If you Apple devices on your network, this is a handy doc from Cisco.
http://www.cisco.com/c/en/us/td/docs/wireless/technology/vowlan/bestpractices/EntBP-AppMobDevs-on-Wlans.pdf
Wednesday, May 7, 2014
Tuesday, February 11, 2014
Wireless Mobility Connections Fail and Do Not Recover When ASA is Rebooted
I saw this issue for the first time today so I thought it was worth sharing.
Full article is linked here: LINK
Took TAC a while to find the issue, but apparently TAC says its a design issue not a bug.
Brief overview:
This problem can be triggered by any of these events:
Full article is linked here: LINK
Took TAC a while to find the issue, but apparently TAC says its a design issue not a bug.
Brief overview:
Problem
In this situation a Wireless LAN Controller (WLC) at 10.10.1.2 attempts to communicate with the WLC at 10.10.9.3, but the communication fails.This problem can be triggered by any of these events:
- The ASA is rebooted.
- The routing table is modified by an administrator or routing protocol.
- An interface is shut down, then brought back up by the administrator.
Solution
Solution 1
One possible solution for this issue is to remove the same-security permit intra-interface command from the ASA. This solution prevents the u-turn connection from being built back out the same interface on which the original packet was received, which allows the correct connection to be built when the interface comes up. However, depending on the routing table of the ASA, this solution might not work (the traffic might be routed to another interface other than the intended destination based on the routing table), and the same-security permit intra-interface command might be necessary for other connections on the ASA.Solution 2
For this specific instance, the problem was successfully mitigated by enabling the timeout floating-conn feature. This feature, which is not enabled by default, caused the ASA to tear down these connections one minute after a more preferred route to one of the endpoints is added to the routing table out a new interface of the ASA, which occurs when the dmz interface comes up. The connections are then immediately rebuilt when the next packet arrives at the ASA, using the more preferred interface (dmz, instead of inside for the 10.10.9.3 host).ASA(config)# timeout floating-conn 0:01:00
Wednesday, September 18, 2013
Outdoor Mesh
Cisco's outdoor mesh is not a new concept, but a different animal than the indoor world. You can cover much larger areas with fewer APs. Be warned, just because you can 'see' the AP from a location doesn't mean it can 'see' you. the 1550 series APs have a much greater sensitivity than lets say the 3600 series. The external omni-direction antenna can detect down to the range of -92 dBm. The real limiting factor is going to be your clients. Laptops at 'full' power will get you a lot further then your average Moto handheld scanner, iPhone, etc. There is lots of good info out there, but some of it is hard to find.
Here is a list of documents that are very useful for mesh deployments:
Cisco 1550 Ordering Guide
Cisco Mesh Deployment Guide 7.3
Cisco Mesh Deployment Guide 7.4
Cisco 1552 Range Calculator
Here is a list of documents that are very useful for mesh deployments:
Cisco 1550 Ordering Guide
Cisco Mesh Deployment Guide 7.3
Cisco Mesh Deployment Guide 7.4
Cisco 1552 Range Calculator
Thursday, August 22, 2013
DHCP Snooping
Message of the day:
If you (or your colleague) happens to turn on something like the following on a Monday (without telling anybody):
!
ip dhcp snooping vlan 14,87,99,62
no ip dhcp snooping information option
ip dhcp snooping
!
Make sure that before Thursday morning (when all your APs renew their leases) that you add this to the uplinks on your switches:
!
interface GigabitEthernet1/1/1
ip dhcp snooping trust
!
If not, you're going to have a bad Thursday morning.
If you (or your colleague) happens to turn on something like the following on a Monday (without telling anybody):
!
ip dhcp snooping vlan 14,87,99,62
no ip dhcp snooping information option
ip dhcp snooping
!
Make sure that before Thursday morning (when all your APs renew their leases) that you add this to the uplinks on your switches:
!
interface GigabitEthernet1/1/1
ip dhcp snooping trust
!
If not, you're going to have a bad Thursday morning.
Monday, August 12, 2013
DNIS
DNIS - called station ID
DNIS can be used in Cisco ACS as an attribute to authenticate wireless users based on the "called station."
To configure this you must have an ACS server configured as your RADIUS authentication server on your WLC. In the SSID you wish to use you must set authentications as 802.1x, all AAA overide, and have the ACS server selected as the RADIUS server. In the ACS server you must have the called station (SSID) assigned to the AD or local user group in order for users to be authenticated.
For a more detailed look, refer to this document:
Restrict WLAN Access based on SSID
DNIS can be used in Cisco ACS as an attribute to authenticate wireless users based on the "called station."
To configure this you must have an ACS server configured as your RADIUS authentication server on your WLC. In the SSID you wish to use you must set authentications as 802.1x, all AAA overide, and have the ACS server selected as the RADIUS server. In the ACS server you must have the called station (SSID) assigned to the AD or local user group in order for users to be authenticated.
For a more detailed look, refer to this document:
Restrict WLAN Access based on SSID
Fresnel Zones
The Basics:
Fresnel zones are the elliptical areas between two wireless transmitters and are defined as either even or odd. Even zones have a maximum phase canceling effect. Odd zones can add to Tx and Rx power. The idea of zones was established by A. Fresnel to calculate how out of phase deflections will effect wireless transmissions between two end points.
Fresnel zones are the elliptical areas between two wireless transmitters and are defined as either even or odd. Even zones have a maximum phase canceling effect. Odd zones can add to Tx and Rx power. The idea of zones was established by A. Fresnel to calculate how out of phase deflections will effect wireless transmissions between two end points.
RRM
Radio Resource Management (RRM)
RRM allows Cisco’s Unified WLAN Architecture to continuously analyze the existing RF environment, automatically adjusting APs’ power levels and channel configurations to help mitigate such things as co-channel interference and signal coverage problems. RRM reduces the need to perform exhaustive site surveys, increases system capacity, and provides automated self-healing functionality to compensate for RF dead zones and AP failures. (cisco.com)
RRM allows Cisco’s Unified WLAN Architecture to continuously analyze the existing RF environment, automatically adjusting APs’ power levels and channel configurations to help mitigate such things as co-channel interference and signal coverage problems. RRM reduces the need to perform exhaustive site surveys, increases system capacity, and provides automated self-healing functionality to compensate for RF dead zones and AP failures. (cisco.com)
Subscribe to:
Posts (Atom)