Friday, January 29, 2010

RF Group Leader Election - GROUPIES and HELLOs


Initially, every controller assumes that it is the RF group leader for its configured RF group.  It creates its unique group ID and adds itself to the group.  After this, the controller sends a HELLO packet to all the controllers it knows about every 10 seconds.

In addition to the HELLO message, the controller colleges neighbor messages from its APs.  These collected neighbor messages are used to determine if another controller has a higher group ID.  If that is the case, the controller joins the RF group and becomes a GROUPIE.  After a controller finds another controller with a group ID larger than itself, it triggers a 60 second timer to make sure the current leader is still active.

If the GROUPIE controller does not receive a HELLO response within the allotted time, the controller considers the RF group leader down and the election process begins again.

Wednesday, January 27, 2010

Deploying and Troubleshooting Cisco Wireless LAN Controllers ISBN # 1587058146

Multicast is not supported on APs that are connected directly to the local port of a 2000 or 2100 series controller

Not supported on 2000, 2100 or NMC:
  • spanning tree
  • L2 transport 
  • VPN termination
  • External Web Authentication web server list
  • Port Mirroring
  • Cranite, Fortress, AppleTalk
  • QoS per-user bandwidth
  • IPv6 pass-through
  • LAG or Ether channel
  • Multicast Unicast Replication Mode
The load balancing algorithm is src-dst-ip
  • switch(config)# port-channel load-balance src-dst-ip
The Cisco WiSM requires software release SWISMK9-32 or later
The SUP720 12.2(18)SXF2 supports the WiSM software release 3.2.78 or later
The SUP72012.2(18)SXF5 supports the WiSM software release
WiSMs in the 7609 or 7613? both routers must be running 12.2(18)SXF5 or later

The WLC Network Module is supported on Cisco 28/37/38xx Series Integrated Services Routers running Cisco IOS 12.4(11)T2, 12.4(11)T3, and 12.5

Want to put a WLC Network Module in a Catalyst 3750G switch? it must be running 12.2(25)FZ or 12.2(25)SEE.

REAP Mode Features:

From ccie(w)

LWAP and CAPWAP Comparison Chart:

From ccie(w)

Manual Dissection of the Discovery Response
From ccie(w)


Monday, January 25, 2010

The best wireless security cross reference EVAR.

I'd been looking for a concise wireless security cross reference graphic for ages now - and I found it a couple of evenings ago.  Turns out it was in the 2005 book Cisco 802.11 Wireless Networking Quick Reference.

Here it is, in all its glory:

From ccie(w)

Sunday, January 10, 2010

Gilbert 1995 - 2009


1995 - 2009

We've never loved a pet so much.  He was a central part of our lives for thirteen years.

He was a wonderful little guy.  He went through so much in is little cat life - burned his foot on the stove, suffered from a blocked bladder, had monthly seizures until they were suppressed with Phenobarbitol, and finally suffered acute renal failure and his one partially working kidney was not filtering the IV fluids he was being given.  He could no longer be a self-sufficient cat, and we had to put him to sleep on January 2nd 2009.

All of the doctors he saw in his last week alive all said that his case wasn't brought on by the food he ate on Monday December 27th, but I know he was acting A-OK before I bought a new bag of Iams.  He had been eating Iams Multi-Cat formula for years, and that Sunday I bought a bag of ProActive Health Active Maturity Formula.  His first meal out of this bag was breakfast on Monday.  I had to leave town on business that day after feeding him breakfast, but Greg told me that he had vomited shortly after eating.  Greg gave him some soft food that we had in the house (also Iams) and Gilbert seemed a little better Tuesday morning.  I had not put 2 and 2 together that the new bag of food was really making him sick, and fed him breakfast out of the new bag on Tuesday december 28th.  He vomited much later in the day, around 6pm.  I took the bag of Iams back to the store and bought him some Newman's Own Organic cat food.  He ate some of this food late Tuesday evening and he began drinking water much later that night.

On Wednesday morning his condition seemed worse, and he was not walking around or meowing for breakfast.  I offered him some organic soft food and he licked it a little but, but could not eat.  I took him to the vet, and the thought he had another blockage, put him on IV fluids and a catheter, and referred me to a 24 Emergency Clinic for further treatment.  In just 5 short days he would be gone.  It just isn't fair that little Gilbert got such a raw deal, and that no other alternatives to euthanasia are available to a cat suffering from renal failure.  His kidney ultrasound showed that one kidney was very small, had a lot of tissue damage and was most likely not working at all.  His right kidney was over sized in order to compensate for the smaller left kidney.  How long he had had this problem is anyone's guess.  I just wish I had listened to the vet when he had his Phenobarb levels checked in October.  She recommended soft food for him since it has a higher moisture content than the dry food.  I don't know why I didn't listen.

A cat shouldn't have to go through such things.  If he hadn't been neutered, he probably wouldn't have had the urinary tract problems that he did.  If only I had know these things, a lot of his pain could have been avoided.  If I could go back and do it all over again, I wouldn't have had him neutered and I would have made sure he ate the best cat food that was available.  I didn't know that Cat Chow was not good for cats to eat.  I didn't know that Eukanuba and Iams were part of the same food provider, and were most likely poisoning my cat ever so slowly.

He lived thirteen years, but I wish there could have been with us longer, and not had to endure so much while he was alive.  Gilbert was such a great cat and constant companion, I should have had a tribute to him while he was alive.

Wednesday, January 6, 2010

Generate CSR for Third-Party Certificates and Download Unchained Certificates to the WLC

I have never used OpenSSL to generate a certificate for a controller.  I was watching Jerome's video about the steps needed to do this & he mentioned that the version of OpenSSL that he has used that worked was 0.98k.  It was quite difficult to find this version online - it seems to be a few revs old.
--update-- I'd really like to be able to setup a CA on the laptop that is running the VM of ACS & WCS, but the laptop is not a domain member and I'm having difficulties getting the CA and IIS to operate as detailed in MS documentation.  I'm guessing it is because the laptop is in a workgroup.--update--

Here is a link to where I downloaded Win32OpenSSL-0_9_8k.exe
You will most likely need to install MS Visual C++ 2008 Redistribuables as well as the SP1.

The direct link to the Cisco documentation that describes the steps needed to generate a certificate on behalf of a controller is here: LINK  
You should be familiar with navigating to the Cisco documentation by starting out at the main documentation page: LINK

Jerome's video demonstrating the process is on YouTube in two parts: