Cisco Prime Infrastructure Configuration Guide, Release 1.2
Appendix A: Troubleshooting and Best Practices
Downloads: This chapterpdf (PDF - 149.0KB) The complete bookPDF (PDF - 16.48MB) | Feedback

Troubleshooting and Best Practices

Table Of Contents

Troubleshooting and Best Practices

Troubleshooting Cisco Compatible Extensions Version 5 Client Devices

Diagnostic Channel

Configuring the Diagnostic Channel

Web Auth Security on WLANs

Debug Commands

Debug Strategy

RF Heatmap Analysis

Best Practices

Troubleshooting RAID Card Configuration

Applying for a Cisco.com Account with Cryptographic Access

Performing Disk Cleanup

Checking on System Disk Usage

Unsupported Special Characters in Prime Infrastructure Passwords


Troubleshooting and Best Practices


This appendix identifies and explains any additional troubleshooting or best practices you might find necessary as you implement a particular function.

This appendix includes the following sections:

Troubleshooting Cisco Compatible Extensions Version 5 Client Devices

Web Auth Security on WLANs

Troubleshooting RAID Card Configuration

Applying for a Cisco.com Account with Cryptographic Access

Performing Disk Cleanup

Unsupported Special Characters in Prime Infrastructure Passwords

Troubleshooting Cisco Compatible Extensions Version 5 Client Devices

Two features are designed to troubleshoot communication problems with Cisco Compatible Extension clients: diagnostic channel and client reporting.


Note These features are supported only on Cisco Compatible Extensions Version 5 Client Devices. They are not support for use with non-Cisco Compatible Extensions Version 5 Client Devices or with clients running an earlier version.


Diagnostic Channel

The diagnostic channel feature enables you to troubleshoot problems regarding client communication with a WLAN. When initiated by a client having difficulties, the diagnostic channel is a WLAN configured to provide the most robust communication methods with the fewest obstacles to communication placed in the path of the client. The client and access points can be put through a defined set of tests in an attempt to identify the cause of communication difficulties experienced by the client.


Note Only one WLAN per controller can have the diagnostic channel enabled, and all of the security on this WLAN is disabled.


Configuring the Diagnostic Channel

Follow these steps to configure the diagnostic channel:


Step 1 Choose Configure > Controllers.

Step 2 Click an IP address to choose a specific controller.

Step 3 Choose WLANs> WLAN Configuration from the left sidebar menu.

Step 4 Choose Add a WLAN from the Select a command drop-down list to create a new or click the profile name of an existing.


Note We recommend that you create a new WLAN on which to run the diagnostic tests.


Step 5 When the WLANs page appears, click the Advanced tab.

Step 6 If you want to enable diagnostic channel troubleshooting on this WLAN, select the Diagnostic Channel check box. Otherwise, leave this check box unselected, which is the default value.

Step 7 Click Save to commit your changes.


Web Auth Security on WLANs

This section describes the troubleshooting and best practices procedures that are useful when implementing web auth security on WLANs.

Web-auth is a Layer 3 security feature which allows web-based authentication to users on a WLAN. It is used mainly in guest networking scenarios, although not restricted to that usage.

When a WLAN is configured with web-auth security, you are redirected to the login page after passing Layer 2 authentications (static WEP, WPA+PSK, MAC filtering, and so on). The login page is stored on the local device or an external web server, and the page can be modified to allow a customized logo, title, and so on.

After the WLAN is configured with a web-auth WLAN, the HTTP get request is sent by the wireless client to the requested website. The controller firewall allows the DNS resolution of the specified URL. After the resolution, the controller interrupts the HTTP packets from the wireless client and redirects to the login page. When the credentials are entered on the login page and submitted, they are authenticated against the local database. If the user is not found in the local database, the configured RADIUS servers are contacted.


Note PAP and CHAP authentication are used between the client and authentication agent. Make sure your RADIUS server supports both of these protocols so web-auth login is allowed.


Upon successful authentication, you are allowed to pass traffic. After three unsuccessful authentication attempts, the client is excluded. This excluded client cannot associate until the exclusion timeout limit is surpassed. The exclusion timeout limit is configured with aggressive load balancing, which actively balances the load between the mobile clients and their associated access points.

Web-auth WLAN is also configured with a pre-authentication access control list (ACL). This ACL is configured the same as a normal ACL but permits access to resources that the client needs prior to authentication. An administrator must use the interface section to apply an ACL to the client after authentication.

A web-auth WLAN can be configured with a session timeout value. This value defines the time the client needs to re-authenticate with the device. If the value is set to zero, which means infinity, the client never re-authenticates unless the logged out option is used. You can access the logout URL at http://<VirtualIP>/logout.html.


Note Disable all pop-up blockers on the client to see the logout page.


Web-auth can be configured in different modes under Layer 3 security. The most commonly used modes of web-auth are as follows:

Internal Web—Redirection to an internal page using http://<virtual IP /DNS name >/login.html. Customization is available.

External Web—Redirection to an external URL.

Debug Commands

The following debug commands are allowed:

debug client <client-mac-address>
debug pm ssh-tcp enable
debug pm ssh-appgw enable
debug pm rules enable
debug pm config enable
 
   
show client detail <client-mac-address>
debug pem event enable

Debug Strategy

Use the following strategy for web-auth configured on a WLAN without guest tunneling:


Step 1 Identify a mobile client to work with and write down its wireless MAC address. Use the command prompt > ipconfig /all for all MS Windows-based systems.

Step 2 Disable the radio of the mobile client.

Step 3 Enter the following debug commands via a serial console set for high speed (115200) or SSH session to the management port of the controller:

debug client <client-mac-address>
debug pm ssh-tcp enable
debug pm ssh-appgw enable
debug pm rules enable
debug pm config enable
 
   
show client detail <client-mac-address>
 
   
debug pem event enable
debug pem state enable
 
   

Step 4 Enable the radio and let the client associate. After the client is associated, enter the show client detail client-mac-address command.

$Router1> show client detail 00:0b:85:09:96:10
Client Username ................................. N/A
AP MAC Address................................... 00:0b:85:09:96:10
Client State..................................... Associated
Wireless LAN Id.................................. 1
BSSID............................................ 00:0b:85:09:96:1f
Channel.......................................... 11
IP Address....................................... 10.50.234.3
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 0
Status Code...................................... 0
Session Timeout.................................. 0
Client CCX version............................... 3
Mirroring........................................ Disabled
QoS Level........................................ Silver
Diff Serv Code Point (DSCP)...................... disabled
802.1P Priority Tag.............................. disabled
WMM Support...................................... Disabled
Mobility State................................... Local
Internal Mobility State.......................... apfMsMmInitial
Mobility Move Count.............................. 0
--More-- or (q)uit
Security Policy Completed........................ No
Policy Manager State............................. WEBAUTH_REQD ========**
Policy Manager Rule Created...................... Yes
NPU Fast Fast Notified........................... Yes
Last Policy Manager State........................ WEBAUTH_REQD
Client Entry Create Time......................... 67733 seconds
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
Interface........................................ management
VLAN............................................. 0
Client Capabilities:
      CF Pollable................................ Not implemented
      CF Poll Request............................ Not implemented
      Short Preamble............................. Implemented
      PBCC....................................... Not implemented
      Channel Agility............................ Not implemented
      Listen Interval............................ 0
Client Statistics:
      Number of Bytes Received................... 188595
      Number of Bytes Sent....................... 19229
      Number of Packets Received................. 3074
--More-- or (q)uit
      Number of Packets Sent..................... 76
      Number of Policy Errors.................... 0
      Radio Signal Strength Indicator............ -41 dBm
      Signal to Noise Ratio...................... 59 dB
Nearby AP Statistics:
        TxExcessiveRetries: 0
        TxRetries: 0
        RtsSuccessCnt: 0
        RtsFailCnt: 0
        TxFiltered: 0
        TxRateProfile: [0,0,0,0,0,0,0,0,0,0,0,0]
      ap:09:96:10(slot 1) .......................
antenna0: 48 seconds ago -45 dBm................. antenna1: 123 seconds ago -128 dBm
 
   

Step 5 Make sure the pemstate of the client is WEBAUTH_REQD. Open the browser page on the client and look for the following messages:

Wed Mar  7 17:59:15 2007: ************* sshpmAddWebRedirectRules: POLICY SEMAPHORE LOCKED 
*************
Wed Mar  7 17:59:15 2007: sshpmAddWebRedirectRules: mobile station addr is 10.50.234.3
Wed Mar  7 17:59:15 2007: sshpmAddWebRedirectRules: RuleID for ms 10.50.234.3 is 44
Wed Mar  7 17:59:15 2007: sshpmAddWebRedirectRules: using HTTP-S for web auth (addr: 
10.50.234.15).
Wed Mar  7 17:59:15 2007: sshpmAddWebRedirectRules: inbound local http rule created for ms 
10.50.234.3 local 1.1.1.1.
Wed Mar  7 17:59:15 2007: sshpmAddWebRedirectRules: inbound http redirect rule created.
Wed Mar  7 17:59:15 2007: sshpmRuleIndexInsert: adding rule for RuleID 44
Wed Mar  7 17:59:15 2007: sshpmRuleIndexInsert: computed raw hash index 02ad3271 for rule 
id 0000002c
Wed Mar  7 17:59:15 2007: sshpmRuleIndexInsert: computed adjusted index 00000c32 for rule 
id 0000002c
Wed Mar  7 17:59:15 2007: sshpmAddWebRedirectRules: committing rules for ms 10.50.234.3
Wed Mar  7 17:59:15 2007: ************* sshpmPolicyCommitCallback: POLICY SEMAPHORE 
UNLOCKED - [unconditionally] ************
Wed Mar  7 17:59:15 2007: sshpmPolicyCommitCallback: called; ContextPtr: 0x2c; Success: 1
Wed Mar  7 17:59:15 2007: ************* sshpmPolicyCommitCallback: POLICY SEMAPHORE 
UNLOCKED - [unconditionally] ************
Wed Mar  7 18:02:32 2007: SshPmAppgw/pm_appgw.c:1234/ssh_pm_appgw_request: New application 
gateway request for `alg-http@ssh.com': 10.50.234.3.1153 > 10.50.234.1.80 (nat: 
10.50.234.1.80) tcp ft=0x00000000 tt=0x00000000
Wed Mar  7 18:02:32 2007: SshPmAppgw/pm_appgw.c:1239/ssh_pm_appgw_request: Packet 
attributes: trigger_rule=0x4ecb, tunnel_id=0x0, trd_index=0xddffffff, 
prev_trd_index=0xddffffff
Wed Mar  7 18:02:32 2007: SshPmAppgw/pm_appgw.c:1240/ssh_pm_appgw_request: Packet:
Wed Mar  7 18:02:32 2007: 00000000: 4500 0030 0308 4000 8006 0f57 0a32 ea03  
E..0..@....W.2..
Wed Mar  7 18:02:32 2007: 00000010: 0a32 ea01 0481 0050 2f42 e3a4 0000 0000  
.2.....P/B......
Wed Mar  7 18:02:32 2007: 00000020: 7002 4000 42fe 0000 0204 05b4 0101 0402  
p.@.B...........
Wed Mar  7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:403/ssh_pm_st_appgw_start: Calling 
redirection callback
Wed Mar  7 18:02:32 2007: SshPmAppgw/pm_appgw.c:155/ssh_appgw_redirect: Application 
gateway redirect: 10.50.234.1.80 -> 10.50.234.1.80
Wed Mar  7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:445/ssh_pm_st_appgw_mappings: 
Creating application gateway mappings: 10.50.234.3.1153 > 10.50.234.1.80 (10.50.234.1.80)
Wed Mar  7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:102/ssh_pm_appgw_mappings_cb: appgw 
connection cached: init flow_index=5967 resp flow_index=5964 event_cnt=718
Wed Mar  7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:493/ssh_pm_st_appgw_mappings_done: 
NAT on initiator side
Wed Mar  7 18:02:32 2007: 
SshPmStAppgw/pm_st_appgw.c:583/ssh_pm_st_appgw_tcp_responder_stream_done: 
ssh_pm_st_appgw_tcp_responder_stream_done: conn->context.responder_stream=0x0
Wed Mar  7 18:02:32 2007: 
SshPmStAppgw/pm_st_appgw.c:624/ssh_pm_st_appgw_tcp_responder_stream_done: Opening 
initiator stream 10.50.234.1:61611 > 10.76.108.121:2024
Wed Mar  7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:154/ssh_pm_appgw_i_flow_enabled: 
Initiator flow mode has now been set.
Wed Mar  7 18:02:32 2007: SshPmAppgw/pm_appgw.c:507/ssh_appgw_tcp_listener_callback: New 
initiator stream: src=10.50.234.1:61611, dst=10.76.108.121:2024
Wed Mar  7 18:02:32 2007: 
SshPmStAppgw/pm_st_appgw.c:646/ssh_pm_st_appgw_tcp_open_initiator_stream: Initiator stream 
opened
Wed Mar  7 18:02:32 2007: SshAppgwHttp/appgw_http.c:531/ssh_appgw_http_conn_cb: New TCP 
HTTP connection 10.50.234.3.1153 > 10.50.234.1.80
Wed Mar  7 18:02:32 2007: SshAppgwHttp/appgw_http.c:535/ssh_appgw_http_conn_cb: Responder 
sees initiator as `10.50.234.15.1153'
Wed Mar  7 18:02:32 2007: SshAppgwHttp/appgw_http.c:539/ssh_appgw_http_conn_cb: Initiator 
sees responder as `10.50.234.1.80'
Wed Mar  7 18:02:32 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: 
entering state st_wait_input: (i) reading_hdr 1 nmsgs 0
Wed Mar  7 18:02:32 2007: 
SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar  7 18:02:32 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read 
-1 bytes (offset 0 data 0)
Wed Mar  7 18:02:32 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: 
entering state st_wait_input: (r) reading_hdr 1 nmsgs 0
Wed Mar  7 18:02:32 2007: 
SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar  7 18:02:32 2007: SshAppgwHttp/appgw_http.c:132/ssh_appgw_http_st_wait_input: 
appgw_http.c.132: io->src is NULL
Wed Mar  7 18:02:32 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read 
-1 bytes (offset 0 data 0)
Wed Mar  7 18:02:32 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: 
entering state st_wait_input: (i) reading_hdr 1 nmsgs 0
Wed Mar  7 18:02:32 2007: 
SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar  7 18:02:32 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read 
-1 bytes (offset 0 data 0)
Wed Mar  7 18:02:32 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: 
entering state st_wait_input: (r) reading_hdr 1 nmsgs 0
Wed Mar  7 18:02:32 2007: 
SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar  7 18:02:36 2007: SshAppgwHttp/appgw_http.c:132/ssh_appgw_http_st_wait_input: 
appgw_http.c.132: io->src is NULL
Wed Mar  7 18:02:36 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read 
-1 bytes (offset 0 data 0)
Wed Mar  7 18:02:41 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: 
entering state st_wait_input: (i) reading_hdr 1 nmsgs 0
Wed Mar  7 18:02:41 2007: 
SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar  7 18:02:41 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read 
283 bytes (offset 0 data 0)
Wed Mar  7 18:02:41 2007: 
SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 283 
bytes:
Wed Mar  7 18:02:41 2007: 00000000: 4745 5420 2f20 4854 5450 2f31 2e31 0d0a  GET / 
HTTP/1.1..
Wed Mar  7 18:02:41 2007: 00000010: 4163 6365 7074 3a20 696d 6167 652f 6769  Accept: 
image/gi
Wed Mar  7 18:02:41 2007: 00000020: 662c 2069 6d61 6765 2f78 2d78 6269 746d  f, 
image/x-xbitm
Wed Mar  7 18:02:41 2007: 00000030: 6170 2c20 696d 6167 652f 6a70 6567 2c20  ap, 
image/jpeg, 
Wed Mar  7 18:02:41 2007: 00000040: 696d 6167 652f 706a 7065 672c 2061 7070  image/pjpeg, 
app
Wed Mar  7 18:02:41 2007: 00000050: 6c69 6361 7469 6f6e 2f78 2d73 686f 636b  
lication/x-shock
Wed Mar  7 18:02:41 2007: 00000060: 7761 7665 2d66 6c61 7368 2c20 2a2f 2a0d  wave-flash, 
*/*.
Wed Mar  7 18:02:41 2007: 00000070: 0a41 6363 6570 742d 4c61 6e67 7561 6765  
.Accept-Language
Wed Mar  7 18:02:41 2007: 00000080: 3a20 656e 2d75 730d 0a41 6363 6570 742d  : 
en-us..Accept-
Wed Mar  7 18:02:41 2007: 00000090: 456e 636f 6469 6e67 3a20 677a 6970 2c20  Encoding: 
gzip, 
Wed Mar  7 18:02:41 2007: 000000a0: 6465 666c 6174 650d 0a55 7365 722d 4167  
deflate..User-Ag
Wed Mar  7 18:02:41 2007: 000000b0: 656e 743a 204d 6f7a 696c 6c61 2f34 2e30  ent: 
Mozilla/4.0
Wed Mar  7 18:02:41 2007: 000000c0: 2028 636f 6d70 6174 6962 6c65 3b20 4d53   (compatible; 
MS
Wed Mar  7 18:02:41 2007: 000000d0: 4945 2036 2e30 3b20 5769 6e64 6f77 7320  IE 6.0; 
Windows 
Wed Mar  7 18:02:41 2007: 000000e0: 4e54 2035 2e31 3b20 5356 3129 0d0a 486f  NT 5.1; 
SV1)..Ho
Wed Mar  7 18:02:41 2007: 000000f0: 7374 3a20 3130 2e35 302e 3233 342e 310d  st: 
10.50.234.1.
Wed Mar  7 18:02:41 2007: 00000100: 0a43 6f6e 6e65 6374 696f 6e3a 204b 6565  .Connection: 
Kee
Wed Mar  7 18:02:41 2007: 00000110: 702d 416c 6976 650d 0a0d 0a              p-Alive....
Wed Mar  7 18:02:41 2007: 
SshAppgwHttpState/appgw_http_state.c:985/ssh_appgw_parse_request_line: parsing request 
line GET / HTTP/1.1
Wed Mar  7 18:02:41 2007: 
SshAppgwHttpState/appgw_http_state.c:1018/ssh_appgw_parse_request_line: internal http 
version 3
Wed Mar  7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:1155/ssh_appgw_add_method: 
caching method 2 for reply 0
Wed Mar  7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:1604/ssh_appgw_check_msg: 
examining request using service id 34
Wed Mar  7 18:02:41 2007: 
SshAppgwHttpState/appgw_http_state.c:594/ssh_appgw_http_get_dst_host: destination host: 
10.50.234.1
Wed Mar  7 18:02:41 2007: 
SshAppgwHttpState/appgw_http_state.c:1474/ssh_appgw_inject_reply: injecting 404 reply as 
msg 0
Wed Mar  7 18:02:41 2007: SshAppgwHttp/appgw_http.c:284/ssh_appgw_http_st_write_data: 
entering state st_write_data 
Wed Mar  7 18:02:41 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: 
entering state st_wait_input: (i) reading_hdr 1 nmsgs 1
Wed Mar  7 18:02:41 2007: 
SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar  7 18:02:41 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read 
-1 bytes (offset 0 data 0)
Wed Mar  7 18:02:41 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: 
entering state st_wait_input: (r) reading_hdr 1 nmsgs 0
Wed Mar  7 18:02:41 2007: 
SshAppgwHttpState/appgw_http_state.c:1851/ssh_appgw_http_is_inject: next inject is msg# 0 
current msg# 0
Wed Mar  7 18:02:41 2007: SshAppgwHttp/appgw_http.c:207/ssh_appgw_http_st_inject: entering 
state st_inject (r): msgs 0 
Wed Mar  7 18:02:41 2007: SshAppgwHttp/appgw_http.c:259/ssh_appgw_http_st_inject: closing 
connection after inject
Wed Mar  7 18:02:41 2007: SshAppgwHttp/appgw_http.c:400/ssh_appgw_http_st_terminate: 
entering state st_terminate (r): teardown 0 terminate i: 1 r: 1
Wed Mar  7 18:02:45 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: 
entering state st_wait_input: (i) reading_hdr 1 nmsgs 1
Wed Mar  7 18:02:45 2007: 
SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar  7 18:02:45 2007: SshAppgwHttp/appgw_http.c:400/ssh_appgw_http_st_terminate: 
entering state st_terminate (i): teardown 0 terminate i: 1 r: 1
Wed Mar  7 18:02:45 2007: 
SshAppgwHttp/appgw_http.c:732/ssh_appgw_http_connection_terminate: service HTTP-REDIR: TCP 
HTTP connection 10.50.234.3.1153 > 10.50.234.1.80 terminated
Wed Mar  7 18:02:45 2007: SshPmStAppgw/pm_st_appgw.c:1094/ssh_pm_st_appgw_terminate: 
terminating appgw instance

Step 6 If you do not see the HTTP GET message, the HTTP packet has not reached the controller. After the client completes the redirection, enter your login and submit it.

Step 7 Look at the entry of the client in NPUdevshell hapiMmcDebugScbInfoShow (`client mac address'). If the PEM state is not moved from WEBAUTH_REQD to RUN, a credential problem exists. Check the credentials in the local or RADIUS database (where ever they were configured).

Step 8 When the RUN state appears on the client, perform a check from the client to the gateway and see if traffic is being passed.


RF Heatmap Analysis

Scenario: You see some inconsistent heat maps for access points. One part of the access point shows strong heat maps, whereas the other part shows weak heat maps.

Analysis: This might happen when you get the RSSI values of the neighboring access point for one part and not for the other part. Using just one side of the RSSI value to predict the heat map is not suggested, as there can be a thick wall or wired housing which might lead to incorrect heat maps.

Scenario: You are unable to view the dynamic heat map correctly.

Analysis: In case you are unable to view the dynamic heat map correctly, check the following:

Neighbor AP RSSI values if they are same from both controller and Prime Infrastructure.

Wait for 20 minutes for the heat maps to refresh with most latest dynamic heat map data.

Check AP Positions.

Best Practices

If the client is not redirected to the login page and you want to avoid DNS resolution in the network, enter http://controller-mgmt-ip. If a redirection occur, the issue is not network related.

Enter config network web-auth-port Port to define the ports on the controller other than the standard HTTP port (80). The controller does not interrupt secure HTTP or HTTPS (443) even if the port is configured for interrupt.

Troubleshooting RAID Card Configuration

Scenario:

Due to accidental power interruption, the information about the RAID card configuration that is stored in the NVRAM (non-volatile RAM) gets corrupted or erased. When the configuration information is lost, the RAID card fails to boot in the normal mode. However, the RAID card backs up the configuration information on the hard drives. Though the RAID card recognizes the backup configuration stored on the hard drive, it does not load the configuration information as the default configuration without manual intervention.

Analysis:

When the system tries to boot, the RAID firmware returns an error message that the information about the previous configuration is lost and you need to press C to load the configuration utility. The error message appears on the serial console and the bootup does not proceed without your input.

You must perform the following steps:


Step 1 On the serial console, press C to load the RAID management tool. The RAID firmware indicates that a foreign configuration is available. The foreign configuration is the RAID card configuration that was backed up on the hard drive. But, the RAID firmware does not load this configuration information automatically.

Step 2 In the RAID management tool, type the following command:

-CfgForeign -Import -a0

Step 3 Reboot the server.


Applying for a Cisco.com Account with Cryptographic Access

To download cryptographic images, you must have a Cisco.com account with cryptographic acces

To apply for cryptographic access, follow these steps:


Step 1 If you have a Cisco.com account, skip to Step 2. If you do not have a Cisco.com account, register for one at this URL: http://tools.cisco.com/RPF/register/register.do.

Step 2 Go to this URL: http://tools.cisco.com/legal/k9/controller/do/k9Check.x?eind=Y.

The Enter Network Password dialog box appears.

Step 3 Log in with your Cisco.com account.

The Encryption Software Export Distribution Authorization page appears.

Step 4 Select your software from the list box and click Submit.

The Encryption Software Export Distribution Authorization page appears.

Step 5 Review and complete the Encryption Software Export Distribution Authorization form and click Submit.

The Cisco Encryption Software: Crypto Access Granted message appears.


Note It takes approximately 4 hours to process your application. You cannot download the software until the entitlement process is complete. You will not receive any notification for this.



Performing Disk Cleanup

When Prime Infrastructure is running low on disk space, an alarm is raised in the system. Also, the following error appears as a pop-up dialog box.

The system is running low on diskspace, please refer to online help to perform disk cleanup.

To resolve this issue, use the following CLI command:

ncs cleanup

You can use this command to free up and reclaim disk space.

In addition, you can also monitor your system disk usage. For details, see "Checking on System Disk Usage" section.

For more details on managing Prime Infrastructure's network data collection and retention, see the following URL:

http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/user/guide/ManageData.html

Checking on System Disk Usage

You can quickly check on the total system disk space usage using the Appliance Status tab under Administration > Appliance.


Step 1 Choose Administration > Appliance > Appliance Status.

Under Disk Usage, Prime Infrastructure displays the current storage allocation and percentage of use for each of the main disk volumes it uses.


Unsupported Special Characters in Prime Infrastructure Passwords

Prime Infrastructure password cannot be "cisco", "ocsic", "admin", "nimda' or any variant obtained by changing the capitalization of letters, or by substituting `1" "|" or "!" for i, or substituting "0" for "o", or substituting "$" for "s".

You cannot use special characters such as $, ', \, %, &, (, ), ;, ", <, >, , , ? , and | as part of the password. The special characters such as @, #, ^, *, ~, _, -, +, =, {, }, [, ], :, ., and / are allowed in password. The special character "!" (exclamation mark) works when the password policy is disabled.