Great idea, though not upkept... I don't frankly understand why not making a Module section for all SFPs related devices. As far as I remember they should be buried with some switches, but they are not so easily found - for instance atm I cannot find the 40gbps ones, nor the 10. I might just use the 1gbps for placement purpose, but unfortunately there doesn't seem to be an easy-to-read index either that could be consulted in order to find P/N and where the relative stencil is located. It should be a little easier - if they are modules that work with specific devices, just include them inside of the package, so one opens that specific device and already can see all the compatible HW.
... View more
we just deployed a new infrastructure based on 16 2802E APs on a 2504+HA WLC in Local Mode with RRM configured both on 2.4 and 5Ghz.
WLC is v. 220.127.116.11.
I have selected on the DCA on 5ghz these options
Unfortunately, even after Freeze+Invoke Channel Update and also config ap reset, the result is still this:
5ghz Antenna Status
I am quite confused, as I've seen one of the antennas just yesterday starting to broadcast on an 80mhz channel, but this won't happen any longer today. As you can see it's all automatic.
Any thoughts? Something that might be missing?
Thank you for your help.
... View more
Hi everybody, I'm trying to setup a EZvpn connection in lab prior to installing at a client's site. My configs SERVER [code] sh run Building configuration... Current configuration : 2096 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SERVER ! boot-start-marker boot-end-marker ! logging message-counter syslog ! aaa new-model ! ! aaa authentication login default local aaa authentication login USER local aaa authorization network GROUP local ! ! aaa session-id common memory-size iomem 25 dot11 syslog ip source-route ! ! ! ! ip cef ! multilink bundle-name authenticated ! ! ! username ezvpn password 0 ezvpn archive log config hidekeys ! ! crypto isakmp policy 1 encr aes authentication pre-share group 2 lifetime 7200 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 crypto isakmp client configuration address-pool local po ! crypto isakmp client configuration group EZVPN key Cisco123 dns 18.104.22.168 wins 22.214.171.124 pool EZVPN_POOL netmask 255.255.255.0 crypto isakmp profile EZVPN_PROFILE match identity group EZVPN client authentication list USER isakmp authorization list GROUP client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set EZVPN_SET esp-aes esp-sha-hmac ! crypto ipsec profile EZVPN_PROFILE set transform-set EZVPN_SET set isakmp-profile EZVPN_PROFILE ! ! crypto dynamic-map DYNMAP 10 ! ! crypto map EZVPN 10 ipsec-isakmp dynamic DYNMAP ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.248 duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.2.1 255.255.255.248 duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Virtual-Template1 type tunnel ip unnumbered FastEthernet0/1 tunnel mode ipsec ipv4 tunnel path-mtu-discovery tunnel protection ipsec profile EZVPN_PROFILE ! ip local pool EZVPN_POOL 10.0.0.10 10.0.0.20 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.2.6 no ip http server no ip http secure-server ! ! ! ! ! ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 ! scheduler allocate 20000 1000 end SERVER# [/code] CLIENT [code] sh run Building configuration... Current configuration : 2447 bytes ! ! Last configuration change at 16:33:15 LEGALE Thu Jun 20 2013 by Gencom2010 ! NVRAM config last updated at 16:33:16 LEGALE Thu Jun 20 2013 by Gencom2010 ! NVRAM config last updated at 16:33:16 LEGALE Thu Jun 20 2013 by Gencom2010 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CLIENT ! boot-start-marker boot-end-marker ! ! ! aaa new-model ! ! aaa authentication login default local ! ! ! ! ! aaa session-id common clock timezone SOLARE 1 0 clock summer-time LEGALE recurring last Sun Mar 2:00 last Sun Oct 3:00 crypto pki token default removal timeout 0 ! ! ip source-route ip cef ! ! ! ! ! no ipv6 cef ! ! license udi pid C887VA-W-E-K9 sn FCZ1708C26E ! ! ! ! ! ! controller VDSL 0 ! ! ! ! crypto ipsec transform-set EZVPN_SET esp-aes esp-sha-hmac ! crypto ipsec profile EZVPN_PROFILE set transform-set EZVPN_SET ! ! ! crypto ipsec client ezvpn EZVPN connect auto group EZVPN key Cisco123 mode network-extension peer 192.168.2.1 idletime 86400 ipsec-profile EZVPN_PROFILE username ezvpn password ezvpn xauth userid mode local ! ! ! ! ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface Ethernet0 no ip address shutdown ! interface FastEthernet0 switchport access vlan 2 no ip address ! interface FastEthernet1 description OUTSIDE no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP no ip address ! interface wlan-ap0 description Embedded Service module interface to manage the embedded AP no ip address ! interface Vlan1 description OUTSIDE ip address 192.168.3.1 255.255.255.248 ip nat outside ip virtual-reassembly in ip tcp adjust-mss 1300 crypto ipsec client ezvpn EZVPN ! interface Vlan2 description INSIDE ip address 192.168.4.1 255.255.255.248 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1300 crypto ipsec client ezvpn EZVPN inside ! ip forward-protocol nd no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 192.168.3.6 ! ! ! ! ! ! ! ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport input all stopbits 1 line vty 0 4 transport input all ! scheduler allocate 20000 1000 end CLIENT# [/code] There is a L3 switch in between that is doing routing, and the two routers can ping each others. When VPN is started up SERVER [code] *Jun 20 14:48:58.050: ISAKMP:(0): claimed IOS but failed authentication *Jun 20 14:49:08.534: ISAKMP (1393): Unknown Attr: MODECFG_HOSTNAME (0x700A) *Jun 20 14:49:08.534: ISAKMP:FSM error - Message from AAA grp/user. *Jun 20 14:49:08.542: ISAKMP:(1393):deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (R) QM_IDLE (peer 192.168.3.1) *Jun 20 14:49:08.546: ISAKMP:(1393):deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (R) QM_IDLE (peer 192.168.3.1) *Jun 20 14:49:08.546: ISAKMP:(0):Can't decrement IKE Call Admission Control stat incoming_active since it's already 0. *Jun 20 14:49:09.650: ISAKMP:(0): claimed IOS but failed authentication *Jun 20 14:49:09.690: ISAKMP (1394): Unknown Attr: MODECFG_HOSTNAME (0x700A) *Jun 20 14:49:09.694: ISAKMP:FSM error - Message from AAA grp/user. [/code] CLIENT [code] Jun 20 14:52:16.337: EZVPN(EZVPN) Server does not allow save password option, enter your username and password manually Jun 20 14:52:16.337: EZVPN(EZVPN): *** Logic Error *** Jun 20 14:52:16.337: EZVPN(EZVPN): Current State: READY Jun 20 14:52:16.337: EZVPN(EZVPN): Event: MODE_CONFIG_REPLY Jun 20 14:52:16.337: EZVPN(EZVPN): Resetting the EZVPN state machine to recover Jun 20 14:52:16.337: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Group=EZVPN Client_public_addr=192.168.3.1 Server_public_addr=192.168.2.1 Jun 20 14:52:16.337: ISAKMP:isadb_key_addr_delete: no key for address 192.168.2.1 (NULL root) Jun 20 14:52:16.337: ISAKMP:(2120):deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) QM_IDLE (peer 192.168.2.1) Jun 20 14:52:16.341: ISAKMP:(2120):deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) QM_IDLE (peer 192.168.2.1) [/code]
... View more
Hey community, I have no idea if you guys ever bumped into this issue, so I'll just put it as it is. I have to aforemention that I have web and jtapi user created, running and recognized/authenticated both on the CUCM and the CUE. My "verify" displays Web and Jtapi login success. Running the CTI ports lookup tool from CLI during the first run will return the correct ports and settings, but the system won't communicate correctly with CUCM (ports won't register). Deleting the CTI ports will then bring up another issue: IOException: Error while determining CCM version -2 Strangely enough, the -1 exception seems related to poorly configured networks and users, but the -2 doesn't seem to appear anywhere. Do you have any suggestions on what might be causing this issue? We have been investigating the problem, and already tried downgrading from 8.6.1 to 8.5.1 to no avail. Would be great if you had any kind of suggestions on how to solve this problem, as we have to deliver this commission soon and we are stuck on this. Tyvm for any, and all replies, Alessandro.
... View more