Cisco catalyst 3850 switch wireless controller configurations

Hi experts ,

I'm stuck on a  Cisco problem...

I'm trying to do the simple but I'm not getting it right.
the switch comes with an integrated wireless controller and this can be configured via command line or GUI interface.  We use a normal ADSL that provides dhcp and since this is a layer 2 and layer 3 switch, I've enabled IP routing.  

AP's  are connect to switch port mode access ports and some other AP's are connect on 2960 s switches but all are stack.  

Licenses are all verified and country codes are set, etc.

do you guys perhaps have a link where one can see how to configure the the controller on this switch and connect it to the AP's.  It Seems like no discovery's taking place her.

I've enable the ap cpd,  set mobility controller, etc but I still can't see any AP on  my side.

note,  I've also setup vlans...  and all AP's are on the wireless vlans

Thanx
salt-eitAsked:
Who is Participating?
 
JustInCaseCommented:
normal ADSL that provides dhcp
Did you create interface VLAN <x> and set ip address and helper IP address if it is needed for wirelles VLAN and in DHCP set it as default gateway?
Just to eliminate problem with VLAN.
Maybe to copy your VLAN configuration.
0
 
salt-eitAuthor Commented:
here are my configs.. thanx
inter vlan has been created too
configs.txt
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
JustInCaseCommented:
Is your dhcp server capable of leasing 2 or more IP address ranges, since it is ADSL ?
And I don't see any default route configured.

I don't see that you have configured POE on ports (if this is POE model).

command is under interface
interface GigabitEthernet1/0/45
power inline {auto [max max-wattage] | never | static [max max-wattage]}

and please remove crypto pki certificate from config
and which is wireless VLAN?
0
 
salt-eitAuthor Commented:
it's a POE model...  will configure it.

The ADSL, I'll have to see, why would it be necessary and if not,  does this mean my switch should also be playing the DHCP role or only the switch?

default route,  why would this be necessary?
0
 
JustInCaseCommented:
Since it is not flat network (just one VLAN) you need default route, switch needs to know which network is exit from your network to internet.
I guess that L3 Switch is far more better for DHCP than DHCP device.
Default gateway is L2 thing, you need L3 route.
ip route 0.0.0.0 0.0.0.0 x.x.x.x (next-hop address - probably your ADSL IP address)
And  while it is same VLAN you usually don't need ip helper-address
ip address 192.168.178.3 255.255.255.0
ip helper-address 192.168.178.1
0
 
salt-eitAuthor Commented:
thanx,  we'll probably have the server playing the DHCP role later.... but, for now the switch will handle.  Sorry,  I'm just try to gather as much info as possible before configuring again.

my bad on the helper... but still seems like I can't see any of the 8 AP's.
confusion comes to play when setting the management vlan,  wireless vlan and the vlan on the controller side....  what IP should be broadcast to the AP's.


one get's the wireless mobility controller IP...  what IP goes here?
and,  should the controller be set to agent or controller mode?

what should be the controller management IP and does this differ from the switch's vlan 1 management interface.  


one also get's tftp on a certain interface with and a IP....  this can than be used to access the GUI.  if it changes away from TFTP. web access become inaccessible


don't you have something like and example site with configs.
0
 
JustInCaseCommented:
First get your configuration work, then care about Wireless. Otherwise you will probably try to solver problems that don't exist.
First things first.
And what is your AP model.
0
 
salt-eitAuthor Commented:
Cool,
Ap model
Cisco Wireless AIR-CAP1602I-E-K9
0
 
salt-eitAuthor Commented:
thanx,  quick questions...

scenario 1
let's say the adsl was handling DHCP and if I connect it to the main switch, it a hands out IP's to every device that connects on the switch. And,  the main switch have vlans cofigured on it, etc...  for example vlan 100 for data and vlan 101 for wireless.

other switches are connected via trunk ports but  If i do connect any other laptop/pc to those switches,  they aren't getting any IP's...  vtp modes for all switches are set to transparent and the vlan ports were configured manually.

How would you make it possible for IP's to be assigned when plugging into other switches?


steps?

switch set to ip routing; default router  0.0.0.0 0.0.0.0 ADSL ip;
interface vlans for both have an ip helper of the ADSL ip

But,  none of this goes over to the other switches
0
 
salt-eitAuthor Commented:
scenario 2..


turn of DHCP on the ADSL router...

setup dhcp on the main switch with the following but no IP's are also given out still....  

ip dhcp pool vlan100 ( data)
network...  vlan interface network 0/24
default router-  ????? this was set to the vlan interface  ip addresss.
no dns,  etc if needed, I'll set it to 8.8.8.8

ip dhcp exclusion list was set.

then a second pool was created,
ip dhcp pool vlan101(wireless)
all basic were set similar to vlan100,  just different IP's

ip default-gateway ADSL IP ( should the port where the ADSL connects)

the port where adls connects where set to this:
no switch port
exit, no shut,  etc

routing 0.0.0.0 0.0.0.0 (should it still be the ADSL router).

ip routing was set,  


now,  when I plug something it...  nothing happens,  that means my AP's are also not getting IP's.

thanx
0
 
salt-eitAuthor Commented:
Thanx for the links but the problem now doesn't sit with the access points,  they are usually like plug and play devices...  the problem sits with cisco catalyst 3850 switch wireless controller....

how to configure the controller  as MC,  how to make it communicate with my access points.
How does capwap interface work,  etc...
0
 
salt-eitAuthor Commented:
thanx, quick question....

if dhcp goes to my layer 3 switch... enabling ip routing, etc.

let put it this way... we have 3 switches,

2 are stacked and they connect to the core switch
now...

if the core switch plays the DHCP role and I'm only going to describe two vlans now...
adsl router ip is 192.168.178., DHCP off

let say vlan 1 have ip 192.168.1.1/24
vlan 2- 192.168.2.1/24
service dhcp enabled

now,  
ip dhcp pool vlan1
network  192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns 192.168.178.1

exclud- .1- .30

ip dhcp pool vlan2
network  192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns 192.168.178.1

exclusion is the same as vlan 1's ....


now...  from the core switch where the adsl's connected?  how do I ping 192.168.178.1 (ADSL router),
from my testing,  I figured that that port should be set to no switchport and given an IP that's in the same range as the ADSL, I've set it to 192.168.178.2....  then I could ping it. But,  this sounds wrong.


from the other 2 stacked switches....  one can't ping the ADSL ip,  even if there's a static route on it.

what am I missing here?  this means my users won't be able to access the internet?

thanx for your feedback so far
0
 
salt-eitAuthor Commented:
oh,  where does IP helper fit in the last comment,  is it still necessary
0
 
salt-eitAuthor Commented:
okay,  I configured it as explained in my second comment...

but,  the interface where the adsl (fritzbox) is connecting to, I've set it to switchport and gave it an IP which is in the same range as the ADSL.
now I can ping the ADSL,  ( ICMP but I can't log into it via the web)...

based on the configs...  I do get an IP now with the dns of the adsl, but I can't ping out to the web....  8.8.8.8
from the switch,  I can ping out with no error.

see my configs attached
configs.txt
0
 
JustInCaseCommented:
For DHCP to work you need to create loopback interface

interface loopback 0
ip address 10.1.1.1 255.255.255.255 (or whatever you want)

and under VLAN interfaces you need to add that address as ip helepr-address
and DHCP will work

interface vlan 100
ip address 10.9.8.1 255.255.255.0
ip helper-address 10.1.1.1

and any other vlan interface that need DHCP :)

And  one more question... do you need just one VLAN on AP?

remove
ip default-gateway 192.168.178.1

what is output of your
show ip route command

I've set it to 192.168.178.2....  then I could ping it. But,  this sounds wrong.
It's OK. That's the way it should be.
0
 
salt-eitAuthor Commented:
But dhcp does work....  Based on my settings.  In the previous comment.  Why do I need the loop back interface.  Without the helper address.  The machine are getting ip's but in still can browse to the Internet.  Would u need nat  translation?
0
 
JustInCaseCommented:
OK, I miss that that DHCP works... :)
I used to create loopback interface for this...
Your ADSL router don't know where you other networks are.
You can create static routes to L3 router for each network on ADSL router
ip route 10.9.8.0 255.255.255.0 192.168.178.2
ip route 10.9.9.0 255.255.255.0 192.168.178.2
0
 
salt-eitAuthor Commented:
Okay will test it
0
 
salt-eitAuthor Commented:
Oh on the client machines

I have the following up info:
ip v4: 10.9.8.51
gateway: 10.9.8.1
dns 192.168.178.1  and 8.8.8.8

On the router I can't ping the adsl/dns ip unless I set that port to no switchport and give an IP in the same range as the adsl
I'll try the routing.... Cool
0
 
JustInCaseCommented:
On the router I can't ping the adsl/dns ip unless I set that port to no switchport and give an IP in the same range as the adsl
I told you, that's the way that supposed to be.
:)
Otherwise router don't know to what interface send ping, or ADSL router don't know where from ping came from to send it back.
0
 
salt-eitAuthor Commented:
Just a quick throwback....
If the adsl was doing dns and stuff no vlans  were configured on either switch.  
But one only gets internet when connected to the core switch, where adsl's on...

How would one then get internet to the other switches...?
0
 
Craig BeckCommented:
You don't need a loopback interface for DHCP to work - that's just not right at all.  DHCP is sourced from the client and the DHCP server sends an IP from the relevant scope based on what info was in the DHCP request.  Similarly, pings, etc, use standard routing to determine which interface to send a response out of.

You can also source traffic from the switch itself to any interface you choose.  You don't HAVE to use a Loopback interface.

This will get you going with a basic overview of how to configure the switch and get some wireless working...

http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/deployment_guide_c07-727067.html#_Toc350855362

Also I noticed in your config that you're enabling WPA1 with TKIP and AES but only allowing WPA2 to use TKIP.  This will cause at least 2 problems for you...

1] Clients won't be able to achieve 802.11n data-rates, so 54Mbps will be the maximum PHY rate.
2] Some clients may experience compatibility issues as AES was never meant to be used with WPA1.

You should only use WPA1 with TKIP and WPA2 with AES.  If you require 802.11n data-rates you must use only WPA2 with AES - WPA1 with TKIP or AES doesn't support 802.11n data-rates.
0
 
salt-eitAuthor Commented:
For now... I'll put all management  interfaces on the same range as the adsl and then I'll do configs on another day.
0
 
JustInCaseCommented:
There's always VLANs, in your case it is native VLAN 1 - no tags, and that's flat network.
Then you don't need trunks between switches, you can set all your switches to VLAN 1 and access port to connect switches.

But, I myself would not like that solution, because, since you have wireless, sooner or later, you will have to create separate WLAN for guest for security.

(that's if I good understood question)
0
 
salt-eitAuthor Commented:
Cool....  Just quickly want to setup the wifi side  before I go into the switch.  Flat network
0
 
JustInCaseCommented:
In that case you can turn of ip routing (if all ports will be in vlan 1). You don't need it.
0
 
Craig BeckCommented:
With everything on the same VLAN you don't need an IP helper for DHCP to work from the ADSL box.
0
 
salt-eitAuthor Commented:
Thanx guys... This will only be temporary
0
 
JustInCaseCommented:
You don't need a loopback interface for DHCP to work - that's just not right at all.  DHCP is sourced from the client and the DHCP server sends an IP from the relevant scope based on what info was in the DHCP request.  Similarly, pings, etc, use standard routing to determine which interface to send a response out of.

You can also source traffic from the switch itself to any interface you choose.  You don't HAVE to use a Loopback interface.

I don't have L3 switch at my disposal, and in Cisco packet tracer DHCP won't work if there is no loopback interface, and under vlan interface and defined ip helper-address, but probably reason for that is that this is only simulator for L3 switch. That's the reason why somewhere along the way I used to create loopback interface on L3 switch so hosts in VLAN can get ip addresses. Soon I'll try on real L3 switch and see if it's work without loopback interface. :)

It is definitely Packet tracer issue, and I found workaround for problem what many on internet wonder why DHCP not work. :)
OK, thanks for info it means a lot to me, wrong learned thing are hardest to correct.
0
 
Craig BeckCommented:
Think about a layer2 switch.  You can run DHCP on a L2 switch.  That instantly tells you that you don't need neither routing nor a loopback interface.

I've never ever seen PT needing a loopback to allow DHCP server functions to work.  I think maybe you're needing a loopback because you're assuming that you need an IP helper to be configured??  Take a look here... no loopback...

http://chennaicisco.blogspot.co.uk/2013/10/how-to-configure-dhcp-in-cisco-router.html

@salt-eit... sorry for hijacking your thread :-)
0
 
JustInCaseCommented:
My bad.
I found where was my problem.
I forgot about STP, and I was impatient to wait 30 seconds on multilayer switch, and took it for granted.
Just in this case I created loopback on L3 switch, not on router. On router STP always did his job, I gave it enough time while work something other.

:)

Thank you very much.
0
 
salt-eitAuthor Commented:
@craigbeck,  no problem...

Note, I didn't bail on you guys, I'm just going through a few testing via Packet tracer and reading on the Mobility controller ( Capwap).

@Predrag Jovic,  Try Packet tracer version  6.1
0
 
salt-eitAuthor Commented:
Hi Experts,

I'm back... sorry for the delay though  

On the wifi  and mobility controller side,

most would say " You have to remember that all your AP should be configured with same vlan access port where you configured for wireless management, otherwise AP won’t join"


in my scenario,  how would this fit in?  Note,  I've manage to get 4 AP's registered and Four are missing but,  I also do get some errors:

Let's do it this way...

with these switches,  there's usually also a controller interface ( G0/0) which can be configured for GUI use, web access.
One should also enable the mobility features for wireless feature to work.

let's do it this way,

Vlan101 ( wireless vlan) have the IP of 192.168.1.1

AP's interface are configure as follow:
switchport mode access
power inline static
switchport mode vlan101
port-fast
no shut

dhcp setting are:

pool vlan101
network 192.168.1.0/24
default-gateway 192.168.1.1 ( vlan interface)
DNS- 8.8.8.8

exclusion 192.168.1.1 192.168.1.10
service DHCP enable...

now, if the management interface is in a different subnet ( 192.168.2.1) and I should advertise this IP to  my AP's,  what should the IP helper be under my vlan interface or won't it be necessary?

the wireless mobility  controller ip set to vlan 101

errors  I get with my AP's on CAPWAP protocol:

Oct 22 15:53:31.537: *spamApTask1: 1 wcm:  %LOG-3-Q_IND: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
*Oct 22 15:53:31.537: *spamApTask1: 1 wcm:  %CAPWAP-3-DISC_WIRELESS_INTERFACE_ERR1: Unable to process discovery request from AP dca5.f4f2.3380 , VLAN (1) scrIp (192.168.178.28) dstIp(255.255.255.255), could not get wireless interface belonging to this network

According to this error, it got an IP from the ADSL, I'll still move that to the switch and see what happs

here are some of the other errors:  I'll log into the AP's configure the country codes....  Let me know if you guys have experienced some of these problems

*Oct 22 15:53:34.015: *spamApTask0: 1 wcm:  %LWAPP-3-RD_ERR8: Country code (ZA ) not configured for AP dc:a5:f4:43:ca:00
*Oct 22 15:53:34.016: *spamApTask0: 1 wcm:  %LOG-3-Q_IND: Country code (ZA ) not configured for AP dc:a5:f4:43:ca:00[...It occurred 2 times.!]
*Oct 22 15:53:34.016: *spamApTask0: 1 wcm:  %LWAPP-3-RD_ERR4: Invalid regulatory domain 802.11bg:-A     802.11a:-A for AP dc:a5:f4:43:ca:00
*Oct 22 15:53:34.018: *spamApTask0: 1 wcm:  %CAPWAP-3-POST_DECODE_ERR: Post decode processing failed for Config status from AP dca5.f443.ca00
*Oct 22 15:53:34.030: %LINK-3-UPDOWN: Interface Capwap0, changed state to up
*Oct 22 15:53:34.034: *spamReceiveTask: 1 wcm:  %CAPWAP-3-INVALID_STATE_EVENT: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
*Oct 22 15:53:34.041:  Warning: Modification to policy defportangn on wired port is unrecommended, please remove and reapply if unexpected behavior is seen
*Oct 22 15:53:34.063: *qosSvcTask: 1 wcm:  %SPI-3-QOS_INSTALL_RADIO_POLICY: ERROR: AP DCA5.F443.CA00 Radio policy def-11gn Slot 0 install failed


Note,  I've used the Ip protocol forwarding udp and ip helper method
0
 
Craig BeckCommented:
now, if the management interface is in a different subnet ( 192.168.2.1) and I should advertise this IP to  my AP's,  what should the IP helper be under my vlan interface or won't it be necessary?
You don't need an IP helper to get APs to join a WLC.  For this to happen in a L3 scenario you need to use either...

1] Static controller IP configured on the AP
2] DHCP option 43 configured with WLC management IP
3] DNS entry for "CISCO-CAPWAP-CONTROLLER" pointing to WLC management IP
0
 
salt-eitAuthor Commented:
Okay I'm using the options of udp ports...
How do one get the controller interface up.  Even though I set the ip and no shut,  I still can't ping it from the switch.
I'll try dhcp option 43 or dns
0
 
Craig BeckCommented:
You configure a VLAN on the switch and use the wireless management interface vlan x command to tell the WLC which interface to use for management traffic.

Let's say your WLC management VLAN is 101 and your AP VLAN is 102.  On the switch you'd use this...

wireless mobility controller
wireless management interface vlan 101
!
interface Vlan101
 description WLAN Managment
 ip address 192.168.1.1 255.255.255.0
 no shutdown
!
interface Vlan102
 description AP VLAN
 ip address 192.168.2.1 255.255.255.0
 no shutdown
!
ip dhcp pool WLAN_MGMT
 network 192.168.1.0 /24
 default-router 192.168.1.1
 dns-server 8.8.8.8
!
ip dhcp pool AP
 network 192.168.2.0 /24
 default-router 192.168.2.1
 dns-server 8.8.8.8
 option 43 ascii f104c0a80101
!

Open in new window



That would get you started, and APs joining.  Have a look at the link I posted, it contains full configs for a MC and a MA.
0
 
salt-eitAuthor Commented:
okay,  I did those configs....  Oh,  and thanx for your link,  can't believe I missed it.

I just had a little blackout moment... I've just complicated things for myself and only now I understand what the AP's were trying to do when they couldn't find the controller.

"management wlan....   and wireless controller IP address,  which is GIG0/0"

firstly,  I would go around and put an IP on interface G0/0,  thinking that it should be the controller IP and that's the only way to access the switch via the web and manage the AP's.

Forgot about  my IP on vlan 1 can be used for web access.

Now,  after setting the IP on G0/0...  I still couldn't ping it,  even though the interface shows up. This IP was then used to as the ip helper address...  my bad.


wlan managment IP was wet on vlan101 and I had no vlan or IP for the controller itself in that vlan, my bad.

I still think my UDP approach will work,  thanx...  will check the link.
0
 
Craig BeckCommented:
The UDP approach won't work - that's why Cisco created the DHCP Option 43 approach, and the DNS approach.

GigabitEthernet0/0 is the switch management interface.  It is used for out-of-band management of the switch.  It is in a VRF so you can't use it for real traffic on the switch, therefore you'll never ever get an AP to join the WLC using that IP address.
0
 
salt-eitAuthor Commented:
once the SSID stuff has been set, how do one make this broadcast and set a password for this WIFI

https://www.youtube.com/watch?v=pKEiPCLO3Qk

okay I'll try DHCP option 43 or DNS
0
 
Craig BeckCommented:
To broadcast an SSID you need to use the broadcast-ssid command...

wlan Sacu
 broadcast-ssid

Open in new window

0
 
salt-eitAuthor Commented:
quick follow up...

with the dns method...  there are only two commands needed.

ip domai-name cisco-capwapp-controller.domain
and
ip host cisco-capwapp-controller.domain

I get the errors below when enabling logging,  what could be missing

Oct 22 21:12:07.371: *spamApTask1: 1 wcm:  %CAPWAP-3-DISC_WIRELESS_INTERFACE_ERR1: Unable to process discovery request from AP dca5.f443.c820 , VLAN (101) scrIp (10.9.9.216) dstIp(255.255.255.255), could not get wireless interface belonging to this network

Oct 22 21:14:50.654: *spamApTask1: 1 wcm:  %CAPWAP-3-DISC_WIRELESS_INTERFACE_ERR1: Unable to process discovery request from AP dca5.f4f2.3380 , VLAN (101) scrIp (10.9.9.233) dstIp(255.255.255.255), could not get wireless interface belonging to this network
0
 
Craig BeckCommented:
You need to create a host record on your DNS server to use the DNS method.  You have a DHCP scope on your switch so option 43 is the obvious and most practical choice.
0
 
JustInCaseCommented:
The APs need to be connected to access mode switchports in the same VLAN!

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080c16223.shtml

APs need to be on the same vlan where you configure the wireless management on 3850.

Converged Access Controller/ NGWC AP Join Issue Troubleshoot with Traces

Common Reasons for AP Join Failure (from link above)

This section describes common causes of AP join failure.

Problem 1: The AP on the Catalyst 3850 Series Switch is not in the wireless management VLAN.

 #show run interface gig1/0/22

interface GigabitEthernet1/0/22
 description AP
 switchport access vlan 25
 switchport mode access

#show run | inc wireless

wireless mobility controller
wireless management interface Vlan1104

#show log

*%CAPWAP-3-DISC_WIRELESS_INTERFACE_ERR1: 1 wcm:  Unable to process discovery
request from AP 0019.0737.f630 , VLAN (25) scrIp (10.10.25.13) dstIp
(255.255.255.255), could not get wireless interface belonging to this network

 The AP is in VLAN 25, and there is no wireless management interface configuration for VLAN 25.
0
 
Craig BeckCommented:
That is very true.  Connecting to a MC requires the AP to be on the same VLAN as the wireless management VLAN.
0
 
salt-eitAuthor Commented:
Thanx...
now that it's in the same vlan,  it only sees the AP's directly connected to the switch but I'll troubleshoot further.

ct 22 22:20:20.973: *spamApTask1: 1 wcm:  %CAPWAP-3-INVALID_STATE_EVENT: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
*Oct 22 22:20:21.513: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap1, changed state to up
*Oct 22 22:20:29.814: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap0, changed state to down
*Oct 22 22:20:29.980: *spamApTask0: 1 wcm:  %CAPWAP-3-INVALID_STATE_EVENT: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 2 times/sec!.]
0
 
Craig BeckCommented:
You can only terminate APs on a 3850 or a 3650 where MC is a 3x50.  If you connect an AP to a different switch it must be configured as a MC or MA, otherwise you need a non-CA WLC such as the 5508 for APs connected to a non-CA switch.
0
 
salt-eitAuthor Commented:
@craigbeck,

In my environment, I have 8 AP's,  and 4 switches... Ap's are spread equally all over these switches but are in the same vlan101.

3850 is my MC and its interface is now in the same vlan as the AP's...  vlan101, strange that 3850 only sees the AP 's directly connected to it.  I'll do research on the join problem. I think I'll start manually configuring the AP's priority

note,  the broadcast command didn't do any changes
0
 
Craig BeckCommented:
What are your other switches?  They too must be either 3850 or 3650 - you can't terminate APs on a non-CA switch when MC is a 3x50.
0
 
salt-eitAuthor Commented:
2960 s they are all in the same vlan as the management interface (WLC)
0
 
Craig BeckCommented:
No that won't work.  You'll need to use a 5508 or 2504 (for example) instead of a 3850 as a WLC if you use 2960 switches.

https://supportforums.cisco.com/discussion/11916031/access-points-joining-3850-next-generation-switches
0
 
salt-eitAuthor Commented:
Hi Guys,  thanx for all thee assist and time...

I really appreciated and you guys have brought out the cisco mojo within me.

The wireless is working now, a few AP's were connected to my 3850 switch where the controller is and the other AP's were left connected on the 2960 switches.  All AP's are in the same vlan and the works fine.
0
 
salt-eitAuthor Commented:
Hi guys...  is there a command that one can use to see the wireless key?
Is it possible to remove vlans from vtp version primary server. ( switch acting as primary)
0
 
Craig BeckCommented:
On the client or switch?

On the switch you can't generally view the key once you've entered it, although depending on the way the key is hashed on the switch in the CLI you may be able to decode it using a Cisco 7 password decrypter (just search for one in a search engine - there are hundreds).
0
 
salt-eitAuthor Commented:
just on the switch but thanx.... sorry I found it in the config,  my bad.

"can't remove vlans from a switch in primary server mode"

vtp is mode sever....

if my vtp primary are set for vlans and mst....  how do one go afterwards and removed unnecessary vlans
0
 
JustInCaseCommented:
Set vtp to transparent mode. :)
And then remove VLANs.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.