Cisco… what else…

I’m back…


now I’m back – was offline toooo long… I will now be back to fill this (IMHO) blog with hopefull a lot of new contents…

thanks and have a happy new year 😀



Cisco Identity Service Engine ISE Installation


today I will show you how easy it is to install a new Cisco Identity Service Engine (ISE) on a ESXi Server.

This is only for lab demonstration – not for productive use.


  • NTP Server
  • DNS Server
  • Active Directory (later use)

minimum System Requirements:

  • Linux Redhat 5 32Bit
  • 1 Core/Socket – Intel Dual Core 2,13GHz or faster
  • 4GB RAM
  • 60GB HDD (must be a single disk on VMWare)
  • 1GB Ethernet NIC (4 NICs are recommended)
  • Hypervisor Support ESXi 4.x (i installed it on ESXi 5.x and it’s working fine in the lab)

1) Get the ISO of the ISE 😉 and put it on your VMware and boot your system

2) Enter to begin the installation process

3) Now the ISE installer begins to configure the required packets and the installation.

4) The basic installation is now finished, enter “setup” as login to configure your basic settings.

5) Now configure the basic settings.

to show the timezones enter following comand: show timezone

6) When the installing process is finished you must enter a database administrator password and a database user password

  • Min. 11 characters
  • One Uppercase and one digit -no special chars…
  • I used Cisco123456 – for both as demo passwords

7) Enter the database admin password and database user password

8) When finished installing you can login via web -enter username admin (default – or the user you configured in the basic configuration) and your password.

Open your favorite browser or CLI – IE 8 or Firefox 9 are supported – and go to your ISE (IP or DNS name you configured)

IMPORTANT: Only Certified Partner can install the ISE!!!

Have fun…

[best regs]

Reset an Cisco Access Point CAP3502I to factory defaults


today I tried to reset an AP with the mode button and I hoped that ALL config was deleted from the AP – but no. All the WLC Config was still there…

The only way that I found to delete the whole config, also the WLC config was the following command that you must enter on the CLI of the WLC.

clear ap config <AP-NAME>

(Cisco Controller) >clear ap config AP6c6c.6c6c.6c6c
clear ap config will clear ap config and reboot the AP, Are you sure you want continue? (y/n) y

All AP configuration including AP’s static IP configuration has been cleared.

(Cisco Controller) >


You will get the ap name with following command on the CLI:

show ap summary

(Cisco Controller) >show ap summary
Number of APs……………………………… 1

Global AP User Name………………………… Not Configured
Global AP Dot1x User Name…………………… Not Configured

AP Name                          Slots        AP Model                               Ethernet MAC                Location                    Port      Country      Priority
——————                —–         ——————–                  —————–                —————-             —-          ——-           ——
AP6c6c.6c6c.6c6c          2            AIR-CAP3502I-E-K9        d4:d4:d4:d4:d4:d4      default location         1                IT                  1

(Cisco Controller) >



[best regs]

older Cisco PoE Switches: Controller port error

Yeah man!

i installed some new Cisco Access Points and connected they to an older Cisco PoE Switch, but they won’t work… strange ;-(

on the console i saw that there are some port errors like following:

%ILPOWER-3-CONTROLLER_PORT_ERR (x1): Controller port error, Interface [chars]:[chars].

searched @cisco.com i found this…

Explanation: : A fault condition was detected on the power controller. An port
error has been reported by the inline power controller.

Recommended Action:
1. Make sure that the devices are correctly grounded.
2. Check the speed/duplex setting on the remote end of the connection.
3. Perform a shutdown and no shutdown on interface [chars].
4. If the device is not an IP Phone – disable inline power on this port.
5. If the error message continues: There are several know bugs related to
this message such as CSCeb24148. Check the Bug Toolkit for bugs relevant
to this device and software version.

but the solution for me was…

Switch(config-if)#power inline delay shutdown 20 initial 20

and it worked perfect!

[best regs]

Aeroscout Tags with Cisco Wirless LAN WLC Controllers 4400

Hi Cisco Guys,

i found an old lab guide, that i’ve done some times ago… perhaps someone need it…


My lab:
– WLC4404 –
– WLC4402 –
– LAP 2700 – 2.1
– WCS – 4.0.96
– Aironet 1242AG LWAPP
– 3750 Switches

– Tag Manager Software 3.0
– Tag Activator (wirless appliance)
– T3000 Tags (version 6.x)


my config on wlcs:
#config dot11 rfid enable
#config rfid timeout 480

on the 802.11b/g -> set the parameter CCX Location Measurement as enbled and the intervall 60secs.


WCS -> Location Server:
Location Server -> Administration ->
Polling Parameters:
Activate Asset Tag
Intervall 120 sec

History Parameters:
Activate Asset Tag
Intervall 720min


my config on T3 Tags:
Channels: 1, 6, 11 (here are working my APs)
Interval sec: 60
Transmission Data: WDS
Receiver: 01:0c:cc:00:00:00 !important i had 01:0c:cc:00:00:02 and that didnt work for me!
the rest i left how it comes from the factory…
-> activate the tag.


and have fun…

i hope that could be helpful for someone…

[best regs]

Daily Backup from Cisco Router Configuration with SCP (Secure Copy)


today I let you know how you can do a “secure” automatic backup from your router configuration… let’s go! I’ve done it with an Windows Server 2003 as backup server you can also try it with a Linuxbox 😉

Note: the username and password are stored in cleartext in the config.

Download & Install OpenSSH for windows (http://sshwindows.sourceforge.net)

  • Install default
  • open services.msc -> start OpenSSH server

Create a local user:

  • User: cisco
  • Pass: secure
    • Add user to local ADMINISTRATOR group (otherwise you cannot connect)

open cmd

  • cd “\Program Files\OpenSSH\bin\”
  • mkgroup –l >> ..\etc\group
  • mkpasswd –l >> ..\etc\passwd
    • this 2 cmds creates local group & user files

open  regedit

  • HKEY_LOCAL_MACHINE\Software\Cygnus Solutions\Cygwin\mounts v2/home2
    • Change key “native” from “C:\Documents and Settings” to your Backup Drive i.e. “e:\”
    • Now you can change the homepath from “/home/cisco” in the passwd file to “/”

open services.msc and start this service -> “OpenSSH”

Now test with putty if you can connect to this SSH Server

  • port 22
  • User: cisco
  • Pass: secure

Now we have to configure the router that it does the backup automatically.


  • $h = hostname
  • $t = time (command does not work fine – better leave it away)

Path: save path
Write-memory – when you save manually he will save also via SCP
Time-period: 1440 Minutes -> daily backup | 10080 weekly backup

Connect to router via SSH and execute following commands

router# conf t
router(config)# archive
router(config-archive)# path scp://cisco:secure@$h/$t-$h
router(config-archive)# write-memory
router(config-archive)# time-period 1440
router(config-archive)# exit
router(config)# exit
router# write memory

You are done!

Every time you do a write memory – it will also save via SCP!

[best regs]

What does “SEP” means @ Cisco Ephones…


today i asked myself what does SEP followed by the mac address from the Cisco ephone means?

Secure EPhone?
Secure Enhanced Ephone?

… no – searched on the internet and found following anser…

“Cisco acquired SCCP technology when it acquired Selsius Corporation in 1998.[2] As a remnant of the Selsius origin of the current Cisco IP phones, the default device name format for registered Cisco phones with CallManager is SEP — as in Selsius Ethernet Phone — followed by the MAC address. Cisco also has marketed a Skinny-based softphone called Cisco IP Communicator.”

External Link: http://en.wikipedia.org/wiki/Skinny_Call_Control_Protocol#Origin

[best regs]

CISCO IOS Recovery 3750X and 3560X with USB flash drive

Today i get a call from a customer that he had deleted the whole flash from his 3560X switch and when he restarted the switch it won’t come up… why? 😉

so i told him that without the .bin image on the flash it’s not possible that the switch will run…

What can i do?

You can do an IOS recovery… but not with the very slow xmodem  (i know you can tune it up to !WOW! 115kbps)… but nowadays with an USB flash drive…

Here you can see how it works:

NOTE: Not all USB flash drives are supported, hence my recommendation to get several ready.

1. USB pen drive max. 16GB format as FAT16
2. copy the .bin image onto the flash drive
3. disconnect the switch from power
4. connect the flash drive to the switch
5. hold the “mode” button on the switch, give power, hold the button until the SYST LED flashes only green fast and when it is green and stop flashing hold on 2 seconds and then leave the button, otherwise it will boot “normaly”  (takes about ca. 30-40 seconds)
6. switch: flash_init
7. …wait… (it could be that the switch will hang on —more— push enter and it will go on, try it)
8. switch: dir usbflash0:       !!check if the switch can read from USB
9. switch: copy usbflash0:IOS-IMAGE.bin flash: IOS-IMAGE .bin        !!copy the image from usb to flash
10. switch: boot flash: IOS-IMAGE .bin        !! with this command the switch boots up with the image immediately
11. conf t      !! enter to conf t
12. boot system flash:.bin      !! don’t forget to set the image as bootvar 😉
13. wr mem       !! and save it, so it will boot also when it get powered off 😉

I tried it also to recover the IOS image with TFTP via the management port… but it doesn’t worked for me… it get not up the management port, so i couldn’t copy the file from TFTP to FLASH…

[best regs]

Hi Cisco Guys…

hi cisco guys…

i’m new on wordpress and i’ll use it to document my works and projects with Cisco products. My focus will be on Cisco Wireless, Cisco ASA and Cisco Routing & Switching – but not only…

I’ll hope to find enough time to write down all my interesting projects…

best regs