Archive

Posts Tagged ‘wlc’

How to backup guest users on Cisco WLC (SRE based)

February 14, 2013 Leave a comment

Surprisingly, but magic command

config passwd-cleartext enable

did not appear to be 100% working on firmware 7.0.116 on my ISM-SRE-300-based WLC. It shows net users on the exported config but only those with temporary accounts! I.e. an account appears on the exported config only if  you set its lifetime to a non-zero value. Thus to backup local user database prior to a firmware upgrade you have to go through all guest user accounts and set their lifetime to a big value (a couple of days). As soon as the upgrade is completed you can go through all of them again and revert TTLs back to zero.

Advertisements
Categories: Cisco, LAN, Security, Wireless Tags: , ,

Cisco WLC on ISM-SRE-300 module hosted by ISR2 router without EtherSwitch module

December 27, 2012 Leave a comment
ism-sre-300-k9

ism-sre-300-k9

To my surprise such a nice module as ISM-SRE-300-K9 comes with a very poorly written documentation when it comes to deploying it in a “non-standard” configuration. You can find it here .

Apparently, Cisco’s preferred way (and it’s indeed quite easy to do) of provisioning WLC on this module is to use a switching module within the same ISR2 chassis. In that case it’s really easy to switch necessary VLANs via MGF to an EtherSwitch module and then down to your network.

If you do not have a switching module then your options are NAT (this one is briefly explained in the aforementioned configuration guide) and bridging. I personally do not like the idea of NAT-ing packets out of WLC here as it’s Layer 3 and it is not the same thing as Layer 2, you know. I like thinking about wireless traffic as L2 frames  which get from their WLANs into relevant VLANs on the wired network. In this case you can deal with them the same way as with all other traffic – switch accordingly and then route IP encapsulated into these frames via your normal L3 device and apply all necessary security/QoS policies in the same place with all other traffic.

This leaves us with “classic” bridging option and a couple of problems associated with it.  Read more…

Categories: Cisco, LAN Tags: ,