Prime 2.2 UDI location

Posted on February 8th, 2015

One of the things I ran into when installing a net-new version of Cisco Prime Infrastructure 2.2 is that I had a heck of a time finding the UDI to register the PAKs to. In previous versions of Prime Infrastructure, you could find the UDI in Administration > Licensing.

Now the UDI is located in Adminstration > Appliance

802.11 tuning commands for CCIE-W 2.0 Lab

Posted on October 7th, 2014

802.11 tuning for CCIE Lab
*Note: these commands are advanced technologies that are useful for CCIE-W Lab preparaion, and not suggestions for tuning production environments. Please make sure you understand the ramifications of these commands in production environments.


Turn on A-MPDU for all 802.1p classes
config 802.11x 11nsupport enable
show 802.11x

Turn on A-MPDU per 802.1p class
config 802.11x 11nsupport a-mpdu tx priority 5
show 802.11x

Turn on A-MSDU

Turn on long interval only for band
config 802.11x 11nsupport guard_internal
show 802.11x

Configure reduced interframe space for a band
config 802.11x 11nsupport rifs rx
show 802.11x

Turn on legacy beamforming (clientlink 1.0) globally
config 802.11x beamforming global
show 802.11x

Turn on legacy beamforming (Clientlink 1.0) on an AP
config 802.11x beamforming ap
show 802.11x
Advanced Roaming

Advanced roaming parameters for max number of retries
config advanced client-handoff <# of retries>
show advanced client-handoff

Load Balancing

Set the window of clients to x
config load-balancing window
show load-balancing

Set the maximum denials to X
config load-balancing denial X
show load-balancing

Change Channel with 802.11h announcement
config 802.11h setchannel channel announcement

Configure advanced CHD
config advanced 802.11x coverage data fail-percentage 30
config advanced 802.11x coverage data packet-count 35
config advanced 802.11x coverage voice fail-percentage 5
config advanced 802.11x coverage voice packet-count 10
show advanced 802.11x coverage

SNMP Parameters
config snmp engineID
show snmp engineID


Disable adhoc rogue detection
config rogue adhoc disable.
show rogue adhoc summary



WLC 7.4: Auto-configure Voice macro

Posted on October 7th, 2014

Discovered this gem in a 7.4: You can use this command to set most of the voice best-practices on through an automatic
For the following Example, I've configured WLAN 19 for cisco voice. Below is the output that it configures on the WLC and WLAN.

----------------------------------------------------------------------------------------

(Cisco Controller) config auto-configure voice cisco 19 radio 802.11a

Warning! This command will automatically disable all WLAN's and Radio's.
It will be reverted to the previous state once configuration is complete.
Are you sure you want to continue? (y/N)y


Auto-Configuring these commands in WLAN for Voice..
wlan qos 19 platinum
- Success
wlan call-snoop enable 19
- Success
wlan wmm allow 19
- Success
wlan session-timeout 19 86400
- Success
wlan peer-blocking disable 19
- Success
wlan security tkip hold-down 0 19
- Success
wlan exclusionlist 19 disable
- Success
wlan mac-filtering disable 19
- Success
wlan dtim 802.11a 2 19
- Success
wlan dtim 802.11b 2 19
- Success
wlan ccx aironetIeSupport enabled 19
- Success
wlan channel-scan defer-priority 4 enable 19
- Success
wlan channel-scan defer-priority 5 enable 19
- Success
wlan channel-scan defer-priority 6 enable 19
- Success
wlan channel-scan defer-time 100 19
- Success
wlan load-balance allow disable 19
- Success
wlan mfp client enable 19
- Success
wlan security wpa akm cckm enable 19
- Success
wlan security wpa akm cckm timestamp-tolerance 5000 19
- Success
wlan band-select allow disable 19
- Success
***********************************************

Auto-Configuring these commands for Voice - Radio 802.11a.

--More-- or (q)uit
advanced 802.11a edca-parameter optimized-voice
- Success
802.11a cac voice acm enable
- Success
802.11a cac voice max-bandwidth 75
- Success
802.11a cac voice roam-bandwidth 6
- Success
802.11a cac voice cac-method load-based
- Success
802.11a cac voice sip disable
- Success
802.11a tsm enable
- Success
802.11a exp-bwreq enable
- Success
802.11a txPower global auto
- Success
802.11a channel global auto
- Success
advanced 802.11a channel dca interval 24
- Success
advanced 802.11a channel dca anchor-time 0

--More-- or (q)uit
- Success
qos protocol-type platinum dot1p
- Success
qos dot1p-tag platinum 6
- Success
qos priority platinum voice voice besteffort
- Success
802.11a beacon period 100
- Success
802.11a dtpc enable
- Success
802.11a Coverage Voice RSSI Threshold -70
- Success
802.11a txPower global min 11
- Success
advanced eap eapol-key-timeout 250
- Success
advanced 802.11a voice-mac-optimization disable
- Success
802.11h channelswitch enable 1
- Success
Note: Data rate configurations are not changed.
It should be changed based on the recomended values after analysis.

--More-- or (q)uit
***********************************************

(Cisco Controller) config>

WLC Upgrade process to 7.6+ from 7.4 with AP Predownload and FUS

Posted on July 31st, 2014

Notes on how to upgrade to 7.6+ from 7.4 for use by the general public.

WLC Upgrade process to 7.6 from 7.4 with AP Predownload and FUS for a pair of 5508s
Scenario: There are 2 WLCs, WLC1 and WLC2. For this scenario, we assume that this is a N+N, and that both WLCs have clients on them. This scenario is how to perform the upgrade to 7.6 including the FUS 1.9 upgrade with minimual downtime.
*It is suggested that you have a PC with a serial cable (not USB) connected to the WLC during the FUS upgrade. If something happens during the FUS upgrade, it is benefitial to be able to tell TAC where in the process it died.

  1. Turn off Fallback on both WLCs and save configs on both WLCs. (Controller > General > AP Fallback)
  2. Check to make sure at least one of the following is configured:
    1. All APs have a Primary and Secondary controller configured
    2. Both WLC1 and WLC2 are in the same Mobility Group
  3. Upgrade FUS on WLC1
  4. Reboot WLC1, APs should failover to WLC2 and stay put. Expect this process to take 45 minutes to 1 hour
  5. Once WLC1 returns from the FUS, perform the upgrade to 7.6.x
  6. Reboot WLC1
  7. Perform code upgrade on WLC2 to 7.6.x (NOT FUS)
  8. Once upgrade is complete, from the CLI issue the command "config ap image predownload primary all"
  9. Occassionally run "show ap image sum" until all APs have completed the predownload process
  10. Once all APs are predownloaded, Reboot WLC2
  11. Once WLC2 has rebooted, perform FUS Upgrade on WLC2.
  12. Once WLC2 has booted back up, enable Fallback on both WLCs.
  13. APs should now move back to their primary controller.

Autonomous Setup for RADIUS with AAA Override

Posted on December 22nd, 2013

#Setup Basic AAA

aaa new-model

radius server
     address ipv4 X.X.X.X auth-port 1812 acct-port 1813
     key


aaa group server radius rad_ACS5
     server name

#Note, make sure it doesn't spit back a message, otherwise you have something named wrong.

aaa authentication login eap_method_acs group rad_ACS5


#Setup Management Interface
interface BVI1
ip address X.X.X.X Y.Y.Y.Y
no shut
ip default-gateway z.z.z.z
ip route 0.0.0.0 0.0.0.0 z.z.z.z



#Setup SSID

dot11 ssid
vlan
authentication open eap eap_method_acs
authentication key-management wpa version 2
mbssid guest-mode


#Do for each vlan. If vlans are higher than allowed bridge-group, put a unique bridge-group id for each vlan

int gi 0.
     encapsulation dot1q
     bridge-group
int dot11 0.
     encapsulation dot1q
     bridge-group
int dot11 1.
     encapsulation dot1q
     bridge-group


#setup dot11 interfaces

interface dot11radio X
     mbssid

#For Each Vlan you will override to do the following
     encryption vlan mode ciphers aes-ccm

ssid
no shut


Setup ACS (or other radius server to return Radius Attribute: 64,65,81 for the appropriate VLAN.






Multicast - Setting up RPs for Sparse Mode

Posted on December 22nd, 2013

Static RP:

ip multicast-routing
ip pim rp-address

int fa0/x
ip pim sparse-mode


Auto-RP
ip multicast-routing distributed

int lo0
ip pim sparse-mode
ip address


ip pim send-rp-announce scope
ip pim send-rp-discovery Scope 16

int fa 0/2
ip pim sparse-mode


Verification:
Show ip pim interface
show ip pim rp
show ip mroute



Windows DCHP Option 60

Posted on December 22nd, 2013

Create a Scope
  • Right Click > Create Scope
    • Setup Name/Description
    • Starting/Ending IP Address/Subnet Mask
    • Add Exclusions
    • Lease Time
    • Yes > Configure Options
    • Default Gateway
    • Domain Suffix/DNS
    • Yes > Activate
  • Right-Click Server > Define Vendor Class
    • Add > AP Model > Vendor String Cisco AP Cxxxx
    • Ok > Close
  • Right Click Server > Set Predefined Options
    • Option Class > Select
    • Add > Name > IP address > Array Code: 241
    • Ok
  • Right-Click Scope > Configure Options
    • Advance > Vendor Class
    • Check
    • Add IP addresses

Spectrum Expert Mode on IOS Controllers - Chanalyzer

Posted on November 28th, 2013

On IOS controller:
Switch3850# ap name mode se-connect
Changing the AP's mode will cause the AP to reboot.
Are you sure you want to continue? (y/n)[y]: y

After AP reboots:
Switch3850# show ap name config dot11 5ghz

....
CleanAir Management Information
     CleanAir Capable                          : Yes
     CleanAir Management Admin State           : Enabled
     CleanAir Management Operation State      : Up
     Rapid Udpate Mode                          : Disabled
     Spectrum Expert connection                : Disabled
     CleanAir NSI Key                          : AEB0581105F6010E1285943F87CC7F8A
     Spectrum Expert connections counter      : 0
     CleanAir Sensor State                     : Configured

Rogue Containment Information
     Containment Count                          : 0

To find the IP address:
show cdp neighbors detail

-------------------------
Device ID:
Entry address(es):
IP address: 10.10.5.226
Platform: cisco AIR-CAP3602I-A-K9, Capabilities: Router Trans-Bridge
Interface: GigabitEthernet1/0/34, Port ID (outgoing port): GigabitEthernet0.1
Holdtime : 127 sec

Version :
Cisco IOS Software, C3600 Software (AP3G2-K9W8-M), Version 15.2(4)JN, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 01-Oct-13 19:18 by prod_rel_team

advertisement version: 2
Duplex: full
Power drawn: 15.400 Watts
Power request id: 57850, Power management id: 3
Power request levels are:15400 0 0 0 0
Management address(es):
---------------------------


Launch Chanalyzer for CleanAir or Chanalyzer 5 with the CCA licenses.
Enter the AP ip address and NSI key.

Enjoy!



Spectrum Expert on Autonomous AP - Chanalyzer

Posted on November 18th, 2013

conf t
int dot11radio X
no mbssidx
station-role spectrum
exit
exit

show spectrum status
----------------------------------------
SurveyAP#show spectrum status
Spectrum FW status slot 0:
version: 1.14.2
status: up, crashes 0, resets 0
load:     38.00 45.00 50.75 51.75
NSI Key: 25FA418E18EBEF028A7FB775F11610A
NSI:      configured
dfs_wdog: 1
reg_wdog: 1 0
dfs_freq: 0
Spectrum FW status slot 1:
version: 1.14.2
status: up, crashes 0, resets 0
load:     3.50 3.50 3.75 3.75
NSI Key: 125FA418E18EBEF028A7FB775F11610A
NSI:      not configured
dfs_wdog: 0
reg_wdog: 255 290
dfs_freq: 0

Launch Chanalyzer for CleanAir or Chanalyzer 5 with the CCA licenses.
Enter the AP ip address and NSI key.

Enjoy!


jsnyder81

Just a wireless engineer working on my CCIE Wireless.