Cisco Systems C3850NM410G Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Cisco Systems C3850NM410G an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Cisco Systems C3850NM410G, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Cisco Systems C3850NM410G die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Cisco Systems C3850NM410G. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung Cisco Systems C3850NM410G sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Cisco Systems C3850NM410G
- Den Namen des Produzenten und das Produktionsjahr des Geräts Cisco Systems C3850NM410G
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Cisco Systems C3850NM410G
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Cisco Systems C3850NM410G zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Cisco Systems C3850NM410G und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Cisco Systems finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Cisco Systems C3850NM410G zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Cisco Systems C3850NM410G, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Cisco Systems C3850NM410G widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 1 of 70 Cisco Catalyst 3850 Switch Services Guide April 2013 Guide[...]

  • Seite 2

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 2 of 70 Contents Overview ................................................................................................................................................................... 3 Cisco Catal y st 3850 Security Policy ...........[...]

  • Seite 3

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 3 of 70 Overview The Cisco ® Catalyst ® 3850 Switch is built on a unified access data plane (UADP) application-specific integrated circuit (ASIC). This is a state- of - the-art ASIC that has all services fully integrated in the chip and th[...]

  • Seite 4

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 4 of 70 Figure 1. 802.1X with Converg ed Access The authentication, authorization, and accounting (AAA) group and RADIUS server are set up on the Cisco Catalyst 3850. The authentication and authorization are redirected to the ISE server. The[...]

  • Seite 5

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 5 of 70 To define the Cisco Catalyst 3850, on the ISE screen, navigate to Administration  Network Resources  Network Devices as in Figure 2. Figure 2. Device Definition in ISE The dot1x needs to be enabled on the switch globally for wi[...]

  • Seite 6

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 6 of 70 class-map type control subscriber match-all DOT1X_NO_RESP match method dot1x ! policy-map type control subscriber DOT1X event session-started match-all 1 class always do-until-failure 2 authenticate using dot1x retries 3 retry-time 6[...]

  • Seite 7

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 7 of 70 I - Awaiting IIF ID allocation P - Pushed Session (non-transient state) R - Removing User Profile (multi-line status for details) U - Applying User Profile (multi-line status for details) X - Unknown Blocker The following output show[...]

  • Seite 8

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 8 of 70 The following is the detailed output of the wired client session: Switch#sh access-session mac 0024.7eda.6440 details Interface: GigabitEthernet1/0/13 IIF-ID: 0x1092DC000000107 MAC Address: 0024.7eda.6440 IPv6 Address: Unknown IPv4 A[...]

  • Seite 9

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 9 of 70 After defining ACL in ISE, it can be associated with an authoriz ation profile, as shown in Figure 4. Figure 4. Authorization Pro file Note: If a named authentication method-list is in place fo r AAA, an attribute needs to be set fro[...]

  • Seite 10

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 10 of 70 The total capacity of the ACEs is an aggregate number that constitutes all types of ACEs. O ne type of ACE, however, can scale up to 1500. For example, the total numbe r of Port ACL (PACL) access control entries cannot exceed 1500. [...]

  • Seite 11

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 11 of 70 Unlike wired, wireless is considered untrusted on the Cisco Catalyst 3850. The default trust setting for wireless target is untrust : that is, the packets are marked down to 0 in the absence of SSID-based policy. The startup configu[...]

  • Seite 12

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 12 of 70 permit udp any any eq 1214 ip access-list extended SIGNALING remark SCCP permit tcp any any range 2000 2002 remark SIP permit tcp any any range 5060 5061 permit udp any any range 5060 5061 ip access-list extended TRANSACTIONAL-DATA [...]

  • Seite 13

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 13 of 70 W ith t able-maps, one can create a map of values that can be used between the same or dif ferent markings such as DSCP, CoS, and so on. The values that can be mapped are from 0 through 9 9 in deci mal. Table-map also has a default [...]

  • Seite 14

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 14 of 70 Applying Ingress Policies Like other Cisco Catalyst platforms, Cisco Catalyst 3850 Switches offer two simplified methods to apply service policies. Depending on the deployment model, either of the following methods may b e used: ●[...]

  • Seite 15

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 15 of 70 class-map CALL-SIG match dscp cs3 class-map CRITICAL-DATA match dscp af21 af22 af23 class-map VIDEO-STREAM match dscp af31 af32 af33 class-map Scavenger-Q match dscp cs1 After traffic is identified using DSCP, policy bases can be ap[...]

  • Seite 16

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 16 of 70 Wireless: Ingress Qua lity of Service Ingress Marking and Policing on Wireless Client In the ingress direction, traffic can be marked and policed at client level. The following ex ample provides differentiated marking and policing f[...]

  • Seite 17

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 17 of 70 The applied policy can be show n with the follow ing CLI: Switch# sh policy-map interface wireless client Client 000A.CC10.0001 Service-policy input: Standard-Employee Class-map: Voice (match-all) Match: access-group name Voice poli[...]

  • Seite 18

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 18 of 70 If the policy name is downloaded from the ISE server, the server needs to be configured as shown in Figure 6, with the AV pair ip:sub-qos-policy-in=Standard-Employee. Figure 6. Authentication Pro file The same policy can be applied [...]

  • Seite 19

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 19 of 70 table-map dscp2dscp default copy Policy-map TRUST Table Map dscp2dscp default copy The QoS policy is applied under the W LAN configuration. The SSID policy is applied as sh own in the following example. This results in “trusted”[...]

  • Seite 20

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 20 of 70 The following is the default behavior of the four queues: Q0 (RT1): Control traffic Q1 (RT2): None Q2 (NRT): Everything other than multicast NRT and control traffic Q3 (multicast NRT): Multicast and nonclient traffic Default QoS pol[...]

  • Seite 21

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 21 of 70 bandwidth remaining ratio 10 Class-map: class-default (match-any) Match: any (total drops) 0 (bytes output) 0 The “port_child_policy” can be modified by the user to queue different application traffic at t he SSID level. This tr[...]

  • Seite 22

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 22 of 70 Match: any shape (average) cir 200000000, bc 800000, be 800000 target shape rate 200000000 Radio dot11a iifid: 0x104F10000000011.0xCF8F4000000005 Service-policy output: def-11an Class-map: class-default (match-any) Match: any shape [...]

  • Seite 23

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 23 of 70 Policy-map guest-ssid Class class-default Shape average percent 20 On the enterprise SSID class-map voice and video, the policer enforces the aggregate unicast traffic at the BSSID level. The class default is configured to provide a[...]

  • Seite 24

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 24 of 70 Cisco Catalyst 38 50 NetFlow Architecture (Wired and Wireless) NetFlow Cisco Catal yst 3850 Ov erview The Cisco Catalyst 3850 supports both ingress and egress FnF on all ports of the sw itch at line rate. Switch raw scalability is u[...]

  • Seite 25

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 25 of 70 Configuring a Flow Record (Egress) flow record v4out match ipv4 protocol match ipv4 tos match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface output col[...]

  • Seite 26

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 26 of 70 flow monitor v4 exporter Collector exporter Collector 1 cache timeout active 60 cache timeout inactive 20 record v4 Attaching a Flow Monitor to Supported Po rt Types Wired Port interface GigabitEthernet1/0/1 description Interface fo[...]

  • Seite 27

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 27 of 70 Flexible NetFlow Outputs To display the status and statistics for a flexible NetFlow flow monitor, use the “Show Flow monitor” command in privileged EXEC mode. Switch# show flow monitor Flow Monitor v4: Description: User defined[...]

  • Seite 28

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 28 of 70 19:52:12.755 10.1.22.101 10.1.1.22 51524 5060 Gi1/0/3 LIIN0 1038 3 19:52:10.755 19:52:10.755 To display top N destination aggregated flow statistics from a flow monitor cache, use the following command. Switch# show flow monitor v4 [...]

  • Seite 29

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 29 of 70 IPV6 SRC ADDR IPV6 DST ADDR TRNS SRC PORT TRNS DST PROT bytes long pkts long ============================================= ================== 2322::2 FF02::1:FF00:1 0 34560 58 72 1 2322::2 2201::2 1024 1026 17 9166290 43649 2322::2 [...]

  • Seite 30

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 30 of 70 Multicast Overv iew (Tradition al and Converged M ulticast) Efficient and intelligent use of bandwidth is paramount, particularly w ith the advent of video, mobility, and cloud technologies. It is also critical considering the surge[...]

  • Seite 31

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 31 of 70 The videostream mode is a further enhancement of the preceding. Instead of sending the m ultic a st as broadcast at the lowest data rate, the access point converts the original m ulticast packet as unicast and sends it only to the i[...]

  • Seite 32

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 32 of 70 Following is the basic configuration of wireless multicast: ● Configure IGMP snooping and querier: Switch(config)#ip igmp snooping Switch(config)#ip igmp snooping querier ● Configure wireless multicast and access point CAP W AP [...]

  • Seite 33

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 33 of 70 To display all (S,V,G) list and the corresponding M GID value, use the “Show wireless multicast group summary” command in privileged EXEC mode. Switch#show wireless multicast group summary IPv4 groups ------------- MGID Source G[...]

  • Seite 34

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 34 of 70 Group: 239.255.67.250 Vlan: 412 Source: 0.0.0.0 blacklisted: no SGV to Client mappings ---------------------- Group: 224.0.1.60 Source: 0.0.0.0 Vlan: 412 Client: 10.33.170.101 Port: Ca10 Blacklisted : no Group: 239.255.67.250 Source[...]

  • Seite 35

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 35 of 70 To display the multicast groups that are directly connected to the switch and that were learn ed through IGMP, use the “show ip igmp groups” command in privileged EXEC mode. Switch#show ip igmp groups IGMP Connected Group Member[...]

  • Seite 36

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 36 of 70 To display the IP IGMP membership status of all multicast groups on a sw itch, use the “show ip igmp membership all” command in privileged EXEC mode. Switch#show ip igmp membership all Flags: A - aggregate, T - tracked L - Local[...]

  • Seite 37

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 37 of 70 Converged Acces s with the Ci sco Catalyst 3850 The Cisco Catalyst 3850 Switch offers scalable, resilient, and future-proofed wired and wireless services. It serves as an integrated wireless LAN controller for up to 50 Cisco ac cess[...]

  • Seite 38

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 38 of 70 The mobility controller’s area of responsibility lies in the mobil ity subdomain it controls. All the mobility agents in the subdomain form CAPWAP mobility tunnels to the mobility controller and report local and roamed client st a[...]

  • Seite 39

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 39 of 70 Figure 8. Hierarchical Role s in Conver ged Acces s The SPGs are designed as a group of mobility agent switches to w here the users frequently roam. It is important that roams within an SPG are local to the SPG and need not involve [...]

  • Seite 40

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 40 of 70 Figure 9. Single Cisco Cataly st 3850 S tack for Wired/ Wireless in Small Bran ch If the wireless deployment consists of only a Cisco Catalyst 3850 Switch running as a mobility controller with several other switches operating as mob[...]

  • Seite 41

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 41 of 70 For medium campus wireless deployments scaling up to 250 Cisco access points and 16,000 clients, 7 mobility controller switches (with other mobility agent switches operating as mobility agents in their SPG ) can be grouped together [...]

  • Seite 42

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 42 of 70 Figure 12. 5508/WiSM2/576 0 Controller Appliances w ith Cisco Cata lyst 3850 Sw itches for Large Ca mpus Configuring Conv erged Access w ith Cisco Catal y st 3850 This section explains how to configure the wireless services on the C[...]

  • Seite 43

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 43 of 70 The Cisco access points must be connected directly to the Cisco Catalyst 3850 Sw itch. O ne Cisco Catalyst 3850 Switch forms the access layer. The distribution in this example is made of the Cis co Catalyst 4500E Supervisor 7 - E sy[...]

  • Seite 44

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 44 of 70 Relevant excerpts from outputs regarding wireless configuration on the Cisco Catalyst 3850 are shown in the following: MC1#show wireless mobility summary Mobility Controller Summary: Mobility Role : Mobility Controller Mobility Prot[...]

  • Seite 45

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 45 of 70 Figure 14. Configuring M obility Agents and Sw itch Peer Group on Cis co Catalyst 38 50 In this case the additional Cisco Catalyst 3850 Switches can be added and configured as mobility agents with the previously configured switch ac[...]

  • Seite 46

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 46 of 70 wireless mobility controller ip 20.1.3.2 public-ip 20.1.3.2 wireless management interface Vlan602 wlan Predator 1 Predator aaa-override client association limit 2000 client vlan 500 security wpa wpa2 ciphers tkip security dot1x auth[...]

  • Seite 47

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 47 of 70 Figure 15. Configuring M obility Group on M ultiple Mob ility Controller s on Cisco Catalyst 385 0 Assume that there was an acquisition of the company nex t door, and now the two networks have to be integrated in the current network[...]

  • Seite 48

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 48 of 70 Relevant configurations done on the M A3 switch in this case are given in the following: wireless mobility controller ip 20.1.3.2 public-ip 20.1.3.2 wireless management interface Vlan604 wlan Predator 1 Predator aaa-override client [...]

  • Seite 49

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 49 of 70 These two mobility controller switches can be grouped together in one mobility group to ena ble fast roaming between clients of each respective subdomain. Relevant configuration that needs to be done on the existing mobility control[...]

  • Seite 50

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 50 of 70 Point of attachment (PoA) moves with user mobility and is def ined as the access point to which the user joins or roams. There are two types of roams within the wireless network: intracontroller roams and interco ntroller roams: ●[...]

  • Seite 51

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 51 of 70 The previous controller does not hold any state of the client that has roamed to another controller. In this case the client traffic is CAPWAP encapsulated by the access point and terminated at the n ew controller with which access [...]

  • Seite 52

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 52 of 70 Understandin g Roams in Con verged Access Since roams in Cisco Unified Wireless Network are explained earlier, this section explains the roams as they occur in converged access mode. It w ill be clear that the roams in converged acc[...]

  • Seite 53

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 53 of 70 There is a provision per W LAN that the administrator can con figure, if they want a L2 roam like the Cisco Unified W irele ss Network, where both the PoP and PoA of the user moves. This is the nontunnel ed (nonsticky) L2 roam. The [...]

  • Seite 54

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 54 of 70 Traffic Paths in Co nver ged Access This section explains the traffic path (profile) for local and roamed wireless clients across the different SPGs and mobility controllers. (See Figure 21.) Figure 21. Client Roams Within an SPG in[...]

  • Seite 55

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 55 of 70 Figure 22. Client Roams A cross Mobility Controller in Converg ed Access In the preceding scenario, an intersubdomain (intermobility c ontroller) roam is explained. The initial client join happens at MA1 in SPG1. The w ireless traff[...]

  • Seite 56

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 56 of 70 Table 3 is a list of switch names, IP addresses, their roles in SPG, and mobility group that form part of the example network. Understanding this will help explain the client roams as they roa m from one switch to another. Table 3. [...]

  • Seite 57

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 57 of 70 Initial client join on MA1, as seen in CLI on the switch, w here it shows the client MAC address, t o which access point it is connected, and the WLAN and 11n on 5GHz: MA1#show wcdb database all Total Number of Wireless Clients = 2 [...]

  • Seite 58

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 58 of 70 MC1#sh wireless mobility controller client summary Number of Clients : 2 State is the Sub-Domain state of the client. * indicates IP of the associated Sub-domain Associated Time in hours:minutes:seconds MAC Address State Anchor IP A[...]

  • Seite 59

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 59 of 70 The following are the relevant outputs displaying the client roam. In this case, M A1 becomes the anchor switch, while MC1 becomes the foreign switch. MC1#show wireless client summary Number of Local Clients : 2 MAC Address AP Name [...]

  • Seite 60

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 60 of 70 Comparing the preceding output with the one in the initial clie nt join, notice that the access point name changes to the switch IP address to where the clients roamed (switch/wireless management IP address of MC1 in this case), and[...]

  • Seite 61

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 61 of 70 where the mobility state is “anchor,” and the access point name is the switch/wireless management IP address of the foreign switch (MC1): 20.1.3.2. (See Figure 25.) Figure 25. Client Roams A cross SPG in Co nve rged Access In th[...]

  • Seite 62

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 62 of 70 Mac Address VlanId IP Address Src If Auth Mob -------------- ------ --------------- ------------------ -------- ------- b065.bdbf.77a3 701 20.1.1.53 0x00C9D9C000000004 RUN FOREIGN b065.bdb0.a1ad 701 20.1.1.52 0x00C9D9C000000004 RUN [...]

  • Seite 63

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 63 of 70 Mac Address VlanId IP Address Src If Auth Mob -------------- ------ --------------- ------------------ -------- ------- b065.bdbf.77a3 500 20.1.1.53 0x00D03BC000000002 RUN ANCHOR b065.bdb0.a1ad 500 20.1.1.52 0x00D03BC000000002 RUN A[...]

  • Seite 64

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 64 of 70 Total Number of Wireless Clients = 2 Clients Waiting to Join = 0 Foreign Clients = 2 MTE Clients = 0 Mac Address VlanId IP Address Src If Auth Mob -------------- ------ --------------- ------------------ -------- ------- b065.bdbf.7[...]

  • Seite 65

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 65 of 70 wlan Predator shutdown no mobility anchor sticky no shutdown Tracking the initial client join on MA1: MA1#show wireless client summary Number of Local Clients : 2 MAC Address AP Name WLAN State Protocol -----------------------------[...]

  • Seite 66

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 66 of 70 MA1 #show wcdb database all Total Number of Wireless Clients = 0 Mac Address VlanId IP Address Src If Auth Mob -------------- ------ --------------- ------------------ -------- ------- The switch where the clients initially joined h[...]

  • Seite 67

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 67 of 70 Tunnel Roles in Converged Access This section explains what function each CAPWAP tunnel plays in the converged access deployment. The following outputs are from an MA1: MA1#show capwap summary CAPWAP Tunnels General Statistics: Numb[...]

  • Seite 68

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 68 of 70 Ca5 3502E_G2/0/25_83A9 data Gi2/0/25 unicast - Ca4 3602I_G2/0/1_3A04 data Gi2/0/1 unicast - Name SrcIP SrcPort DestIP DstPort DtlsEn MTU ------ --------------- ------- --------------- ------- ------ ----- Ca1 20.1.3.2 16667 20.1.5.2[...]

  • Seite 69

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 69 of 70 Field L2 In L2 Out IPv4 In IPV4 Out IPv6 In IPv6 Out Notes mac source addre ss output - - - - - - mac destination address input Yes - Yes - Yes - mac destination address output - Yes - Yes - Yes ipv4 version - - Yes Yes Yes Yes ipv4[...]

  • Seite 70

    © 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 70 of 70 Printed in USA C07-727066- 00 04/13[...]