Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About patoberli
Stats
Member since
01-26-2006
3369
Posts
1768
Helpful
197
Solutions
Created by
.jpg "VIP Advocate")
patoberli
in Wireless Security and Network Management
patoberli
in Wireless Security and Network Management
11-23-2011
03:41 AM
11-23-2011
03:41 AM
Do you maybe have more information about this? I receive that alarm around 10-30 times a day on our campus. WCS treats this alarm with a Severity of Critical and thus I receive the email. But the email does not really contain any details. Is there a way to troubleshoot this issue on the controllers? Is there a way to found out which controller raised the alarm? The alarm usualy goes away after 1-2 minutes.
... View more
Created by
patoberli
in Security Documents
patoberli
in Security Documents
10-17-2011
08:33 AM
10-17-2011
08:33 AM
Hi, I have done that in CSM 4.2, but for some reason the Event Viewer drops the Events. It shows "Events from unmonitored devices are dropped" but I've selected all devices to be monitored. Any idea? [Edit] Nevermind, just found the reason in a Cisco document: "Note To reliably report events from contexts in multiple-context mode, Cisco Event Viewer requires an IP address for the management interface of each context." [/edit] Thanks Patrick
... View more
06-08-2011
01:20 AM
Just discovered that UDP/443 was blocked on our external firewall, thus DTLS was never in use, only TLS (visible in Anyconnect). Now, with DTLS, the performance is around 6 times higher as it was before, even though there are around 2-4 times more still possible (in theory). The hunt for more speed continues...
... View more
04-19-2011
05:13 AM
This sounds interesting, but is probably not what I need. I would like to analyze all the traffic flowing through the router. I wonder if our ASA 5520 would be enough powerful, but it seems (at least on the paper) that the generated Netflow information there misses the packetsize part
... View more
04-19-2011
02:54 AM
Hi All We soon get new Internetrouters, two C3560X with IPServices, which don't offer Netflow. They do offer Spanports which I like to utilize. I found several tools like nfsen or Scrutinizer which can make nice statistics about the link usage and the IP addresses creating the most traffic (the main feature I need). Do you know of any software that offers those features with a Span port? Thanks, pato
... View more
Labels:
Re: WCS 7.0 install on Virtual Machine ...
patoberli
in Wireless Security and Network Management
04-15-2011
04:43 AM
04-15-2011
04:43 AM
Hi Arjan Did you ever get an answer to this? I still have the issue, even with the very latest version. Pato
... View more
Created by
patoberli
in VPN and AnyConnect
patoberli
in VPN and AnyConnect
04-12-2011
08:08 AM
04-12-2011
08:08 AM
Have you found any solution? We also seem to face this issue
... View more
Created by
patoberli
in Other Wireless - Mobility Subjects
patoberli
in Other Wireless - Mobility Subjects
03-11-2011
12:51 AM
03-11-2011
12:51 AM
Found the crashfile on the controller (under Management -> Tech Support -> AP Crash Log) So far it's rare enough that an engineering build isn't worth the effort of upgrading my 4 controllers. It happend on 3 (of +80) APs in the last 5 months, that's so far ok. But I still hope that Cisco will soon release a new build, because of some DHCP bugs in the current build.
... View more
Created by
patoberli
in Other Wireless - Mobility Subjects
patoberli
in Other Wireless - Mobility Subjects
03-10-2011
11:55 PM
03-10-2011
11:55 PM
Hi One of my AIR-CAP3502I-E-K9 just crashed. It rebooted itself and came back to service. In the logs I see this here: *Mar 1 00:00:09.669: *** CRASH_LOG = YES *Mar 1 00:00:09.971: soap_extern_intr_dispatch: no handler for UIC2 intrno 12 level 4 *Mar 1 00:00:10.270: soap_extern_intr_dispatch: no handler for UIC2 intrno 12 level 4Security Core found. (no idea if this is important) *Mar 11 07:17:12.683: %CAPWAP-3-ERRORLOG: Received a upload request from controller for type 1 *Mar 11 07:17:21.966: %CAPWAP-3-ERRORLOG: capwap_data_upload_proc: copy flash:crashinfo_20110311-071518 to capwap:/crashinfo complete Now a dir flash: doesn't show a crashfile anymore: 3502AGN-1100a-2#dir flash: Directory of flash:/ 2 -rwx 6168 Mar 11 2011 07:37:08 +00:00 private-multiple-fs 3 -rwx 1471 Jan 27 2011 12:16:00 +00:00 event.log 4 -rwx 232 Mar 11 2011 07:17:12 +00:00 env_vars 5 drwx 512 Jan 27 2011 12:16:00 +00:00 ap3g1-k9w8-mx.124-23c.JA 39 -rwx 64 Mar 1 2002 00:14:21 +00:00 sensord_CSPRNG1 40 -rwx 64 Mar 1 2002 00:14:21 +00:00 sensord_CSPRNG0 9 drwx 128 Mar 1 2002 00:12:42 +00:00 ap3g1-rcvk9w8-mx 31481856 bytes total (23710208 bytes free) and a show crash shows: 3502AGN-1100a-2#sh crash ==== Last Crash Saved in OCM ==== Stacks: Last reset from Exception! SP: 0x02688338 PC: 0x02692358 SP: 0x02688398 PC: 0x00498490 SP: 0x026883C8 PC: 0x0047F3BC SP: 0x02688480 PC: 0x0048A0A0 -Traceback= 0x02692358 0x00498490 0x0047F3BC 0x0048A0A0 Registers: exception counter: 1431677610 Vector 0x00001400 CPU_TYPE 0x00001302 R0 0x00000000 PC 0x00497164 MSR 0x00029200 CR 0x42000022 LR 0x00498490 CTR 0x0007497C XER 0x00000000 ESR 0x00000000 BEAR 0x00000000 DEAR 0x0B0D0B0D ==== Last Reset Saved in OCM ==== 3502AGN-1100a-2# Anybody knows where I could find the complete crashlog and if this is maybe a known bug? It's not in the configured TFTP folder. The controller is running 7.0.98.0. Thanks Pato
... View more
Created by
patoberli
in VPN and AnyConnect
patoberli
in VPN and AnyConnect
02-11-2011
01:15 AM
02-11-2011
01:15 AM
Wow thanks, that worked For Windows Vista/7 users, you have to enable the "show hidden files" and also "show protected system file" to see the correct folder.
... View more
Created by
patoberli
in Wireless Security and Network Management
patoberli
in Wireless Security and Network Management
02-08-2011
07:18 AM
02-08-2011
07:18 AM
This Setup works absolutely fine here. Did something else change? Maybe the ip address of the DHCP server? Can you sniff the packets on a client and check if you get any DHCP reply at all? - pato
... View more
02-04-2011
07:37 AM
Some addition, this is how it currently looks on the context: ! class-map inspection_default match default-inspection-traffic ! ! policy-map CSM_POLICY_MAP_global_4 class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect smtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp ! service-policy CSM_POLICY_MAP_global_4 global Do I need to create a new policy or do I need to add it to the current (would the inspects stop working if I would create a new one?)? This here is what I haven't figured out yet: class-map TCP match port tcp range 1 65535 policy-map global_policy class TCP set connection random-sequence-number disable service-policy global_policy global
... View more
Created by
patoberli
in Security Documents
patoberli
in Security Documents
02-04-2011
12:42 AM
02-04-2011
12:42 AM
Thanks for the anser One more question, to disable the adjustment, is it either no sysopt connection tcpmss or sysopt connection tcpmss 65535 or sysopt connection tcpmss 0 Thanks for your help! Patrick
... View more
Created by
patoberli
in Security Documents
patoberli
in Security Documents
02-03-2011
08:12 AM
02-03-2011
08:12 AM
Thanks for this good post! I have some question though. What would happen if I disable TCP MSS adjustment, but leave the MTU on 1500? And are there any applications that could break because of this configuration?
... View more
Created by
patoberli
in Wireless Security and Network Management
01-31-2012
01-31-2012
I've just rechecked it with our infrastructure. You need the certificate
on the Radius server, becau...
Created by
patoberli
in Wireless Security and Network Management
01-31-2012
01-31-2012
Oh sorry, forgot that part. You do need at least a self-signed
certificate on the (as far as I remem...
Created by
patoberli
in Wireless Security and Network Management
01-30-2012
01-30-2012
Hi, yes this is without a problem possible. First you need to install
the Radius component on the IA...
01-16-2012
Thanks for your information.I guess I can't do much in that case,
besides hoping that the users don'...
01-16-2012
Thanks for the info.What I just discovered, the other end of the cable
(a Catalyst 6500E) also shows...
01-16-2012
Hi NikThanks for your reply. This does not absolutely make me happy, as
I expected that the 3750G pl...
01-16-2012
HiI just found this thread because we have a similar issue. It's a stack
consisting of two WS-C3750E...
Created by
patoberli
in Wireless Security and Network Management
11-23-2011
11-23-2011
Do you maybe have more information about this?I receive that alarm
around 10-30 times a day on our c...
Created by
patoberli
in Security Documents
10-17-2011
10-17-2011
Hi, I have done that in CSM 4.2, but for some reason the Event Viewer
drops the Events. It shows "Ev...
06-08-2011
Just discovered that UDP/443 was blocked on our external firewall, thus
DTLS was never in use, only ...
04-19-2011
This sounds interesting, but is probably not what I need.I would like to
analyze all the traffic flo...
04-19-2011
Hi AllWe soon get new Internetrouters, two C3560X with IPServices, which
don't offer Netflow. They d...
04-15-2011
Hi ArjanDid you ever get an answer to this?I still have the issue, even
with the very latest version...
Public Statistics
| Date Registered | 01-26-2006 06:19 AM |
| Date Last Visited | 12-11-2019 05:03 AM |
| Total Messages Posted | 3,369 |
| Total Helpful Votes Received | 1768 |
Helpful Votes Given To
Helpful Votes From
Awards
Cisco Designated VIPs
2019 Wireless
