Pc console interface unit installation guide

The following table describes the internal power supply modules supported on different switch models:. The switch supports field-replaceable, variable-speed modular fans with front-to-back airflow. The fan unit is responsible for cooling the entire chassis and interfacing with environmental monitors to trigger alarms when conditions exceed thresholds. For more information, see Fan Module Overview. Skip to content Skip to search Skip to footer.

Book Contents Book Contents. Find Matches in This Book. PDF - Complete Book 7. Updated: April 20, Chapter: Product Overview. Product Overview The Cisco Catalyst Series Switches family consists of fixed core and aggregation layer switches supporting redundant power supplies and modular fans.

CQ Figure 9. Port mapping for CQ Gigabit native ports Configurable Gigabit ports with Breakout Cable 1 1, 2, 3, and 4 2 5, 6, 7, and 8 3 9, 10, 11, and 12 4 13, 14, 15, and 16 5 17, 18, 19, and 20 6 21, 22, 23, and 24 7 25, 26, 27, and 28 8 29, 30, 31, and 32 9 33, 34, 35, and 36 10 37, 38, 39, and 40 11 41, 42, 43, and 44 12 45, 46, 47, and 48 CQ Figure Port mapping for CQ Gigabit native ports Configurable Gigabit ports with Breakout Cable 1 1, 2, 3, and 4 2 5, 6, 7, and 8 3 9, 10, 11, and 12 4 13, 14, 15, and 16 5 17, 18, 19, and 20 6 21, 22, 23, and 24 7 25, 26, 27, and 28 8 29, 30, 31, and 32 9 33, 34, 35, and 36 10 37, 38, 39, and 40 11 41, 42, 43, and 44 12 45, 46, 47, and 48 13 49, 50, 51, and 52 14 53, 54, 55, and 56 15 57, 58, 59 and 60 16 61, 62, 63, and 64 17 65, 66, 67 and 68 18 69, 70, 71, and 72 19 73, 74, 75, and 76 20 77, 78, 79, and 80 21 81, 82, 83, and 84 22 85, 86, 87, and 88 23 89, 90, 91, and 92 24 93, 94, 95, and 96 CX Figure CC Figure Table 8.

CQC Figure CY4C Figure Figure Network Modules The CX and CX switch models support two network modules that provide uplink ports to connect to other devices. Table 9. Table Green System is operating normally without alarms. Amber System has triggered a minor environmental alarm. Red System has triggered a major environmental alarm.

Amber One of the PSU has input loss. Red One of the PSU has output failure. This is the default mode. The StackWise port status. Green Link present, no activity. Blinking green Activity. Port is sending or receiving data. Alternating green-amber Link fault. Green Port is operating in full duplex. Note For a standalone switch, this LED is off.

Green The switch is the active switch. Amber Error during active switch election. Blinking green Switch is a standby member of a data stack and assumes active responsibilities if the current active switch fails.

Blinking green Stack member number. Green Member numbers of other stack member switches. The port LED is green when the switch port is providing power. Green Link present. Port link is disabled, that is, administratively down. Fan LED Table Green All fans are operating normally. Amber One or more fans have encountered tachometer faults. Warning Before opening the unit, disconnect the telephone-network cables to avoid contact with telephone-network voltages.

Warning Do not use this product near water; for example, near a bath tub, wash bowl, kitchen sink or laundry tub, in a wet basement, or near a swimming pool. Warning Never install telephone jacks in wet locations unless the jack is specifically designed for wet locations. Warning Never touch uninsulated telephone wires or terminals unless the telephone line has been disconnected at the network interface.

Warning Avoid using a telephone other than a cordless type during an electrical storm. There may be a remote risk of electric shock from lightning. Warning To report a gas leak, do not use a telephone in the vicinity of the leak. Warning This unit is intended for installation in restricted access areas. A restricted access area can be accessed only through the use of a special tool, lock and key, or other means of security.

Warning The covers are an integral part of the safety design of the product. Do not operate the unit without the covers installed. Warning Instructed person is someone who has been instructed and trained by a skilled person and takes the necessary precautions when working with equipment.

Warning Only skilled person should be allowed to install, replace, or service this equipment. Refer to statement for description of skilled person. Warning Only instructed person or skilled person should be allowed to install, replace, or service this equipment. To reduce the risk of electric shock, the power cord, plug or combination must be connected to a properly grounded electrode, outlet or terminal.

Statement —Equipment Grounding. Before installing and connecting a Cisco Series Integrated Services Router, read the safety warnings and gather the following tools and equipment. In addition, depending on the type of modules you plan to use, you might need the following equipment to connect a port to an external network:.

A terminal emulation program is required to establish communication between the router and a PC. The routers have built in ports and new slots. To install features on the router, you must purchase a software package. Do not unpack the router until you are ready to install it. If the final installation site is not ready as yet, keep the chassis in its shipping container to prevent accidental damage.

When you are ready to install the router, unpack it. The router, accessory kit, publications, and any optional equipment you ordered may be shipped in more than one container. When you unpack the containers, check the packing list to ensure that you received all of the items on the list.

Ideally, you install modules when you have the best access to the back panel of the router. Statement 1. You can place the router on a desktop, bench top, or shelf.

Note Do not set the chassis in an area where high acoustic noise can be an issue. Warning To prevent personal injury or damage to the chassis, never attempt to lift or tilt the chassis using the handles on modules such as power supplies, fans, or cards ; these types of handles are not designed to support the weight of the unit.

After the router is installed, you must connect the chassis to a reliable earth ground. The tasks that you perform for attaching the router chassis to the wall, or for mounting it in a rack, are based on the specific model of the Cisco Series Integrated Service Router.

This section describes the installation procedure that is common for all Cisco and Series ISRs. You cannot wall mount the Cisco , , and ISR as these routers do not support wall mounting. Step 1 Attach the wall-mounting brackets to the router chassis as shown in Figure using the four PHMS screws and the plastic spacers provided for each bracket. Note To attach to a wall stud, each bracket requires one number wood screws round- or pan-head with number washers, or two number washer-head screws.

The screws must be long enough to penetrate at least 1. Note For hollow-wall mounting, each bracket requires two wall anchors with washers. Wall anchors and washers must be size number Route the cables so that they do not put a strain on the connectors or mounting hardware.

Step 2 Attach the router to the wall using the brackets. Note If you prefer, you can also install the router diagonally using the other two sides. Warning If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack. Warning To prevent the system from overheating, do not operate it in an area that exceeds the maximum recommended ambient temperature of: 40 degrees C. Cisco Series ISRs can be installed in inch Use the standard brackets shipped with the router for mounting the chassis in a inch EIA rack; you can order optional larger brackets for mounting the chassis in a inch SBC rack.

Step 1 Attach the mounting brackets to the router chassis as shown in Figure through Figure , using the screws provided. Attach the second bracket to the opposite side of the chassis. Use a number-2 Phillips screwdriver to install the number-8 bracket screws. Step 2 Use the screws provided with the rack to install the chassis in the rack. See Figure and Figure For both the inch EIA brackets and the inch SBC brackets, start the lower pair of screws first, and rest the brackets on the lower screws while you insert the upper pair of screws.

Edit the standalone. If you are using absolute paths, remove the optional relative-to parameter from your configuration See operating mode. Here is an example, which you would repeat for each host:. The Keycloak server often needs to make non-browser HTTP requests to the applications and services it secures. The auth server manages these outgoing connections by maintaining an HTTP client connection pool.

Maximum time the connection might stay idle in the connection pool seconds by default. Set to -1 to disable this checking and the background thread. This is the file path to a Java keystore file. This keystore contains client certificate for two-way SSL. Password for the client keystore. Denotes proxy configurations for outgoing HTTP requests. If an outgoing request requires HTTPS and this config option is set to true you do not have to specify a truststore.

This setting should only be used during development and never in production as it will disable verification of SSL certificates. The default value is false. Outgoing HTTP requests sent by Keycloak can optionally use a proxy server based on a comma delimited list of proxy-mappings. A proxy-mapping denotes the combination of a regex based hostname pattern and a proxy-uri in the form of hostnamePattern;proxyUri , e. To determine the proxy for an outgoing HTTP request the target hostname is matched against the configured hostname patterns.

The first matching pattern determines the proxy-uri to use. If none of the configured patterns match for the given hostname then no proxy is used. It is possible to specify a catch-all pattern at the end of the proxy-mappings to define a default proxy for all outgoing requests. This can be configured via the following jboss-cli command. Note that you need to properly escape the regex-pattern as shown below. The jboss-cli command results in the following subsystem configuration. Keycloak does not differ between the two.

If a hostname is specified, all its prefixes subdomains are also excluded from using proxy. However, for example groups. If proxy mappings are defined using the subsystem configuration as described above , the environment variables are not considered by Keycloak. To do so, you can specify a generic no proxy route as follows:. This is necessary in order to prevent man-in-the-middle attacks. This truststore is managed by the Keycloak server.

The truststore is used when connecting securely to identity brokers, LDAP identity providers, when sending emails, and for backchannel communication with client applications. You can use keytool to create a new truststore file or add trusted host certificates to an existing one:. The truststore is configured within the standalone. You can add your truststore configuration by using the following template:.

The path to a Java keystore file. HTTPS requests need a way to verify the host of the server they are talking to. This is what the trustore does. The keystore contains one or more trusted host certificates or certificate authorities. This truststore file should only contain public certificates of your secured hosts. ANY means that the hostname is not verified. Picking an operation mode and configuring a shared database have been discussed earlier in this guide. This chapter describes setting up a load balancer and supplying a private network as well as booting up a host in the cluster.

This isolates all clustering connections and provides a nice means of protecting the servers. Keycloak does come with an out of the box clustering demo that leverages domain mode. Review the Clustered Domain Example chapter for more details.

This section discusses a number of things you need to configure before you can put a reverse proxy or load balancer in front of your clustered Keycloak deployment.

It also covers configuring the built-in load balancer that was Clustered Domain Example. The following diagram illustrates the use of a load balancer. In this example, the load balancer serves as a reverse proxy between three clients and a cluster of three Keycloak servers. A few features in Keycloak rely on the fact that the remote address of the HTTP client connecting to the authentication server is the real IP address of the client machine.

Examples include:. Authentication flows - a custom authentication flow that uses the IP address to for example show OTP only for external requests. This can be problematic when you have a reverse proxy or loadbalancer in front of your Keycloak authentication server. The usual setup is that you have a frontend proxy sitting on a public network that load balances and forwards requests to backend Keycloak server instances located in a private network. There is some extra configuration you have to do in this scenario so that the actual client IP address is forwarded to and processed by the Keycloak server instances.

Take extra precautions to ensure that the X-Forwarded-For header is set by your proxy. This becomes really important if you are doing any black or white listing of IP addresses. Beyond the proxy itself, there are a few things you need to configure on the Keycloak side of things.

To do this, open up the profile configuration file standalone. Add the proxy-address-forwarding attribute to the http-listener element. Set the value to true. Instead of modifying the http-listener , you need to add a filter to pull this information from the AJP packets. Add the redirect-socket attribute to the http-listener element. The value should be proxy-https which points to a socket binding you also need to define.

Make sure the endpoints starts with the address scheme, domain and port of your reverse proxy or load balancer. By doing this you make sure that Keycloak is using the correct endpoint. This should show a warning in the server log something like this:.

Check that the value of ipAddress is the IP address of the machine you tried to login with and not the IP address of the reverse proxy or load balancer. This section covers configuring the built-in load balancer that is discussed in the Clustered Domain Example. The Clustered Domain Example is only designed to run on one machine. Copy the server distribution. Edit the host-slave. Open domain. Go to the undertow configuration in the load-balancer profile.

Add a new host definition called remote-host3 within the reverse-proxy XML block. The output-socket-binding is a logical name pointing to a socket-binding configured later in the domain. The instance-id attribute must also be unique to the new host as this value is used by a cookie to enable sticky sessions when load balancing. Go down to the load-balancer-sockets socket-binding-group and add the outbound-socket-binding for remote-host3.

Either edit the domain. Either edit the host-slave. The values of jboss. The value of jboss. See the load balancing section in the WildFly 23 Documentation for information how to use other software-based load balancers. Typical cluster deployment consists of the load balancer reverse proxy and 2 or more Keycloak servers on private network.

For performance purposes, it may be useful if load balancer forwards all requests related to particular browser session to the same Keycloak backend node. The reason is, that Keycloak is using Infinispan distributed cache under the covers for save data related to current authentication session and user session. The Infinispan distributed caches are configured with one owner by default. That means that particular session is saved just on one cluster node and the other nodes need to lookup the session remotely if they want to access it.

For example if authentication session with ID is saved in the Infinispan cache on node1 , and then node2 needs to lookup this session, it needs to send the request to node1 over the network to return the particular session entity. It is beneficial if particular session entity is always available locally, which can be done with the help of sticky sessions.

The workflow in the cluster environment with the public frontend load balancer and two backend Keycloak nodes can be like this:. This request is served by the frontend load balancer, which forwards it to some random node eg. It all depends on the implementation and configuration of underlying load balancer reverse proxy.

Keycloak creates authentication session with random ID eg. Infinispan distributed cache assigns the primary owner of the session based on the hash of session ID. See Infinispan documentation for more details around this. In our example case, it will be From this point, it is beneficial if load balancer forwards all the next requests to the node2 as this is the node, who is owner of the authentication session with ID and hence Infinispan can lookup this session locally.

After authentication is finished, the authentication session is converted to user session, which will be also saved on node2 because it has same ID The sticky session is not mandatory for the cluster setup, however it is good for performance for the reasons mentioned above. How exactly do this is dependent on your loadbalancer.

It is recommended on the Keycloak side to use the system property jboss. For example, -Djboss. Here is an example of the start up command using this system property:. Typically in production environment the route name should use the same name as your backend host, but it is not required. You can use a different route name. For example, if you want to hide the host name of your Keycloak server inside your private network.

Some load balancers can be configured to add the route information by themselves instead of relying on the back end Keycloak node. However, as described above, adding the route by the Keycloak is recommended. This is because when done this way performance improves, since Keycloak is aware of the entity that is the owner of particular session and can route to that node, which is not necessarily the local node.

The default clustering support needs IP Multicast. Multicast is a network broadcast protocol. This protocol is used at boot time to discover and join the cluster. It is also used to broadcast messages for the replication and invalidation of distributed caches used by Keycloak. The clustering subsystem for Keycloak runs on the JGroups stack.

Out of the box, the bind addresses for clustering are bound to a private network interface with Edit your the standalone-ha. Configure the jboss. When cluster nodes are isolated on a private network it requires access to the private network to be able to join a cluster or to view communication in the cluster. In addition you can also enable authentication and encryption for cluster communication. As long as your private network is secure it is not necessary to enable authentication and encryption.

Keycloak does not send very sensitive information on the cluster in either case. If you want to enable authentication and encryption for clustering communication, see the 'High Availability Guide' in the WildFly documentation. Keycloak cluster nodes are allowed to boot concurrently. When Keycloak server instance boots up it may do some database migration, importing, or first time initializations. A DB lock is used to prevent start actions from conflicting with one another when cluster nodes boot up concurrently.

By default, the maximum timeout for this lock is seconds. If a node is waiting on this lock for more than the timeout it will fail to boot. You may need to use additional parameters or system properties. For example, the parameter -b for the binding host or the system property jboss. Note that when you run a cluster, you should see message similar to this in the log of both cluster nodes:. Firewall could be enabled just on public access point to your network instead. If for some reason you still need to have firewall enabled on cluster nodes, you will need to open some ports.

Default values are UDP port and multicast port with multicast address Note that you may need more ports opened if you want to enable additional features like diagnostics for your JGroups stack. If you are interested in failover support high availability , evictions, expiration and cache tuning, see Server cache configuration.

Keycloak has two types of caches. One type of cache sits in front of the database to decrease load on the DB and to decrease overall response times by keeping data in memory. Realm, client, role, and user metadata is kept in this type of cache. This cache is a local cache.

Local caches do not use replication even if you are in the cluster with more Keycloak servers. Instead, they only keep copies locally and if the entry is updated an invalidation message is sent to the rest of the cluster and the entry is evicted.

There is separate replicated cache work , which task is to send the invalidation messages to the whole cluster about what entries should be evicted from local caches. This greatly reduces network traffic, makes things efficient, and avoids transmitting sensitive metadata over the wire.

The second type of cache handles managing user sessions, offline tokens, and keeping track of login failures so that the server can detect password phishing and other attacks. The data held in these caches is temporary, in memory only, but is possibly replicated across the cluster. This chapter discusses some configuration options for these caches for both clustered and non-clustered deployments.

There are multiple different caches configured for Keycloak. There is a realm cache that holds information about secured applications, general security data, and configuration options. There is also a user cache that contains user metadata. Both caches default to a maximum of entries and use a least recently used eviction strategy. Each of them is also tied to an object revisions cache that controls eviction in a clustered setup.

This cache is created implicitly and has twice the configured size. The same applies for the authorization cache, which holds the authorization data. The keys cache holds data about external keys and does not need to have dedicated revisions cache.

Rather it has expiration explicitly declared on it, so the keys are periodically expired and forced to be periodically downloaded from external clients or identity providers. The eviction policy and max entries for these caches can be configured in the standalone. In the configuration file, there is the part with infinispan subsystem, which looks similar to this:.

To limit or expand the number of allowed entries simply add or edit the object element or the expiration element of particular cache configuration. In addition, there are also separate caches sessions , clientSessions , offlineSessions , offlineClientSessions , loginFailures and actionTokens.

These caches are distributed in cluster environment and they are unbounded in size by default. If they are bounded, it would then be possible that some sessions will be lost. Expired sessions are cleared internally by Keycloak itself to avoid growing the size of these caches without limit. If you see memory issues due to a large number of sessions, you can try to:.

Increase the size of cluster more nodes in cluster means that sessions are spread more equally among nodes. Decrease the number of owners to ensure that caches are saved in one single place. See Replication and failover for more details. Decrease session timeouts, which could be done individually for each realm in Keycloak admin console. But this could affect usability for end users. See Timeouts for more details. There is an additional replicated cache, work , which is mostly used to send messages among cluster nodes; it is also unbounded by default.

However, this cache should not cause any memory issues as entries in this cache are very short-lived. There are caches like sessions , authenticationSessions , offlineSessions , loginFailures and a few others See Eviction and expiration for more details , which are configured as distributed caches when using a clustered setup.

Entries are not replicated to every single node, but instead one or more nodes is chosen as an owner of that data. If a node is not the owner of a specific cache entry it queries the cluster to obtain it. What this means for failover is that if all the nodes that own a piece of data go down, that data is lost forever. By default, Keycloak only specifies one owner for data.

So if that one node goes down that data is lost. This usually means that users will be logged out and will have to login again. You can change the number of nodes that replicate a piece of data by change the owners attribute in the distributed-cache declaration.

Here is a sample config file. You use this Operator to create custom resources CRs , which automate administrative tasks. For example, instead of creating a client or a user in the Keycloak admin console, you can create custom resources to perform those tasks. A custom resource is a YAML file that defines the parameters for the administrative task.

Begin using the Operator by Installing the Keycloak Operator on a cluster. You can install the Operator on an OpenShift or Kubernetes cluster. You have cluster-admin permission or an equivalent level of permissions granted by an administrator. When the Operator installation completes, you are ready to create your first custom resource. See Keycloak installation using a custom resource.

However, if you want to start tracking all Operator activities before creating custom resources, see the Application Monitoring Operator. Go to Keycloak Operator on OperatorHub. Obtain the software to install from this location: Github repo. We fully support using the rest of the CRDs in production, despite the v1alpha1 version.

We do not plan to make any breaking changes in this CRDs version. Before using the Operator to install Keycloak or create components, we recommend that you install the Application Monitoring Operator, which tracks Operator activity. For example, you can view metrics such as the number of controller runtime reconciliation loops, the reconcile loop time, and errors. You only need to install the Application Monitoring Operator in the cluster.

Install the Application Monitoring Operator by using the documentation. Confirm monitoring is working by searching for Prometheus and Grafana route in the application-monitoring namespace.

If you make customizations, we recommend that you clone the Grafana Dashboard so that your changes are not overwritten during an upgrade.

For more information, see Accessing Prometheus, Alertmanager, and Grafana. You can use the Operator to automate the installation of Keycloak by creating a Keycloak custom resource. When you use a custom resource to install Keycloak, you create the components and services that are described here and illustrated in the graphic that follows.

This file contains three properties. You can set host to override the automatically chosen host name for Route or default value keycloak. That topic is covered in the external database section of this guide. Setting it to false should be used only for testing purposes and will install an embedded PostgreSQL database.

Be aware that externalDatabase:false is NOT supported in production environments. You can update the YAML file and the changes appear in the Keycloak admin console, however changes to the admin console do not update the custom resource. On OpenShift, you use the custom resource to create a route, which is the URL of the admin console, and find the secret, which holds the username and password for the admin console.

If you want to start tracking all Operator activities now, install the monitoring application before you create this custom resource. See The Application Monitoring Operator. Locate the username and password for the admin console in the OpenShift web console; under Workloads , click Secrets and search for Keycloak. You are now logged into an instance of Keycloak that was installed by a Keycloak custom resource. You are ready to create custom resources for realms, clients, and users.

On Kubernetes, you use the custom resource to create an ingress, which is the IP address of the admin console, and find the secret, which holds the username and password for that console. Create the ingress using your YAML file. Once the installation of Keycloak completes, you are ready to create a realm custom resource. An external database is the supported option and needs to be enabled in the Keycloak custom resource.

You can disable this option only for testing and enable it when you switch to a production environment. See Connecting to an external database. You can use the Operator to create realms in Keycloak as defined by a custom resource. You define the properties of the realm custom resource in a YAML file.

You can update the YAML file and changes appear in the Keycloak admin console, however changes to the admin console do not update the custom resource. Matching these values ensures that you create the realm in the right instance of Keycloak.

When the realm creation completes, you are ready to create a client custom resource. You can use the Operator to create clients in Keycloak as defined by a custom resource. You define the properties of the realm in a YAML file. When the client creation completes, you are ready to create a user custom resource. You can use the Operator to create users in Keycloak as defined by a custom resource. You define the properties of the user custom resource in a YAML file. You can update properties, except for the password, in the YAML file and changes appear in the Keycloak admin console, however changes to the admin console do not update the custom resource.

If you have an external database, you can modify the Keycloak custom resource to support it. To back up your database using custom resources, see schedule database backups.

Note that values are Base64 encoded. This address needs be resolvable in a Kubernetes cluster. The other properties work in the same way for a hosted or external database. Set them as follows:. Typically true. Check the possible values. Here is an example :. The Operator will create a Service named keycloak-postgresql.

Keycloak uses this Service to connect to the Database, which means it does not connect to the Database directly but rather through this Service. You have modified the Keycloak custom resource to set externalDatabase to true. The keycloak-postgresql service sends requests to a set of IP addresses in the backend.

These IP addresses are called endpoints. View the endpoints used by the keycloak-postgresql service to confirm that they use the IP addresses for your database:. Confirm that Keycloak is running with the external database. This example shows that everything is running:. To back up your database using custom resources, see Scheduling database backups. Safety warnings appear throughout this guide in procedures that may harm you if performed incorrectly.

A warning symbol precedes each warning statement. The warnings below are general warnings that apply to the entire guide. Translated versions of the safety warnings in this guide are provided in the Regulatory Compliance and Safety Information for the Cisco Wireless Controller document that accompanies this guide. Warning This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents.

Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device.

Warning This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement The Cisco Wireless Controller, designed for A core component of the Cisco unified wireless solution, these controllers deliver wireless security, intrusion detection, radio management, quality of service QoS , and mobility across an entire enterprise.

In order to best use this guide, you should have already designed the wireless topology of your network. Because the radio resource management RRM feature automatically detects and configures access points as they appear on the network, it is not necessary to have any access points on the network in order to install and configure a controller. Figure 1 shows the front panel of the Cisco Wireless Controller.

Console port RJ 1. When you connect to one console port, the other is disabled. The default parameters for the console ports are baud, 8 data bits, 1 stop bit, and no parity. The console ports do not support hardware flow control. Only one port can be used at a time. If it is not installed, prompts guide you through a simple installation process. Mac OS X or Linux require no special drivers.

Only one console port can be active at a time. They are not compatible. Only the 5-pin mini Type B can be used. Figure 2 shows the back panel with a power supply, a blank power supply cover, and a fan tray. If your controller is not working properly, check the LEDs on the front panel of the unit. The LED indicators are described in Table 1.

Note An amber LED could indicate an error or a possible hardware failure. Green: Indicates SFP port is active and link is established. Continuous green: Indicates that the power supply is operational. Blinks green: Indicates that a power supply is installed but does not have AC power. Note Verify that the power cord in installed correctly and that the power switch is on. Blinks amber: Indicates that the standby power supply fan is not spinning or that the power supply is over temperature.

Continuous amber: Indicates that the power supply is in failure condition. Note Power cycle the controller to clear the firmware error. Follow these steps to unpack the Cisco Wireless Controller and prepare it for operation:. Step 1 Open the shipping container and carefully remove the contents. Step 2 Return all packing materials to the shipping container and save it. Check each item for damage. If any item is damaged or missing, notify your authorized Cisco sales representative.

Each Cisco Wireless Controller package contains the following items:. You will need the following equipment in order to install the controller:. You will need the following tools before you can install the controller:. The following additional items not found in the accessory kit are required to ground the chassis:. Obtain the following initial configuration parameters from your wireless LAN or network administrator:. Note The service port interface and management interface must be on different subnets.

You can install the controller almost anywhere, but it is more secure and reliable if you install it in a secure equipment room or wiring closet. For maximum reliability, mount the controller using the following guidelines:.

Warning To prevent airflow restriction, allow clearance around the ventilation openings to be at least: 4 in Warning Take care when connecting units to the supply circuit so that wiring is not overloaded. The controller ships with rack mounting brackets and the desktop or shelf mounting rubber feet in a separate bag.

An adjustable rack-mount kit is included for mounting the controller in a standard inch A standard equipment rack has two unobstructed outer posts, a minimum depth between the front and rear mounting posts of 13 inches 33 cm , and a maximum depth of 32 inches You can also install the controller in a 2-post equipment rack. This kit is not suitable for racks with obstructions such as a power strip that could impair access to system components. Figure 3 shows the contents of the mounting kit.

The following sections cover the different installation options:. When mounting the controller on a desktop or shelf, attach the rubber feet in the four circular marks near each of the corners on the bottom of the controller chassis, and place the chassis on any secure horizontal surface.

Warning This unit might have more than one power supply connection. All connections must be removed to de-energize the unit. Follow these steps to mount the controller in a 4-post equipment rack:.

Step 1 Attach one of the front brackets to the controller using three M4 screws see Figure 4. Follow the same steps to attach the second bracket to the opposite side. Note Only three of the four holes on each bracket are used top, left, and right. Figure 4 Installing the Front Brackets. Step 2 Attach one of the rear bracket adapters using three M3 screws see Figure 5.

Follow the same steps to attach the second bracket adapter to the opposite side. Figure 5 Installing the Rear Bracket Adapters. Step 3 Mount the front of the controller chassis into the rack using four or four screws, depending on the rack rail thread type see Figure 6. Figure 6 Installing the Controller in the Rack Front. Step 4 Measure the distance between the front and rear rack rails and select the proper slide-mount brackets:.

Note The slide-mount brackets allow you to mount the rear of the controller chassis to the rear rack rails. The brackets are designed to slide within the installed rear bracket adapters and accommodate a range of rack depths. Step 5 Install the proper slide-mount brackets into the rear bracket adapters on the controller. Step 6 Secure the slide brackets to the corresponding holes in the rear rack rail using four or four screws, depending on the rack rail thread type see Figure