
 --More--                           !
 --More--                           interface FastEthernet0/23
 --More--                           !
 --More--                           interface FastEthernet0/24
 --More--                            description Connect to WLC
 --More--                            switchport trunk allowed vlan 1,10,20
 --More--                            switchport mode trunk
 --More--                           !
 --More--                           interface GigabitEthernet0/1
 --More--                           !
 --More--                           interface GigabitEthernet0/2
 --More--                           !
 --More--                           interface Vlan1
 --More--                            ip address 192.168.1.200 255.255.255.0
 --More--                            no ip route-cache
 --More--                           !
 --More--                           ip default-gateway 192.168.1.1
 --More--                           ip http server
 --More--                           ip http secure-server
 --More--                           !
 --More--                           control-plane
 --More--                           !
 --More--                           !
 --More--                           line con 0
 --More--                           line vty 0 4
 --More--                            login
 --More--                           line vty 5 15
 --More--                            login
 --More--                           !
 --More--                           end

Open in new window


WLC2106
System Inventory

NAME: "Chassis"    , DESCR: "2100 Series WLAN Controller:6 APs"

PID: AIR-WLC2106-K9,  VID: V05,  SN: JMX1440Z0H1



Burned-in MAC Address............................ F8:66:F2:62:4C:80

Press Enter to continue or <ctrl-z> to abort






System Information

Manufacturer's Name.............................. Cisco Systems Inc.

Product Name..................................... Cisco Controller

Product Version.................................. 6.0.199.4

RTOS Version..................................... 6.0.199.4

Bootloader Version............................... 4.0.191.0

Emergency Image Version.......................... 6.0.199.4

Build Type....................................... DATA + WPS


System Name...................................... Cisco_62:4c:80

System Location.................................. 

System Contact................................... 

System ObjectID.................................. 1.3.6.1.4.1.9.1.828

IP Address....................................... 192.168.1.201

System Up Time................................... 0 days 21 hrs 56 mins 21 secs

System Timezone Location......................... 


Configured Country............................... SE  - Sweden

Operating Environment............................ Commercial (0 to 40 C)

Internal Temp Alarm Limits....................... 0 to 65 C

Internal Temperature............................. +55 C




--More or (q)uit current module or <ctrl-z> to abort

State of 802.11b Network......................... Enabled

State of 802.11a Network......................... Enabled

Number of WLANs.................................. 2

3rd Party Access Point Support................... Disabled

Number of Active Clients......................... 0



Burned-in MAC Address............................ F8:66:F2:62:4C:80

Press Enter to continue or <ctrl-z> to abort






Switch Configuration

802.3x Flow Control Mode......................... Disable 

FIPS prerequisite features....................... Disabled

secret obfuscation............................... Enabled

Press Enter to continue or <ctrl-z> to abort






Network Information

RF-Network Name............................. KC-WIFI

Web Mode.................................... Disable

Secure Web Mode............................. Enable

Secure Web Mode Cipher-Option High.......... Disable

Secure Web Mode Cipher-Option SSLv2......... Enable

Secure Shell (ssh).......................... Enable

Telnet...................................... Disable

Ethernet Multicast Forwarding............... Disable

Ethernet Broadcast Forwarding............... Disable

AP Multicast/Broadcast Mode................. Multicast   Address : 0.0.0.0

IGMP snooping............................... Disabled

IGMP timeout................................ 60 seconds

User Idle Timeout........................... 300 seconds

ARP Idle Timeout............................ 300 seconds

Cisco AP Default Master..................... Disable

AP Join Priority............................ Disable

Mgmt Via Wireless Interface................. Disable

Mgmt Via Dynamic Interface.................. Disable

Bridge MAC filter Config.................... Enable

Bridge Security Mode........................ EAP

Mesh Full Sector DFS........................ Enable



--More or (q)uit current module or <ctrl-z> to abort

AP Fallback ................................ Disable

Web Auth Redirect Ports .................... 80

Fast SSID Change ........................... Disabled

IP/MAC Addr Binding Check .................. Enabled

Press Enter to continue or <ctrl-z> to abort






Port Summary

           STP   Admin   Physical   Physical   Link   Link

Pr  Type   Stat   Mode     Mode      Status   Status  Trap     POE    

-- ------- ---- ------- ---------- ---------- ------ ------- ---------

1  Normal  Forw Enable  Auto       100 Full   Up     Enable  N/A     

2  Normal  Disa Enable  Auto       Auto       Down   Enable  N/A     

3  Normal  Disa Enable  Auto       Auto       Down   Enable  N/A     

4  Normal  Disa Enable  Auto       Auto       Down   Enable  N/A     

5  Normal  Disa Enable  Auto       Auto       Down   Enable  N/A     

6  Normal  Disa Enable  Auto       Auto       Down   Enable  N/A     

7  Normal  Disa Enable  Auto       Auto       Down   Enable  Enable  (Power Off) 

8  Normal  Disa Enable  Auto       Auto       Down   Enable  Enable  (Power Off) 

Press Enter to continue or <ctrl-z> to abort






AP Summary

Number of APs.................................... 1


Global AP User Name.............................. Not Configured

Global AP Dot1x User Name........................ Not Configured


AP Name             Slots  AP Model             Ethernet MAC       Location          Port  Country  Priority

------------------  -----  -------------------  -----------------  ----------------  ----  -------  ------

K2-1                 2     AIR-LAP1131AG-E-K9   1c:df:0f:4e:b9:2c                K2  1     SE       1

Press Enter to continue or <ctrl-z> to abort






AP Location

Site Name........................................ default-group

Site Description................................. <none>


WLAN ID          Interface          Network Admission Control

-------         -----------        --------------------------

 2               kc-guest             Disabled  

 3               inside-k2            Disabled  


AP Name             Slots  AP Model             Ethernet MAC       Location          Port  Country  Priority  GroupName

------------------  -----  -------------------  -----------------  ----------------  ----  -------  --------  --------------------------

K2-1                 2     AIR-LAP1131AG-E-K9   1c:df:0f:4e:b9:2c                K2  1     SE       1         default-group



Press Enter to continue or <ctrl-z> to abort






AP Config

Cisco AP Identifier.............................. 1

Cisco AP Name.................................... K2-1

Country code..................................... SE  - Sweden

Regulatory Domain allowed by Country............. 802.11bg:-E     802.11a:-E

AP Country code.................................. SE  - Sweden

AP Regulatory Domain............................. -E

Switch Port Number .............................. 1

MAC Address...................................... 1c:df:0f:4e:b9:2c

IP Address Configuration......................... DHCP

IP Address....................................... 192.168.1.6

IP NetMask....................................... 255.255.255.0

Gateway IP Addr.................................. 192.168.1.1

CAPWAP Path MTU.................................. 1485

Telnet State..................................... Disabled

Ssh State........................................ Disabled

Cisco AP Location................................ K2

Cisco AP Group Name.............................. default-group

Primary Cisco Switch Name........................ 

Primary Cisco Switch IP Address.................. Not Configured

Secondary Cisco Switch Name...................... 

Secondary Cisco Switch IP Address................ Not Configured



--More or (q)uit current module or <ctrl-z> to abort

Tertiary Cisco Switch Name....................... 

Tertiary Cisco Switch IP Address................. Not Configured

Administrative State ............................ ADMIN_ENABLED

Operation State ................................. REGISTERED

Mirroring Mode .................................. Disabled

AP Mode ......................................... Local

Public Safety ................................... Disabled 

AP SubMode ...................................... Not Configured

Remote AP Debug ................................. Disabled

Logging trap severity level ..................... informational

S/W  Version .................................... 6.0.199.4

Boot  Version ................................... 12.3.8.0

Mini IOS Version ................................ 3.0.51.0

Stats Reporting Period .......................... 180

LED State........................................ Enabled

PoE Pre-Standard Switch.......................... Disabled

PoE Power Injector MAC Addr...................... Disabled

Power Type/Mode.................................. Power injector / Normal mode

Number Of Slots.................................. 2 

AP Model......................................... AIR-LAP1131AG-E-K9  

AP Image......................................... C1130-K9W8-M

IOS Version...................................... 12.4(21a)JHB1

Reset Button..................................... Enabled



--More or (q)uit current module or <ctrl-z> to abort

AP Serial Number................................. FCZ1440Q1JL

AP Certificate Type.............................. Manufacture Installed

Management Frame Protection Validation........... Enabled (Global MFP Disabled)

AP User Mode..................................... AUTOMATIC

AP User Name..................................... Not Configured

AP Dot1x User Mode............................... Not Configured

AP Dot1x User Name............................... Not Configured

Cisco AP system logging host.................Attributes for S

      Medium Occupancy Limit .................... 100

      CFP Period ................................ 4

      CFP MaxDuration .........................

    Multi Domain Capability

      Configuration ............................. AUTOMATIC

      First Chan Num ............................ 1

      Number Of Channels ..

      Current Channel ........................... 1

      Extension Channel ......................... NONE

      Channel Width.............................. 20 Mhz

   

Cisco AP Identifier.............................. 1

Cisco AP Name.................................... K2-1

Country code..................................... SE  - Sweden

Regulatory Do

Administrative State ............................ ADMIN_ENABLED

Operation State ................................. REGISTERED

Mirroring Mode .............

Management Frame Protection Validation........... Enabled (Global MFP Disabled)

AP User Mode..................................... AUTOMATIC

AP User Name.................

      CFP Period ................................ 4

      CFP MaxDuration ........................... 60

      BSSID ..................................... 00:3a:99:0d:19

    MAC Operation Parameters 

      Configuration ............................. AUTOMATIC

      Fragmentation Threshold ................... 2346

      

      Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,

        ......................................... 104,108,112,116,132,136,140

      TI Threshold .........




Press Enter to continue or <ctrl-z> to abort






AP Airewave Director Configuration

Number Of Slots.................................. 2 

AP Name.......................................... K2-1

MAC Address...................................... 1c:df:0f:4e:b9:2c

  Slot ID........................................ 0

  Radio Type......................


............... RADIO_TYPE_80211b/g

  Sub-band Type.................................. All

  Noise Information

    Noise Profile................................ PASSED

    Channel 1....................................  -82 dBm

    Channel 2....................................  -86 dBm

    Channel 3....................................  -89 dBm

    Channel 4....................................  -93 dBm

    Channel 5....................................  -94 dBm

    Channel 6....................................  -91 dBm

    Channel 7....................................  -90 dBm

    Channel 8....................................  -91 dBm

    Channel 9....................................  -90 dBm

    Channel 10...................................  -91 dBm

    Channel 11...................................  -90 dBm

    Channel 12...................................  -87 dBm

    Channel 13...................................  -90 dBm

  Interference Information

    Interference Profile......................... PASSED

    Channel 1.................................... -128 dBm @  0 % busy

    Channel 2.................................... -128 dBm @  0 % busy

    Channel 3.................................... -128 dBm @  0 % busy

    Channel 4.................................... -128 dBm @  0 % busy



--More or (q)uit current module or <ctrl-z> to abort

    Channel 5.................................... -128 dBm @  0 % busy

    Channel 6.................................... -128 dBm @  0 % busy

    Channel 7....................................  -70 dBm @  1 % busy

    Channel 8....................................  -81 dBm @  2 % busy

    Channel 9.................................... -128 dBm @  0 % busy

    Channel 10................................... -128 dBm @  0 % busy

    Channel 11...................................  -92 dBm @  1 % busy

    Channel 12................................... -128 dBm @  0 % busy

    Channel 13................................... -128 dBm @  0 % busy

  Load Information

    Load Profile................................. PASSED

    Receive Utilization.......................... 0 %

    Transmit Utilization......................... 1 %

    Channel Utilization.......................... 0 %

    Attached Clients............................. 0 clients

  Coverage Information

    Coverage Profile............................. PASSED

    Failed Clients............................... 0 clients

  Client Signal Strengths

    RSSI -100 dbm................................ 0 clients

    RSSI  -92 dbm................................ 0 clients

    RSSI  -84 dbm................................ 0 clients

    RSSI  -76 dbm................................ 0 clients



--More or (q)uit current module or <ctrl-z> to abort

    RSSI  -68 dbm................................ 0 clients

    RSSI  -60 dbm................................ 0 clients

    RSSI  -52 dbm................................ 0 clients

  Client Signal To Noise Ratios

    SNR    0 dB.................................. 0 clients

    SNR    5 dB.................................. 0 clients

    SNR   10 dB.................................. 0 clients

    SNR   15 dB.................................. 0 clients

    SNR   20 dB.................................. 0 clients

    SNR   25 dB.................................. 0 clients

    SNR   30 dB.................................. 0 clients

    SNR   35 dB.................................. 0 clients

    SNR   4

    Power Level.................................. 1

    RTS/CTS Threshold............................ 2347

    Fragmentation Tnreshold...................... 2346

    Antenna Pattern.............................. 0

Number Of Slots.................................. 2 

AP Name.......................................... K2-1

MAC Address...................................... 1c:df:0f:4e:b9:2c

  Slot ID........................................ 1

  Radio Type..................................... RADIO_TYPE_80211a

  Sub-band Type.................................. All

  Noise Information

    Noise Profile................................ PASSED

    Channel 36...................................  -95 dBm

    Channel 40...................................  -96 dBm

    Channel 44...................................  -96 dBm

    Channel 48...................................  -95 dBm

    Channel 52...................................  -96 dBm

   

    Channel 112..................................  -96 dBm

    Channel 116..................................  -97 dBm

    Channel 132..................................  -96 dBm

    Ch

    Rogue Histogram (20/40_ABOVE/40_BELOW)

    ............................................. 

    Channel 36...................................  0/ 0/ 0

    Channel 40

    Attached Clients............................. 0 clients

  Coverage Information

    Coverage Profile............................. PASSED

    Failed Clients............................... 0 clients

  Client Signal Strengths

    RSSI -100 dbm................................ 0 clients

    RSSI  -92 dbm................................ 0 clients

    RSSI  -84 dbm................................ 0 clients

    RSSI  -76 dbm................................ 0 clients

    RSSI  -68 dbm................................ 0 clients

    RSSI  -60 dbm................................ 0 clients

    RSSI  -52 dbm................................ 1 clients

  Client Signal To Noise Ratios

    SNR    0 dB.................................. 0 clients

    SNR    5 dB.................................. 0 clients

    SNR   10 dB.................................. 0 clients

    SNR   15 dB.................................. 0 clients

    SNR   20 dB.................................. 0 clients

    SNR   25 dB.................................. 0 clients

    SNR   30 dB.................................. 0 clients

    SNR   35 dB.................................. 0 clients

    SNR   40 dB.................................. 0 clients

    SNR   45 dB.................................. 1 clients



--More or (q)uit current module or <ctrl-z> to abort

  Nearby APs

  Radar Information

  Channel Assignment Information

    Current Channel Average Energy...............  -86 dBm

    Previous Channel Average Energy..............  -61 dBm

    Channel Change Count......................... 1

    Last Channel Change Time..................... Thu Nov 11 18:10:43 2010

    Recommended Best Channel..................... 64

  RF Parameter Recommendations

    Power Level.................................. 1

    RTS/CTS Threshold............................ 2347

    Fragmentation Tnreshold...................... 2346

    Antenna Pattern.............................. 0

Press Enter to continue or <ctrl-z> to abort



Press Enter to continue or <ctrl-z> to abort






802.11a Configuration

802.11a Network.................................. Enabled

11nSupport....................................... Enabled

      802.11a Low Band........................... Enabled

      802.11a Mid Band........................... Enabled

      802.11a High Band.......................... Enabled

802.11a Operational Rates

    802.11a 6M Rate.............................. Mandatory

    802.11a 9M Rate.............................. Supported

    802.11a 12M Rate............................. Mandatory

    802.11a 18M Rate............................. Supported

    802.11a 24M Rate............................. Mandatory

    802.11a 36M Rate............................. Supported

    802.11a 48M Rate............................. Supported

    802.11a 54M Rate............................. Supported

802.11n MCS Settings:

    MCS 0........................................ Supported

    MCS 1........................................ Supported

    MCS 2........................................ Supported

    MCS 3........................................ Supported

    MCS 4........................................ Supported

    MCS 5........................................ Supported

    MCS 6........................................ Supported



--More or (q)uit current module or <ctrl-z> to abort

    MCS 7........................................ Supported

    MCS 8........................................ Supported

    MCS 9........................................ Supported

    MCS 10....................................... Supported

    MCS 11....................................... Supported

    MCS 12....................................... Supported

    MCS 13....................................... Supported

    MCS 14....................................... Supported

    MCS 15....................................... Supported

802.11n Status:

    A-MPDU Tx:

        Priority 0............................... Enabled

        Priority 1............................... Disabled

        Priority 2............................... Disabled

        Priority 3............................... Disabled

        Priority 4............................... Disabled

        Priority 5............................... Disabled

        Priority 6............................... Disabled

        Priority 7............................... Disabled

Beacon Interval.................................. 100

CF Pollable mandatory............................ Disabled

CF Poll Request mandatory........................ Disabled

CFP Period....................................... 4



--More or (q)uit current module or <ctrl-z> to abort

CFP Maximum Duration............................. 60

Default Channel.................................. 36

Default Tx Power Level........................... 0

DTPC  Status..................................... Enabled

Fragmentation Threshold.......................... 2346

TI Threshold..................................... -50

Legacy Tx Beamforming setting.................... Disabled

Traffic Stream Metrics Status.................... Disabled

Expedited BW Request Status...................... Disabled

World Mode....................................... Enabled

EDCA profile type................................ default-wmm

Voice MAC optimization status.................... Disabled

Call Admision Control (CAC) configuration

Voice AC:

   Voice AC - Admission control (ACM)............ Disabled

   Voice max RF bandwidth........................ 75

   Voice reserved roaming bandwidth.............. 6

   Voice load-based CAC mode..................... Disabled

   Voice tspec inactivity timeout................ Disabled

   Voice Stream-Size............................. 84000

   Voice Max-Streams............................. 2
V

   Video max RF bandwidth....




802.11a Advanced Configur


ation

AP Name             


             MAC Address    


    Admin State  Operation S


tate   Channel TxPower

---


----------------------------


- ------------------ -------


----- ------


----------- ------- --------




K2-1                     


        00:3a:99:0d:19:a0   


 ENABLED      UP            


    64*      1(*) 

Press E


nter to continue or <ctrl-z>


 to abort



802.11a Airew


ave Director Configuration




RF Event and Performance Lo


gging

  Channel Update Log


ging........................


. Off

  Coverage Profile L


ogging......


................. Off

  Fo


reign Profile Logging.......


................. Off

  Load Profile Logging........................... Off

  Noise Profile Logging.......................... Off

  Performance Profile Logging.................... Off

  TxPower Update Logging......................... Off

Default 802.11a AP performance profiles

  802.11a Global Interference threshold.......... 10 %

  802.11a Global noise threshold................. -70 dBm

  802.11a Global RF utilization threshold........ 80 %

  802.11a Global throughput threshold............ 1000000 bps

  802.11a Global clients threshold............... 12 clients

Default 802.11a AP monitoring

  802.11a Monitor Mode........................... enable

  802.11a Monitor Mode for Mesh AP Backhaul...... disable

  802.11a Monitor Channels....................... Country channels

  802.11a AP Coverage Interval................... 180 seconds

  802.11a AP Load Interval....................... 60 seconds

  802.11a AP Noise Interval...................... 180 seconds

  802.11a AP Signal Strength Interval............ 60 seconds

Automatic Transmit Power Assignment

  Transmit Power Assignment Mode................. AUTO

  Transmit Power Update Interval................. 600 seconds

  Transmit Power Threshold....................... -70 dBm

  Transmit Power Neighbor Count.................. 3 APs



--More or (q)uit current module or <ctrl-z> to abort

  Min Transmit Power............................. -10 dBm

  Max Transmit Power............................. 30 dBm

  Transmit Power Update Contribution............. SNI.

  Transmit Power Assignment Leader............... f8:66:f2:62:4c:80

  Last Run....................................... 135 seconds ago

Coverage Hole Detection 

  802.11a Coverage Hole Detection Mode........... Enabled

  802.11a Coverage Voice Packet Count............ 100 packets

  802.11a Coverage Voice Packet Percentage....... 50%

  802.11a Coverage Voice RSSI Threshold.......... -80 dBm

  802.11a Coverage Data Packet Count............. 50 packets

  802.11a Coverage Data Packet Percentage........ 50%

  802.11a Coverage Data RSSI Threshold........... -80 dBm

  802.11a Global coverage exception level........ 25 %

  802.11a Global client minimum exception lev.... 3 clients

Automatic Channel Assignment

  Channel Assignment Mode........................ AUTO

  Channel Update Interval........................ 600 seconds

  Anchor time (Hour of the day).................. 0 

  Channel Update Contribution.................... SNI.

  Channel Assignment Leader...................... f8:66:f2:62:4c:80

  Last Run....................................... 135 seconds ago

  DCA Sensitivity Level.......................... MEDIUM (15 dB)



--More or (q)uit current module or <ctrl-z> to abort

  DCA 802.11n Channel Width...................... 20 MHz

  DCA Minimum Energy Limit....................... -95 dBm

  Channel Energy Levels 

    Minimum...................................... -86 dBm

    Average...................................... -86 dBm

    Maximum...................................... -86 dBm

  Channel Dwell Times 

    Minimum...................................... 0 days, 19 h 14 m 29 s

    Average...................................... 0 days, 19 h 14 m 29 s

    Maximum...................................... 0 days, 19 h 14 m 29 s

  802.11a 5 GHz Auto-RF Channel List

    Allowed Channel List......................... 36,40,44,48,52,56,60,64

    Unused Channel List.......................... 100,104,108,112,116,120,124,

                                                  128,132,136,140

  DCA Outdoor AP option.......................... Disabled

Radio RF Grouping

  802.11a Group Mode............................. AUTO

  802.11a Group Update Interval.................. 600 seconds

  802.11a Group Leader........................... f8:66:f2:62:4c:80

    802.11a Group Member......................... f8:66:f2:62:4c:80

  802.11a Last Run............................... 135 seconds ago

Press Enter to continue or <ctrl-z> to abort





--More or (q)uit current module or <ctrl-z> to abort

802.11b Configuration

802.11b Network.................................. Enabled

11gSupport....................................... Enabled

11nSupport....................................... Enabled

802.11b/g Operational Rates

    802.11b/g 1M Rate............................ Mandatory

    802.11b/g 2M Rate............................ Mandatory

    802.11b/g 5.5M Rate.......................... Mandatory

    802.11b/g 11M Rate........................... Mandatory

    802.11g 6M Rate.............................. Supported

    802.11g 9M Rate.............................. Supported

    802.11g 12M Rate............................. Supported

    802.11g 18M Rate............................. Supported

    802.11g 24M Rate............................. Supported

    802.11g 36M Rate............................. Supported

    802.11g 48M Rate............................. Supported

    802.11g 54M Rate............................. Supported

802.11n MCS Settings:

    MCS 0........................................ Supported

    MCS 1........................................ Supported

    MCS 2........................................ Supported

    MCS 3........................................ Supported

    MCS 4........................................ Supported



--More or (q)uit current module or <ctrl-z> to abort

    MCS 5........................................ Supported

    MCS 6........................................ Supported

    MCS 7........................................ Supported

    MCS 8........................................ Supported

    MCS 9........................................ Supported

    MCS 10....................................... Supported

    MCS 11....................................... Supported

    MCS 12....................................... Supported

    MCS 13....................................... Supported

    MCS 14....................................... Supported

    MCS 15....................................... Supported

802.11n Status:

    A-MPDU Tx:

        Pr

CF Poll Request mandatory....

   Voice Stream-Size.........

  Noise Profile Logging......

  Transmit Po

  Channel Energy Levels 

  

Multicast Mode ..............

EAPOL-Key Timeout (milliseconds).............

MAC Address..

Quarantine-vlan..............

AP Manager...................

DHCP Option 82...............

CHD per WLAN.................

   Accounting................

   Client MFP................

  NAC-State..................

Radio Policy.   Accounting...

   Infrastruc



Press Enter to continue or

Idx  Type  Server Address    



Local EAP Configuration







Press Enter to continue

Mac Filter Info

Press Enter




Load Balancing Info

Agg


ressive Load Balancing......


.................. Disabled




Aggressive Load Balancing 


Window................. 5 cl


ients

Aggressive Load Bala


ncing Denial Count..........


. 3 

Statistics

Total Denied Count............................... 0 clients

Total Denial Sent................................ 0 messages

Exceeded Denial Max Limit Count.................. 0 times

None 5G Candidate Count.......................... 0 times

None 2.4G Candidate Count........................ 0 times

Press Enter to continue or <ctrl-z> to abort



Dhcp Scope Info
Scope: Internal scope



Enabled.......................................... Yes

Lease Time....................................... 86400 (1 day )

Pool Start....................................... 192.168.2.100

Pool End......................................... 192.168.2.199

Network.......................................... 192.168.2.0

Netmask.......................................... 255.255.255.0

Default Routers.................................. 192.168.2.1  0.0.0.0  0.0.0.0

DNS Domain....................................... kc.se

DNS.............................................. 84.246.88.10  84.246.88.20  0.0.0.0

Netbios Name Servers............................. 0.0.0.0  0.0.0.0  0.0.0.0

Press Enter to continue or <ctrl-z> to abort



Exclusion List ConfigurationUnable to retrieve exclusion-list entry



--More-- or (q)uit



Press Enter to continue or <ctrl-z> to abort



CDP Configuration

Press Enter to continue or <ctrl-z> to abort



Country Channels Configuration



Configured Country............................. SE  - Sweden

      KEY: * = Channel is legal in this country and may be configured manually.

           A = Channel is the Auto-RF default in this country.

           . = Channel is not legal in this country.

           C = Channel has been configured for use by Auto-RF.

           x = Channel is available to be configured for use by Auto-RF.

         (-,-) = (indoor, outdoor) regulatory doamin allowed by this country.

-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-

    802.11bg     :                            

    Channels     :                   1 1 1 1 1

                 : 1 2 3 4 5 6 7 8 9 0 1 2 3 4

-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-

 SE (-E   ,-E   ): A * * * * A * * * * A * * .

-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

    802.11a      :                         1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1



--More-- or (q)uit

    Channels     : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6

                 : 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5

-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

 SE (-E   ,-E   ): . A . A . A . A A A A A * * * * * * * * * * * . . . . .

Press Enter to continue or <ctrl-z> to abort



WPS Configuration Summary



Auto-Immune

  Auto-Immune.................................... Disabled



Client Exclusion Policy

  Excessive 802.11-association failures.......... Enabled

  Excessive 802.11-authentication failures....... Enabled

  Excessive 802.1x-authentication................ Enabled

  IP-theft....................................... Enabled

  Excessive Web authentication failure........... Enabled



Signature Policy

  Signature Processing........................... Enabled



Press Enter to continue or <ctrl-z> to abort





--More-- or (q)uit

Custom Web Configuration



Radius Authentication Method..................... PAP

Cisco Logo....................................... Enabled

CustomLogo....................................... None

Custom Title..................................... None

Custom Message................................... None

Custom Redirect URL.............................. None

Web Authentication Type.......................... Internal Default

External Web Authentication URL.................. None



Configuration Per Profile:



WLAN ID: 2 

   WLAN Status................................... Enabled

   Web Security Policy........................... Web Based Authentication

   Global Status................................. Enabled

   WebAuth Type.................................. Internal



Press Enter to continue or <ctrl-z> to abort



Rogue AP Configuration





--More-- or (q)uit

Rogue Location Discovery Protocol................ Disabled

Rogue on wire Auto-Contain....................... Disabled

Rogue using our SSID Auto-Contain................ Disabled

Valid client on rogue AP Auto-Contain............ Disabled

Rogue AP timeout................................. 1200



MAC Address        Classification     # APs # Clients Last Heard             

-----------------  ------------------ ----- --------- -----------------------

00:0b:0e:b3:a1:00  Pending            1     0         Fri Nov 12 13:24:18 2010

00:24:01:f2:6e:b9  Unclassified       1     6         Fri Nov 12 13:24:18 2010

00:24:01:f2:6e:bb  Unclassified       1     0         Fri Nov 12 13:06:59 2010



Adhoc Rogue Configuration



Detect and report Ad-Hoc Networks................ Enabled

Auto-Contain Ad-Hoc Networks..................... Disabled



Client MAC Address  Adhoc BSSID         State              # APs   Last Heard             

------------------  ------------------  -----------------  ------  -----------------------



Rogue Client Configuration



Validate rogue clients against AAA............... Disabled



--More-- or (q)uit



MAC Address        State              # APs Last Heard             

-----------------  ------------------ ----- -----------------------

00:1c:bf:a2:e3:88  Alert              1     Fri Nov 12 13:18:18 2010

00:21:00:f4:69:24  Alert              1     Fri Nov 12 13:09:18 2010

00:23:df:43:25:b6  Alert              1     Fri Nov 12 13:09:18 2010

00:25:d3:f3:63:bb  Alert              1     Fri Nov 12 13:09:18 2010

90:4c:e5:7e:02:67  Alert              1     Fri Nov 12 13:00:19 2010

Open in new window

0
Comment
Question by:Putte_Climbing
  • 5
  • 3
8 Comments
 

Expert Comment

by:SuffolkCCIE
ID: 34120910
Hi

Is the port on the WLC which connects to FA23 configured as a trunk port?

Steven
0
 

Author Comment

by:Putte_Climbing
ID: 34122235
I have created two dynamic interfaces on port 2. I guess that is a trunk.

I Would of course like to setup so that the management network works on port 2 as well, but I'm not sure exactly how since the vlan is 0 on the management network.

How do I set up the switchports on the wlc, and how do i show the port configuration from the CLI?

Please check the WLC config and get back to me if you need further data.

All help is appriciated, I'm quite a newbie to Cisco and very newbie to this wifi stuff!
0
 

Author Comment

by:Putte_Climbing
ID: 34145288
I've just played around, and tried to get a hang of the WLC. But don't really get anywhere... Could someone who's built these kind of networks give me some basic advices???
0
 

Expert Comment

by:SuffolkCCIE
ID: 34145802
This really needs some to look at this in some details, I am director of a network support organisation in the UK. Would you consider paying for some consulting? Please call 0800 084 5925 and ask for Steven Velletri.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:Putte_Climbing
ID: 34145869
Sorry Steven,

I will take in local consulting if I won't get this to work myself (with the help of the guys here at EE).
0
 

Expert Comment

by:SuffolkCCIE
ID: 34150942
No problem
0
 

Accepted Solution

by:
Putte_Climbing earned 0 total points
ID: 34255690
With the help of CIsco part of this is solved. I've added the mgm network from the firewall so that the WLC can ocmmunicate on the VLAN 1.

Last part now is to add the HREAP to the config.

Haven't got any help from here though...

0
 

Author Closing Comment

by:Putte_Climbing
ID: 34289757
Just closing this because of no help...
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now