cisco

Cisco Wireless Lan Controller Update with Pre-Download

Posted by robd on June 13, 2019
Wireless / No Comments

Hello,

Had an issue joining a Cisco 2800 AP to a Cisco Wireless Controller

So the first thing to check is country code of the AP and controller and the time.

 

The AP is a -E and the country is on the controller:

https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html

Time looks ok:

 

To the console!!!

 

Looks like this controller version 8.0.133.0 isnt compatible with 2800s:

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html

Time to upgrade.

First check the APs are compatible with the version you are going too:

Looks ok.  Next download it (oh also download the code you currently have installed in case you need it!) and while you’re waiting backup the controller config:

 

Before you reboot, go to the CLI:

Check the version:

 

Pre-image the APs:

Check the progress:

Reboot the controller via the GUI.

Done:

 

Tags: , ,

iPerf

Posted by robd on May 08, 2019
Networking / No Comments

I’ve been running iperf a lot recently, which is a tool to measure TCP, UDP and bandwidth performance across a network.  I’ve been running this specially from the users computer to a local server i.e. not across a WAN or MPLS etc.

The users computer has a 1GB connection to the switch and from there the switch is connected to the server via a 10GB NIC.

On the server I ran:

On the client I ran:

Below are my initial results, as you can see the connection is nearly maxing out its 1GB connection:

[ ID] Interval           Transfer     Bandwidth

[  4]   0.00-10.00  sec  1.10 GBytes   942 Mbits/sec             sender

[  4]   0.00-10.00  sec  1.10 GBytes   941 Mbits/sec             receiver

 

I then ran the same test but increasing the TCP connections to better simulate a heavy network application.  From the screen shot below the network is performing well.

So what do all the switches mean:

-t  option used in the above command tells to transfer data for 20 seconds.

-w will specify your desired window size value.  Whenever two machines are communicating with each other, then each of them will inform the other, about the amount of bytes it is ready to receive at one time. In other words, the maximum amount of data that a sender can send the other end, without an acknowledgement is called as Window Size.

-P 20 will increase the number of parallel TCP connections i.e. to 20 (Parallel TCP connections).

-R enabled reverse connections to and from the server

-I Changes the interval between periodic bandwidth tests. For example, -i 60 will make a new bandwidth report every 60 seconds. The default is zero, which performs one bandwidth test.

-B Binds iPerf to a specific interface or address. If passed through the server command, the incoming interface will be set. If passed through the client command, the outgoing interface will be set.

-i {time in seconds} #### update interval on screen; default is 1 second. Can be useful when running large numbers of concurrent tests to increase the interval, or disable with “-i 0”

–logfile {filename} #### outputs what would normally be in your terminal to a log file of your choosing.

 

Want to test QoS?  Specifically EF, then is the is bad boy:

 

Tags: , ,

Symbol RF Scanners and Cisco WLC

Posted by robd on November 13, 2018
Wireless / No Comments

Had a roaming issues with Symbol MC9090 RF scanners on a Cisco virtual WLC (AIR-CTVM-K9) but weirdly only at one site, even though the same setting were applied across all sites.

The issue was the scanners would drop their SSH connection when moving between APs.

Here’s all my findings:

  • Update the scanner firmware, do this, it’s a pain but the newer firmware has so many features that are beneficial.
  • Some Scanner firmware would not allow them to connect using the security method WPA2, so enable WPA /TKIP or a better option, update the scanner firmware.
  • Secondly change the Scanners to CAM Mode = constant awake mode.
  • Thirdly, Cisco TAC recommended using these settings:

Ensure the fast transition is set to adaptive (if you don’t see this then update the code on your WLC):

The Symbol RF scanners support CCKM according to the manual so enable this:

Weird one this one, Cisco told us to disable “Enable Session Timeout” (also disable Aironet IE)

Tags: , , , ,

How to setup Cisco port mirroring to a VM

Posted by robd on December 06, 2017
Networking, vmware / 1 Comment

Today we needed to mirror a port on a Cisco switch in a country far far away meaning we couldn’t just wander down with a laptop.

So to get around this we decided to mirror the port to a VM that’s on site, here’s how we did it:

There’s two switches between the VM and the port we want to mirror so first we have to setup the port mirroring on every switch using RSPAN (Remote Switched Port Analyser) and a new vlan.

Add an RSPAN vlan to both the switch with the port to mirror, and to the switch that has the packet capture device on.

Then make sure that RSPAN vlan is trunked between the 2 switches and on the VMWARE interface.

Assuming the following;

You use vlan 999 for the RSPAN vlan.

The port you want to mirror is on switch 1 port g1/0/2.

You want to send the mirrored traffic to switch 2 port 1/0/23 (the port that connects to VMWARE).

You are going to use monitor session 1 on both switches. (this can be any session number between 1-66, and can be different on each switch).

On Switch 1 (mirror port 2 and punt out the traffic to 9999)

On Switch 2 (suck in all traffic from 9999 and punt it to port 23)

You can see that the monitoring is set up with;

Network Diagram:

Next, we need to do the VMware side of things:

 

Setup a new port group on a vswitch:

Although we chose vlan 9999 when its pushed to the new port it will not be tagged so choose all:

Next edit the port group and allow Promiscuous mode, this will allow traffic not destined for the VMs MACs (normal behaviour, any traffic not destined to a VM MAC will be dropped):

Add a NIC to your VM using the port group:

Don’t worry about a IP etc:

Fire up Wireshark:

Look at all these glorious packets:

 

 

Tags: , , , ,

Copy Protected by Chetan's WP-Copyprotect.