Hello, it looks like advanced template is loaded: core-switch#show sdm prefer
Showing SDM Template Info
This is the Advanced template.
Number of VLANs: 4094
Unicast MAC addresses: 32768
Overflow Unicast MAC addresses: 512
L2 Multicast entries: 4096
Overflow L2 Multicast entries: 512
L3 Multicast entries: 4096
Overflow L3 Multicast entries: 512
Directly connected routes: 16384
Indirect routes: 7168
STP Instances: 4096
Security Access Control Entries: 3072
QoS Access Control Entries: 2560
Policy Based Routing ACEs: 1024
Netflow ACEs: 768
Flow SPAN ACEs: 512
LISP Instance Mapping Entries: 256
Control Plane Entries: 512
Input Netflow flows: 8192
Output Netflow flows: 16384
SGT/DGT (or) MPLS VPN entries: 4096
SGT/DGT (or) MPLS VPN Overflow entries: 512
Wired clients: 2048
MACSec SPD Entries: 256
MPLS L3 VPN VRF: 127
MPLS Labels: 2048
MPLS L3 VPN Routes VRF Mode: 7168
MPLS L3 VPN Routes Prefix Mode: 3072
MVPN MDT Tunnels: 256
L2 VPN EOMPLS Attachment Circuit: 256
MAX VPLS Bridge Domains : 64
MAX VPLS Peers Per Bridge Domain: 8
MAX VPLS/VPWS Pseudowires : 256
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created.
* values can be modified by sdm cli. I will try to set it to "vlan" and reload switch.
... View more
Hello, here is a screenshot of interface assignments : Here are the vlan settings on a switch: Here is "allow all" firewall rule configured in each vlan: I have a same installation in another office, with another (older) cisco switch and everything works perfect. For me it looks like a switch configuration problem, maybe a security setting (acl or something similar) and not a pfsense issue.
... View more
Hello, i have a LAN-Based Cisco WS-C3650. I have created 2 VLANs "10" and "20" on it. I have configured a trunk port without any restrictions. There is a Pfsense Firewall connected to this trunk port. Both VLANs are existing on the PFSense Firewall. There is an DHCP Relay configured on the Pfsense firewall which forward all dhcp requests to a windows dhcp server. i have configured a "switchport mode access" and "switchport access vlan 10" and the same on another port for vlan 20. My computers are getting an ip adress from proper pools, so dhcp relay/helper on the firewall is working, but there is no connection. They cant ping the default gateway and have no internet. Client Portconfig: interface GigabitEthernet1/0/7 switchport access vlan 10 switchport mode access Uplink to firewall Portconfig: interface GigabitEthernet1/0/48 description Uplink-Firewall switchport mode trunk Please help
... View more
Hello guys, finally solved this problem. I looked into my switch running config and saw "wireless management interface vlan1" entry. Set this to "no wireless management interface vlan1" and all my APs could immediately join mobility express.
... View more
Hello, i bought 6 new "AIR-AP3802I-E-K9" APs and trying to setup a mobility express solution. My first Access Point is already up and running as a primary controller. Its not possible for me to join a second AP to this mobility express solution. All acess points are connected to the same switch, there is only one default VLAN 1. Switchports are configured as trunk ports. They all running the same software version : 184.108.40.206 All have: AP Image type : MOBILITY EXPRESS IMAGE AP Configuration : MOBILITY EXPRESS CAPABLE There is a DNS record which points to IP DNS query for CISCO-CAPWAP-CONTROLLER which is getting resolved by the secondary access point. Both Access Points can ping/reach each other. Here is a log on a secondary access point: [*03/28/2019 04:37:45.4390] Starting Discovery. [*03/28/2019 04:37:55.4412] No uplink IPv6 address [*03/28/2019 04:37:55.4414] IP DNS 10.150.0.10, 0.0.0.0; Domain xxx.local [*03/28/2019 04:37:55.4415] DHCPv6 conf not found or empty, restart client process. [*03/28/2019 04:37:55.4417] [CAPWAP] control firewall rule state 2new 0 old 0 [*03/28/2019 04:37:55.4417] [CAPWAP] data firewall rule state 2new 1 old 1 [*03/28/2019 04:37:55.4422] Did not get log server settings from DHCP. [*03/28/2019 04:37:55.4423] IP DNS query for CISCO-CAPWAP-CONTROLLER.xxx.local [*03/28/2019 04:37:55.4445] DNS resolved CISCO-CAPWAP-CONTROLLER.xxx.local [*03/28/2019 04:37:55.4446] DNS discover IP addr: 10.150.0.253 [*03/28/2019 04:37:55.4446] Ignoring discovery to controller 0 [*03/28/2019 04:37:55.4446] Ignoring discovery to controller 1 [*03/28/2019 04:37:55.4446] Ignoring discovery to controller 2 [*03/28/2019 04:37:55.4471] send_ipc_msg: Slot id :3 invalid, range check 3 [*03/28/2019 04:37:55.4471] [*03/28/2019 04:37:55.4471] Encoded length 0 for payload: .Msg Elem Type: CAPWAP_DOT11_MSGELE_WTP_RADIO_INFORMATION(1048) [*03/28/2019 04:37:55.4480] Encoded length 0 for payload: ...TLV Type: TLV_AP_EWLC_TAGS_PAYLOAD(1113) [*03/28/2019 04:37:55.4480] encodeLen = 243. [*03/28/2019 04:37:55.4481] Discovery Request sent to 10.150.0.253, discovery type DNS(3) [*03/28/2019 04:37:55.4519] send_ipc_msg: Slot id :3 invalid, range check 3 [*03/28/2019 04:37:55.4519] [*03/28/2019 04:37:55.4520] Encoded length 0 for payload: .Msg Elem Type: CAPWAP_DOT11_MSGELE_WTP_RADIO_INFORMATION(1048) [*03/28/2019 04:37:55.4527] Encoded length 0 for payload: ...TLV Type: TLV_AP_EWLC_TAGS_PAYLOAD(1113) [*03/28/2019 04:37:55.4527] encodeLen = 243. [*03/28/2019 04:37:55.4528] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0) [*03/28/2019 04:37:55.4528] Received Capwap watchdog update msg. [*03/28/2019 04:38:00.1450] Received Capwap watchdog update msg. [*03/28/2019 04:38:04.8964] Received CAPWAP_DISCOVERY_INTERVAL_EXPIRY Capwap Timer Msg. [*03/28/2019 04:38:04.8964] Event = CAPWAP_DISCOVERY_INTERVAL_EXPIRY(33) State = Discovery(2). [*03/28/2019 04:38:04.8964] Could not discover any WLC. Please help
... View more