Professional Documents
Culture Documents
- No NTP is configured on the WLC / no timezone -> use PAcific Timezone... like
MSE and WCS did
- sysname of WLCs are wrong -> like (5508-1)>
- enable AP fallback WLCs.
- Check DHCP Scopes on 6504-A / B
- check interfaces vlan for strange config (no ip igmp snooping / multicast)
- SVI dmz2-guest has something wrong
- 5508-1 and 5508-2 has management if on native vlan should be changed that will
be tagged
- allow only needed VLANs to WLC trunks
- some vlans has HSRP active - some not...
- some SVIs exists only on 6504-A and others only on 6504-B... so be attention t
o default GW... sometimes .1 sometimes .2
- all configs should be done on 2,4GHz - until there are other specifications...
certificate CA1
certificate bridge
certificate CA2
Bridge certificate
Bridge private file
3.2 : class-map on Autonomous Access-point for Radius in higher priority
set UDP1812/1813 between ACS and remote switch to highest QoS marking on the rad
io, all other to the next highest
service policy radio for RADIUS 1812 1813 between ACS and remote Switch only. Th
e RADIUS ports should get the highest QoS marking and the rest the next highest
only on the radio. CS7 and CS6
3.3 : 1260-BR2 is plug to the wan. the best path is the bridge, change it to be
the wan
12602-BR2 is connected to WAN and via Bridge link to 12602-BR1
4.1 : There are two PKI CA1 (issued ACS) and CA2 (other PKI)
ACS should send ACL in the attribute following users departementx and one other
2 different CAs - DepartementX with win2008 CA and anyconnect profile cciewirele
ssTLS shouldnt access vlan 100 but all other yes. And the old certificate from wir
elessCA with preconfigured profile wirelessnetTLSno access to vlan 129 and all othe
r yes.
4.X : AP should work also for Costa Rica (I added the country Costa Rica)
4.X : Contractor WLAN with WPA2/AES, no power changes - WMM disable and Coverage
hole disable
4.X : To extend contractor WLAN we need to Create of a Group interface on WLC. A
void multicast dup packets.
4.X : Roaming not working between 5508-1 and 5508-2 WLC (same as LAB2 and LAB3)
4.X :
ccess
4.X+1
have
6.1 : voice ssid is configured (PSK), problem with DHCP_REQD for voice SSID.(DHC
P override and DHCP required was enabled under WLAN advnaced page)
6.2 : Change PSK to EAP-TLS with the certificate embedded of the phone. Set the
right ACS policy.
6.3 : Do a call to 1001 (same the others LABs)
6.4 : Voice Troubleshooting (Exactly Same as LAB2 question 6.2)
6.x : cckm time >1 second config wlan security wpa akm cckm timestamp-tolerance
5000 <WLAN id >