Has anybody deployed WLCM and NAC-NME in the same ISR3800 box? What's the best practise and is there any configuration example?
customer has a small site where has one 3825, one WLCM(interface Integrated-Service-Engine1/0) and one NAC-NME(interface Integrated-Service-Engine2/0) are put in the 3825, GE0/0 of the 3825 connect to internal L3 switch, GE0/1 connect to internet. one WLAN had been configured in the WLCM(version 6.0.188) and will be protected by the NAC-NME(version 4.6.1).
It is said that NAC-NME not support OOB mode, can only work in In-Band mode. Since real IP Gateway mode has a lot of limitation, so can the NAC-NME be configured in In-Band Virtual Gateway mode? If yes, then how to setup a Layer2 connection between the WLCM(interface Integrated-Service-Engine1/0) and the untrusted interface(external G 0) of the NAC-NME?
What I can think is:
let me assume the quarantined Vlan of this WLAN is 310, real Vlan is 311, both the NAC-NME's untrusted interface(external G 0) and GE0/0 of the 3825 are connected to a 3750E L3 switch's G1/0/1 and G1/0/2, untrusted interface management vlan is 304, trusted interface management vlan is 303, then I can configure:
1. For 3825:
encapsulation dot1Q 310 bridge-group 1
encapsulation dot1Q 311 bridge-group 2
interface Integrated-Service-Engine1/0.310 encapsulation dot1Q 310 no ip address bridge-group 1 !
interface Integrated-Service-Engine1/0.311 encapsulation dot1Q 311 no ip address bridge-group 2
but how to configure interface Integrated-Service-Engine2/0 of the 3825 which is connected to the trusted interface of the NAC-NME?
interface Integrated-Service-Engine2/0.303 encapsulation dot1Q 303 ip address x.x.x.x
interface Integrated-Service-Engine1/0.311 encapsulation dot1Q 311 ip address y.y.y.y !
3. NAC-NME will configure VLAN mapping 310<-->311
I have not tested these configurations(I don't have access the 3825 yet, will be able to access it next week), but I'm afraid since GigabitEthernet0/0.311 of 3825 had been configured as a bridge port, maybe Integrated-Service-Engine1/0.311 can't be configured as a L3 port.
Anything else need to configure? or is there any other better design and configuration example? Any input is highly appreciated!
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...