Cisco

AP’s not registering on Cisco Wireless controller 4400 series

I experienced this issue recently where I had a Cisco Wireless 4400 series Controller and some brand new 1140 series AP’s. The problem was this, the access points would connect to the controller, they would get IP addresses, and you would see them listed under the wireless section of the web GUI but the indicator light on them would never turn a solid green and they would not broadcast the SSID’s.

The issue as it turned out was firmware on the controller. This is a known issue with version 4 and below. We upgraded to version 6 and this resolved the issue.

Cisco adopting strategies to compete in the small business line

Cisco is almost synonymous with big business in the network infrastructure market but recently they have really been working to make themselves more friendly to the SMB market.

Here is a good article about that:

 http://www.channelregister.co.uk/2009/09…

Working at a consulting company that is a Cisco partner and has a large focus on small business I find that there are a lot of great Cisco products in the price range my client’s look for.

The ASA 5505 for example is a great little firewall with a lot of good features and price was is right on the mark and  often cheaper then equivalent Watchguard and Sonicwall products. As well  the UC500 Integrated services voip router is a great solution for a small business who wants a voice solution with a reasonable cost, particularly if they need a primary router/firewall and/or small wireless solution in any case.

Procurves and bi-directional port mirroring

Now I am just go to prefix this critique with the following, I have never designed a switch or am not aware of the total cost to add features to a switch. That being said I have a question for HP, would it really cost that much more to put bi-directional port mirroring into your switches instead of just ingress port mirroring? Is there such a huge cost to it? I mean its already watching packets flow in one direction is it really hard to make it watch the packets go in the other direction?

I mean I can accept that the old 4104 I was working with can’t do it. It doesn’t make sense really that it wasn’t there in the first place but it’s old yeah whatever I get it. However the brand new 1700’s and 1800’s can’t do it. The 2510 doesn’t but the 2610 does? Here is the other issue, your documentation. Both the 1800 and the 2610 say the same exact same thing in regards to port mirroring and yet one does ingress only and the other does bi-directional. I had to go through 3 sales reps to find someone who knew that.

Here is the kicker, every single cisco switch supports bi-directional port mirroring, hell, even in the Cisco/Linksys small business line, for the switches that support port mirroring it is bi-directional not just ingress.

Why HP, why?

Setting up DHCP relay on a Cisco router

This came up for me recently. Here are the commands to setup DHCP relay on a Cisco router, it’s super easy if you know what to do.

The interface you are configuring is the interface where the DHCP clients are located. The helper-address is the IP address of your DHCP server, in this case 10.10.0.5. Please note you will need to make this configuration change on EVERY interface that has clients that will need to access the DHCP server.

router2# conf t
router2(config)# int e0
router2(config-if)# ip helper-address 10.10.0.5

Cisco Router - Upload and IOS image from ROMMON mode

If you ever delete your IOS image and the system reboots before you get the new one on or if you upload the image and it is corrupt you will need to know how to upload an image from ROMMON mode.

Here are a sample of the commands, replace the entries with your specifics:

rommon 1 > IP_ADDRESS=192.168.1.5
rommon 2 > IP_SUBNET_MASK=255.255.255.0
rommon 3 > DEFAULT_GATEWAY=192.168.1.1
rommon 4 > TFTP_SERVER=192.168.1.10
rommon 5 > TFTP_FILE=c2600-adventerprisek9-mz.124-5a.bin
rommon 6 > tftpdnld (this command kicks off the tftp download)

Cisco ASA - Remote access VPN user’s can’t connect to internal resources on the same network

So I was working with a Cisco ASA 5510. The inside network was 10.0.0.0/24. I had created a  remote access vpn policy for users and set them up to receive address’s on their inside network (10.0.0.0/24).

While the users we able to connect fine to the vpn they were not able to ping or access any resources on the internal network. The reason I found for this is that even though they are receiving address’s on the same network as the internal LAN, the ASA still considers them part of a separate network and will try to NAT the traffic using your dynamic NAT rule.

The way to resolve this is to create a NAT exemption rule from your inside network to your inside network. Sounds funny, but it works.

Hope this helps

Cisco SDM java support

I posted earlier about which version of Java to run the Cisco SDM. I have some new info about this. While the SDM WILL run with any version of Java 5, it only actually supports Java 5 update 9. Any later updates could cause issues.

Java 6 update 13 not supported by Cisco Configuration Professional

I was using the CCP to setup a Cisco 881 router and it told me to go install the newest version of Java. So thats what i did, Java 6 update 13, and guess what, it didn’t work.

In fact I had to go all the way down to java 5 update 17 to get the CCP to actually let me configure the router. Now here is the issue, if your product only has support up to java 5, then don’t tell me to install the newest version of Java, tell me to go install Java 5!

A review of the Cisco ASA 5505

I deal with a lot of small business’s and branch offices and up until now we generally have been promoting the Watchguard X10e for their firewall needs. However I have recently been very impressed with the Cisco ASA 5505 for this business space. Its got great functionality, robustness and the price point is far cheaper then I think most people might realize. For 10 user license pack CDW is retailing a unit a 414 dollars! For a Cisco partner such as my company we can usually do even better.

Epic Technology Day - April 21st, 2009

For those not familiar with this event, my company hosts a bi-yearly technology day seminar. It’s a great free event with lots of interesting and informative seminars presented by companies like Cisco, VMware, Citrix, HP and others.  The next one is coming up on April 21st in Winnipeg and the 23rd in Saskatoon.

If you are going to be in one of these area’s you should register to come and take a look

Go here to check out the seminar list and to register:

 http://www.epic.ca/events.asp