Configuring Mobility on Cisco 5508 WLC

Before configuring the mobility between the two controllers, please make sure that both the WLC’s are able to ping each other.

Step 1. Click on the Controller Tab from the main menu and from the left hand side menu click on Mobility Group.

Step 2. Click on New at the right hand  side of the screen to create a new Mobility group.

Step 3. Enter the IP address of WLC with which the mobility is to be created and also enter the MAC address of the management interface of the WLC.

Note: The Group name has to same on both the WLCs in order to establish  the mobility between the both.

Click Apply.

The mobility group once configured and applied will take some time to come up. Initially it shows the control and data path down. Later both Control and data path comes up. The mobility is said UP once both control and data paths are up.

Difference between HSRP version 1 and version 2

HSRP version 1:-

·         Maximum number of group supported –256 ( 0 -255 )

·         Mac used – 0000.0c07.ac00 to 0000.0c07.acff (which can conflict with CGMP leave processing)

·         Hello packet multicast address is 224.0.0.2

·         Default version  ( in both catalyst and Nexus switches )

·         Only Text authentication with cisco password is supported.
·         Millisecond Timers are not advertised or learned.
·        The active router will send hello messages with source MAC address of the HSRP virtual MAC address
.

HSRP version 2:-

·         Maximum number of group supported – 4096 ( 0 – 4095 ).

·         Mac address used – 0000.0c9f.f000 – 0000.0c9F.FFFF.

·         Hello packet multicast address 224.0.0.102 which removes the problem with version1

·         Need to enable version 2 explicitly.

·         Supports MD5 authentication

·         Millisecond Timers can be advertised or learned.
·        The active router will send hello messages with source MAC address of the interface MAC address.

Note  :- 

• HSRP version 1 and 2 have different Packet format
• Both are not compatible to each other. Both side of interface must have identical version.

VDC user Roles

Network-admin: - It only exists in default vdc. User with network-admin access can configure all the chassis level configuration like reload, creation/deletion of VDC, allocation of interface to non-default VDC etc.

Network-admin user use switchto vdc vdc_name command to access other non-default VDC from default vdc.  Network-admin has the vdc-admin role in non-default VDC.

We can configure more than one network-admin users but as per the recommendation it should be as minimum as well.

Network-operator: - Exists only in default VDC. Network-operator user can access non-default VDC using switchto command from default VDC and will have vdc-operator access in non-default VDC.

User in this role can only view configuration and will not able to make any changes.

VDC-ADMIN: - VDC-ADMIN user can do configuration within the VDC. VDC-ADMIN and network-admin can create/delete or modify user account within the VDC.

VDC-ADMIN can change the configuration of its own vdc; it cannot make any changes in other VDCs and to the physical level configuration like reload etc.

we can also configure vdc-admin role to the user within default VDC. By doing it we can restrict user access limited to default VDC only. He will not able to make any changes in other non default VDCs.

VDC-Operator: - It provides read-only access to the user limited to VDC only and hence VDC-operator user cannot make any configuration change.

Top of Rack Vs. End of Row - Data-center Architecture

What is TOP OF RACK (TOR)?

In TOR, there is one or two access switch installed on the top of each server rack which provides servers network connectivity and then that access switch has the connections towards the aggregation switch which is located in the Network Rack. Hence there are only few cables going from server Rack to the network Rack.

Advantage:-

·         Cabling Cost: - It reduces the cable requirement as all servers connections are terminated to its own Rack. And hence there are only few cables running between the server and network racks.

·         Cable management: - Less resources and skills are needed to manage the cabling infrastructure.

·          Easy management and changes: - Since very less number of cable running between server and network rack, it is quite easy to locate the cable and make changes.

Disadvantage:-

·         Switch management: - As each Rack requires one or two local switches, the management of the switch becomes an overhead. It requires not only extra IPs but also management tool that manages inventory and configuration of the devices. Tools have its own capability to monitor the maximum number of devices. More devices in the network, more license cost etc.

·         Network resources: - As there are more managed devices, it require more network resources to manage the infrastructure. 

·         BW requirement:- This is only for the legacy environment where 10/40/100 Gig links are not present. As there are only few uplink available to access switch there can be issues with the BW available.

·         More rack space: We require more rack space to install SAN and LAN switches in the server rack. It in turns increases the overall Rack requirement.

·         More Space in Datacenters: - As the space requirement is very critical and expensive criteria to datacenter design and we always try to make our DC compact and efficient. As stated above more rack space can increase DC space requirement.

What is END OF ROW ( EOR )?

In EOR, all the network switches are placed in network rack only whereas cable from each server, located in server racks, runs towards the network rack.

Advantage:-

·         Less device count: - As we needn’t to install switches in each rack, the number of required switches reduces. In TOR, each rack must have a switch whether the rack is fully loaded or not, that reduces the device count.

·         Rack space: - As the overall device count reduces and hence it requires less space.

·         Cooling requirement:- Less devices in datacenter, less is the Cooling requirement. It also reduces the electricity bills and resources needed to maintain the DC environment.

Disadvantage:-

·         Inefficient Layer 2 traffic: - We all know that traffic from East to west is more than top to bottom. In EOR design, if two servers in same rack and vlan need to talk to each other, the traffic will go to the aggregation switch in network rack and then comes back. And hence reduces the efficiency.

       Similarly in case of TOR, traffic could easily and efficiently switched by the local switch present on the server rack. It could not only reduce the traffic on uplinks but also saves CPU and memory consumption of the aggregate or core switches.

·         Cable requirement: - As cable runs between each server and network switch, located in different racks, increases of cable requirement and add cost to the deployment and maintenance.

·         Cable management: - More resources and skill required for cable management. It increases the overall budget of the project.

·         Time to make changes: - As more cabling infrastructure is involved, modification not only becomes tedious but also require more time.

DHCP option 43 for Cisco WLC

Setting up Switch to work as a DHCP server for AP with option # 43

Scenario – WLC is connected in a network on Mgmt.(inline) interface – say - Vlan 100 and APs are connected at the access layer on Vlan 200. You want the APs to boot up and get an IP address from the DHCP and along with that you can set the option # 43 to assign the Wireless Lan controller (WLC) management ip address. By doing this, as soon as the DHCP will send the IP address to the AP, it will also send WLC information, the AP needs to join. The dhcp scope in this scenario is defined on the switch where you have the WLC and APs terminating, on different interfaces and different Vlans.

Configuration steps on switch.

1.       Create vlan 100 for WLC management on switch1 and assign a port into that Vlan and connect your switch

Vlan 100

name WLC_MGMT

Vlan 200

name AP_MGMT

interface vlan 100

WLC_MGMT_VLAN

ip address 10.10.10.1 255.255.255.0

no shut

interface vlan 200

description AP_MGMT_VLAN

ip address 192.168.50.1 255.255.255.0

no sh

interface g1/0/1

description  ##### -Connected to WLC-#####

switchport

switchport mode trunk

switchport trunk all vlan 100,200

no sh

interface g1/0/10

description  #####- Connected to AP1-#####

switchport

switchport mode access

switchport access vlan 100

no sh

interface g1/0/11

description  #####- Connected to AP2-#####

switchport

switchport mode access

switchport access vlan 100

no sh

               

2.       Configuration step on WLC

a.       On WLC, go to controller – interface ( on left side) and click on management interface

b.      Assign the IP address 10.10.10.5, netmask – 255.255.255.0 and gateway – 10.10.10.1

Setting up DHCP Pool configuration on switch1

ip dhcp pool APvlan200

network 192.168.50.0 255.255.255.0

default-router 192.168.50.1

option 43 hex f104.0a0a.0a05 ---------< check below to understand the conversion

Converting decimal to Hex and using it in the above command (DECIMAL to HEX)

NOTE – f104 will be default and rest of the value will come after conversion. Check the conversion example below

IP to be converted – 10.10.10.5

Open the calculator in the programmer mode and click Dec and type 10 after typing 10 click on Dec (option below that) the value will be “A”. So use it as 0A

Now 10 becomes – 0A

And now convert 5 into hex like before; it will come as ‘5’ so use it as 05.

The hex conversion of the above ip is – 0A.0A.0A.05.

Now break it slots of 4 and make sure to prepend it with f104 in case of one controller and prepend it with f108 for two controllers. The final hex value will look like this

f1040a0a0a05

In case we need to configure two controllers with IP address 10.10.10.5 and 10.10.10.6. The hex value for option 43 will become f1080a0a0a050a0a0a06. The prepend value in case of two WLC will become f104 * 2 = f108.

By following the above steps your APs should start getting the IP addresses and WLC information. 

To check the reachability, try to ping the AP from your WLC and you should be able to ping it and do it vice-versa. Once the AP is booted properly, it should join the controller. If still not, then make sure you are not running with the issues like MIC check, mac-filtering or mac list authentication etc. under the AP policies in security tab.

Migration from FAB- 1 to FAB-2 in 7000 Nexus switch

Before thinking to migrate the Fabric module please check the data sheets for both fabric modules in order to compare their features and limitations.

Please use the below link to check the difference between FAB-1 and FAB-2.

http://netterrene.blogspot.in/2014/08/fabric-module-in-cisco-nexus-7k-switches.html

Fabric cards can be replaced one by one without any disruption. Both cards can work well together but it is not recommended for longer time.

If all Fabric modules are not replaced within 12 hour of the first card installation then switch will generate the syslog warning messages to complete the migration.

Difference between 5548P and 5548UP?

In both 5548UP and 5548P, It has 32 ports in fixed slot 1 and 16 ports in expansion module i.e slot 2.

In 5548P, we can only have 16 FC ports which are on expansion module. We cannot convert Ethernet port in fixed slot to FC whereas in 5548UP all 48 ports (including 32 fixed port + 16 expansion module ports) can be converted as native FC ports.

Each time we convert Ethernet port in fixed module to FC or vice versa, requires a switch reboot whereas ports on expansion module can be converted by rebooting only the expansion module without impacting the traffic of fixed module ports.

Below is the command to reboot only the expansion module:-

Slot 2 Copy run start port 1-16 type fc Poweroff module 2 No poweroff module 2

NOTE: - It will take few minutes to show the FC ports after conversion and all 48 ports in both switches can support FCOE.

5548P is now EOL and replacement model is 5672UP.