CCIE or Null!

My journey to CCIE!

Archive for May 2013

Old Cisco Live sessions a great free resource!

with one comment

Believe it or not, but the old Cisco Live sessions are available to view free of charge! You can search through the available sessions here. It looks to go as far back as 2011, and you can filter the videos by using various methods technology, product line, technical level, event location, and a few others along with a free text search option.

Many of these sessions include the recorded videos along the presentations in PDF format. No matter type of technology you are looking for there is bound to be some material for it. I’ve watched a few of these sessions already sessions ranging from advanced DMVPN deployments, Nexus 5k best practices, performing wireless site surveys and others. I highly recommend you browse some videos when you have spare time, I guarantee you will learn something new.

P.S. I’ll be at Cisco Live Orlando this year (and the INE event)! So feel free to drop me or comment or send me a DM over twitter @StephenO86 and we can schedule a meet-up when the time comes!

Written by Stephen J. Occhiogrosso

May 11, 2013 at 8:42 PM

Knowing the different Cisco LAP modes.

with one comment

It’s been a while since my last wireless post, and surprisingly I never done a post regarding the different modes a Cisco LAP can operate in. I figured this would be a great place to start up my wireless posts again!

Now depending on the model access point you are working with and which IOS you are running you may or may not be able to operate a LAP in all the modes I will be describing:

Local: Probably the most common and well-known mode a LAP operates in mainly because this is the default mode a LAP will operate in (Unless you are running Flex controllers). In local mode, the LAP maintains a CAPWAP (or LWAPP depending on your IOS version) tunnel to its associated controller. All client traffic is centrally switched by the controller which why LAPs have been referred to as ‘dumb’ APs, primarily due to the fact it does very little thinking on its own. As a matter of fact, if a LAP operating in local mode loses its connection to the WLC, the LAP will stop forwarding and begin looking for the controller. Until the LAP (operating in local mode) joins another WLC it will not forward any user traffic.

REAP/H-REAP/Flexconnect: This mode has certainly evolved over the years and certainly deserves multiple posts of its own. REAP stands for Remote Edge lightweight Access Point and is there to address the scalability issues with Local mode after all it is completely unfeasible to place a WLC at every branch location. If you had every LAP operating in Local mode and you experienced a WAN failure at the location housing your WLC, every LAP in your network would stop forwarding user traffic, crippling your wireless networks. LAPs operating in REAP mode do not always require a connection to the WLC, and have the capability to locally switch WLAN traffic without relying on the controller. The functionality of REAP was later expanded to H-REAP (Hybrid-REAP) getting a littler better with each code release. Later on H-REAP was later re-branded again being called Flexconnect gaining a host of new features.

Bridge: Bridge modes have been around a long time, and as you would expect allows you to bridge together the WLAN and the wired infrastructure together.

SE-Connect: SE-Connect mode allows you to connect to the LAP using Cisco Spectrum Expert and gather vital information about the RF spectrum surrounding the LAP. Do keep in mind a LAP operating in SE-Connect mode will not be broadcasting an SSID and does service any WLAN clients. This mode is strictly used for troubleshooting purposes.

Sniffer: Similar to SE-Connect mode, a LAP operating in Sniffer mode is strictly for troubleshooting purposes. Sniffer mode will passively monitor the surrounding WLAN environment (Over a specifically configured channel) and tunnels all the 802.11 WLAN traffic to an end point on your network (configured by you), where you can use protocol analysis tool (Wireshark, Airopeek, etc) to review the packets and diagnose issues.

Rouge Detector: Again similar to SE-Connect & Sniffer mode, Rouge Detector mode does not service any WLAN clients. Rouge Detector mode connects to your wired infrastructure usually over a trunk link and watches the traffic traversing the VLANs. The LAP in Rouge Detector mode is watching for any MAC addresses that other LAPs have marked as a wireless ‘rouge’ device. Think of this as a tag team match up, your LAPs operating in Local or H-REAP/REAP/Flexconnect modes are passively watching and reporting rouge APs and rouge WLAN clients, while the LAP in Rouge Detector mode is watching the wired network for the MAC addresses of those same rouge APs and rouge WLAN clients. It’s there to be an extra layer of security in the event your users connect rouge APs, you use a Rouge Detector LAP detect and alert on those events.

Configuring the AP mode can be from the CLI of the WLC using the following command: config ap mode %AP Mode% %AP Name%

AP Config Mode

Written by Stephen J. Occhiogrosso

May 10, 2013 at 8:27 AM

Portfast and Multicast traffic

leave a comment »

In my last post I covered the Spanning-Tree Portfast feature and the advantages it has on our network, covering the concept of  TCN packets and the effect TCN packets have on our networks. I did however forget to mention another side effect the TCN packets cause involving multicast traffic. When a topology change occurs and a TCN packet is set to the spanning-tree root bridge the root bridge transmits a global leave message with a multicast group address of, this in turn causes the switches to flood multicast traffic out all ports until it receives a few general queries (the default number will depend on the switch model and IOS). So this simply identifies another potential resource issue that can be caused by not configuring Portfast. There a few configuration options we can set that can make this process less intrusive:

  • Outright disable the flooding of multicast traffic when a TCN is transmitted, This is configured on an interface by interface basis.

TCN Multicast Flood Disable

  • Tell the router to transmit a query message – Configured on the switch from global config mode, whenever a switch notices the TCN packet it sends a packet out to tell the router to solicit a query message, decreasing the amount of time it takes the switches to receive “x” amount of queries to recover from the TCN event.

TCN Multicast Solicit

  • Specify the number of queries to wait before the switch stops flooding multicast out all ports – This configures the switch to stop flooding multicast traffic after it has received “x” amount of queries. This feature in conjunction with the solicited query message feature can significantly reduce the flooding time.

TCN Multicast Count

Written by Stephen J. Occhiogrosso

May 1, 2013 at 12:20 PM

Posted in Multicast

%d bloggers like this: