Wednesday, August 29, 2012

Cisco WLCM ( Wireless LAN Control Module ) 2800 / 3800

This post is all about getting the Cisco WLCM initial setup completed correctly to the point where you can access the GUI and login successfully. The additional configuration needed to add AP's, apply security etc. will be contained in other posts.

Disclaimer: The interface's used will depend on what platform / slot you place the module.

On to the good stuff... I decided to add a quick summary / description of the interfaces being used below. Once you understand what the port is doing and going to do, it makes things much easier. (Note: The brief explanations do not cover everything that the interfaces will do, please see Cisco website if you want more information.)

Management Interface -

The management interface is the default interface for in-band management of the controller and connectivity to enterprise services such as AAA servers. It is also used for communications between the controller and access points. The management interface has the only consistently "pingable" in-band interface IP address on the controller. You can access the controller's GUI by entering the controller's management interface IP address in Internet Explorer's or Mozilla Firefox's address field.
For CAPWAP, the controller requires one management interface to control all inter-controller communications and one AP-manager interface to control all controller-to-access point communications, regardless of the number of ports.

AP-Manager Interface -

A controller has one or more AP-manager interfaces, which are used for all Layer 3 communications between the controller and lightweight access points after the access points have joined the controller. The AP-manager IP address is used as the tunnel source for CAPWAP packets from the controller to the access point and as the destination for CAPWAP packets from the access point to the controller. The AP-manager interface communicates through any distribution system port by listening across the Layer 3 network for access point CAPWAP or LWAPP join messages to associate and communicate with as many lightweight access points as possible.

For Cisco 4404 and WiSM Controllers, configure the AP-manager interface on all distribution system ports (1, 2, 3, and 4). For Cisco 4402 Controllers, configure the AP-manager interface on distribution system ports 1 and 2. In both cases, the static (or permanent) AP-manager interface is always assigned to distribution system port 1 and given a unique IP address. Configuring the AP-manager interface on the same VLAN or IP subnet as the management interface results in optimum access point association.

Virtual Interface -

The virtual interface is used to support mobility management, Dynamic Host Configuration Protocol (DHCP) relay, and embedded Layer 3 security such as guest web authentication and VPN termination. It also maintains the DNS gateway host name used by Layer 3 security and mobility managers to verify the source of certificates when Layer 3 web authorization is enabled.

Specifically, the virtual interface plays these two primary roles:
•Acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP server.
•Serves as the redirect address for the web authentication login page.

Note: All controllers within a mobility group must be configured with the same virtual interface IP address. Otherwise, inter-controller roaming may appear to work, but the handoff does not complete, and the client loses connectivity for a period of time.

The virtual interface IP address is used only in communications between the controller and wireless clients. It never appears as the source or destination address of a packet that goes out a distribution system port and onto the switched network. For the system to operate correctly, the virtual interface IP address must be set (it cannot be 0.0.0.0), and no other device on the network can have the same address as the virtual interface. Therefore, the virtual interface must be configured with an unassigned and unused gateway IP address. The virtual interface IP address is not pingable and should not exist in any routing table in your network. In addition, the virtual interface cannot be mapped to a backup port.

Service-Port Interface -

The service-port interface controls communications through and is statically mapped by the system to the service port. The service port can obtain an IP address using DHCP, or it can be assigned a static IP address, but a default gateway cannot be assigned to the service-port interface. Static routes can be defined through the controller for remote network access to the service port.

Dynamic Interface -

Dynamic interfaces, also known as VLAN interfaces, are created by users and designed to be analogous to VLANs for wireless LAN clients. A controller can support up to 512 dynamic interfaces (VLANs). Each dynamic interface is individually configured and allows separate communication streams to exist on any or all of a controller's distribution system ports. Each dynamic interface controls VLANs and other communications between controllers and all other network devices, and each acts as a DHCP relay for wireless clients associated to WLANs mapped to the interface. You can assign dynamic interfaces to distribution system ports, WLANs, the Layer 2 management interface, and the Layer 3 AP-manager interface, and you can map the dynamic interface to a backup port.

You can configure zero, one, or multiple dynamic interfaces on a distribution system port. However, all dynamic interfaces must be on a different VLAN or IP subnet from all other interfaces configured on the port. If the port is untagged, all dynamic interfaces must be on a different IP subnet from any other interface configured on the port.

Dynamic AP Management -

A dynamic interface is created as a WLAN interface by default. However, any dynamic interface can be configured as an AP-manager interface, with one AP-manager interface allowed per physical port. A dynamic interface with the Dynamic AP Management option enabled is used as the tunnel source for packets from the controller to the access point and as the destination for CAPWAP packets from the access point to the controller. The dynamic interfaces for AP management must have a unique IP address and are usually configured on the same subnet as the management interface.


You may want to verify that the router actually recognizes the module first, just in case.

Home_3825#sh inventory

NAME: "Integrated Service Engine for Modular and Integrated Services Routers on Slot 2", DESCR: "Integrated Service Engine for Modular and Integrated Services Routers"
PID: NME-AIR-WLC8-K9   , VID: V02 , SN: XXXXXXXX

Home_3825#show ip interface brief 
In2/0                      10.1.22.1       YES manual up                    up

This is what the module interface will look like (In1/0 |  In2/0)

The module in the router that I am using is configured already, well as far along as this blog will take us.  (Your's probably wont have an IP address and it will be shut down)

We need to log into the WLCM to start the initial configuration.

First, we need to give the module an IP address and no shut the interface before we can begin our "session" with the module. If we try and session in with the two commands just mentioned, you will get the error below.

Home_3825#service-module integrated-Service-Engine 2/0 session 
IP address needs to be configured on interface Integrated-Service-Engine2/0

The IP address that you give this interface will be the default-gateway IP for the additional interfaces we will be adding later so choose wisely.

Home_3825(config)#inter integrated-Service-Engine 2/0

Home_3825(config-if)#ip add 10.1.22.1 255.255.255.0

Home_3825(config-if)#no shut

Try to think of this interface just like you would any other layer 3 interface. (e.g. GigabitEthernet0/0)

Lets open a session into the module!

Home_3825#service-module integrated-Service-Engine 2/0 session
Trying 10.1.22.1, 2130 ... Open

Username: Cisco
Password: cisco

Once you are in a session, to get back out. ( control + shift + 6 ) X) If you want to permanantely back out, once your at the router interface type: #disconnect < --- enter 

We are now asked for credentials to log into the WLCM to begin working on its initial configuration. I wanted to make sure the module was reverted back to factory-default.

User:Cisco
Password:cisco

(Cisco Controller) >clear config
Are you sure you want to clear the configuration? (y/n) y

Configuration Cleared!
(Cisco Controller) >reset
(Cisco Controller) reset>system 

The system has unsaved changes.
Would you like to save them now? (y/N) N

Configuration Not Saved!
Are you sure you would like to reset the system? (y/N) y

System will now restart!
------------------------------------------
Just like anything Cisco, exit out of the configuration wizard to begin. It will present you with a different "wizard", this one is the one you want plus you can't cancel out of this one.


*** autoinstall must be terminated in order to run the configuration wizard.

Would you like to terminate autoinstall? [yes]:

System Name [Cisco_cc:cb:60] (31 characters max): Your_clever_WLCM_name

Enter Administrative User Name (24 characters max): jdoe

Enter Administrative Password (24 characters max): password

Re-enter Administrative Password                 : password

Management Interface IP Address: 10.1.22.18

Management Interface Netmask: 255.255.255.0

Management Interface Default Router: 10.1.22.1

Management Interface VLAN Identifier (0 = untagged): 0

Management Interface Port Num [1]: 1

Management Interface DHCP Server IP Address: 10.1.22.18

AP Manager Interface IP Address: 10.1.22.19

AP-Manager is on Management subnet, using same
values AP Manager Interface DHCP Server (10.1.22.18): 10.1.22.18

Virtual Gateway IP Address: 22.22.22.22

Mobility/RF Group Name: wlan-22-mg

Network Name (SSID): wlan-22


Configure DHCP Bridging Mode [yes][NO]: n

Configure DHCP Bridging Mode [yes][NO]: NO

Allow Static IP Addresses [YES][no]: no

Configure a RADIUS Server now? [YES][no]: no

Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.

Enter Country Code list (enter 'help' for a list of countries) [US]:

Enable 802.11b Network [YES][no]: yes

Enable 802.11a Network [YES][no]: yes

Enable 802.11g Network [YES][no]: yes

Enable Auto-RF [YES][no]:

Configure a NTP server now? [YES][no]: yes

Enter the NTP server's IP address: 10.1.2.1

Enter a polling interval between 3600 and 604800 secs: 604800

Configuration correct? If yes, system will save it and reset. [yes][NO]: yes

Configuration saved!
Resetting system with new configuration...

When the module come's back up after the reboot, you should see something similar to this:

(Cisco Controller) config>

And now, you should be able to type the management IP into a web browser, hit enter and see something similar to this:


Login with the UN / PW you supplied as you were setting things up, and you are all set!

More to come...






Wednesday, March 14, 2012

Cisco ROMMON Privilege Mode - Fixing a broken cookie.

This blog will be about ROMMON Mode on a Cisco ISR and some of the issue's that I had when I started up one of my 2800's at home. It seems that the cookie was corrupt and the router would not boot because it thought I had the incorrect image on the flash which was not the case.

So after doing a lot of searching I found out that I needed to fix the cookie and enter privilege mode of ROMMON to do this. I have been working with Cisco hardware for quite sometime and had never once heard of this little known TAC feature.

Ok, now onto the good stuff.

DISCLAIMER: USE AT YOUR OWN RISK | USE AT YOUR OWN RISK | USE AT YOUR OWN RISK

Here is the error that I was getting when I was trying to boot up my router.

"Readonly ROMMON initialized
loadprog: error - Invalid image for platform"

Now to enter the privledge mode of ROMMON. You will need to find the password to get
in and to get this password, you will need to display the cookie in ROMMON and find
a site that can decipher it for you.

This is the website that I found and kudos to this person!!

http://ers.pp.ru/cgi-bin/priv.cgi

Here is a partial piece of the cookie that was on my router:

rommon 2 > cookie

cookie:
04 ff 09 86 ff ff ff ff ff ff ff ff ff ff ff ff
4f 43 31 31 31 37 33 38 46 50 40 04 0c 41 07 00
82 49 1f fe 07 42 41 30 c0 46 03 20 00 5b 8b 05
88 00 00 00 00 02 04 c6 8a 49 50 4d 37 56 30 30

Now once that you have this on your screen, go to the website mentioned above and
paste the entire first line into the box. It will be a 4 digit password that it
spits out.

Now that you have your password, type in: priv and hit enter, input your password
and the outpur will be something like this.

rommon 7 > priv
Password:
You now have access to the full set of monitor commands.
Warning: some commands will allow you to destroy your
configuration and/or system images and could render
the machine unbootable.

Now that you are here, you will need to fix your cookie and will be a topic for
another blog post but what I did was boot up another router into ROMMON and grabbed
the cookie off of that one. (Thats probably not the best idea as it seems that the
MAC address' for the interfaces are derived from this Hexa-Decimal cookie.)

rommon 8 > ?
addrloop            walk 1 thru range of addresses
alias               set and display aliases command
alter               alter locations in memory
berrscan            scan range of addresses for bus errors
boot                boot up an external process
break               set/show/clear the breakpoint
call                call a subroutine at address with converted hex args
cat                 concatenate files
checksum            checksum a block of memory
clrerr              clear the error log
compare             compare two blocks of memory
confreg             configuration register utility
cont                continue executing a downloaded image
context             display the context of a loaded image
cookie              display contents of motherboard cookie PROM in hex
cpu                 cpu / system information and control
cycles              excercise the hardware with all possible cycles
dev                 list the device table
dir                 list files in file system
dis                 disassemble instruction stream
dnld                serial download a program module
dram                verify DRAM
dump                display a block of memory
echo                monitor echo command
errlog              display the error log
fdump               file dump utility
fill                fill a block of memory
flash               flash services command
frame               print out a selected stack frame
giodn               gio ucode download
giopref             select which gio to boot next
gioshow             show the gio version
gt96100             print out GT96100 registers
gt96100fe           print out GT96100 FE registers
help                monitor builtin command help
history             monitor command history
ifill               fill a block of memory w/incrementing pattern
iomemset            set IO memory percent
initfs              re-initialize the file system access structures
jump                call a subroutine at address with argc/argv
launch              launch a downloaded image
leds                check out the error LED
memdebug            write/read/verify scope loop
meminfo             main memory information
memloop             write or read scope loop
memtest             simple memory test
menu                main diagnostic menu
move                move a block of memory
repeat              repeat a monitor command
reset               system reset
rommon-pref         Select ROMMON
set                 display the monitor variables
showmon             display currently selected ROM monitor
sleep               millisecond sleep command
speed               timed performance loop
stack               produce a stack trace
sync                write monitor environment to NVRAM
sysret              print out info from last system return
tcal                timer calibration test
tftpdnld            tftp image download
tlbdump             display the cpu TLB
tlbflush            flush the TLB
tlbmap              initialize a TLB mapping
tlbpid              set/display process ID number
tlbphy              search TLB for physical translation
tlbtest             test the TLB
tlbscan             scan for TLB exceptions
tlbvir              search TLB for a virtual translation
tscope              timer scope loop
unalias             unset an alias
unset               unset a monitor variable
watchdog            test watchdog rebooting of the box
xmodem              x/ymodem image download

Now we need to enter cookie mode so type: cookie

This is what you will see:

View/alter bytes of serial cookie by field --
Input hex byte(s) or: CR -> skip field; ? -> list values

Now if you have a good cookie (In Hexa-Decimal), you will need to paste each line in one at a time.

bytes 0x08-0x0F: ff ff ff ff ff ff ff ff
               >
bytes 0x10-0x17: 4f 43 31 31 31 37 33 38
               >
bytes 0x18-0x1F: 46 50 40 04 0c 41 07 00
               >
bytes 0x20-0x27: 82 49 1f fe 07 42 41 30

<output omitted>

######################

Here are a few more show commands:

rommon 13 > menu

Main Diagnostic Menu
a: alter diag flags
b: basic utilities
c: do all diags in this menu
d: do group of diags in this menu
e: monitor image checksum test
f: internal interrupt test
g: bev state test
h: timer interrupt test
i: size main memory
j: main memory test
k: aux loopback test
l: aux port interrupt test
m: cookie test
n: primary data cache test
o: secondary data cache test
p: tlb test
q: mother board reg test
r: gt96xx dma test
x: return to previous menu
FLAGS: Continuous OFF  Stop on error OFF  Loop on error OFF  Quiet mode OFF

enter Main Diagnostic Menu item > m

*** Warning: if power is lost or user sends break ***
the system will not recover until cookie content is restored.

main board cookie test cookie out of scope, cookie number 0.
phase 1: cookie test with 0x5a5a pattern, main board cookie test
*** TLB (Load/Fetch) Exception ***
Access address = 0x10
PC = 0xbfc1efe8, Cause = 0x8, Status Reg = 0x3041e803

enter Main Diagnostic Menu item > b

Diagnostic Utilities Menu
a: alter memory
b: compare memory block
c: display memory
d: move memory block
e: fill memory
f: memory test
g: memory read or write loop
h: memory debug loop
i: address loop
j: system reset
k: system cold
l: console break interrupt test
m: AUX port echo test
n: show mother board regs
o: poll slots
p: mother board cookie utility
q: show GT96K registers
r: show NM PCI regs
s: PCI config write
t: PCI config read
u: show CF info
x: return to previous menu

Now if you have done everything correct, type the (3) commands below and it should boot up just fine.

rommon 8 > initfs
rommon 9 > sync
rommon 10 > reset

System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
PLD version 0x10
GIO ASIC version 0x127
c2801 platform with 262144 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled


Readonly ROMMON initialized
program load complete, entry point: 0x8000f000, size: 0xcb80
program load complete, entry point: 0x8000f000, size: 0xcb80

program load complete, entry point: 0x8000f000, size: 0x2fb6af8
Self decompressing the image :
####################################################################################
####################################################################################
####################################################################################
############# [OK]

Smart Init is enabled
smart init is sizing iomem
  ID            MEMORY_REQ         TYPE
                0X003AA110 public buffer pools
                0X00211000 public particle pools
                0X00020000 Crypto module pools
                0X00120000 VPM buffer pools
0X0012          0X00035000 Card in slot 1
                0X000021B8 Onboard USB

If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.

Allocating additional 12389767 bytes to IO Memory.
PMem allocated: 245366784 bytes; IOMem allocated: 23068672 bytes

Cisco IOS Software, 2801 Software (C2801-ADVENTERPRISEK9-M), Version 12.4(22)YB6,
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 02-Jun-10 22:33 by prod_rel_team

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Installed image archive
Cisco 2801 (revision 6.0) with 239616K/22528K bytes of memory.
Processor board ID FTX1023Y0S3
2 FastEthernet interfaces
2 Serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
63984K bytes of USB Flash usbflash0 (Read/Write)
125440K bytes of ATA CompactFlash (Read/Write)















Friday, January 27, 2012

BGP Memory Usage on a Cisco ISR

Is you ever wanted to know how much memory a BGP route uses on a Cisco ISR Router, take a look at the example below.
__________________

From Cisco:
The memory consumption by BGP routes depends on the number of attributes, such as multipath support, soft reconfiguration, the number of peers, and AS_PATH etc.

When the BGP router receives its neighbors' full BGP routing table (98,410 routes), the router consumes approximately 71 MB. With the AS_PATH filters applied to inbound updates, the size of the BGP routing table is reduced to 31,667 routes, and the memory consumption is approximately 28 MB. This decrease in memory utilization is more than 60 percent with optimal routing.
__________________

Below are (2) BGP peers with 2 static routes and no other attributes applied. You can see the first output with (1) static route and then a second static route was added.


r2#sh ip bgp summ
BGP router identifier 2.2.2.2, local AS number 2 BGP table version is 3, main routing table version 3
1 network entries using 120 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 444 total bytes of memory BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.1.1        4     1       4       3        3    0    0 00:00:31        1



r2#sh ip bgp
*Mar  1 00:06:57.475: %SYS-5-CONFIG_I: Configured from console by consolep summ BGP router identifier 2.2.2.2, local AS number 2 BGP table version is 8, main routing table version 8
2 network entries using 240 bytes of memory
2 path entries using 104 bytes of memory
3/3 BGP path/bestpath attribute entries using 372 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory BGP using 772 total bytes of memory BGP activity 3/0 prefixes, 3/1 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.1.1        4     1       9       7        6    0    0 00:03:23        1

     1.0.0.0/32 is subnetted, 1 subnets
S       1.1.1.1 [1/0] via 10.1.1.1
     3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback0
     4.0.0.0/32 is subnetted, 1 subnets
S       4.4.4.4 [1/0] via 10.1.1.1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, Serial0/0