Basically, I deploy ISE using the following devices, and watch video and read configuration guide from and :
Important! watch lab minutes' video
Cisco ISE 1.2 with patch 7 (VM), you can use less 200GB for storage. for production system, use more than 200GB
DHCP server (3750 switch)
Windows 2008 (AD, CA)
wireless controller 2504 with version 7.6
1. Make sure all devices sync to the same NTP server
2. ISE do has many bugs... If you cannot see any log in "authentication log" after authentication, please reboot the ISE
3. If you change too much policy, you may not see the logging after authentication, please reboot the ISE
4. Get the advance license for BYOD deployment or testing.
5. wireless controller is very stable comparing with ISE, follow the cisco configuration guide to make sure the ACL is
correct and allow DHCP, DNS, google play and apple.
6. make sure your DNS is working probably!!!!
7. I tested using apple 5s with 7.0, 7.1. Samsung Note2 with 4.2, windows 7. 小米,紅米 may not support, please read the
supported mobile list in cisco
8. In the ISE "Result", try not to use "static IP". otherwise the mobile device may not download the profile successfully.
9. "Don't have account" in Guest portal can be enabled or disabled easily.
10. After you create guest account from clicking "Don't have account", the account is hidden in ISE. But you can login sponsor portal to see the created account.
Good luck!
remember to
config network fast-ssid-change enable
config network web-auth captive-bypass enable
Network Notes
2014年6月2日 星期一
2013年6月23日 星期日
event timer command
event timer
To specify the event criteria for an Embedded Event Manager (EEM) applet that is run on the basis of time-specific events, use the event timercommand in applet configuration mode. To remove the time-specific event criteria, use the no form of this command.
event [tag event-tag] timer {absolute time time-value | countdown time time-value | cron cron-entry cron-entry | watchdog time time-value} [name timer-name]
no event [tag event-tag] timer {absolute time time-value | countdown time time-value | cron cron-entry cron-entry | watchdog time time-value} [name timer-name]
Syntax Description
Command Default
No EEM events are triggered on the basis of time-specific events.
Command Modes
Applet configuration
Command History
Usage Guidelines
For the cron-entry argument, the following special strings also are allowed in syntax:
•Range of numbers—The specified range is inclusive, and a hyphen separates the numbers. For example, 8-11 after the hour field specifies execution of a CRON timer event at hours 8, 9, 10, and 11.
•Asterisk (*)—Indicates that a field is not specified and can be any value.
•List—A list is a set of numbers or ranges separated by a comma but no space. For example, 1,2,5,9 or 0-4,8-12.
•Step value in conjunction with a range—Following a range with /number specifies skips of the number value through the range. For example, 0-23/2 in the hour field specifies that an event is triggered every second hour. Steps are permitted after an asterisk, for example */2 means every two hours.
Instead of the five fields of a UNIX crontab entry for the cron-entry argument, one of the following seven special strings can be entered:
•@yearly—An event is triggered once a year. This is the equivalent of specifying 0 0 1 1 * for the first five fields.
•@annually—Same as @yearly.
•@monthly—An event is triggered once a month. This is the equivalent of specifying 0 0 1 * * for the first five fields.
•@weekly—An event is triggered once a week. This is the equivalent of specifying 0 0 * * 0 for the first five fields.
•@daily—An event is triggered once a day. This is the equivalent of specifying 0 0 * * * for the first five fields.
•@midnight—Same as @daily.
•@hourly—An event is triggered once an hour. This is the equivalent of specifying 0 * * * * for the first five fields.
A CRON timer may not produce the intended result if the time-of-day clock is not set to the correct time. Network Time Protocol (NTP) services can be used to facilitate keeping an accurate time-of-day clock setting. For more details on NTP configuration, see the "Performing Basic System Management" chapter of the Cisco IOS Network Management Configuration Guide, Release 12.4.
Examples
The following example shows how to specify that an event is triggered one time after 5 hours:
Router(config)# event manager applet timer-absolute
Router(config-applet)# event timer absolute time 18000
The following example shows how to specify that an event is triggered once after 6 minutes and 6 milliseconds:
Router(config)# event manager applet timer-set
Router(config-applet)# event timer countdown time 360.006 name six-minutes
The following example shows how to specify that an event is triggered at 1:01 a.m. on January 1 each year:
Router(config)# event manager applet timer-cron1
Router(config-applet)# event timer cron cron-entry 1 1 1 1 * name Jan1
The following example shows how to specify that an event is triggered at noon on Monday through Friday of every week:
Router(config)# event manager applet timer-cron2
Router(config-applet)# event timer cron cron-entry 0 12 * * 1-5 name MonFri
The following example shows how to specify that an event is triggered at midnight on Sunday every week:
Router(config)# event manager applet timer-cron3
Router(config-applet)# event timer cron cron-entry @weekly name Sunday
The following example shows how to specify that an event is triggered every 5 hours:
Router(config)# event manager applet timer-watch
Router(config-applet)# event timer watchdog time 18000
Related Commands
Command
|
Description
|
---|---|
event manager applet
|
Registers an event applet with the Embedded Event Manager and enters applet configuration mode.
|
2013年4月20日 星期六
Windows 2008 R2 Enterprise failover cluster with StarWind
I need to take some screen captures to customer for installation of windows failover cluster. The minimum requirement is 1 DC, 2 cluster member and 1 storage.
I got 3 PC with 3 NICs of each PC... but there is no storage (NetApp or any SAN storage).
I start to find some storage software or operating system...for my work. Someone tells me openfiler is fucking good. I tried but fail fail and fail in the validation of the cluster configuration.
The "Openfiler" does not support Persistent Reservation, at least the free edition does not support. (actually it supports, please read http://www.openfiler.com/products/advanced-iscsi-plugin)
I am not good at server side and no time to do the research. Therefore, I choose the StartWind, it is very good for your POC if you don't have the enough hardware or VM. I encounter the problem that only 127.0.0.1 can be used for connecting the iSCSI target but not the ip address of the storage.
Finally, i add more a network interface with another ip address with port 3260. It totally work!!!!!!!!! with the windows 2008 cluster failover cluster. I love it, StarWind!!!!
2013年3月25日 星期一
WLC 5508 predownload image
Today, I need to upgrade a WLC 5508 and 4402 from 6.0.199.4 and 6.0.188.0. to 7.0.240.0. On Thursday, I will upgrade a 3750G with WLC module to 7.0.240.0.
To reduce the down time of the AP, predownload image of AP is used. Only 25 AP can be predownload at the same time =.=
To reduce the down time of the AP, predownload image of AP is used. Only 25 AP can be predownload at the same time =.=
2013年3月17日 星期日
WLC 3750G-WS-S50 upgrade path
2013年3月14日 星期四
Administrative Distance
Default Distance Value Table
This table lists the administrative distance default values of the protocols that Cisco supports:
Route Source | Default Distance Values |
---|---|
Connected interface | 0 |
Static route | 1 |
Enhanced Interior Gateway Routing Protocol (EIGRP) summary route | 5 |
External Border Gateway Protocol (BGP) | 20 |
Internal EIGRP | 90 |
IGRP | 100 |
OSPF | 110 |
Intermediate System-to-Intermediate System (IS-IS) | 115 |
Routing Information Protocol (RIP) | 120 |
Exterior Gateway Protocol (EGP) | 140 |
On Demand Routing (ODR) | 160 |
External EIGRP | 170 |
Internal BGP | 200 |
Unknown* | 255 |
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094195.shtml
2013年3月13日 星期三
SSH configuration
Secure Shell (SSH) is a protocol which provides a secure remote access connection to network devices.
The Cisco IOS image used must be a k9(crypto) image in order to support SSH. For example c3750e-universalk9-tar.122-35.SE5.tar is a k9 (crypto) image.
The Cisco IOS image used must be a k9(crypto) image in order to support SSH. For example c3750e-universalk9-tar.122-35.SE5.tar is a k9 (crypto) image.
Set Up an IOS Router or Switch as SSH Client
There are four steps required to enable SSH support on a Cisco IOS router:
- Configure the hostname command.
- Configure the DNS domain.
- Generate the SSH key to be used.
- Enable SSH transport support for the virtual type terminal (vtys).
conf t
hostname jason
ip domain-name jason
aaa new-model
username jason password 0 jason
aaa new-model
username jason password 0 jason
crypto key gen rsa
1024
line vty 5 15
transport input SSH
訂閱:
文章 (Atom)