- Put the device in a place
- Navigate to places
- Click on the place and edit the services
- Turn on calendar and enable the email address
Posts Tagged ‘Cisco’
Recently I had to tag some Access points to a new Vlan on a Cisco switch , the cisco support website is the worst readability so notes for future reference
Find the Port of the Access point by getting the Mac address then listing all the Macs on the switch via
show mac address-table
Tagging port
Ok next we change the port from an access port on the default Vlan ( 1 ) to a trunk to it can carry multiple Vlans in this case 1,5. Warning this will drop the network device for a few pings
conf t
int gi1/0/21
Switchport mode trunk
Switchport trunk allowed vlan 1,5
If it doesn’t work you can always wipe the config via
default interface gi1/0/21
To untag a port on vlan 5
switchport access vlan
Meraki MX Router
Enable Vlans
Go to Security Appliance then Addressing & VLANs
Next setup the Subnet ID ( Number ) for your Vlans and the Address of the Router in each Vlan
Next Change the Uplink to the Switch to a VLAN and set the Native Vlan ( this is the default usually 1 ) and the other Vlans which will pass down this trunk. The Native VLAN will need to be the same on both sides of Meraki and Cisco Switch
DHCP
Go to Security Appliance then DHCP
What device will be the DHCP on this new Subnet? You can set the Meraki or if its a Windows Network point the IP Helper to your main DHCP server
Cisco Switch
Uplink
On the uplink of your switch to the Meraki set e.g. GigabitEthernet1/0/1
conf t
int gi1/0/1
switchport trunk native vlan 1
switchport trunk allowed vlan 1,5
switchport mode trunk
end
You might see the native vlan 1 not showing in the config , this is because 1 is always the native vlan
UnTag Port on new Vlan
This changes the port to use Vlan 5
conf t
int gi1/0/2
switchport acccess vlan 5
switchport mode access
end
Connect to http://wired.meraki.com/#configure on a PC/Server connect to the meraki. The default username is the serial number of the device which can be got from the Cloud Dashboard and password is blank
The following will restart the Meraki so make sure you arrange downtime.
Change Port 2 to Internet from LAN and add the IP details and click Save
Make sure all ethernets are set to Auto for Negotiation
By default the Meraki will put the connections on Active / Passive , to enable Active / Active
Login to your Meraki Cloud Dashboard and Enable Load Balancing :
This will spread both inbound and outbound via both links
To force one port e.g. to a specific Link , add an Internet Traffic Flow setting
e.g.
Switch-A(config)#interface port-channel 1
Switch-A(config-if)#switchport trunk encapsulation dot1q
Switch-A(config-if)#switchport mode trunk
Switch-A(config-if)#speed nonegotiate
Switch-A(config)#interface GigabitEthernet1/1/1
Switch-A(config-if)#switchport mode trunk
Switch-A(config-if)#speed nonegotiate
Switch-A(config-if)#channel-group 1 mode active
Switch-A(config)#interface GigabitEthernet2/1/1
Switch-A(config-if)#switchport mode trunk
Switch-A(config-if)#speed nonegotiate
Switch-A(config-if)#channel-group 1 mode active
——————————————————-
Switch-B(config)#interface port-channel 1
Switch-B(config-if)#switchport trunk encapsulation dot1q
Switch-B(config-if)#switchport mode trunk
Switch-B(config-if)#speed nonegotiate
Switch-B(config)#interface GigabitEthernet1/1/1
Switch-B(config-if)#switchport mode trunk
Switch-B(config-if)#speed nonegotiate
Switch-B(config-if)#channel-group 1 mode active
Switch-B(config)#interface GigabitEthernet2/1/1
Switch-B(config-if)#switchport mode trunk
Switch-B(config-if)#speed nonegotiate
Switch-B(config-if)#channel-group 1 mode active
Trying to enable LCAP on a Cross Stack Cisco Switch via EtherChannel.
On Enabling this I got an error on juw5 one side of the LACP Switch :
suspended: LACP currently not enabled on the remote port.
I broke the Port Channel , and set it back to switch mode trunk
Then re-enabled the Portchannel in order
Switch 1 Port One
Switch 2 Port One
Switch 2 Port Two
Switch 1 Port Two
Recently a client had ordered some 10GB SFP+ for his new and old Cisco 3650 Switches , however his old ones only have 4 x 1GB Ports. The 10GB SFP+’s cannot downgrade to 1GB speed on the old or new devices!
When going through the commands to enable WPA on cisco Wireless Account point
ap(config)#interface Dot11Radio0
ap(config-if)# encryption mode ciphers aes-ccm
Then
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2
I was shown Error: Encryption mode cipher is not configured.
Turns out this setting needs to be applied to each VLAN presented to the SSID
ap(config)#interface Dot11Radio0
ap(config-if)#encryption vlan 13 mode ciphers aes-ccm tkip
I could then run
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2
ap(config-ssid)#guest-mode
ap(config-ssid)#wpa-psk ascii WirelessPassword
The inspection engine is looking at the ftp protocol and finding something objectionable in that user’s sessions. Exactly what is hard to say without debugging or capturing a live failing session.
You can disable ftp inspection as follows (in global configuration mode of course):
policy-map global_policy
class inspection_default
no inspect ftp
Get the port number on the switch , if you stack you should get the switch number as well
You can use show int to list all the interfaces , get the switch port value e.g. gi/1/0.8
Use sh int gi1/0/8 to list the port details to make sure its up etc
Next run :
show mac address-table int gi1/0/8( copy the address it gives you Address )
Next Run this
show arp | incl %macaddressofabove%If it doesn’t show anything the device might not have an IP ( check port is on correct Vlan )
** A cheat , on a computer connected to the switch on the same Vlan and IP range , you can manually add an IP to the mac address then try and ping/access the device :
In Windows Xp
arp -s %spareip% %macAddress%In Windows 7
netsh -c interface ipv4 add neighbors “Network Card Name” “IP Address” “MAC Address”