VLANs for Wireless LAN controller

Hello,
Just finished the configuration of wireless controller and connected Access point.
I have a scheme like this:
Cisco 3945 with WLC on SRE------TRUNK-------L3 switch-------TRUNK----------L2 switch--------ACCESS PORT-------ACCESS POINT-----WIRELESS----CLIENT
2 VLANs on the  WLC (with DHCP on the router):
1. management (VLAN 200 for management and access points - works fine)
2. clients (VLAN 300, all setting are same, except Enable Dynamic AP Management setting, which is off and IP subnet, DHCP on router too).
Clients are able to connect, but they can't get address or ping the gateway of the clients VLAN (if i put this VLAN in the WLAN
Interface/Interface Group(G) setting), but everything is fine, if i set management VLAN to Interface/Interface Group(G) setting of the WLAN.
do i need to add any additional setting on the switches or on the router to allow this clients VLAN?...
P.S. i am able to ping both vlans, or get DHCP address from the switch and router...

yes, just for test, i set up IP from clients VLAN on the L2 switch, and from that switch i am able to ping the controller interface (clients interface).
Just to be clear, do I need to have both VLANS (ap-management and clients VLANs) on all the switches and router on my setup?
As I understand i need to have ap-management vlan only on L2 and L3 switches. Any other VLANs go throught the tunnel between AP and WLC?

Similar Messages

  • Password Recovery for Wireless Lan controller

    Hi, I am new to Wireless Lan Controller.
    I just wanted to reset the password for the Controller. Can anybody help me with this. link/procedure anything will be appreciated.
    Thanks & Regards,
    Jvalin

    I think they mean that they can not type "reset system" since they can't log in in the first place.
    The key point to be made is that you need to restart the controller. So power it off if you can't login. Then console in to the controller and type "Recover-Config" as the username. This will default the configuration and allow you to start over with a new username/password.
    There is no other password "recovery".

  • How to replace the certificate of Cisco 2106 wireless LAN controller for CAPWAP ?

    I have interested in CAPWAP feature and I download the open capwap project to make Access Controller (AC) and Wireless Terminal Point (WTP). I had built the AC which used PC and WTP which used Atheros AP. The CAPWAP feature work well when I enabled the CAPWAP that used my own AC  and WTP. When I got the Cisco 2106 wireless LAN controller (Cisco WLC), I configured the Cisco WLC to instead my own AC but I got the authorize fail in Cisco WLC side. It seem the Cisco WLC could not recognize the CAPWAP message which sent form my own WTP. I think this issue just need to synchronize the certificate between Cisco WLC and WTP.So I need to replace the Cisco WLC's certificate manually. Does anyone know how to replace the certificate manually with Cisco WLC ?
    Best Regards,
    Alan

    Unfortunately this Support Community is for Cisco Small Business & Small Business Pro product offerings.  The WLC2106 is a traditional Cisco product.  You can find this type of support on the Cisco NetPro Forum for all traditional Cisco products.
    Best Regards,
    Glenn

  • Warning page on Cisco Wireless Lan Controller for guest access

    Hi,
    We have an Cisco wireless LAN controller 4400 in our organization, and lots of guest using our Wi-Fi network.
    I would like to configure a warning and terms and condition page when guest using first time our network.
    Can you please let me know is that possible without adding external web server and how to configure.
    Many Thanks in Advance
    Amit Sharma

    Hi Amit,
    Hope you are doing great!!
    the below link will help you in getting the issue resolved!!
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00809bdb5f.shtml
    Please dont forget to rate the usefull posts!!
    Regards
    Surendra

  • Software Version Upgrade for Cisco 4402 Wireless Lan Controller

    Hi,
    We have Cisco 4402 Wireless Lan Controller with Software Version 3.2.171.6 and we want to upgrade it to latest version.
    So can anyone please let me know the latest version to upgrade the WLC?
    Also since WLC is running on very lower version is it possible to upgrade to the latest version directly or we have to move it step by step to upgrade this to latest version?
    Thanks

    Take a look at the compatibility matrix below:
    http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
    7.0.235 is the latest that you can go to:
    http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_0_235_0.html
    The release notes outline the upgrade process.
    "Upgrade to 4.0.206.0 or later 4.0 release, then upgrade to 4.2.176.0, before upgrading to 7.0.235.0."

  • AIR-CAP3501I access point not joining the Cisco 2100 Wireless Lan controller.

    Hello All,
    I am installing a new LAP (AIR-CAP3501I ) through the wireless lan controller (AIR-WLC2112-K9) with software version 7.0. I have an external ADSL modem which will act as the DHCP server for the wireless clients and the LAP.
    Please find my network setup as below:
    The ISP ADSL modem , WLC and LAP are connected to a unmanaged POE switch. The LAP gets its power through the POE switch. When i connect the LAP and the WLC to the switch along with the ADSL modem, the LAPs are getting the ip address from the ADSL modem, however they are not joining the WLC for further process.
    ADSL Modem ip address: 192.168.1.254
    Management ip address on the LAP: 192.168.1.1 ( Assigned to port 1, untagged Vlan).
    Ap Manager ip address: 192.168.1.1 ( Assigned to the same port i.e port1, Untagged Vlan).
    The LAP is getting an IP address from the ADSL modem in the range of the DHCP scope.
    I will paste the logs very soon.
    Please let me know if i am doing anything wrong oe what will be the issue.
    Thanks in advance,
    Mohammed Ameen

    Hello All,
    Please find the logs for  "debug capwap event" from the WLC below:
    *spamReceiveTask: Sep 26 19:44:59.196: e8:04:62:0a:3f:10 Join Version: = 117465600
    *spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 Join resp: CAPWAP Maximum Msg element len = 92
    *spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 Join Response sent to 192.168.1.156:45510
    *spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 CAPWAP State: Join
    *spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 capwap_ac_platform.c:1216 - Operation State 0 ===> 4
    *apfReceiveTask: Sep 26 19:44:59.198: e8:04:62:0a:3f:10 Register LWAPP event for AP e8:04:62:0a:3f:10 slot 0
    *spamReceiveTask: Sep 26 19:44:59.341: e8:04:62:0a:d1:20 DTLS connection not found, creating new connection for 192:168:1:158 (45644) 192:168:1:2 (5246)
    *spamReceiveTask: Sep 26 19:45:00.119: e8:04:62:0a:d1:20 DTLS Session established server (192.168.1.2:5246), client (192.168.1.158:45644)
    *spamReceiveTask: Sep 26 19:45:00.119: e8:04:62:0a:d1:20 Starting wait join timer for AP: 192.168.1.158:45644
    *spamReceiveTask: Sep 26 19:45:00.121: e8:04:62:0a:d1:20 Join Request from 192.168.1.158:45644
    *spamReceiveTask: Sep 26 19:45:00.123: e8:04:62:0a:d1:20 Join Version: = 117465600
    *spamReceiveTask: Sep 26 19:45:00.123: e8:04:62:0a:d1:20 Join resp: CAPWAP Maximum Msg element len = 92
    *spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 Join Response sent to 192.168.1.158:45644
    *spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 CAPWAP State: Join
    *spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 capwap_ac_platform.c:1216 - Operation State 0 ===> 4
    *apfReceiveTask: Sep 26 19:45:00.125: e8:04:62:0a:d1:20 Register LWAPP event for AP e8:04:62:0a:d1:20 slot 0
    *spamReceiveTask: Sep 26 19:45:00.273: e8:04:62:0a:d1:20 Configuration Status from 192.168.1.158:45644
    *spamReceiveTask: Sep 26 19:45:00.273: e8:04:62:0a:d1:20 CAPWAP State: Configure
    *spamReceiveTask: Sep 26 19:45:00.273: Invalid channel 1 spacified for the AP APf866.f2ab.24b6, slotId = 0
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Updating IP info for AP e8:04:62:0a:d1:20 -- static 0, 192.168.1.158/255.255.255.0, gtw 192.168.1.254
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Updating IP 192.168.1.158 ===> 192.168.1.158 for AP e8:04:62:0a:d1:20
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Setting MTU to 1485
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Finding DTLS connection to delete for AP (192:168:1:158/45644)
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Disconnecting DTLS Capwap-Ctrl session 0xa06d6a4 for AP (192:168:1:158/45644)
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 CAPWAP State: Dtls tear down
    *spamReceiveTask: Sep 26 19:45:00.277: spamProcessGlobalPathMtuUpdate: Changing Global LRAD MTU to 576
    *spamReceiveTask: Sep 26 19:45:00.277: e8:04:62:0a:d1:20 DTLS connection closed event receivedserver (192:168:1:2/5246) client 192:168:1:158/45644).
    The Acess point joins the Controller for 2-3 seconds and then unjoins again. I am not sure what i am doing wrong here. The access points are getting the IPs from the ADSL modem through the switch, then it talks to the WLC, however it does not join the controller for further process.
    Note:
    The Managemnet interface and the AP manager interface are assigned to the same port 1 with unassigned Vlan as mention above.

  • Wireless lan controller

    Hello,
    In our company we have a cisco wireless lan controller. the managemant interface (untagged 192.168.10.240) is able to ping to all te vlan's. When i add a interface (for example vlan 20 voice 192.168.20.240 255.255.255.0 192.168.20.254) i cant ping that network anymore from my controller while the ip and vlan configurations are good. Can someone help me to solve this problem?

    Because you have more than one VLAN, you need to TAG the uplink.  On the switch you need to enable Dot1Q Trunking and allow the required VLAN.

  • Wireless lan Controller 4402 / ping dynamic interface failed

    hi,
    i've a problem with a Wireless Lan Controller 4402.
    When i configure the dynamic interface on the my network , with wired lan
    i don't reach (i use the ping command) the ip address of the WLC.
    In my case (wired):
    On my pc i've a ip 10.1.78.1 255.255.0.0 and dgw 10.1.1.1 (vlan721)
    The lan WLC have a ip of management 10.12.2.4 /24 (vlan799) [dgw 10.12.2.1]
    dynamic vlan 792 ip add 10.12.78.100 / 22 (vlan792) [dgw 10.12.68.1]
    i ping these interfaces (10.12.2.4 and 10.12.78.100) and the ping is ok.
    When i create a dynamic interface vlan 721 starting the problem:
    dynamic vlan 791 ip address 10.1.1.240 / 16 (vlan721)
    After this ......the ping on 10.12.2.4 and 10.12.78.100 don't respond very well
    and i lose the 80-90% of the ping packages.
    through the wi-fi instead I do not have problems.
    the problem exist only via wired (cable).
    Can you help me?
    Thanks
    FCostalunga

    Hello,
    Pinging the dynamic interface is officially not supported. The reason why is because the controller places a very low priority on ICMP traffic. Typically, you will not have an issue with doing so on your wireless network because this interface is basically a gateway for the client. However, from the wired network - the only interface designed to respond to pings 100% of the time is the management interface. Hope this helps!
    -Mark

  • Issues after changing the AP Name on Wireless LAN Controller

    I recently changed the AP Name of all the Wireless Access Points in my branch office (which are all associated to the branch office Wireless LAN Controller(s)). After that I noticed that all branch office employees are unable to connect to the employee SSID. The employee SSID uses web authentication and employees are authenticated using Head Office AD via Cisco ACS, both located at the Head Office.
    There are other SSID's on the WLC which all work fine, but only employee SSID which uses AD authentication does not work. AD authenticaion is working fine because employee's in HO are successfully able to connect to the employee SSID at HO.
    The branch office is connected to the HO via a tunnel link. We noticed that if we restart both the ASA at either ends of the tunnel. The employee SSID starts working again but only temporarily for a day or so... what could be the issue? Can renaming the AP's cause issues? How can I fix this problem?
    Thanks in advance

    Thanks Elliott,
            I did the debug like you said and I am getting the following debug messages:
    *apfMsConnTask_0: Jun 20 08:18:14.580: Deleting the client immediatly since WLAN is changed
    and also
    *apfReceiveTask: Jun 20 05:25:11.857: 00:1f:3c:86:af:15 Orphan Packet from 192.168.52.34
    The logging on the WLC shows
    *apfReceiveTask: Jun 18 17:56:41.788: %MM-1-ANCHOR_UNAVAILABLE: mm_mobile.c:2155
    All export anchors are down. Cannot anchor the client.00:c0:a8:f3:cd:ae
    The DHCP pool for the employee users are configured on a guest WLC which sits behind an ASA

  • Cisco Wireless Control System need wireless Lan Controller ?

    Cisco Wireless Control System need wireless Lan Controller , for Rogue detection

    Hi Joao,
    The WCS is used in conjuntion with the WLC (Wireless Lan Controller) for Rogue Detection. It is not a must for this function but more of an add-on :)
    The Cisco WCS is an optional network component that works in conjunction with Cisco Aironet Lightweight Access Points, Cisco wireless LAN controllers and the Cisco Wireless Location Appliance.
    From this doc;
    http://www.cisco.com/en/US/products/ps6305/index.html
    Overview of WCS
    The Cisco Wireless Control System (WCS) is a Cisco Unified Wireless Network Solution management tool that adds to the capabilities of the web user interface and command line interface (CLI), moving from individual controllers to a network of controllers. WCS includes the same configuration, performance monitoring, security, fault management, and accounting options used at the controller level and adds a graphical view of multiple controllers and managed access points.
    WCS runs on Windows 2003 and Red Hat Enterprise Linux ES 4.0 and AS 4.0 servers. On both Windows and Linux, WCS can run as a normal application or as a service, which runs continuously and resumes running after a reboot.
    The WCS user interface enables operators to control all permitted Cisco Unified Wireless Network Solution configuration, monitoring, and control functions through Internet Explorer 6.0 or later. Operator permissions are defined by the administrator using the WCS user interface Administration menu, which enables the administrator to manage user accounts and schedule periodic maintenance tasks.
    WCS simplifies controller configuration and monitoring while reducing data entry errors with the Cisco Unified Wireless Network Controller autodiscovery algorithm. WCS uses the industry-standard SNMP protocol to communicate with the controllers.
    From this good doc;
    http://www.cisco.com/en/US/products/ps6305/products_configuration_guide_chapter09186a00806b7270.html#wp1131195
    Detect and Locate Rogue Access Points
    From this WCS doc;
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806f070a.shtml#new5
    Rogue Detection under Unified Wireless Networks
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml
    Hope this helps!
    Rob

  • Is it possible run a Wireless LAN controller without a WCS?

    is it possible run a Wireless LAN controller without a WCS?
    How Can I configure the Wireless Lan controller?
    Thanks

    Hi Alfred,
    The WLC can be completly configured and operated without the WCS. The WCS is a nice addition for the management especially when running multiple WLC's but is not required.
    Info on WLC (with Video);
    http://www.cisco.com/en/US/products/ps6366/index.html
    Info on the WCS;
    http://www.cisco.com/en/US/products/ps6305/index.html
    Hope this helps!
    Rob

  • Cisco Wireless LAN Controller Always disconnect

    Dear All,
    Please help to assist my issue.I used Cisco Wireless LAN Controller model: 5508 with version 7.0.98.0 and I got issue with connection always disconnect ping always loss or some time client can't get DHCP from Controller. 
    - I configure as Internal DHCP Server with 1 SSID.
    http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/110865-dhcp-wlc.html
    - DHCP least is not full and I also try to clear-lease all but still not work.

    1. Config dhcp proxy enable
    2. In case of internal Dhcp, try debug for clients
     using,
    debug client <MAC ADDRESS OF CLIENT>

  • 4404 wireless lan controller managment via wireless clients

    I am having an issue managing a 4404 wireless lan controller via wireless clients.
    I have checked the box "enable controller management to be accessible from wireless clients" under management. For some reason that does not seem to fix the problem (page cannot be displayed). I cannot ping the controller by IP but other devices on the same subnet respond. Everything else works fine.
    I CAN manage the controller when plugged in a wired connection.
    When I do a route print it is identical wireless or wired. The route simple points to my interface. If I modify the route on my computer to actually point to our gateway instead of the interface then everything works. But why should I have to do this only for my wireless connection and not my wired to manage this box?

    Thanks for the info. I narrowed the problem down to an ARP issue.
    In order for me to connect to the controller, I run a batch file that creates a static ARP entry on my laptop. I don't have to do this for any other device except the controller. Not sure what the underlying cause is, but that works as a workaround right now.

  • Wireless Lan Controller Issue

    Hi All,
    We have a Wireless Lan Controller 4402 with software version 4.0.155.5. On Friday we experience a problem where our clients wouldn't get redirected to the internal webpage for authentication. It would just come up with page not found. We know the page was working fine becasue we could manually type in the
    https://1.1.1.1/login.html and the
    page would come up and you could login successfully. The users who were already connected to the controller were not affected and continued to operate. We have 2 other WLC's at the same software revision and they were not affected so I don't think it has anything to to with software level. Its like the webserver in the wlc failed to work. We failed over the AP's to the 3rd WLC and rebooted WLC1. After the WLC1 restarted we failed one of the previous non-working AP's back to it and it works again.
    I know "now" there is debug commands to run at the time when the WLC wasn't working, but unfortunately I didn't know at the time. The WLC is running again fine and I was wondering if anybody has seen this issue before.
    Any ideas on a fix or reason would be greatly appreciated.
    Thanks,

    We are running WiSM 4.1.185.0 and we just had the similar problem with one controller. The other three controllers were fine when it happened. The exactly issue was the nslookup failed(timed out) from the client, so the web login page won't show when people lunch the browser. A reboot of the controller fixed the problem. We have been running Cisco LWAPP for more than a year (from 4.0.155.5 to 4.1.185.0) and it is the first time we see this problem. TAC is still investigating the cause.
    Zhenning

  • Wireless LAN Controller not broadcasting network to Access points

    Good Day Team,
    I am working with a 2100 series WLC controller and 1100 series access point.
    I noticed that the wireless lan controller is working. Also the access point is working.
    The issue is that there is no internet connection on the access point.
    What could be the error?
    Kindly advice

    Try do diagnose your problem following this steps:
    1) Connect to the wireless network
    2) Check your IP address with "ifconfig"
    3) Check if your gateway is set correctly with "route -n"
    4) Try to ping your gateway. Is it working?
    5) Try to ping an internet IP like google: "ping 74.125.234.115"
    6) Try to resolve names with "nslookup www.google.com" for example.
    7) Try to traceroute to an IP or name on internet. Check the result to see the last hop you reached.
    8) If you passed all those tests, try this: "telnet www.google.com 80"
    If everything works, but not the test #8, your problem could be related to some proxy configuration.

Maybe you are looking for

  • Issue with reinstalling a brand new mac pro

    I was recomended to reinstall the leopard since I had some issues with my new 27" cinema display.( there is an update for the cinema display and my mac did not allow me to updat it so apple care person told me to reinstall the leopard. After 15 minut

  • What hard drive to upgrade to...

    I have a 13.3 inch 2.0ghz macbook. It came with a 80gb 5400rpm toshiba HD. I need to upgrade to larger capacity. Would the western digital scorpio black 320gb 7200rpm drive be good for my macbook? Or would it be noticeably more vibration or heat? If

  • Stolen mac

    My Mac book pro was stolen out of my car. Is there a way to track it?

  • How to specify application by extension rather than mime type (e.g., docx as word, not xml)

    When I try to open a link to a file.docx or file.xlsx, FF sees it as an xml file and wants to open it in my default xml application. I can select Word or Excel (I have Office 2010 installed), but a) it doesn't remember that in the applications list,

  • BAPI_EXCINV_CREATE_FROMDATA

    I am unable to populate excise header and item tables using BAPI_EXCINV_CREATE_FROMDATA and above all no error comes in my program. my header data is            LOGICAL_SYSTEM