Skip to content

Tag: cisco

SSL-certificate on Cisco Prime Infrastructure

Usually I don’t bother installing appropriate (i.e. public/proper) HTTPS/SSL-certificates for management softwares and other “internal” software. However, making parts of Cisco Prime Infrastructure available for “outsiders” can be quite useful, hence I saw the need to install a proper certificate.

I recently had to do this while installing Cisco Prime Infrastructure 3.0, so I thought I’d document it, since it’s not as straight-forward as one would think. The last time I did the procedure, was after installing Prime Infrastructure 2.0 almost 2 years ago.

There are basically three steps;

1) Fetch CA + properly convert the certificate
2) Install the CA certificates
3) Install the actual certificate

Leave a Comment

Rename AP’s on Cisco WLC

Recently I came across an issue with Windows DHCP & DNS, specifically related to Cisco AP’s and DDNS. By default Cisco AP’s have period in the hostname (APxxxx.yyyy.zzzz), and this apparently causes issues for Windows DHCP/DNS regarding DDNS. If you have a scope with option 15 (Domain Name) set to, and you have clients that only returns option 12 (hostname) and no FQDN (option 81) you’d expect Windows to append option 15 to the hostname. In the case for Cisco AP’s, they seem to only return option 12. You’d then expect Windows DHCP to use as the FQDN for the DDNS update, but this is not the case. In stead, it tries to update the DNS with APxxxx.yyyy.zzzz as the FQDN (where yyyy.zzzz is considered a domain due to the period), hence it will obviously fail, as you don’t have any zone yyyy.zzzz configured in your DNS.

Leave a Comment

Cisco IOS Clock Sync (with NTP) and Summer Time/Daylight Saving Time

Tired of having a Cisco-device that always ends up with a wrong clock? I was.

The first thing you’ll need, is a proper NTP-server. You can either set up one locally (which syncs from a hardware-device ? like a GPS ? or from an external server), or you can choose one of the public available NTP-servers. I’ve chosen to use ? in this example.


Cisco IOS NAT Virtual Interface

Up until recently, I’ve had ADSL at home for some years. For the last year or so, I’ve used a Cisco 1812 as my router (the ISP-router was put into bridge-mode). A few weeks ago, when I got a 10/10Mbps fiber-connection, it suddenly became more relevant to host some services at home (why pay for web-hosting, when you can host it home, for free?). As a result of this, I stumbled upon a ?problem? that annoyed me a bit; loopback-support ? the ability to reach your services using your external IP, and hence applying port-forwards (this way you could use ?ssh externalip -p port number>? regardless if you are home or not). This is quite useful if you move between different networks a lot (e.g. using a laptop ? which was the case for me). This feature is known as tromboning, or hairpinning, and is something that often works on cheap routers you get from your ISP. So, why shouldn’t this work on a Cisco-device?