Cisco WLC 4400 Catastrophic Bug

I would like to make you all aware about catastrophic bug that affects (or may potentially affect) you. It applies to legacy eol/eos wireless controllers (Cisco WLC 4400 series), which are still massively deployed in many companies. A friend of mine has asked me to help troubleshooting very strange problem they’ve been experiencing for some time. Here’s a story and workaround. Read more …

Fun: Saudi Cabling Masters

Riyadh Crazy CablingI haven’t posted any fun stories here yet. However, I might slightly change this blog’s format. We have PoE-powered video surveillance problems in Riyadh (ports do not come up). I shared my opinion that cabling is likely our problem and got this response back in a minute. Picture is also attached 🙂

Please have it be known that the calibre of cabling contractor in the kingdom of Saudi Arabia is the envy of the world. I can’t believe for one minute they would have not done this correctly.

Please see attached example of Jeddah, clearly there is nothing wrong with what they have done here !!!

Cabling masters 80 lvl. I like the way DATA and TELEPHONY CABAL patch panels are labeled too.

Finding Cisco Tx Power Levels

Tx Power Level is an important variable that, in combination with antenna gain, influences coverage patterns. Cisco wireless controller dynamically adjusts transmit power levels according to current RF conditions, access point’s capabilities and local regulatory domain recommendations, that may vary per band and/or channel. We, as an engineers, should be capable to confirm current Tx Power level, list of all supported Tx Power levels and antenna gain (if applicable). No coverage or heatmap approximations can be made without this information. With this post I will provide a number of different useful CLI commands that may be used to quickly find Tx Power levels information per-AP and in bulk. Read more …

PoE-based access points Tx power level limitations

I recently noticed that Cisco AP 1142 Tx power level is not a constant value. It is dependent on a data rate in use.
Less words, here’s an example of “show controllers dot11Radio” taken from Cisco AIR-LAP1142N-E-K9:

interface Dot11Radio0
Radio AIR-AP1140G, Base Address b4a4.e3ca.f130, BBlock version 0.00, Software version 3.00.81
Serial number: <cut>
Number of supported simultaneous BSSID on Dot11Radio0: 16
Carrier Set: EMEA (EU) (-E)
Uniform Spreading Required: No
Configured Frequency: 2462 MHz Channel 11
Allowed Frequencies: 2412(1) 2417(2) 2422(3) 2427(4) 2432(5) 2437(6) 2442(7) 2447(8) 2452(9) 2457(10) 2462(11) 2467(12) 2472(13)
Listen Frequencies: 2412(1) 2417(2) 2422(3) 2427(4) 2432(5) 2437(6) 2442(7) 2447(8) 2452(9) 2457(10) 2462(11) 2467(12) 2472(13) 2484(14)
Beacon Flags: 0, Interface Flags 20105, Interface Events 0, Mode 9; Beacons are enabled; Probes are enabled
Configured Power: 17 dBm (level 1)
Active power levels by rate
1.0 to 11.0 , 16 dBm, changed due to regulatory maximum
6.0 to 48.0 , 13 dBm, changed due to regulatory maximum
54.0 to 54.0 , 11 dBm, changed due to regulatory maximum
6.0-bf to 54.0-b, 10 dBm, changed due to regulatory maximum
m0. to m5. , 13 dBm, changed due to regulatory maximum
m6. to m6. , 11 dBm, changed due to regulatory maximum
m7. to m7. , 10 dBm, changed due to regulatory maximum
m8. to m13. , 13 dBm, changed due to regulatory maximum
m14. to m14. , 11 dBm, changed due to regulatory maximum
m15. to m15. , 10 dBm, changed due to regulatory maximum
m0.-4 to m5.-4 , 13 dBm, changed due to regulatory maximum
m6.-4 to m6.-4 , 11 dBm, changed due to regulatory maximum
m7.-4 to m7.-4 , 10 dBm, changed due to regulatory maximum
m8.-4 to m13.-4, 13 dBm, changed due to regulatory maximum
m14.-4 to m14.-4, 11 dBm, changed due to regulatory maximum
m15.-4 to m15.-4, 10 dBm, changed due to regulatory maximum
6.0-d to 48.0-d, 13 dBm, changed due to regulatory maximum
54.0-d to 54.0-d, 11 dBm, changed due to regulatory maximum
OffChnl Power: 16, Rate 1.0
Allowed Power Levels: -1 2 5 8 11 14 17
Allowed Client Power Levels: 2 5 8 11 14 17

Why is it like this? Why higher data rates have lower Tx power levels? These were my questions too. Read more …

CDP entry wildcard match

Message of the Day: Every day is a lesson!

I just found that show cdp entry command supports wildcard search. I am a frequent user of this command, and it usually happens when I first execute show cdp neighbors to find a neighbor of interest, followed by a show cdp entry <name> to find its management IP address. I usually copy/paste the full name of the neighbor, until just now. A short example will tell you the rest…

SWITCH#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
 S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
 D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
SWITCH1 Gig 1/0/27 157 S I WS-C3750- Gig 2/0/1
SWITCH1 Gig 2/0/27 172 S I WS-C3750- Gig 1/0/1
SWITCH#show cdp entry SWI*
Device ID: SWITCH1
Entry address(es):
 IP address:
Platform: cisco WS-C3750-48P, Capabilities: Switch IGMP
Interface: GigabitEthernet1/0/27, Port ID (outgoing port): GigabitEthernet2/0/1
Holdtime : 155 sec

Version :
Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(50)SE2, RELEASE SOFTWARE...
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 15-May-09 19:41 by nachen

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF01...
VTP Management Domain: 'null'
Native VLAN: 10
Duplex: full
Management address(es):
 IP address:

Well, if you know that… ignore me, if not – welcome to the club of those who like to find about tiny and nice IOS features 🙂

Trust DSCP is a must have on Cisco Catalyst 4500

This is a small post about one specific Cisco Catalyst 4500 Classification characteristic. The one I was lucky to find and read in advance before I deployed QoS configuration changes. Here it is.

If you run Cisco Catalyst 4500 on a Supervisor card older than V-10GE, software older than Cisco IOS Release 12.2(31)SG and you classify traffic with service-policy that refers to DSCP value (via ACL, or class-map match statements), you MUST HAVE qos trust dscp configured on a port! 

Simple as that. If you don’t do that, your service-policy won’t see DSCP values, and won’t be able to classify traffic in a right manner. Here’s a screenshot from the Cisco Catalyst 4500 QoS configuration guide that proves my words.



Recovering bricked Cisco WLC 4400

Getting back to my bricked WLC. Well, ex-bricked WLC. If you missed that post – check it out here.

I have spent few months trying to find a fix to this. I tried different ways, including unofficial talks with Cisco TAC engineers. Although they tried to be polite, no one wanted to go deep into my problem. No one cares about End of life device without hardware support. Well, no one except myself. Simply because I didn’t want to spend few more hundreds to buy one extra working controller for my lab. And, I managed to reanimate it. Cure is soooo simple… You’ll be surprised. Read more …

Access Points migration to vWLC. Tips and Tricks.

We recently begun to massively replace our end-of-life Cisco Wireless Controllers 4400 series with ESX-based Cisco Virtual Wireless Controllers (vWLC). The deployment process is straight-forward and well documented by Cisco in “Cisco Virtual Wireless Controller Deployment Guide“. We haven’t had any major issues with the deployment, but we faced some problems when it came to the migration process of the existing AP infrastructure to these new controllers. While current AP models (2600/3600) can join vWLC with no hassle, old, but still decent, AP models (like Cisco 1140 series) require some extra efforts before they can join vWLC… Read more …

All-in-one network engineer cable!

I want to apologize for being silent and not sharing any knowledge recently. I am so much busy these days – having few big projects going on (mostly QoS related). I just don’t have any free time for this blog at the moment. But… I already started few new posts and will try to finish at least one of them during the following weekend (will cover Cisco 3750 Congestion Management mechanics).

Well, for now I just want to share this link with you – the 5-in-1 network admin’s cable. I found it to be absolutely amazing thing and will spend some time soon to create one for myself.

Good luck!

Cisco IOS archive feature path variables

There’s something you might like.

Cisco IOS archive feature supports two variables that can be used to define path property. Those are $t for date/time and $h for hostname. Date/time format can be adjusted with service timestamps log command. Also, don’t forget to configure an appropriate timezone name and offset. Here’s an example.

service timestamps log datetime localtime show-timezone year
clock timezone EET 2
clock summer-time EEST recurring last Sun Mar 3:00 last Sun Oct 4:00
 log config
  logging enable
 path tftp://$h-$t

Read more …