cisco

Symbol RF Scanners and Cisco WLC

Posted by robd on November 13, 2018
Wireless / No Comments

Had a roaming issues with Symbol MC9090 RF scanners on a Cisco virtual WLC (AIR-CTVM-K9) but weirdly only at one site, even though the same setting were applied across all sites.

The issue was the scanners would drop their SSH connection when moving between APs.

Here’s all my findings:

  • Update the scanner firmware, do this, it’s a pain but the newer firmware has so many features that are beneficial.
  • Some Scanner firmware would not allow them to connect using the security method WPA2, so enable WPA /TKIP or a better option, update the scanner firmware.
  • Secondly change the Scanners to CAM Mode = constant awake mode.
  • Thirdly, Cisco TAC recommended using these settings:

Ensure the fast transition is set to adaptive (if you don’t see this then update the code on your WLC):

The Symbol RF scanners support CCKM according to the manual so enable this:

Weird one this one, Cisco told us to disable “Enable Session Timeout” (also disable Aironet IE)

Tags: , , , ,

How to setup Cisco port mirroring to a VM

Posted by robd on December 06, 2017
Networking, vmware / No Comments

Today we needed to mirror a port on a Cisco switch in a country far far away meaning we couldn’t just wander down with a laptop.

So to get around this we decided to mirror the port to a VM that’s on site, here’s how we did it:

There’s two switches between the VM and the port we want to mirror so first we have to setup the port mirroring on every switch using RSPAN (Remote Switched Port Analyser) and a new vlan.

Add an RSPAN vlan to both the switch with the port to mirror, and to the switch that has the packet capture device on.

Then make sure that RSPAN vlan is trunked between the 2 switches and on the VMWARE interface.

Assuming the following;

You use vlan 999 for the RSPAN vlan.

The port you want to mirror is on switch 1 port g1/0/2.

You want to send the mirrored traffic to switch 2 port 1/0/23 (the port that connects to VMWARE).

You are going to use monitor session 1 on both switches. (this can be any session number between 1-66, and can be different on each switch).

On Switch 1 (mirror port 2 and punt out the traffic to 9999)

On Switch 2 (suck in all traffic from 9999 and punt it to port 23)

You can see that the monitoring is set up with;

Network Diagram:

Next, we need to do the VMware side of things:

 

Setup a new port group on a vswitch:

Although we chose vlan 9999 when its pushed to the new port it will not be tagged so choose all:

Next edit the port group and allow Promiscuous mode, this will allow traffic not destined for the VMs MACs (normal behaviour, any traffic not destined to a VM MAC will be dropped):

Add a NIC to your VM using the port group:

Don’t worry about a IP etc:

Fire up Wireshark:

Look at all these glorious packets:

 

 

Tags: , , , ,

Copy Protected by Chetan's WP-Copyprotect.