Network Wizkid's Technical Knowledge Base

In this video, we take a look at what is required to join a Cisco Lightweight Access Point (LWAP) to a Cisco Virtual Wireless Controller (vWLC). Devices in this video include: Cisco vWLC Cisco LWAP c1600 series Windows Server 2012 R2    Updated Notes: 28/09/2019 Having worked with AP's and WLC's some more, I wanted to share some more notes from things observed in my lab. The output below is generated from a C1600 series AP that I have in my lab. The syslog output is generated when the AP attempts to join the WLC. While looking into this, I found a few workarounds and potential bugs associated with this.     *Sep 28 19:38:19.066: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS. *Sep 28 19:38:18.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.101.2 peer_port: 5246 *Sep 28 19:38:23.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest *Se

In this article I would like to focus on virtual machines, in particular Cisco ISE virtual machines running on VMware. I will explain why virtual ISE deployments DO NOT support snapshots as well as the potential issues that you could face if snapshots are enabled. So what is a snapshot? A snapshot is a copy of a virtual machines disk file (.VMDK) at a particular point in time. VMware allows you to take manual snapshots of a virtual machine or even automatically take snapshots of devices at a specific time. Snapshots are useful in situations where an operational device is rendered useless for whatever reason and you would like to restore that device back to a working state. So why doesn't Cisco ISE support snapshots? Cisco ISE comes with its own backup and restore utilities and not only that, Cisco ISE doesn't support backups because the data within the nodes is constantly changing and is being synchronised with the database. What happens if snapshots are taken of ISE nodes? If

In this article we will take a look at eight things that should be considered before being able to join ISE nodes to the rest of a distributed deployment. Joining ISE nodes to a distributed deployment requires a few prerequisites that must be met in order for registration to be successful. When the prerequisites are not met, you may find yourself stuck-in-a-rut troubleshooting in areas that you shouldn't be troubleshooting in. In an attempt to relieve you from troubleshooting registration issues, this article will focus on lessons learnt. Considerations Ensure that the DNS server has entries for in the A and PTR records for the nodes that you intend to register: When registering ISE nodes, the FQDN is required for the node you intend to register. If the FQDN of the intended node you wish to register cannot be resolved, you won't be able to join it to the deployment. You will also need to make sure that the FQDN's of all PAN's are resolvable. It is best practise to ensu

If you're familiar with Cisco ISE deployments, then no doubt you've encountered a time where an Administrator password has expired and needs to be reset. This can happen for a number of reasons however the most common would be because of the admin password expiry setting that hasn't been disabled in ISE. When setting up a new Cisco ISE deployment, you will set the admin password. It is important to note that the CLI and GUI admin password can be different. Although you can reset the admin GUI password via the CLI when it has expired, if the CLI password expires or you forget it, you will be required to boot from the .ISO in order to reset the password. Booting from the .ISO can be a pain if ISE nodes are in a production environment and you may find that you need a change window to do this. Whatever the case may be, this article focuses on how to reset the admin passwords while ISE is in production. These steps were taken when I encountered a similar issue with a distributed