預設帳密
admin / admin123 / enable
更改 admin 密碼
mgmt-user admin root
password
password
VLAN IP / default gate-way
(S2500) (config) #interface vlan 1
(S2500) (vlan "1") #ip address 192.168.7.2 255.255.252.0
(S2500) (vlan "1") #exit
(S2500) (config) #ip-profile
(S2500) (ip-profile) #default-gateway 192.168.7.254
telnet SSH連線倒是不用特別設定
預設就可以直接用SSH2連線
帳密管理員那組就可以
2014年10月30日 星期四
2014年10月28日 星期二
[Troubleshoot] AP無法Join controller debug方式 debug pm pki enable
#int vlan ap網段
#ip helper-address controllerip
#ip forward-protocol udp 5246
#ip forward-protocol udp 5247
在Controller輸入SHA1 Key Hash
debug pm pki enable/disable
找到MAC和 SSC Key Hash後(00:11:93:00:04:2c /c27c7c2e7da64383108f19e83777121efe3619db )
在controller 介面 Security> AP Profile > 按下Add按鈕 後
在Add AP to Authorization List裡面Certificate Type選 SSC
填入 MAC 和 SHA1 Key Hash後,<<<就是上面那串紅字>>>
即可完成
以下log會推算這MAC是這Hash key,是因為時間都相同,同一秒 所以猜測是同1個AP的資訊
(Cisco Controller) >Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: locking ca cert table
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: calling x509_alloc() for user cert
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: calling x509_decode()
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: <subject> L=San Jose, ST=California, C=US, O=Cisco Systems, MAILTO=support@cisco.com, CN=C1100-00119300042c
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: <issuer> L=San Jose, ST=California, C=US, O=Cisco Systems, MAILTO=support@cisco.com, CN=C1100-00119300042c
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Mac Address in subject is 00:11:93:00:04:2c
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
Wed Oct 29 03:18:46 2014: ssphmSsUserCertVerify: self-signed user cert verfied.
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: ValidityString (current): 2014/10/29/03:18:46
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: ValidityString (NotBefore): 2011/04/19/06:07:30
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: ValidityString (NotAfter): 2020/01/01/00:00:00
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: getting cisco ID cert handle...
Wed Oct 29 03:18:46 2014: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Calculate SHA1 hash on Public Key Data
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 30820122 300d0609 2a864886 f70d0101
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 01050003 82010f00 3082010a 02820101
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 00e6bfcd 007d970b 5d463933 68080b5c
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data e794736b 754139bf 9bfe8aaa 0eb234cb
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data d6bf98cc e420d854 ec25e1b8 8d1a3228
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 3b480b2e a45fbbce aaa4cd4e dea2f7dc
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 7ad33d55 108b6ea9 55407d1d ba2d5a7e
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 0c171a35 f195931a ec6ee725 d67a3339
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data e61a38e2 6ce68bcb ec55a58c 9aee34f9
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 26d161a7 cbb23b44 f560a008 e0deab82
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 3b64c01e 8955c326 0f368ac9 122c1a95
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data eb8e81cc fa3ecbea a9806d5e b147dcf5
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data f4459ef2 2a53f767 fd5ef31b 739c82cd
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data fa04ad8f d809c9f2 c2ec268b 24a7983b
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 92b2f554 16d75bff 5dc53e43 9ac4c3c8
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 5f0f64f4 b4f71b9f eaa0a5be d0ff7388
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data f0f59223 b01aed74 a167d102 44274178
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 429aaad6 c6cb87e8 c9dad1db 5fd71043
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 2f020301 0001
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: SSC Key Hash is c27c7c2e7da64383108f19e83777121efe3619dbWed Oct 29 03:18:46 2014: sshpmGetCertFromHandle: calling sshpmGetCertFromCID() with CID 0x1f7e88a7
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: called to get cert for CID 1f7e88a7
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
Wed Oct 29 03:18:48 2014: sshpmFreePublicKeyHandle: called with 0x159501ec
Wed Oct 29 03:18:48 2014: sshpmFreePublicKeyHandle: freeing public key
debug pm pki disable
2014年10月20日 星期一
AP join controller success log
*Oct 21 15:37:44.284: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
*Oct 21 15:37:45.319: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 21 15:37:46.320: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Oct 21 15:37:49.232: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER
*Oct 21 15:37:58.233: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Oct 21 15:38:10.234: %CAPWAP-3-ERRORLOG: Selected MWAR 'WLC4404'(index 0).
*Oct 21 15:38:10.234: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 21 02:21:33.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.240.231.1 peer_port: 5246
*Oct 21 02:21:35.482: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.240.231.1 peer_port: 5246
*Oct 21 02:21:35.483: %CAPWAP-5-SENDJOIN: sending Join Request to 10.240.231.1perform archive download capwap:/c1130 tar file
*Oct 21 15:37:45.319: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 21 15:37:46.320: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Oct 21 15:37:49.232: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER
*Oct 21 15:37:58.233: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Oct 21 15:38:10.234: %CAPWAP-3-ERRORLOG: Selected MWAR 'WLC4404'(index 0).
*Oct 21 15:38:10.234: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 21 02:21:33.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.240.231.1 peer_port: 5246
*Oct 21 02:21:35.482: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.240.231.1 peer_port: 5246
*Oct 21 02:21:35.483: %CAPWAP-5-SENDJOIN: sending Join Request to 10.240.231.1perform archive download capwap:/c1130 tar file
2014年10月13日 星期一
RADIUS server 認證 switch 設定 802.1X authentication
To enable 802.1X authentication on a switch port, on the switch CLI, enter these commands:
Switch# configure terminal
Switch(config)# dot1x system-auth-control
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# radius-server host ip_addr auth-port port acct-port port key key
Switch(config)# interface fastethernet2/1
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Switch# configure terminal
Switch(config)# dot1x system-auth-control
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# radius-server host ip_addr auth-port port acct-port port key key
Switch(config)# interface fastethernet2/1
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
2014年10月5日 星期日
How to reset a Wireless LAN Controller (WLC) to factory defaults
Resolution
Complete these steps to reset the WLC to factory default settings using the CLI:
- Enter reset system at the command prompt.
- At the prompt that asks whether you need to save changes to the configuration, enter Y or N. The unit reboots.
- When you are prompted for a username, enter recover-config to restore the factory default configuration.
The WLC reboots and displays the Welcome to the Cisco WLAN Solution Wizard Configuration Tool message. - Use the configuration wizard to enter configuration settings.
Note: Once the WLC is reset to defaults, you need a serial connection to the WLC in order to use the configuration wizard.
For more information on resetting the device to default settings using GUI, refer to the Resetting the Device to Default Settings section of Configuring Controller Settings.
source
訂閱:
文章 (Atom)