Cisco Hub

August 2015 Study Plan

Posted on


Here is the study plan for August. You can watch my progress as the days go by.

Read the rest of this entry »

Capturing WLAN Packets using WireShark

Posted on Updated on


If you are studying for CCNP Wireless or CWNP Certification, an essential part of the study process is actually getting to lab it all out so as to understand the concepts. I noticed that my Wireshark output lacked the 802.11 management or control packets while trying to capture Open System Authentication process. This blog will explain how to set up Wireshark for WLAN Capturing so that you do not miss the vital packet exchanges.
Read the rest of this entry »

Cisco Prime: Unit of Measurement for Maps ( Meters and Feet)

Posted on Updated on


Thought I would put up a quick post regarding unit of measurements for the Maps.

CPI comes with feet as the default unit and this can be an issue for countries that use meters. I could always recalculate my length in meters and input it in CPI until a client made a rather rude comment like “we do not use feet in our country and I do not expect to see that in documents”. Ok, it was not rude, it’s a fact, but could he not put it in a different way? Read the rest of this entry »

Cisco Wireless: MSE Patch for Bash Code Injection Vulnerability , aka Shellshock [(CVE-2014-6271, CVE-2014-7169]

Posted on Updated on


  1. Download the patch from Cisco.com2014_10_24_13_37_52_Cisco_Systems
  2. Backup the MSE via cisco prime. Refer to my post step 12 and 13

    Cisco Wireless: Upgrading MSE from v7.5 to v8.0 via Cisco Prime

  3. SSH to the MSE
  4. Stop the MSE software2014_10_24_13_43_25_MSE_NMDCBPMSE100_172.20.74.188_SecureCRT
  5.  Copy the downloaded file, mse-bash-patch.zip to the /tmp directory on MSE2014_10_24_15_01_18_MSE_8.0_Upgrade_mrn_cciew
  6.  Login to the MSE as root and navigate to /tmp directory2014_10_24_15_04_07_MSE_NMDCBPMSE100_172.20.74.188_SecureCRT
  7. Unzip the files 2014_10_24_15_06_24_MSE_NMDCBPMSE100_172.20.74.188_SecureCRT
  8. Perform patch2014_10_24_15_09_19_MSE_NMDCBPMSE100_172.20.74.188_SecureCRT
  9. Start MSE 2014_10_24_15_14_10_MSE_NMDCBPMSE100_172.20.74.188_SecureCRT
  10. Verify MSE status from 2014_10_24_15_19_18_Cisco_Prime_Infrastructure_All_Servers_172.20.74.187

And that is all 🙂

Reference

  1. GNU Bash Environment Variable Command Injection Vulnerability

Cisco Wireless: Upgrading Cisco Prime Infrastructure (CPI) 2.0 to 2.1

Posted on Updated on


Situation

I hate it when Cisco comes up with a feature or new release of the WLC or the APs, and we have to wait forever to get support for MSE, CPI etc!! How are they supposed to function in the meantime??

The issue is that I have the new 3700 APs and now that am running CPI 2.0, I cannot manage or even see them without having to upgrade the CPI.

Anyway, at least I get to play with my toys 🙂

Verify version

We can perform an inline upgrade of CPI from 2.0 to 2.1 without having to do a system migration. System migration is best and recommended because you perform a completely new installation then copy database. I however chose to take advantage of the inline upgrade because it’s easier 🙂 and I do not have to copy / re-host licences.

Read the rest of this entry »

Cisco Wireless: Troubleshooting Lightweight AP Connectivity Issues

Posted on Updated on


I have been having an issue with a Cisco AP 2600 rebooting every time (sometimes after 30 minutes, other times after 1 – 2 hours ). Troubleshooting the error using debugs did not provide any good leads. Opened a Case with Cisco TAC, and they also could not see what the issue was. The only thing that we noticed was the traceback below but TAC informed me that he could not see any bugs for that. Read the rest of this entry »

Cisco Wireless: Cisco WLC Customized Webauth files

Posted on Updated on


Spent the better part of the day trying to get upload webauth files for several SSIDs to our Cisco 5500 Controller but ran into issues. I have since solved these issues, so this is basically a – how to – blogpost.

The error that I kept hitting was this: Read the rest of this entry »

Cisco Prime: Installation of Cisco Prime v2.0 – Adding a Licence

Posted on Updated on


Go to Product Licence Registration portal in Cisco.com

https://tools.cisco.com/SWIFT/LicensingUI/Quickstart#.

Add the PAK file that you received from Cisco

2014_07_08_15_07_03_License_Administration_Portal

Once added, your PAK files will appear here

2014_07_08_15_09_52_License_Administration_Portal

To get the licence file, click on the PAK that you need and click on get licence.

2014_07_08_15_12_15_License_Administration_Portal

You are required to fill in Product ID and Serial number details. These are available from Cisco Prime

2014_07_08_15_14_05_Cisco_Prime_Infrastructure_Licenses_10.44.6.200

Fill in the required details

2014_07_08_15_15_13_License_Administration_Portal

 

Details on where to send the licence

2014_07_08_15_16_38_License_Administration_Portal

 

 

 

The licence file is sent as an email attachment to the specified address. Save the file to an accessible folder. Add the file. Once added you will be required to login once again

2014_07_08_15_21_31_Cisco_Prime_Infrastructure_Licenses_10.44.6.200

That’s it . See you in my next post 🙂

 

 

Cisco Prime: Installation of Cisco Prime v2.0 – Standalone

Posted on Updated on


Login as setup to start the installation. Provide the necessary details 2014_07_04_17_20_57_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

 

2014_07_04_17_28_06_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection 2014_07_04_17_29_32_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

2014_07_04_17_35_45_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

 

After rebooting (it rebooted twice) plus it took a long time stuck here. I think 10 minutes have passed now. Will keep count of how much more time it takes at this point.

2014_07_04_17_46_52_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

 

Gosh, it took another 12 minutes. I think it took around 20 – 30 minutes stck at that point, but finally…walllaaa!!

2014_07_04_18_00_06_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

Checking the status of things 🙂

2014_07_04_18_11_10_10.44.6.200_PuTTY

So obviously the first thing i tried to do was login via web…

2014_07_04_18_17_56_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

 

So that will be all for today :). Hope to see you in my next blog as we configure and get Prime up and running 🙂

Adios!

 

Cisco Prime: Configuring HA

Posted on


The SMTP server settings should already be configured.

2014_07_03_17_38_35_Cisco_Prime_Infrastructure_Mail_Server_Configuration_172.20.74.187

 

Login to the primary server with your credentials

2014_07_03_17_42_35_Cisco_Prime_Infrastructure_Mail_Server_Configuration_172.20.74.187

Fill in the details for the secondary server

2014_07_03_17_44_10_Cisco_Prime_Infrastructure_HA_Configuration_172.20.74.187

The failover mode can be manual or automatic. Manual requires you to do the failover, for automatic, the secondary server. Status changes to initializing

2014_07_03_17_57_31_Cisco_Prime_Infrastructure_HA_Configuration_172.20.74.187

From the secondary server, this is the status that I am getting

2014_07_03_18_01_03_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

Had to leave then came back and found that HA was not configured as expected.

2014_07_04_10_32_52_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

Now to troubleshoot the issue…

So I check the status on the primary server and everything looks ok. Everything is running.

2014_07_04_10_39_05_172.20.74.187_PuTTY

But when i look at the status from the secondary server, everything seems to be stopped except for the health monitor. 2014_07_04_10_37_59_10.44.6.200_PuTTY

 

So i tried to restart the services once again.

2014_07_04_10_45_31_10.44.6.200_PuTTY

That did not seem to help.2014_07_04_10_46_22_10.44.6.200_PuTTY

Anyway, after trying to search for the cause of the problem and not finding one, I got a hold of Cisco TAC. The error that I was getting was this one

Failed HA registration Can not create physical standby DB: RMAN-06136: ORACLE error from auxiliary database: ORA-03113: end-of-file on communication channel

I had made sure that i did not have connectivity issues between the two servers, the firewall rule between the two was any any.

TACs response was as follows after they checked the logs under root admin.

As checked the HA configurations is stuck in initializing stage and the secondary ha status shows secondary lost primary. From primary logs I can see the below errors which indicates to communication issue between primary and secondary :

RMAN-00571: ===========================================================

RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============

RMAN-00571: ===========================================================

RMAN-00601: fatal error in recovery manager

RMAN-03004: fatal error during execution of command

ORA-12537: TNS:connection closed

RMAN-06900: WARNING: unable to generate V$RMAN_STATUS or V$RMAN_OUTPUT row

RMAN-06901: WARNING: disabling update of the V$RMAN_STATUS and V$RMAN_OUTPUT rows

ORACLE error from target database:

ORA-03113: end-of-file on communication channel

Process ID: 7483

Session ID: 246 Serial number: 1

These errors indicate to communication issue between primary and secondary , as you stated the network bandwidth between two servers is not as the required 1Gbps , check that as mentioned below :

During the high-availability registration, ensure that the bandwidth between the primary Prime Infrastructure and the secondary Prime Infrastructure is 1Gbps.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/administrator/guide/PIAdminBook/config_HA.html

Now now now. I have a big issue with that bandwidth set. Obviously the servers are geographically separated. I think the bandwidth limit set is rather unrealistic especially if you have MPLS links that are so damn expensive!!! The TAC conclusion was as follows.

so this behavior is expected and the HA wont work unfortunately , since these two servers are on different subnet with MPLS it wont be possible to grant such bandwidth so you can sue the two servers as standalone separately.

You will reimage the secondary to have the primary setup . I apologize for your network structure doesn’t meet the needed requirements for HA.

I hope I could be with more help for you. As agreed I will proceed with closing this case .

Yep. so there goes 🙂 I will need to reimage the server and install it as a standalone then just have similar devices register to it. Thats the only redundancy that I will be able to achive with a WAN link less than 1 Gbps 🙂

See you in my next blog as we set up a standalone server 🙂

 

Cisco Prime: Installation of Cisco Prime v2.0 – Secondary Server

Posted on Updated on


We will be dealing with the express installation file. The Express option replaces the Medium and Small options supplied in previous versions of Prime Infrastructure.

2014_07_03_14_12_51_Cisco_Prime_Infrastructure_2.0_Quick_Start_Guide.pdf_Adobe_Reader

Here are the scaling limits for express installation

2014_07_03_14_18_29_Cisco_Prime_Infrastructure_2.0_Quick_Start_Guide.pdf_Adobe_Reader

Installation process. To begin we need to login as setup.

2014_07_03_15_17_23_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

Fill in network parameters

2014_07_03_15_27_46_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

 

Wait for installation

2014_07_03_15_30_45_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

 

Specify that the server will act as secondary server

2014_07_03_15_56_23_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

Apply settings

2014_07_03_15_56_47_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

Wait for setup to complete and reboot the server

 

2014_07_03_16_03_42_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

 

For some reason, rebooted twice…

2014_07_03_16_06_04_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

 

Taraaaaa!!!!

2014_07_03_16_10_42_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

 

To connect to the secondary server via webinterface

https://10.XX.X.XXX:8082/

The server requests you for the authentication key that we had configured. 2014_07_03_16_20_28_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

Also, you can see that the HA status is not yet configured. That’s something for another post.2014_07_03_16_20_51_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

CCDP ARCH Summary Notes 1

Posted on


Covered Topics:

  • Topic 1 – Cisco SONA
  • Topic 2 – Cisco Enterprise Architecture

Hiererchial Architecture

  • Core – High end switching. Backbone of the network.Uses CEF and very little policy. Able to adopt to changes quickly. Optimizes transport of communication. Multilayer switching.
  • Distribution – policy based connectivity. This is agregated in wiring closets. For the WAN, its the edge of the campus and provides policy based connectivity (QoS, Security). Usually multi layer switching.
  • Access – Local and remote access. Access to both wired and wireless device. Connects to the WAN, Data Center, PSTN and Internet. For the WAN, its for teleworkers and remote sites. Usually L2 switching, IDS,IPS, ASA

Service Oriented Network Architecture (SONA)

Connects all the components of the IT Infrastructure to provide intelligence of the network. Components include:

  • Intergrated Network Systems layer – Campus, data center, branch, enterprise edge, WAN,MAN, Teleworker. All IT resources are interconnected – servers etc. The customer has anywhere, anytime connectivity.
  • Intergrated Network services layer _ Management services, Security, Storage, Voice and collaboration, Identity services, Network Infrastructure Virtualization.
  • Application layer – business applications (Sharepoint, E-comm) and Collaboration level (VoIP, Instant messaging services, Unified messaging, Cisco unified meeting Place, Contact center)

Benefits of SONA.

  • Functionality – supports company needs.
  • Scalability – enables the company to grow and expand.
  • Availability – system uptime and reliabilty
  • Performance – responsiveness, maximization
  • Manageability – can control, monitor, fault detection and toubleshoot organization
  • Efficiency – make sure that services are delivered within budget and as expected.

Infrastructure Services

Supports application awareness. Provides intelligence of the network.

Include the following:

  • Voice Services – IP Telephony
  • Security Services – confidentiality and overal protection of the network
  • Mobility Services – 802.1X and EAP, Wireless Services.
  • Storage services – SAN
  • Compute Services
  • Identity Services.

Cisco Enterprise Architecture

Service Provider Edge – Provides Internet and voice services that go outside the enterprise. Has Security, SLA,

Enterprise Edge – Has several modules (WAN, Ecommerce, Internet Module and Remote access layer)

Enterprise Campus – combines switching and routing. Multicast support, QoS, Voice and Video, Protecting against malware, 802.1x solutions, can use IPSec and MPLS VPNs. It is broken into Data center, Campus backbone (high speed pipes), Building distribution (most of the policies are implemented here),  Building Access layer.

 

 

 

CCNA Wireless Summary Notes: Configuring a WLAN

Posted on


WLAN connects the wired network (VLAN) to the wireless network (SSID). Different WLANs cannot communicate unless the traffic is routed in the wired network.

WLAN Limitations:

  1. WLC supports a max of 512 WLANs. Only 16 can be actively configured on an AP.
  2. Advertising each WLAN uses up valuable airtime.
  3. Each WLAN requires beacons to advertise it. A min of 100 beacons can be sent per second. The more the WLANs, the more the beacons.

Always limit number of WLANs to <=5.

Configuring a WLAN

  1. Radius server configuration

2014_06_27_12_22_06_10.44.20.50_Remote_Desktop_Connection

2) Create a Dynamic Interface

2014_06_27_12_45_12_10.44.20.50_Remote_Desktop_Connection

3) Creating a New WLAN

The ID number is used as an index into the list of WLANs that are defined on the controller. Ususally used when configuring the WLC in Cisco Prime using templates.

4) Configure the type of WLAN Security to be used

5) You may choose to specify WLAN QoS or use default which is best effort.

6) Configure advanced security features

By default, a client session is 30 minutes (1800 sec) then it needs to reauthenticate.

2014_06_27_17_06_51_NMDCBPWLC100

 

 

CCNA Wireless Summary Notes: Understanding Wireless Client

Posted on


Overview of common clients

  1. Windows 7 and 8
  2. Intel PROSet – It can be installed if you are using Intel Wireless adapter. Its preferable when dealing with lightweight extensible Authentication Protocol (LEAP), EAP Flexible Authentication by Secure Tunneling (EAP-FAST), or Cisco Compatible Extensions (CCX) because these are not supported by Windows.
  3. Android
  4. Apple OS X
  5. Cisco AnyConnect. It runs on virtually most of the OS that we have so far and does not depend on the connection type. Has the following modules:
    1. VPN
    2. Diagnostic and Reporting Tool (DART) – for troubleshooting
    3. Network Access Manager (NAM) – controls authentication
    4. Posture Assessment – before it builds a connection, it verifies that the necessary elements like the antivirus and firewall are installed.
    5. Telemetry – sends info back to the web filtering infrastructure
    6. Web Security – enforces security policies according to Cisco Web Security policies.
  • For Anyconnect to manage wireless connections, the NAM and VPN modules should be installed.
  • Policies are created on Cisco Adaptive Security Appliance (ASA) through its Adaptive Security Device Manager (ASDM) management front end and pushed to the client.
  • The main AnyConnect client interface consists of VPN, network, and web security functions

Cisco Compatible Extensions (CCX)

CCX program can be used to verify that clients support wireless enhancements. There are several versions of this program v5 being the current one. v4 and v5 are interactive and the client reports information about itself to the wireless infrastructure.

Management frame protection (MFP) addresses an inherent weakness in the management frames that an AP transmits. This is supported in v5.

Features supported in CCX v1 to v5 from CCNA Wireless OCG.

2014_06_25_16_42_43_CCNA_Wireless_640_722_Official_Cert_Guide_SECURED_Adobe_Reader

CCX Lite – simplifies the compatibility process as not all features are needed in all devices. Its categories are:

  • Foundation – core features common in like all devices
  • Voice – supports features like CAC, voice metrics etc
  • Location – for real time tracking
  • Management – features like client and link management are included.

For a device to be CCX certified, it needs to be compliant with the Foundation Module. The other modules are optional

From CCNA Wireless OCG. Security features supported in CCX.

  • 802.1x is in all versions
  • WPA from CCXv2
  • WPA2 from CCXv3 but
    • PEAP-MSCHAP and EAP-TLS introduced in CCXv4
    • EAP-FAST introduced in CCXv3
  • MFP in v5 only

2014_06_25_16_52_59_CCNA_Wireless_640_722_Official_Cert_Guide_SECURED_Adobe_Reader  2014_06_25_16_53_39_CCNA_Wireless_640_722_Official_Cert_Guide_SECURED_Adobe_Reader

 

 

Cisco ACS 5.4: Importing user file using .csv

Posted on


How to create a list of users and add them to the ACS

2014_06_18_13_41_33_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

 

2014_06_18_13_44_45_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

2014_06_18_13_45_51_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

2014_06_18_13_47_22_Program_Manager

2014_06_18_14_12_26_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

2014_06_18_13_54_23_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

2014_06_18_13_55_48_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

 

2014_06_18_14_08_56_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

Finally lets confirm that all users have been added

2014_06_18_14_10_21_wldcbpinf02.mkcorp.com_Remote_Desktop_Connection

Patching Cisco ACS 5.4

Posted on


Current Status and version before patching

acs100/admin# show application version acs

Cisco ACS VERSION INFORMATION
—————————–
Version : 5.4.0.46.0a
Internal Build ID : B.221

acs100/admin# show application status acs

ACS role: PRIMARY

Process ‘database’                  running
Process ‘management’                running
Process ‘runtime’                   running
Process ‘ntpd’                      running
Process ‘view-database’             running
Process ‘view-jobmanager’           running
Process ‘view-alertmanager’         running
Process ‘view-collector’            running
Process ‘view-logprocessor’         running

Showing path to the ftp server where my patch files are

repository FTP
  url ftp://172.0.6.67/
  user admin password plain test1234

Making sure that I am able to reach my server

acs100/admin# ping ip 172.0.6.67
PING 172.0.6.67 (172.0.6.67) 56(84) bytes of data.
64 bytes from 172.0.6.67: icmp_seq=1 ttl=128 time=0.505 ms
64 bytes from 172.0.6.67: icmp_seq=2 ttl=128 time=0.490 ms
64 bytes from 172.0.6.67: icmp_seq=3 ttl=128 time=0.441 ms
64 bytes from 172.0.6.67: icmp_seq=4 ttl=128 time=0.440 ms

Patching process

acs100/admin# acs patch install 5-4-0-46-6.tar.gpg repository FTP
Installing ACS patch requires a restart of ACS services. Continue?  (yes/no) y
Calculating disk size for /opt/CSCOacs/patches
Total size of patch files are 1103 M.
Max Size defined for patch files are 1000 M.
WARNING: Patch of size 1103 M exceeds the allowed quota of 1000 M. This will not                                       prohibit patch installation process as long as there is enough disk space. Please note that this indicates you should consider moving ACS to a higher disk space machine
Stopping ACS.
Stopping Management and View………………………………………………………
Stopping Runtime……..
Stopping Database…….
Stopping Ntpd….
Cleanup..
Stopping log forwarding …..
Installing patch version ‘5.4.0.46.6’
Installing ADE-OS 1.2 patch.  Please wait…
Decompressing patch files 5.4.0.46.6 …
About to install files
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
/opt/CSCOacs/patches/5-4-0-46-6
Patch ‘5-4-0-46-6’ version ‘5.4.0.46.6’ successfully installed
Starting ACS ….

To verify that ACS processes are running, use the
‘show application status acs’ command.

 

Verifying that the ACS is back up and the processes are running. It wook a few minutes for all processes to finish initialization

acs100/admin# show application status acs

ACS role: PRIMARY

Process ‘database’                  running
Process ‘management’                running (HTTP is nonresponsive)
Process ‘runtime’                   running
Process ‘ntpd’                      running
Process ‘view-database’             Restarting
Process ‘view-jobmanager’           initializing
Process ‘view-alertmanager’         initializing
Process ‘view-collector’            initializing
Process ‘view-logprocessor’         initializing

acs100/admin# show application status acs

ACS role: PRIMARY

Process ‘database’                  running
Process ‘management’                running
Process ‘runtime’                   running
Process ‘ntpd’                      running
Process ‘view-database’             running
Process ‘view-jobmanager’           running
Process ‘view-alertmanager’         running
Process ‘view-collector’            running
Process ‘view-logprocessor’         running

Confirming that the version has been updated

acs100/admin# show version

Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.3.063
ADE-OS System Architecture: i386

Copyright (c) 2005-2011 by Cisco Systems, Inc.
All rights reserved.
Hostname: acs100

Version information of installed applications
———————————————

Cisco ACS VERSION INFORMATION
—————————–
Version : 5.4.0.46.6
Internal Build ID : B.221
Patches :
5-4-0-46-6

And just because I feel like rebooting the server to make sure that all is well, lets stop the services

acs100/admin# acs stop

Stopping ACS.
Stopping Management and View………………………………………………………
Stopping Runtime……..
Stopping Database…….
Stopping Ntpd….
Cleanup..

Reload

acs100/admin# reload
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration…
Saved the ADE-OS running configuration to startup successfully
Continue with reboot? [y/n] y

Broadcast message from root (pts/0) (Tue Jun 17 14:00:07 2014):

The system is going down for reboot NOW!

And finally confirm that all is well after reboot

ACS100/admin# show application status acs

ACS role: PRIMARY

Process ‘database’                  running
Process ‘management’                running
Process ‘runtime’                   running
Process ‘ntpd’                      running
Process ‘view-database’             running
Process ‘view-jobmanager’           running
Process ‘view-alertmanager’         running
Process ‘view-collector’            running
Process ‘view-logprocessor’         running

There you go. Easy pizzy 🙂

 

CCNA Wireless Summary Notes: Managing Wireless Networks with Wireless Control System (WCS) & sneakpeak into Cisco Prime Interface.

Posted on


Evolution of WCS

Cisco WCS (no longer supported)  -> Cisco Prime Network Control System (NCS) -> Cisco Prime Infrastructure (PI): Works with both wired and wireless.

WCS

Hosted on 32-bit Windows 2003 SP1+ or Red Hat Linux ServerHas 2 Forms

  1. WCS Base ( clients located in relation to nearest AP)
  2. WCS Plus ( clients location more accurate and can also use MSE for tracking).

Licencing

  1. Single Server Licence for 50, 100 or 500 APs
  2. Enterprise licence (only for WCS Plus) – can support 1 or more server instances with a max of 50000 APs

Cisco WCS Navigator acts as a single interface to access up to 20 distinct WCS servers. This is a separate product.

WLC Page Displays

  • Alarm Summary
    1. Grouped as critical, major and minor
    2. WCS will remember each alarm for a default period of 15 days or until someone takes some action on it.
    3. Actions to be performed on Alarms:

Assign to me – remains in your alarm list

Unassign – removed from your alarm list

Delete – WCS will forget about it

Clear – WCS will record it and remove from list

Acknowledge – alarm has been checked and can be removed from the list

Unacknowledge – Alarm is added back to the list

Email notification

  • Main Navigation Area
    1. Functions that can be performed

Monitor

Reports

Administer WCS

Configure – changes to WLCs, APs etc

Services – Intergrate WCS with external services

Tools – Perform audits, attach info to Cisco TAC requests

Help

  • Home
    1. Displays charts and graphs of wireless activity.
    2. Is customizable for each user

WCS to configure devices

Configure > Controllers (add correct SNMP settings for the controller to be added)

WCS Maps

Monitor > Maps

  • WCS maps are organized in a tree-like structure. A campus contains one or more buildings or outdoor areas. Each building can contain one or more floor maps. By default, maps are placed into a system campus.
  • WCS computes the RF signal strength for each AP and displays the results as a colored heatmap. Red represents a strong signal (–35 dBm), progressing through orange, yellow, green, and then blues and purples at the weak end of the scale
    (–90 dBm).
  • WCS updates the AP icons based on current conditions. A green icon – AP radio that is working properly, with no faults or alarms. A yellow icon – AP radio with a minor alarm, while a red icon indicates a major alarm.

In summary, the interface for the WCS is similar to the Prime Infrastructure Interface. Since PI is what I have for now, I will show you the interface that it has. Please note that PI is not covered in the CCNA series so this is just additional information for those who want 🙂

Home

Image

What you can access from Cisco Prime Infrastructure Monitor Interface

Image

Configure Interface

Image

Services allow you to add access to external services like MSE for tracking

Image

The report tab can be used to generate reports

Image

The Administration tab can be used to configure the PI itself

Image

Oh, Forgot to mention that the alarms were moved to the bottom for the PI

2014_06_17_12_20_18_Cisco_Prime_Infrastructure_Monitor_Maps_Area_View_172.20.74.187

Last but not least, the most interesting part of it all offcourse is the site map 🙂

2014_06_17_12_17_36_Cisco_Prime_Infrastructure_Monitor_Maps_Area_View_172.20.74.187

 

CCNA Wireless Summary Notes: Dealing with Wireless Interference

Posted on


Interference – 802.11 that originates form a source other than the expected APs

Noise – Signals that originate from a source that is not 802.11

Common non-802.11 devices that can interfere with a WLAN

Bluetooth

  • Has low power consumption
  • Grouped in 3 classes (class 1 – 1mW, class 2 – 2.5 mW, class 3 – up to 100mW and is less common)
  • Operates in 2.4-GHz ISM band but Not compatible with 802.11 standard
  • Up to eight devices can be paired or linked into a PAN, with one device taking a master role and the others operating as slaves

ZigBee

  • Defined in the IEEE 802.15.4 standard
  • allocates the 2.4-GHz ISM band into 16 channels of 5 MHz each
  • has a low duty cycle and does not utilize a channel much of the time
  • Low power consumption
  • Low transmit power level hence less interference
  • Low data rates ( 20 to 250 Kbps).
  • commonly used for energy management and home and building automation applications

Cordless Phones

  • Phones that are advertised to use the 2.4- and 5.8-GHz bands can cause significant interference with nearby WLANs
  • Can use one channel at a time, but can also change channels dynamically
  • Transmit power can rise up to 250mW (more than AP maximum power)
  • DECT phones do not use the 2.4-GHz ISM band hence do not cause interference with 802.11 WLANs. They operate in the upper portion of the 1.8 GHz band in Europe, Asia, Australia, and South America. For America – 1.9 GHz.

Microwave Ovens

  • Microwave ovens are free to use the 2.4-GHz ISM band and most produce a signal that spreads over a large portion of the band
  • Microwaves are commonly rated to generate around 700 W of power inside the oven. Leaked energy often interferes with nearby APs.

WiMAX (Worldwide Interoperability for Microwave Access)

  • Specified in the IEEE 802.16 standard and not compatible with 802.11 WLANs
  • Provides “last mile” broadband access to consumers within a geographic area
  • WiMAX does not require line of sight with a base station, so it can offer connectivity to many fixed and mobile users within a 3 to 10-km radius
  • Uses several bands between 2 and 11 GHz and from 10 to 66 GHz
  • Can cause interference but highly unlikely.

Cisco CleanAir

This is a spectrum analysis capability built right in to the radio hardware that enables the AP to operate normally and also monitor RF energy on that channel, analyze the data, and report specific information about any interfering devices without interrupting normal WLAN operation. 802.11 frames are processes normally using the split MAC architecture whereas the non 802.11 signals are processed by the spectrum analysis hardware in the AP then sent tp WLC which can also send the information to the MSE so that the interference is located. Using Radio Resource Management (RRM) process and Event-driven RRM, the interference can be interacted automatically – AP can be moved to a different channel.

Check Channel quality for AP

Monitor > Access Points > Radios > 802.11a/n or 802.11b/g/n .

Image

Enable CleanAir

Image

Interference

The duty cycle is the percentage of time the source is transmitting on the channel, which indicates its persistence or how much of the airtime the interferer is consuming. The AP combines the RSSI and duty cycle into a severity index value. Severity ranges from 0 (not severe) to 100 (very severe).

Interference device reports

Image

Cisco WLCs can do a better analysis by calculating an air-quality index (AQI) for each AP and its channels which indicates WiFi health within an AP’s cell (0 -unusable, 100 – perfect).

Image

Event-Driven RRM (ED-RRM)

CleanAir and RRM can work together so that controllers actually take some action on interference events at the regular RRM intervals which by default is 10 minutes (when the dynamic channel algorithm is run by the controller).

With (ED-RRM) the RRM DCA process is triggered immediately an interference is reported by an AP. You must enable it then specify AQI threshold that will be used as the baseline.

Enable ED-RRM and chose AQI threshold

Image

Cisco 5508 Wireless LAN Controller Software Image Upgrade to 7-0-250-0 via web

Posted on


Initial Software Version 

Image

 

Upgrade Parameters for FTP server 

Image

Reboot

Image

Wait 

Image

Verify 

Image

Done. You may require to upgrade FUS. This is covered in a later blog.