I have 6 brand new AP1852 ( all in LAP mode ) 1 AP changed to Mobility express (WLC ) --> ap-type mobility-express tftp://<ip-tftp-server>/AIR-AP1850-K9-8.2.100.0.tar  (newest firmware) This WLC (and AP ) is ok .. set basic parameters (Web interface very very poor !!!! ) use CLi for SNMP V3, RADIUS , ... this WLC user ntp server and time zone (Amsterdam, Berlin, Rome, Vienna ) GMT +1:00 ) and summer time. The AP one this WLC controller is working fine. Then I tryed to add a new AP (LAP ) same device , software = 8.1.131.0 . Device will discover WLC (CAPWAP broadcast ) ... but it wil not dowload (or compleet) image .. only thing that i can notis = the time diverence ...  AP = GMT exaple 09:24:23 and WLC = Timezone corected (and local time) 11:24:23 .. This is a smart log of the discovery of the WLC ... I have DHCP option to set the Time zone (works great for Cisco switches) but these AP and WLC will not use it ... ) Discovery Request sent to 255.255.255.255 with discovery type set to [*04/13/2016 08:48:06.3999] CAPWAP State: Init. [*04/13/2016 08:48:06.3999] [*04/13/2016 08:48:06.3999] CAPWAP State: Discovery. [*04/13/2016 08:48:06.3999] [*04/13/2016 08:48:07.3996] Discovery Response from 10.12.0.11 ******I think here AP uses his own NTP server (cisco) to corect the time, only wrong time zone ! ******* [*04/13/2016 09:06:35.0399] device capwap0 entered promiscuous mode [*04/13/2016 09:06:35.0799] device capwap1 entered promiscuous mode [*04/13/2016 09:06:43.4674] Selected MWAR 'apc-11' 10.12.0.11 (index 0). [*04/13/2016 09:06:43.4674] Ap mgr count=1 [*04/13/2016 09:06:43.4674] Go join a capwap controller. [*04/13/2016 09:06:43.4674] Choosing AP Mgr with index 0, IP = 10.12.0.11, load = 1.. [*04/13/2016 09:06:43.4674] Synchronizing time with AC time: 1460538395 [*04/13/2016 09:06:35.0000] CAPWAP State: DTLS Setup. [*04/13/2016 09:06:35.0000] [*04/13/2016 09:06:35.0599] Dtls Session Established with the AC 10.12.0.11, port= 5246 [*04/13/2016 09:06:35.0599] CAPWAP State: Join. [*04/13/2016 09:06:35.0599] [*04/13/2016 09:06:35.0699] PATH_MTU_PAYLOAD: encodelen = 273 [*04/13/2016 09:06:35.0699] PATH_MTU_PAYLOAD: slotId = 0 [*04/13/2016 09:06:35.0699] PATH_MTU_PAYLOAD: slotId = 0 pktlen 1485 capwap_size 1360 met->encode [*04/13/2016 09:06:35.0699] PATH_MTU_PAYLOAD: slotId = 0 len 1485(1071) [*04/13/2016 09:06:35.0699] Sending Join Request Path MTU payload, Length 1360 [*04/13/2016 09:06:35.0699] [*04/13/2016 09:06:35.0899] Join Response from 10.12.0.11 [*04/13/2016 09:06:35.0899] AC accepted join request with result code: 0 [*04/13/2016 09:06:35.0899] [*04/13/2016 09:06:35.0899] PMTU : Setting MTU to : 1485 [*04/13/2016 09:06:35.0899] [*04/13/2016 09:06:35.0899] Starting Post Join timer [*04/13/2016 09:06:35.0899] CAPWAP State: Image Data. [*04/13/2016 09:06:35.0899] ***** AP see new firmware on the WLC ****************** [*04/13/2016 09:06:35.0899] AP current image version 8.1.131.0 [*04/13/2016 09:06:35.0899] Controller current image version 8.2.100.0 [*04/13/2016 09:06:35.0899] Version does not match. [*04/13/2016 09:06:35.0899] AP backup image version 0.0.0.0 [*04/13/2016 09:06:35.1199] do PRECHECK, part1 is active part [*04/13/2016 09:06:35.1399] Stopping Post Join Timer and Starting HeartBeat Timer [*04/13/2016 09:06:35.1399] Image Data Request sent to 10.12.0.11 [*04/13/2016 09:06:35.1399] Image Data Response from 10.12.0.11 [*04/13/2016 09:06:35.1399] [*04/13/2016 09:06:35.1399] AC accepted join request with result code: 0 [*04/13/2016 09:06:35.1399] [*04/13/2016 09:06:35.1399] Starting image download............. [*04/13/2016 09:08:29.0444] Invalid event 50 & state 10 combination. [*04/13/2016 09:08:29.0444] SM handler: Failed to process timer message. Event 50, state 10 [*04/13/2016 09:08:29.0444] Failed to handle timer message. [*04/13/2016 09:09:23.6873] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:09:23.7073] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:12:23.6910] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:12:23.7110] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:15:23.6948] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:15:23.7148] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:18:23.6885] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:18:23.7085] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:21:23.6923] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:21:23.7223] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:24:23.6960] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:24:23.7160] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:27:23.6898] Discarding msg type 9 in CAPWAP state: 10. [*04/13/2016 09:27:23.7098] Discarding msg type 9 in CAPWAP state: 10. ***** AP stays like this ....****** The 2 devices are connected to the same POE+ Cisco Switch, same untaged Vlan, no firewall or ACL precent .... I could upgrade this AP to Mobility expres like the 1ste one, but i would preffer the have a ZERO TOUCH AP deployment !!!! ... View more

Hello, i Work i a school responsible for al what is computer related (network, servers, workstations, ....) i have 31 SG300 series switches (L2) and 1 (2 in stack) Catalyst 2960X L3 switch acting as a Core switch. one link of the trunk goes to one interface of the stack, the second on goes to the second switch of the same stack. (for use of easy the same intereface number of the stack) (if on switch of the stack goes dead, everyting keeps on running ) als loadbalancing i use IP/MAC. The counter on the Core switch confirms that both links are used. example portchannel 24 = 1 link 1/0/52 (GIBIC Fiber) and 1 link 2/0/52 (Gibic Fiber) i have on the core switch 15 LACP connections ( every lacp connection = 2 X 1 GB ) and using Vlan trunks in every LACP aggregation, and on every switch i have STP (RSTP) configured. set STP FOR MORE THAN 1 YEAR every thing goes ok. the Switches have al the same default VLAN (changed to 10 , and this is also my untagged vlan for the trunks, so all my management interface of my netwerk are the sepparated VLAN 10 . I use many security items availeble on the SG300 . (STP, DHCP snooping, port security, loopback control, IP sourc guard , ARP protection ) LLDP of, CDP only for thunks .. Uplink (trunk) = ARP en DHCP trusted ! on the acces port for the workstation STP = guarding en port-fast . All the switches have almost the same config. (to last interfaces = TRUNK ) rest is ACCES Port with untaged VLAN depending of the usage device (domain member,workstation, ip phone, kopie/print , AP , ... ) but no this week strangs things happens on randomly 2 or 3 switches . normaly on my core switch i see the portchannel (etherchannel) the 2 interfaces in P modus (portchannel bond) but suddenly i get both connection in I modus (independend). my guesses is that the core is not receiving LACP pdu anymore !! my work around for the moment: shutdown 1 link on the core (the other stays in I mode ) reboot the SG300 switch (manualy) can not always connect with ssh or SSL ... after reboot the 1 link comes in P mode again. than I re enable the other link on the core and the second port joins the port channel again ... but after some time (couppel of days) the same tings happens again ... so for some reasons the SG300 switch STOPS sending LACP until after reboot. other things i have notice. sometime i can acces the switch with SSH but not with SSL (https) i use a public signd wildcard certificate. ( i notis with this certificate the webinterface is very slowy to load !! ) when i am able to connect with SSH i trey to connect with SSL, i see the couple packets on wireshare.. of the SSL connection but then it fails ..(webbrowser TLS error ....) even changing the certificat back to the default generated on ... set ip http secure-server on or off ..... if i enable the http then i can acces the switch webpage interface from http. the only sollution that works is reboot the switch. Second strang thing that i see when the i disable the interface of the failing LACP port, the interface STAYS UP !!!! even after new login on the webinterface !! Other strange thing: Sometime i can not acces the swith with SSH or SSL (https) but the SNMP query stil works !!! i can pull al the interfaces status. and the user vlans can keep on working . Al the switches have the SAME latest Firmware (1.4.1.3) . and on the core-switch the configurtion of the LACP (portchannels ) is the same. for management i use SNMP V3 with free NETXMS and traps, syslog ... I am used of the sg300 series switches for about 6 years now.. This strang thing is keeping my busy troubleshooting it for days no ..... not found any same thing ... Noting found in Logs of SG300..   ... View more

Hello, I have 2 brand new C2960x-48LPS-L  (Lan base image) with 2 C2960X-stack module and software 15.0.2-EX5. I have +- 20 Vlans configured with SVI (the gateway IP for all the Vlans subnets ) . This stack will be the L3 Core switch of a school network, also acting as DHCP relay client for all the VLANS ! 15 Vlans only need internet access (Guest Vlan, VOIP Vlan, ….) , must not be able to route to other Vlans. But IP Client must be able to receive IP address with DHCP IP Helper (Same switch) to the server VLAN. 2 Vlans need access (only the needed TCP / UDP ports ) to 1 other VLAN  with the Domainservers. 1 VLAN that I use for network managed may go thru other Vlans (RDP, FTP, NTP, HTTP …..) The IP routing and IP DHCP helper configured and ok, no I only have to Filter / limit the Vlans. Internet access (Vlan FIREWALL) must not be filtered , (that is the role of the firewall, to keep it simple ) Question : Filter on SVI ? or VLAN ?  I wanted to use ACL but I found out that I cannot use GROUP-OBJECT with this software !!!! Would managing ACL easy and save some resources !! ! Then a have read about Vlan mapping ??? do it work with standard ACL or also extended ACL ? in the future there could be some new Vlans adding, or site-to-site vpn tunneling connecting other school branches … Maybe configuration example ?  If u need more info just ask ….  Greetings …   ... View more

                   Hello i have a ip-cam that is connect with power inline on my cisco router, i want to scheduler a reboot daily, of this ip-cam is there a posibility to use a daily time (time-range) to shutdown the interface and back up, or shutdown de inline power on this interface and back up ? i have ios version 12.4 ... View more