ISE Design & Integration Guides
Posted onNice collection of Cisco ISE articles
Nice collection of Cisco ISE articles
https://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/
Thank to Mark Bilman for the above article. Read the article or copy from here if just need the syntax
openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]
openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]
openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]
DRAFT
Stadion antenna
Ca. 30*30 grader i begge bånd
https://www.cisco.com/c/en/us/td/docs/wireless/antenna/installation/guide/ant2513p4mn.html
HD kontor antenne
Ca 60*60 grader i begge bånd
https://www.cisco.com/c/en/us/td/docs/wireless/antenna/installation/guide/ant2566d4m.html
Use this guide to configure you InfoBlox to provide the Wireless LAN Controller address via DHCP option 43 to ANY device. If you need to provide the option only to Cisco APs or different option per AP type – This is not the guide!
For your value, you’ll need to enter the IP in HEX preceeded by the number of WLC’s you want to include in your DHCPOFFER (also in HEX).
That last one warrants some further explanation.
First convert your IP address to HEX. Here’s a handy site to do that for you: http://www.kloth.net/services/iplocate.php
Precede that HEX value with F1:04 for a single WLC, f1:08 for two WLC’s, f1:12 for 3 WLC’s etc. etc. (in my example I’m using a single WLC).
Your final IPv4 DHCP Options (per subnet) should look something like this:
Note the last DHCP Option: 10.252.1.20, in HEX is 0AFC0114 and that is preceded with F1:04.
config network ip-mac-binding disable
Enable passive client for the WLAN
Error:
Unable to negotiate with x.x.x.x port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc
Fix:
sudo vi /etc/ssh/ssh_config
Find the string:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
Uncomment it and your ssh will work as usual.
This week I had an experience where a 8540 was unable to enable fastlane for SSID. Another SSID was already fastlane-enabled and another exact matching WLC had no problem.
It failed the command “config qos average-realtime-rate platinum per-ssid downstream 0” but doing so by hand was no problem. Turn out the reloading the WLC solved the issue
Marking an Interface “Redundant” Exercising FRA
FRA Sensitivity – designed to be VERY conservative – and That’s good!
The opposite of conservative is a coverage hole!
Defaults – should be safe for a customer environment
Low (100%), Medium (95%), High (90%)
Hidden levels – Be very very careful – these are persistent commands –
• higher (85%), evenhigher (80%), superhigh (75%), crazyhigh (70%), areyoukidingme (50%)
(Cisco Controller) >config advanced fra sensitivity <value>
config ap syslog host global < ip address>
Maybe you like me have been clicking like a mad man in CPI to find a template for DCA Channel List. Well turns out that is not there!
A possible work around is to set is from a CLI template
network config 802.11a disable network y config advanced 802.11a channel delete 36 config advanced 802.11a channel add 36 config advanced 802.11a channel delete 36 config 802.11a enable network