Friday, January 29, 2010

RF Group Leader Election - GROUPIES and HELLOs


Initially, every controller assumes that it is the RF group leader for its configured RF group.  It creates its unique group ID and adds itself to the group.  After this, the controller sends a HELLO packet to all the controllers it knows about every 10 seconds.

In addition to the HELLO message, the controller colleges neighbor messages from its APs.  These collected neighbor messages are used to determine if another controller has a higher group ID.  If that is the case, the controller joins the RF group and becomes a GROUPIE.  After a controller finds another controller with a group ID larger than itself, it triggers a 60 second timer to make sure the current leader is still active.

If the GROUPIE controller does not receive a HELLO response within the allotted time, the controller considers the RF group leader down and the election process begins again.

Wednesday, January 27, 2010

Deploying and Troubleshooting Cisco Wireless LAN Controllers ISBN # 1587058146

Multicast is not supported on APs that are connected directly to the local port of a 2000 or 2100 series controller

Not supported on 2000, 2100 or NMC:
  • spanning tree
  • L2 transport 
  • VPN termination
  • External Web Authentication web server list
  • Port Mirroring
  • Cranite, Fortress, AppleTalk
  • QoS per-user bandwidth
  • IPv6 pass-through
  • LAG or Ether channel
  • Multicast Unicast Replication Mode
The load balancing algorithm is src-dst-ip
  • switch(config)# port-channel load-balance src-dst-ip
The Cisco WiSM requires software release SWISMK9-32 or later
The SUP720 12.2(18)SXF2 supports the WiSM software release 3.2.78 or later
The SUP72012.2(18)SXF5 supports the WiSM software release
WiSMs in the 7609 or 7613? both routers must be running 12.2(18)SXF5 or later

The WLC Network Module is supported on Cisco 28/37/38xx Series Integrated Services Routers running Cisco IOS 12.4(11)T2, 12.4(11)T3, and 12.5

Want to put a WLC Network Module in a Catalyst 3750G switch? it must be running 12.2(25)FZ or 12.2(25)SEE.

REAP Mode Features:

From ccie(w)

LWAP and CAPWAP Comparison Chart:

From ccie(w)

Manual Dissection of the Discovery Response
From ccie(w)


Monday, January 25, 2010

The best wireless security cross reference EVAR.

I'd been looking for a concise wireless security cross reference graphic for ages now - and I found it a couple of evenings ago.  Turns out it was in the 2005 book Cisco 802.11 Wireless Networking Quick Reference.

Here it is, in all its glory:

From ccie(w)

Wednesday, January 6, 2010

Generate CSR for Third-Party Certificates and Download Unchained Certificates to the WLC

I have never used OpenSSL to generate a certificate for a controller.  I was watching Jerome's video about the steps needed to do this & he mentioned that the version of OpenSSL that he has used that worked was 0.98k.  It was quite difficult to find this version online - it seems to be a few revs old.
--update-- I'd really like to be able to setup a CA on the laptop that is running the VM of ACS & WCS, but the laptop is not a domain member and I'm having difficulties getting the CA and IIS to operate as detailed in MS documentation.  I'm guessing it is because the laptop is in a workgroup.--update--

Here is a link to where I downloaded Win32OpenSSL-0_9_8k.exe
You will most likely need to install MS Visual C++ 2008 Redistribuables as well as the SP1.

The direct link to the Cisco documentation that describes the steps needed to generate a certificate on behalf of a controller is here: LINK  
You should be familiar with navigating to the Cisco documentation by starting out at the main documentation page: LINK

Jerome's video demonstrating the process is on YouTube in two parts: