msgbartop
msgbarbottom

26 Mar 14 Broadcast multiple SSID’s – Cisco Standalone Access Points

How to broadcast multiple SSID’s on Cisco Access Points

Usually using the command guest-mode under the SSID configuration on a Cisco Access Point you can broadcast a single SSID. I needed to actually broadcast multiple SSID’s on Cisco 1240 Access Points running the following code: Version 12.4(10b)JDA3. In that case I used the following configuration options.

interface dot11radio #
mbssid
!
dot11 ssid CORP
mbssid guest-mode
!
dot11 ssid GUEST
mbssid guest-mode

I used the following two links during my research.

  • http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-3_7_JA/configuration/guide/i1237sc/s37ssid.html#wp1050170
  • http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-_3g_JA/configuration/guide/ios1243gjaconfigguide/s43ssid.html#wp1035858

Tags: , ,

07 Feb 14 EEM Script for clearing – Cisco IOS

EEM Script example to clear stuff in Cisco IOS

I had to recently clear the DHCP Conflict log from a Cisco Router as it was filling up and not allowing devices to get back on the network in a specific situation. Well instead of doing it manually I just decided to give Cisco EEM Script a try. And it worked out pretty good :). Another scenario I used was clearing DHCP bindings and arp.

EEM Script – Clear DHCP Conflict Log

event manager applet CLEAR_DHCP_CONFLICT (This is applets name)
event timer watchdog time 172800 (Using the watchdog option I allowed it to run every 48 hours)
action 1.0 cli command “enable”
action 2.0 cli command “clear ip dhcp conflict *”
action 3.0 syslog msg “IP DHCP Conflict log has been cleared successfully” (syslog msg enabled me to trigger a syslog message)

EEM Script – Clear DHCP Bindings and Arp Cache

event manager applet CLEAR_DHCP_CONFLICT
event timer watchdog time 172800
action 1.0 cli command “enable”
action 2.0 cli command “clear ip dhcp binding *”
action 3.0 cli command “clear arp”
action 4.0 syslog msg “IP DHCP bindings and Arp Cache have been cleared”

So Cisco EEM Scripting is pretty cool. Possibilities are endless.

Tags: , ,

26 Dec 13 Cisco WLC2504 Boot loader Failure

Cisco WLC2504 Boot Loader Failure Error

So today I had a Cisco WLC 2504 crash and it would not come back online after a reboot. So I gained access to it via Cisco Console cable to see what is going on with it. And I was presented with the following screen/error:

WLCNG Boot Loader Version 1.0.16 (Built on Feb 28 2011 at 13:14:54 by cisco)
Board Revision 0.0 (SN: PSZ17xxxxx, Type: AIR-CT2504-K9) (P)
Verifying boot loader integrity…
##########################################
### IMPROPER SYSTEM OPERATION DETECTED ###
### ———————————- ###
### System has been halted because: ###
### 1. Boot loader failed verification ###

WLC 2504 BootLoad Failure

I was hoping that this is something that can be recovered and we can bring the Cisco 2504 WLC back online. After some searching and talking to Cisco TAC, basically it just needed to be RMAed. Thank God to Cisco Smartnet :), was able to get it back up and running in a couple of hours.

Tags: , ,

24 Dec 13 Testing dial tone and Outbound calling from Cisco Router and FXO Card

Dial tone and Outbound calling – Cisco Router/FXO Card

Recently I had a need to test and determine if there was a dial tone on the Cisco FXO Card installed into a Cisco 2911 router. I knew that telco terminated the pots lines on the 66 block but I did not know if they were plugged into the Cisco FXO card. I did not have any one onsite to give me a visual confirmation. So I found out about couple of cool debug commands to accomplish this:

debug vpm signal
debug vpm all

Here are the steps I took:

  • First I used a test Cisco IP phoneon my desk and set it up with this offices extension in Cisco Call Manager
  • Next I setup the debug commands debug vpm all on the router with term mon
  • Next I tried to dial out from my test phone and since the Cisco Call Manager was setup to use the FXO card for the calling, it tried to dial out using one of the FXO ports
  • Now take a look at the debug message from the Cisco Router

#htsp_allocate_if –

Nov 27 10:31:46.468: HTSP endpoint_info=aaln/S0/SU0/0, type=2, under_specified=0,
service_type=2htsp_allocate_if: MATCH!

Nov 27 10:31:46.472: htsp_timer_stop3 htsp_setup_req
Nov 27 10:31:46.472: Orig called num:16152324144
Nov 27 10:31:46.472: htsp_process_event: [0/0/0, FXOLS_ONHOOK, E_HTSP_SETUP_REQ]fxols_onhook_setup
Nov 27 10:31:46.472: [0/0/0] set signal state = 0xC timestamp = 0
Nov 27 10:31:46.472: dsp_set_sig_state: [0/0/0] packet_len=12 channel_id=128 packet_id=39 state=0xC timestamp=0×0
Nov 27 10:31:46.472: TGRM: reg_invoke_tgrm_call_update(0, 0, 0, 65535, 1, TGRM_CALL_BUSY, TGRM_CALL_VOICE, TGRM_DIRECTION_OUT)
Nov 27 10:31:46.472: htsp_timer – 1300 msec
Nov 27 10:31:46.728: htsp_process_event: [0/0/0, FXOLS_WAIT_DIAL_TONE, E_DSP_SIG_1100]fxols_power_denial_detected
Nov 27 10:31:46.728: htsp_timer2 – 1000 msec
Nov 27 10:31:46.728: htsp_timer_stop
Nov 27 10:31:47.728: htsp_process_event: [0/0/0, FXOLS_WAIT_DIAL_TONE, E_HTSP_EVENT_TIMER2]fxols_power_den_disc
Nov 27 10:31:47.728: htsp_timer_stop
Nov 27 10:31:47.728: htsp_timer_stop2
Nov 27 10:31:47.728: [0/0/0] set signal state = 0×4 timestamp = 0
Nov 27 10:31:47.728: dsp_set_sig_state: [0/0/0] packet_len=12 channel_id=128 packet_id=39 state=0×4 timestamp=0×0
Nov 27 10:31:47.728: mars_flex_dsprm_current_codec_comp:DSP:0 FLEX Complexity Codec htsp_release_req: cause 34, no_onhook 0
Nov 27 10:31:47.728: htsp_process_event: [0/0/0, FXOLS_ONHOOK, E_HTSP_RELEASE_REQ]fxols_onhook_release
Nov 27 10:31:47.728: TGRM: reg_invoke_tgrm_call_update(0, 0, 0, 65535, 1, TGRM_CALL_IDLE, TGRM_CALL_VOICE, TGRM_DIRECTION_OUT)
Nov 27 10:31:47.728: flex_dsprm_close_cleanuphtsp_allocate_if –

Nov 27 10:31:47.780: HTSP endpoint_info=aaln/S0/SU0/1, type=2, under_specified=0,
service_type=2htsp_allocate_if: MATCH!

If you look at lines above you will notice that it clearly did not get a dial tone and hence my called failed. With this information I was able to verify if someone connected the cables from the 66 block to the Cisco FXO Card. I could have also used this same technique to see if there was dial tone on the pots lines on the 66 block. In case there is no butt set is available

Tags: , , , ,

19 Dec 13 Cisco Voice Gateway not Re Registering with Cisco Call Manager

Cisco Voice Gateway lost registration with Cisco Call Manager and not re registering

So VoIP is a whole new world to me and in the last two months I have learnt a whole lot. Pretty interesting stuff especially once you know it obviously lol. But troubleshooting can be a pain at times. Recently one of the Cisco router with a PRI lost its registration with the Cisco Call Manager – CUCM. None of the phones were working for outbound dialing however local extension dialing was working. When I logged into the Cisco Router and issued the following command: show ccm. I noticed that it is going back and forth trying to register with the Primary and Backup Cisco Call Manager. I looked at the settings on the Cisco Router and all VoIP related config was right. I tried to do no mgcp and then mgcp still no use. Then I started to run a debug to see what is happening and hopefully debug will give me some indication on the issue. Following commands were issued on the router:

  • debug mgcp events
  • debug mgcp errors
  • term mon

Here is what I saw in the log:

Dec 18 13:42:30.080: S0/SU0/DS1-0/* mgcp_endpt_parent_redirected: parent S0/SU0/DS1-0/*, child S0/SU0/DS1-0/23
Dec 18 13:42:30.080: S0/SU0/DS1-0/23 mgcp_endpt_set_notified_entity:
Dec 18 13:42:30.080: S0/SU0/DS1-0/23 mgcp_endpt_set_notified_entity:ne 10.206.110.20:2427, ne addr 10.206.110.20:2427
Dec 18 13:42:30.080: S0/SU0/DS1-0/23 mgcp_endpt_set_call_agent:
Dec 18 13:42:30.080: S0/SU0/DS1-0/23 mgcp_endpt_redirect_children:
Dec 18 13:42:30.080: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.080: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.080: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.080: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.080: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.080: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.080: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.080: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.080: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.080: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.080: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=4, conn_mode=3
Dec 18 13:42:30.084: mgcp_is_transient: callp->state=0, conn_mode=0
Dec 18 13:42:30.084: MGCP sys msg: (15)
Dec 18 13:42:30.084: xlate sys msg: (15, 4539B688)
Dec 18 13:42:30.084: sys msg values: (INVALID MGCP EVENT, 0, , 1108831796, CALL_IDLE)
Dec 18 13:42:30.084: process mgcp_handle_cmapp_event
Dec 18 13:42:30.084: mgcp_cmapp_send_rsip: Send-RSIP: Sending gw host is XYZ1-RTR-01.mydomain.com, endpt is *
Dec 18 13:42:30.084: mgcp_cmapp_send_rsip_to_callmgr: Send RSIP – Pass-in: ipaddr=10.206.110.20 ca_port=2427
Dec 18 13:42:30.084: * mgcp_root_get_profile:
Dec 18 13:42:30.084: * mgcp_send_rsip_msg:
Dec 18 13:42:30.084: * mgcp_endpt_record_rsip:
Dec 18 13:42:30.084: * mgcp_send_rsip_msg: Manually recroding RSIP method
Dec 18 13:42:30.084: * mgcp_endpt_record_rsip:
Dec 18 13:42:30.084: * mgcp_enq_retx_rsip_msg
Dec 18 13:42:30.084: mgcp_add_trans_id_rec: Add trans id (689668931, 46CBEB70) record
Dec 18 13:42:30.084: mgcp_stw_timer_start timer type 0, duration 500
Dec 18 13:42:30.652: MGC stat – 10.202.110.36, total=340539, succ=340048, failed=146
Dec 18 13:42:30.652: mgcpapp_process_mgcp_msg :
Dec 18 13:42:30.660: * mgcp_msg_ack
Dec 18 13:42:30.660: MGC stat – 10.202.110.36, total=340539, succ=340049, failed=146
Dec 18 13:42:30.660: * mgcp_check_for_redirection: endpt * was not redirected
Dec 18 13:42:30.660: [S] mgcp_msg_ack:6166,Updating (*)=10.202.110.36
Dec 18 13:42:30.660: * mgcp_msg_ack: Removing msg : RSIP 689668929 *@XYZ1-RTR-01.mydomain.com MGCP 0.1
RM: graceful
Dec 18 13:42:30.664: * mgcp_msg_ack: Setting the restart method to NONE
Dec 18 13:42:30.664: mgcpapp_process_socket
Dec 18 13:42:30.664: MGC stat – 10.206.110.20, total=313, succ=169, failed=143
Dec 18 13:42:30.664: mgcpapp_process_mgcp_msg :
Dec 18 13:42:30.664: * mgcp_msg_ack
Dec 18 13:42:30.664: MGC stat – 10.206.110.20, total=313, succ=169, failed=144
Dec 18 13:42:30.664: * mgcp_check_for_redirection: endpt * was not redirected
Dec 18 13:42:30.664: * mgcp_msg_ack: Removing msg : RSIP 689668931 *@XYZ1-RTR-01.mydomain.com MGCP 0.1
RM: restart
Dec 18 13:42:30.664: * mgcp_msg_ack: Setting the restart method to NONE
Dec 18 13:42:30.664: mgcpapp_process_socket
Dec 18 13:42:30.960: unreachable detected
Dec 18 13:42:30.960: mgcp_cr_and_init_evt_node:$$$ the node pointer 46FA4428

After looking at the debug I noticed that the registration was failing for the host “XYZ1-RTR-01.mydomain.com”. When I looked in the Cisco Call Manager I noticed that the registered name was “XYZ-RTR-01.mydomain.com”. So since the host name of the Cisco Voice Gateway hence it was no longer valid in the Cisco Call Manager. I simply updated the name in Cisco Call Manager and the Cisco Voice Gateway successfully re registered with the Cisco Call Manager – CUCM.

Tags: , , , , , , , ,

31 Aug 13 No Shut Cisco router interface automatically – EEM Script

How to re enable a Cisco router interface after shutting it down automatically

Recently I had a need to shutdown a Cisco router interface for testing, but then I needed it to be re enabled after a min or so. Well since it was a remote router I did not have console access to it, no dial up access to it either. I had an option to do a reload in xxx, but I really did not want the whole router reloaded. Thanks to Cisco Event Manager EEM Scripting :), it came to my rescue. Here are a few examples that I ended up using for my testing.

EEM Script examples that I used utilized multiple parameters, there is so much more you can do but these are just very basic for what I needed to accomplish:

EEM Script – “no shut” after 60 seconds

event manager applet NOSHUT1
event timer countdown time 60
action 1 cli command “enable”
action 2 cli command “configure terminal”
action 3 cli command “interface serial0″
action 4 cli command “no shut”

The only thing about this script was that it ran only once and that is it, countdown time would not reset, so to take care of that issue I used another option.

EEM SCript – “no shut” after 60 seconds and reset counter

event manager applet NOSHUT
event timer watchdog time 60
action 1 cli command “enable”
action 2 cli command “configure terminal”
action 3 cli command “interface serial0″
action 4 cli command “no shut”

Now with this script I would shut down an interface and after 60 seconds script re enabled it and reset the counter again. Which means when I shut the interface down again, EEM Script would re enable it again after the counter reached “0″.

EEM Script – “no shut” after detecting a pattern in the log

event manager applet NOSHUT3
event syslog pattern “Interface Serial0, changed state to administratively down”
action 1 cli command “enable”
action 2 cli command “configure terminal”
action 3 cli command “interface serial0″
action 4 cli command “no shut”

This last one pretty much looks for certain patterns in the log and if it matches, script will run and perform the actions you specify. In my case I just did a “no shut” on the serial 0 interface. So this can give you an idea on how powerful EEM Scripting can be and we can accomplish so much utilizing EEM Scripting :).

Note:Use this as a reference point only. There are other configuration options available to tweak this according to your needs. Remember to always backup your work before you make any changes, always test configurations in the lab and never do anything that you can not undo :) . Terms and conditions of using this site

Tags: , , , ,

22 May 13 ASA 8.4 NAT with specific ports

Cisco ASA NAT specific ports TCP/UDP Version 8.4

So we all are pretty much used to the new Cisco ASA 8.3+ NAT, Auto NAT and Twice NAT. I am writing this article on, “how to NAT single or multiple specific ports to a single Public IP address”. When and why would you want to do this? Well some companies can’t afford to have a huge range of Public IP addresses and/or they might be running out or they have way to many internal servers/resources. Using this method Public IP’s can be conserved and can be used for multiple internal resources instead of just one.

Scenario 1

First let me give you an example if you just want to simply NAT an internal IP to a Public IP on Cisco ASA running version 8.4. Example, we have an internal IP of 10.1.1.10 and Public IP of 1.1.1.1:

object network obj-10.1.1.10
host 10.1.1.10
nat (inside,outside) static 1.1.1.1

That is it now you can create an access list for the specific need you have for that server lets say people from the outside need to access it over 443:

access-list outside_in extended permit tcp any gt 1024 host 10.1.1.10 eq 443

Scenario 2

Now some one from the outside can type “https://1.1.1.1″ or associated FQDN and access this web server. But what happens if you need another Public IP address for another internal resource and need 22 (ssh) opened up for it. You already used up your last IP address. So when I ran into such issue I did this:

object network obj-10.1.1.10 (Server 1)
host 10.1.1.10
exit
object network obj-10.1.1.20 (Server 2)
host 10.1.1.20
exit
object network obj-1.1.1.1 (Public IP)
host 1.1.1.1
exit
object service HTTPS (Created a service object for HTTPS)
service tcp source eq 443
exit
object service SSH (Created a service object for SSH)
service tcp source eq 22
exit
nat (inside,outside) source static obj-10.1.1.10 obj-1.1.1.1 service HTTPS HTTPS (NAT1-SERVER1)
nat (inside,outside) source static obj-10.1.1.20 obj-1.1.1.1 service SSH SSH (NAT2-SERVER2)

access-list outside_in extended permit tcp any gt 1024 host 10.1.1.10 eq 443
access-list outside_in remark **** Access list for Server 1 HTTPS Access ****
access-list outside_in extended permit tcp any gt 1024 host 10.1.1.20 eq 22
access-list outside_in remark **** Access list for Server 2 SSH Access ****

Using this method I was able to use a single Public IP and assign it to multiple internal servers on different Ports i.e 443 and 22. Now if someone uses 443 for the public IP of 1.1.1.1 they will get to the internal server 10.1.1.10. Now if someone uses SSH to the Public IP 1.1.1.1 they will get to the Internal server 10.1.1.20. Similarly I can utilize this one Public IP Address and assign it to other internal resources and other ports such as 21, 80, 25 etc

Note:Use this as a reference point only. There are other configuration options available to tweak this according to your needs. Remember to always backup your work before you make any changes, always test configurations in the lab and never do anything that you can not undo :) . Terms and conditions of using this site

Tags: , , ,

19 Dec 12 My Sprint 4G LTE Rant for this week

Sprint 4G LTE Coverage rant

So recently I was visiting my sister and brother in VA and was on 81 and half way into Staunton area I realized that my phone has 4G LTE Signal I was like really wow in the middle of no where? I checked the speed it was pretty decent not so bad. So I decided to keep an eye on it and see how long I’ll have it for. To my surprise I had it all the way to Winchester, VA after that I got off the exit and it disappeared after few miles. Believe it or not it wasn’t even available in Arlington, VA, DC area, Leesburg, VA. I do not understand what are Sprints plans for introducing 4G LTE Coverage. Almost seems like Sprint is way over their head when it comes to providing 4G LTE Coverage. They are actually putting 4G LTE Coverage in small areas and not where there is actually demand for it because of the population. Check out the map below from their website:

So according to Sprint providing 4G LTE Coverage to small areas like Lost River, VA, Harrisonburg, VA, Winchester, VA etc makes sense but they want to take their good old time to provide 4G LTE Coverage to busy metro areas where there is a demand for it. As my previous article explains that there is some 4G LTE Signal I noticed in Brentwood and Franklin area by the Cool Springs Mall. Also I was able to get very little 4G LTE Signal in Memphis area. Oh and where ever Sprint has 4G LTE Signal it is so not as fast as Verizon’s 4G LTE. But honestly I’ll be happy with this as long as they decide to finish their 4G LTE Coverage expansion in this decade hopefully.

If they can not do it then I don’t think it is ethical for Sprint to market and advertise constantly in these areas that there will be 4G LTE available soon. Unless to Sprint the word “soon” equals years or whenever they feel like it. Another thing to keep in mind when signing up for Sprint because of their unlimited 4G LTE service. Yes it is unlimited “if you are lucky enough to get the signal lol”, but it cost a whole lot more money if you want to use your Sprint phone as a Hot Spot. $50 per month for 6GB of data. With all the technology and progress, Access to the Internet and Cell Networks etc should be going down not up. Moreover it is not fair that Sprint users have to pay extra for the premium data usage when it is not even available to us.

Tags: , ,

10 Dec 12 Sprint 4G LTE Coverage Nashville, TN

Sprint 4G LTE Coverage in Nashville, TN

I bought a Sprint 4G LTE phone back in June because I was interested in Sprints Unlimited 4G LTE Plan. I was told that Sprint 4G LTE should be available by Auguest 2012 in Nashville, TN area. Well I knew for certain that there is no way Sprint will be able to complete that mark as the providers and ISP’s never do. I figured September, October might be the months. November came, and then December and no coverage. They said that they did some capacity upgrades in the area for 3G Coverage well that made even the 3G Coverage worst. Any ways so today I was sitting at work in Brentwood, TN and happen to look at my phone because the message light was flashing and all of a sudden I realize it said towards the top it said 4G. I was kinda surprised and thought it must be a mistake, something is probably wrong with the phone.

I proceeded to Sprints Website to check out the Sprint 4G LTE coverage and the I got the results below:

From the screen shot you can see that it does not show that there is 4G LTE coverage yet available in Nashville, TN area. However when I tested my speed I got pretty nice 4G LTE speeds. So I believe Sprint finally have SOME 4G LTE coverage in Nashville, TN area. Perhaps Sprints’ horrible 3G Speeds was related with the Sprints’ 4G LTE turn on or perhaps not important thing is that we (Sprint users) finally have some Sprint 4G LTE in Nashville area. I know even though it is still not like Verizon’s 4G LTE coverage but I am still excited. Finally us Sprint users can taste Sprints 4G LTE Coverage and hopefully Sprint will complete our great City Nashville and surrounding areas for 4G LTE Coverage.

If you are a Sprint user please feel free to share the areas you get Sprint 4G LTE Signal :). Image from my speed tests:

Tags: , , , , , , , ,

30 Nov 12 NY’s Finest being the Finest

If everyone shows kindness we can help so many

WordPress SEO