14 WLC interfaces and AP associations

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] for our next section we now want to take a look at the actual wireless LAN controller graphical user interface and we might even start out in the command line let's go ahead and bring up the command line and let's go ahead and just SSH over with the login of admin to 10.1.1.10 t1 now this would typically be a console we would have consult in to begin with and we would have gone ahead and setup the beginning interface I'm not sure if I have SSH enabled on this particular device maybe I have it turned off right now we'll go ahead and and come back to that but we would have consoled in to begin with and we would have set up the static IP address for at least the service port or and probably the management port essentially or at least the management port for all switches and the service port probably for some various switches that had it like the forty four hundred and fifty five hundred series so our username is admin and we'll put in our password which happens to be I any Wi-Fi one it likes strong passwords and we begin on the monitor page that's where it starts us out okay so there's a number of things that I actually already have configured here and we will be but the plenty of things I've gone through and deleted will be going through and creating and deleting so we'll certainly get to a lot of things here in the we'll see I will say just right off the bat we're not going to be covering absolutely everything in the wireless LAN controller because it's beyond the scope of this particular course and would take a lot longer we will be covering absolutely everything in the wireless LAN controller and just about everything in the wireless control system the WCS server in the next see CNP wireless class because we really do have to go into all the different various aspects we will be covering I would say probably 75 maybe 80% of what's here in the wireless LAN controller here in this particular course and we'll be covering probably about 25% of what's in the wireless control system because it's really so much more in-depth and so much that we can do with that particular system that is not tested on at the CCNA Wireless level but is at the CCNP Wireless level at any rate you've probably seen this page refreshing it refreshes every I think 30 seconds it tells us so just since we're here on the monitor page I'm not going to go into everything over here yet we will eventually come back to that but first we want to go into the configuration but since we're just on this summary page let's just take a look we see a summary of the controller a summary of our access points a summary of clients we see a summary of rogue ApS clients ad hoc rogues rogues on the wired network we see the top wireless lands their profile name in the number of clients and most recent traps okay so we'll be taking a look at a lot of this stuff the controller summary the management IP address we see what is set up we see the curve 10.1.1.10 t1 we see the current software version an emergency fallback version so it basically has a another copy of the wireless LAN controller software just in case there's a problem maybe we upgraded to a newer image let's say we upgrade to 8 dato when it comes out 70.2 30.0 will be the the emergency image at that point we can always fall back to it that way we can that way we can have a recovery if for some reason there's you know some sort of catastrophic bug in the new version we can see the system name if we haven't changed it currently it is basically the MAC address I'm this is the last six characters of the MAC address cisco defines basically the vendor so that is the definition for the first six characters of that MAC address we can see how long this has been up but the system time is internal temperature in Celsius whether a networks are enabled whether BG networks are enabled it doesn't tell us about n but we do support that as well local mobility group something we'll be talking about a lot more later current CPU and memory usage we can see how many 802 11 a n radios there are and BG n why does it group those together well a n is going to be the 5 gigahertz range so n is on both that's because n here is a 5 gigahertz n range radio and n 4 b GN is in the 2.4 gigahertz spectrum okay so there are 4 radios that support at least BG and a each and some of them support n AP's in total we have 4 we can click on detail on all APs or just let's say we only want to look at the 5 gigahertz and radios or at least the 5 gigahertz a and radios and we can see their particular MAC addresses okay in fact if we were to go back to our switch that we had looked at bindings we could see if we match any of these whoops let's just leave that for right now because these are the base radio MAC addresses and we would be from the switch looking at the Ethernet MAC addresses so what will come back to that okay we can see remember we were on the 5 gigahertz spectrum so we can see what channel those are broadcasting on these appear to be broadcasting on the same channel 161 so that's something that we might want to consider and deal with the power level that they're at we'll talk about what that power level means whether clean air is administrative Li operate as I should say administratively enabled and then operationally up or not three of these radios don't support it the 3502 does it's enabled and up we'll talk about where to configure that and take a look at actual interference okay so we'll just go back to the summary page we can see how many rogue APs we can actually see 52 rogue ApS on our network and 14 rogue clients now keep in mind where I am working out of this is a building where we share in fact specifically where I'm working out of as a remote office and I actually just lease in a single office space so INE has our corporate headquarters in seattle and also in reno and we have you know an entire floor in seattle an entire almost building in reno for our data center but but i'm just working out of a remote individual you know small 100 square foot office so i not only share the floor and the building with other people i share the next office with other people i should say there are people on either side of me and in front and behind me in different offices so i have there are a lot of aps that my aps here are picking up and probably causing interference too and in fact as soon as this class is done i take them down I don't have antennas on a lot of them because I don't want to cause too much interference but if I click detail I can actually see how many other ApS I'm seeing out there one of them is one of the ones that is not really it's actually a separate AP of mine that I'm using in fact I showed it to you in the SSID when we're looking at our SSI and signal noise ratio the other day these are not the ones that I'm using for my class this is just my actual production one but we can see other things like guest WLAN that's not mine PS Wireless that's actually the company that I rent from PS executive centers that's their wireless for all the clients you know all their internal office people all sorts of one ok so there's all sorts of wireless networks around and we can see how many clients each of these ApS have so I'm detecting three radios on the PS wireless SSID I'm detecting four radios on the ine voice rack and I'm detecting number of clients on ApS that are not mine how can I do that because their management frames are sent on channels that I have radios that listen on and they're not protected now there's plenty of these that don't have any clients able to be detected that is probably they probably don't actually have no clients right they probably actually do have clients is another way to say that double negative they probably have management frame protection turned on that would be the smart thing and since there is a big corporate customer here I won't name them think it's too clear from the actual naming of this then what you know just for their own privacy reasons then it would make sense that since they're a multinational company that occupies a large portion of the building that they actually do have robust security setup in fact they're probably detecting mine as rogues as well fact we have three pages of these so I've got a lot of information here okay I also could see the rogue clients look at this I can actually these are the the MAC addresses of the particular clients and I can click on any one of these see what SSID they're associated to and I can I can't do anything to them okay I'm not gonna actually our ApS are not going to cause interference with them they're not actually going to try and disrupt them in any way in fact Cisco clean air is not there to disrupt other people's networks technically under at least in the US under FCC guidelines that's illegal and very punishable by law right so we're not doing that even with clean air we're simply detecting what we see and we're able to act on it for our environment so I can do something like alert my own systems based on that okay or I can say that particular rogue client has been contained okay so I can try to deal with that in that way all right so we're not gonna go and do anything to any of these rogue clients I don't see any ad hoc rogue networks they're all infrastructure based okay I don't see any rogues on the wired network one because I don't have anything in the monitor state I don't have any ApS in the purely monitor state or I'm sorry in the rogue ap state but I also am NOT on the same wired LAN as them well I sort of am as some of them but I have of course being a CCA security a very robust firewall in between me and them okay I can also click on these MAC addresses of the actual APs I can classify these ApS as friendly or malicious and you know state whether to alert on them or not I can see specifically what channel they're broadcasting the width of there the band width of their channel you know 20 megahertz wide channel 802 11 G WEP is enabled probably it's actually not WPA is really enabled being a extension to WEP so in other words they're not using WEP they're using WPA all things in security we'll talk about whether they're using a longer short preamble what they're RSSI is and what their signal-to-noise ratio is in fact actually this particular AP is my own ap sales support floor AP so that's the rogue that I was seeing there which is actually interesting that must be a leftover wireless LAN that I need to deal with so we'll get to that I don't have any because I've deleted them all any wireless LANs at this point we're gonna talk about the traps we're gonna talk about how to create traps and go take a look at those later and we will see clients on our network once we begin actually adding those and we'll go take a look at some of the more detailed information about these statistics and clean air and stuff as we go on but let's go ahead and get started with the basics of the wireless LAN controller and so we're actually going to start over here at commands first of all if I go to feedback it's gonna pop up a window saying hey do you want to give Cisco feedback it goes out to the live web do you want to provide feedback on network control system Prime WCS will sees ApS or the mobility services engine I'm not here for that okay you're not here for that help this is going to be an extremely important and helpful believe it or not feature so use it anytime we have now it's not quite as helpful as some Cisco servers where they provide context-sensitive help where it actually says help for this page and it actually pulls up the exact page you're on you still have to go to whatever it is you're wanting to do but if you take a look at it I pull it over here just a little bit it mimics the or has an index for the configuration interface that we're looking at so first of all tells you how to use the web user interface then it says I've got the monitor tab the W lands tab a controller tab the wireless tab the security tab the management tab the commands and then any disclaimers so if I need to go set up let's say management on the inner on the device and I want to know how to set up SNMP v3 with security I can actually go here and it will give me information about the parameter on that particular page so if I go here to management SNMP SNMP v3 and I click new here I'm getting the information about let's say username access level access protocol privacy protocol it's kind of giving me albeit I probably chose a very minimalist one to look at but maybe I need something you know more advanced like how do I set up an LDAP server or what do each of the parameters on the LDAP server I mean I can go to you know I know it's gonna be under security and then under LDAP and then I can say first of all learn a little bit about it in general go to new and see all sorts of information about setting up even things like the the LDAP search base and you know how to actually format that particular search base okay so it's use the help command or the help page it's gonna be very useful let's go back to commands we can download files to the controller or we you know we can also upload files to the controller so we can we can basically say you know we want to have a TFTP server and I should maybe clarify this we're not setting up a TFTP server on the we'll see we're saying we have a TFTP server at this IP address and we've put in the name of the new will see 2100 you know canine which is a security load 70.2 300 which is actually separated by dashes in the file name dot a yes okay and the file path so this is actually when I had set up my TFTP server on my laptop my laptop was IP address 10.1.1.10 or sorry one dot one dot one dot 15 at the time maybe it would be ten now and I would say we're going to basically update the version of code on the controller via TFTP or if I did FTP it would change all the credentials down here and include things like user name password FTP not being t trivial like TFTP is and I could say download and it would go out and look for that TFTP server and try to download the newest configuration I could also do things like upload vendor certificates or configurations or signature files okay I could also grab event logs this is actually I think this is kind of backwards the way I think of it download it's saying download to the we'll see and it's saying upload from the we'll see alright so this is basically pushing out to you the event log of the will see or the trap log of the will see or the configuration of the will see or pack files for something we'll talk about in a little bit protected EEP which is a security mechanism and download I'm actually downloading to the will see the configuration or the new code or a vendor based certificate or a log in banner for a web authentication proxy okay so we're downloading to and uploading from the will see I can of course reboot with or without save I can look at the boot image do I want to boot to the primary or backup I can schedule a reboot I can reset the entire system to factory default we're not going to do that I can set the time okay and I can create a login banner if I like so that's on the commands we're now going to go over to management and we see a summary currently HTTP is disabled but HTTPS SSL version is enabled so port 80 isn't going to work port 443 will tell net sessions are not allowed ssh sessions are allowed but I believe that the problem is I don't have we're actually gonna take a look and see what the problem was I wasn't able to SSH in earlier so we'll we'll take a look at that now but that's the summary SNMP we can set up traps SNMP version one or two and then also version three we can set up communities who's going to receive those traps okay what traps what is it we want to trap well actually look at that with clean air a little bit later what specific events we want to trap HTTP and HTTPS so I can enable HTTP if I want to do management over that for telnet SSH I do have SSH turned on let's turn on telnet as well I'll click apply very simple for the serial port we can set the baud rate if we want to connect higher at 19 - or what have you the 8 bits 1 stop bit parity on flow control off that's hard-coded local management users I have my default admin I can add a new user with a password and then give them read-only so they can log on and monitor or read right lobby admin is something else that I have configured we'll take a look at that and I can also just this is kind of an interesting piece of this particular of actually all wireless LAN controllers this particular acquisition by Cisco is the fact that we've got these little right or sorry down facing arrows that you don't actually click and be careful that you don't because it's not like a web button where you click it and then choose what drop down or what value you want from the drop down but as soon as you mouse over it it gives you an option and you might accidentally click remove now I don't think it would let us it's first of all gonna prompt us to be sure but I don't think it would let us it looks like it would actually let us delete the last readwrite user I don't know why it would the only way it would is if we have an alternate database such as Radiesse set up to authenticate which we don't right now so this if I wanted to create a new user to login I could do that there I can see what sessions I have I don't have any in command-line sessions currently we can take a look at logs when to trap certain logs what facility you know do I want to trap debug or just errors or alerts okay what syslog facility do I want to write them to how much of what do I want to write to my buffered log do I want to just write errors do I want to do all level debugging do I want to look at console levels so if I actually want to look at maybe debugging from the console I could go ahead and say apply from here and then plug in to the serial console and begin monitoring debugs there is management via wireless turn on I'm managing via wired so my laptop has an Ethernet I'm actually broadcasting through my wireless through my production network but I am I am have a wired network card too and I think mine is 10.1.1.10 and that's how I'm actually managing this wireless LAN controllers over the wired network if I wanted to wat manage over wireless I would have to specifically allow that this is a safety or protection mechanism to not allow wireless users to be able to get to the will see to make any changes and then various things about technical support if you happen to need to call tak or just want to take a look at you know what's the CPU what are the system buffers if there was a crash you know if there was a core dump do I want to transfer that to a you know single IP address have there been a Peas access points that have crashed if so what's their name what's their ID what's their current status we're not going to take a look at security yet because we will be coming of course to security but for right and that's gonna be a whole few modules all by itself first of all we'll take a look at all the concepts and that'll be a fairly in-depth discussion and you'll become somewhat of a mini security guru and then we'll take a look at the command-line interface or at least that and the GUI interface to to see how to set that up for our given wireless LANs so even when we come to setting up our W lands our SSIDs to begin with we won't be setting up any security we'll just bypass that and come back to that later so I'm gonna skip over security for now I'm gonna skip over wireless for now which deals more with the APS and the radios and their specific configurations and I'm going to continue setting up the controller so let's go to controller so here we're on the general tab and we've got some general things that we can look at the name of the controller I could rename this to W LC 1 let's go ahead and do that 802 dot 3 X flow control mode we're not going to deal with that or broadcast we're not gonna deal with multicast in this class fast SSID change that's actually something that we'll cover a lot more in depth in the mobility subclass of the ccnp wireless we are going to as I mentioned be talking soon about mobility the basics of mobility and roaming and so the default mobility name and RF group name will become important actually name that RF domain and so let's go ahead and click apply for now we will be coming back two days okay we'll be coming back to these just keep in mind that's where they are is on controller general ok we're not dealing with web authentication proxy yet we'll take a look at that in security let's take a look at inventory I see the burned in MAC address the model number the maximum number of ApS that I can support okay the chassis the serial number the product ID let's go on to interfaces so I have interfaces and I also have ports let's actually look at ports first so I see that I have port number 1 2 3 4 5 6 7 & 8 on this particular device this 2106 power over ethernet is actually provided from this particular wireless LAN controller on to ports it's a 2106 it's a smaller really kind of a small office branch office type of a wireless LAN controller so is the 2504 it's replacement and so p OE is actually supported on two of these ports that means I can basically power two access points directly from this wireless LAN controller and while I wouldn't recommend it you could you know plug a few additional clients into these ports as well okay but I can actually power a few ApS for a very very small environment currently while the POA is enabled there the link is down the physical status is not automatic physical mode is in automatic the administrative status is enabled I haven't disabled the port manually but the link is down on ports three through eight ports one and two we can see that the link is up and we have 100 megabit full duplex automatically negotiated and I can click on any one of these ports so I can manually disable the port I can change it from a physical mode of auto to 100 full 100 half or ten full and then I can tell this particular port whether it should trap any traps or not whether it whether those trap should be written to syslog or not and whether power over ethernet said available I haven't changed anything so I won't hit apply I could you know let's say go to port 3 and disable it and then when I go back we'll say we'll see that this has been disabled so those are my physical ports now we're gonna go back and look at the interfaces so we said that we had there was one other interface that tied directly to a port and that was called a service port slash interface that's only on the 4400 and the 5500 series so I don't have that on this particular smaller Soho or small office branch office Wireless LAN controller I do have my ap manager and my management and my virtual interface remember we said whoops I don't know why I'd put that in ten five five one probably because I hadn't decided to make that a guest net yet let's just make that one dot one dot one dot one as we mentioned and it wants us to restart the system for that to take effect we'll do that on a break but that doesn't need to be a ping Abul IP this is going to be used for mobility and for something related to security called web authentication proxy things we'll talk about in mobility and security modules respectively but I have my management interface where I'm going to interact with my we'll see and manage it so 10.1.1.10 t1 is clearly the IP I am pointing to and then the AP or access point manager interface this will be the source of the DTLS or cap lap or L lap tunnel talking to my my actual access points now remember that we pointed the IP helper address to the management interface so they will initially set up and begin talking to the management interface but the AP manager interface will click quickly become there understood source or destination for traffic coming to the APS or going away from them respectively so I can click on any one of these I can map this ap manager to a physical port I can give it a VLAN identifier I can deal with IP address netmask gateway primary DHCP server and we do even have the ability to under security we'll talk about later create access control lists and then apply those to the virtual interfaces ok look at my management interface we're not going to deal with quarantine in fact 200 would not be at all what I would want to use to quarantine it anyhow but oops that's fine but I'm mapping it to a physical port and we're gonna take a look in a moment at something called an interface group multiple groupings of interfaces but for right now let's just take a look at the interfaces in general so this is my management ap or my may I'm sorry my my management interface my ap manager is a different interface so let's go create a new interface and specifically let's name this one sales and the VLAN ID needs to match so what we're doing right now even though it doesn't say it we're creating a dynamic interface remember the term dynamic especially for your exam is going to be synonymous with VLAN so if we take a look back at our VLANs VLAN 20 was going to be our sales up sorry VLAN 10 is our sales interface so let's take and say VLAN ID 10 is interface name sales interface or sales int now this isn't again the naming here has nothing to do with each other the VLAN ID is everything so the VLAN ID is exactly what will ultimately will take and map this interface to a newly created wireless LAN SSID but it will be the VLAN ID that actually makes that connection so we'll say apply let's map it to a port number we had port number let's see show CDP neighbor notice the name has now changed for CDP because we changed the hostname from Cisco underscore last six characters of a MAC address to WLC one so it's updated accordingly the CDP update the CDP hello and I think it was fast zero twenty where we have the multiple VLANs allowed and so that local switch VLAN 20 was the remote will see port 2 so we want to map this to port 2 the VLAN identifier is 10 what was the actual VLAN 10 IP it was 10.1.1.1 let's say 10.1.1.10 t1 let's just make all of these on the will see 21 since we know that 10.1.1.1 dot one dot 21 is my management interface we'll make all the different subnets end in the host address of 21 just to keep everything easy to remember so the gateway will be dot 1 why because that is the gateway IP address here of the switch virtual interface that will be our default gateway DHCP server whoops DHCP server will be really it's gonna be on the same subnet so it doesn't really matter but we'll go ahead and put that there we're not going to assign any ACL we're also in no way dealing with quarantine ok this has to do a security it has to do with something called nak or network access control and we're not going to be dealing with that in this class that is another class for security in CCNP Wireless ok so we've got this notice the interface type these are static interfaces for ap managers static for management we can't do anything with them and Static for the virtual interface those three always exists what's the other one that might exist the service port and service interface the dynamic interface is mapped to a VLAN the rest are untagged I the only thing I can really do is I can come over here and click and remove it or I could actually click on that name and drop down and make any changes if I want to so we're gonna add another interface and we'll call this the support int VLAN ID is twenty port number two IP address 10.20 dot twenty dot twenty 1/24 subnet mask default gateway of 10.20 20.1 same primary dhcp server because the switch is that IP oh and it's just simply telling me that the when i put this in i accidentally put in yeah i accidentally put in dot twenty one as the DHCP server it was telling me that I couldn't put in when I had twenty one here I'll just hit apply again it was telling me that I couldn't put the next the interface IP address cannot also be the DHCP server well the will see the wireless LAN controller can be a DHCP server we're about to look at that here with internal DHCP server it's just that I don't need it it doesn't need you to tell it that it's self is the DHCP server it will hear the DHCP request from the clients and serve them this is mainly for DHCP relaying okay so we've got our sales interface and our support interface dynamic interfaces mapped to those proper VLANs let's go ahead and create our guest guest wireless LAN interface and that will be VLAN five okay ten dot v dot v dot twenty one 255 0 for the subnet slash twenty four ten five five one for the Gateway and also for the DHCP server again since the DHCP server is on the same subnet I don't really even need to do that I didn't set the port number so it didn't take anything there and it's just telling me every time that changing the interface parameters might cause the wireless lans to be temporary disabled and loss of connectivity we don't have them to find yet so it's not a big deal so now I've got my three dynamic what I'm going to use for my wireless LAN to VLAN ID mapping interface is created I've still got my management my ap manager and my virtual interface ip's assigned all of them and we're ready to move on now let's say I wanted to have multiple interfaces for support maybe let's say I wanted to do I wanted to have let's say support interface to VLAN 20 oops sorry let's just look at the interface group let's say I wanted to take and say I want to create a grouping my client just powered down over here so I can create a group let's say support group I can create an interface and then what I can actually do is add if I want to multiple interfaces to this particular interface group so for some reason I wanted to have a we'll see as we go on in fact naming the support group might not have been the let's remove this and call it something else let's call it sales and support might be a little more intuitive later on I might want to reference both the sales and support interfaces in one area I can I can do that by by creating an interface group and adding both existing already created interfaces to that particular interface group notice I can only add dynamic dynamically created interfaces or the management interface I can't I cannot do the AAP manager and I cannot do the virtual the virtual because really that's just used like I said for mobility and off proxy and then the AAP manager is just used for talking to the APS whereas the management can actually pass traffic back and forth okay we're not going to talk about multicast for right now we will go on and take a look at DHCP server integrated within the wireless LAN controller so the wireless LAN controller can and we're gonna create these and then we're gonna delete them very quickly why are we gonna delete them because I already have DHCP scopes set up here for my clients on my switch and while I wouldn't necessarily serve them from a switch or a router I might in a production environment but probably I'd serve them from a little bit more robust redundant DHCP server infrastructure okay I probably would never do it from a we'll see or you know I might do it from a switch or a router in a small office but I probably wouldn't do it from a we'll see just like you can make cisco call manager or a unified communications manager a DHCP server - for phones but don't know why you really would okay I would have that aggregated and centralized somewhere at any rate it is important to know how to do it so let's create a scope name we'll call it sales again this is going to overlap with my existing sales pool but I'm going to delete it I'm only doing it for the sake of demonstration so I can write or mouse over to remove I can click on sales to begin configuring so the pool start address would be 10 dot i think sales was 10.10 10.0 let's just say begin address might be dot 100 and the end address might be 150 the network would of course be dot 0 the subnet mask would be 255 255 255 0 the least time in seconds default router dot one might have multiple default routers domain name my com DNS server I don't know 8.8.8.8 NetBIOS name servers nobody uses that anymore do they wins anyhow and the status would be enabled apply and I have a least time of one day 86400 the sales scope is active it's enabled it's ready to serve is it allocating any leases we're gonna go ahead and delete it before it does but we can click here on DHCP allocated leases which is the same thing in the switch as doing show IP dhcp binding seeing what we've actually handed out we actually don't have any fear of handing anything out yet because we don't have any clients in any wireless LANs we don't have any wireless LANs for that matter just yet so I'm gonna go ahead and remove it but that is how I would create a DHCP scope it's actually telling me that I have to first disable it and hit apply before I can remove it ok so we've created it and we've removed it we're going to be coming back to mobility management because we're gonna be talking about mobility groups anchor config and will not be doing multi casting in this particular CCNA Wireless class but mobility will be important we're gonna do a whole conceptual slide animation hopefully helping you to understand the need for mobility and what different types of mobility we have and to configure for before we actually show any the configuration kind of makes sense back at management we could manually set time here on controller we have the ability to also setup NTP so we can actually point to an NTP server typically a good idea and define keys if we want to authenticate if the NTP server is protected that way our time is synchronized it's always a good idea in every environment to run NTP on every device that way when I take a look at any sort of troubleshooting or I'm trying to detect any malicious activity all my logs are dated and timed to a time stamped with accurate synonymous time with every other device cisco discovery protocol i can basically say is it enabled is version to the latest version enabled what's the hello time and the whole time before I flush out known neighbors ok CDP is a layer 2 protocol and then dealing with something called first of all am I going to enable DHCP proxy is option 82 basically am I going to put the MAC address of the AP as well as the MAC address maybe of the SSID the BMB SSID in the actual remote field as I send DHCP on to the particular IP address that I had configured when I had configured my dynamic interface and I put down the IP address of a DHCP server ok option 82 can help affect it all even carries information about port if so desired especially for Metro Ethernet and things like that you can read more about the industry standard just Google DHCP option 82 but DHCP proxy is enabled by default that is to say if I see someone on one of my interfaces and I have primary DHCP server or possibly secondary configured I will forward those requests on ok master controller mode master controller mode is something we talked briefly about redundancy and how I can have a primary secondary and tertiary controller and actually even have a primary backup in a secondary backup on top of that there's also something called master controller mode this is basically like a last resort fallback hey it can control when no one else can but I don't have this set up as it and I'm not going to set this up as a master controller but if we wanted to it's as simple as enabling it [Music]

Info

Channel: Cisco Security

Views: 28,753

Rating: 4.8333335 out of 5

Keywords:

Id: quiwcmEZnao

Channel Id: undefined

Length: 46min 57sec (2817 seconds)

Published: Sat Jan 20 2018