WLC 2106 and iPhones

Just recently I am having issues with my WLC 2106 WiFi network and iPhones. For the past week, the iPhones have been locking up the network much like as it was described with the ARP issues with the exception that what I have been reading, this issue did not effect the 2100 series.
I've done searches but have not found anything applicable to what is happening now.
Any help will be GREATLY appreciated.

It's running on v. 4.0.217.0. Right now I'm controlling who is accessing the wifi via MAC filter to prevent anyone with an iphone to log on but that just doesn't cut it since there's a lot of visitors coming in to use the wifi.
I won't be able to go in and do more testing for a week or two to get that debug log.
But this seems to be a common issue with at least the 2106s. As soon as anyone logs in with an iphone, the controller locks up and the only thing to do is reboot. It only fairly recently started happening so maybe it's only with the newer iphones?

Similar Messages

WLC-2106 and multiple interfaces on the same network

Hi there,
I recently created a TAC request to the Cisco support regarding our WLC-2106, but they could not help me. Basically I just learned that you can create new interfaces for the wireless LAN controller and then dedicate them to a given wireless network (SSID). This way I could more effectively utilize network bandwidth also. Problem is that all of the interfaces have to be in a different network segment in order to work, which is not what I want. I specifically want to have several interfaces on the same network segment.
Has anyone tried to accomplish the same?

Basically what I've misunderstood is that all the traffic generated by our wireless clients have been going through the single 100Mbit/s ethernet port on the wireless LAN controller (management interface), and to mitigate this I thought I could create new interfaces (ports) and dedicate those to given WLAN networks.. I see now that this is not supported. Not inside the same network at least.
So, by reading further and consulting my best friend Google I learned about a setting called "AP Mode". Changing that from Local (the default) to H-REAP the APs should not route their traffic anymore through the management interface on the wireless controller, but instead route all the client traffic directly to the local LAN. This way you effectively remove the 100Mbit/s bottle-neck when all the APs were using the management interface both for configuration and client data traffic.
It seems you also have to enable H-REAP Local switching from a given WLAN network in addition to changing the AP Mode of your access points to H-REAP. I'm still in the testing phase here so should anyone have any insight to this, I'd be greatful to hear more.

WLC 2106 and Linksys Bridge WET610N works with 7.0.116.0 release?

Hi all,
i'm having troubles with WLC 2106 controller and several wireless bridges, so i'd like to know if i can fix it in some way.
My environment is as follows:
1 WLC 2106 with 2 Aironet 1240G
I have a production appliance that needs an ethernet port to work, so i bought a Linksys Bridge WET610N to make it works via wireless.
The Linksys bridge connects to the 1240G as a client and works well, but the appliance connected to the ethernet port of the bridge is unreachable.
Searching for the problem, i found that the wlc act as a proxy arp for the wireless clients and being the ethernet appliance a "passive" client, the controller isn't aware of it.
My WLC is running the 7.0.98.0 firmware. In the release notes for the 7.0.116.0, in the "Non-Cisco WGB Support" seems to state that now also non cisco bridges can work using the passive client feature. I've already enabled it on my controller but this didn't solve my problem.
Can anyone tell me if the upgrade to the 7.0.116.0 can fix it?
Thanks in advance
Riccardo Coppola

I'm not sure what (cheap) devices can do the wgb feature that is inter-brand compatible.
The thing is that the WLC enforces the rule "1 wireless client = 1 client". Meaning you can't bridge multiple clients behind a wireless clients, that just screws up roaming mechanisms etc ...
Cisco WGBs have the IAPP protocol to tell the WLC "listen, I'm a WGB wireless client and those are the wired clients connected to me, allow them on the network".
What does "universal WGB" feature does is that the WGB forwards the traffic of the client (only 1 client supported in this case !) to the infrastructure AP but the WGB never sends anything with its own mac address. It uses the client mac address as source.
This means that the WLC has no way of knowing that there is more than 1 device. It just thinks that your wired client is a wireless client.
So it's more than mac cloning since the WgB has to be the one authenticating to the infrastructure (Wpa/wpa2 whatsoever) by spoofing the client mac. The WGB is still in charge of roaming decisions and so on and so on...
I hope it clarifies the situation ?

WLC 2106 and 802.1q

Does the 2106 support 802.1q trunks. If so what do you have to do to enable a trunk port?

The 2106 does support 802.1q trunking only. You don't have to do anything on the wlc side, Just configure the trunk port on the switch to 802.1q. Also the management and ap manager should be configured as the native vlan on the switch.

Configuring WLC 5508 and Iphone/blackberry to use certificates

Hello, we would like to configure additional wlan for iphone/blackberry internet access. The goal is to have internal users (Active Directory users) using blackberry connecting to internal wireless network and update their mailboxes. We would like to avoid roaming charges for blackberry data traffic (email updates) but on the other hand we have to provide some way of authentication to blackberry/iphone so we know that only corporate blackberry/iphones can connect to internal network and update emails. It would be greatly appreciated if someone point me to configuration docs covering this issue or give me quick overview what has to be done to make this happening. We have radius server available if needed.
Thanks so much.
Appreciated.

http://www.cisco.com/en/US/customer/products/ps6366/products_configuration_example09186a0080921f67.shtml
With PEAP, you set up a Windows Server box as a root Certificate Authority and install the CA on all clients. Then, clients simply log on with their AD credentials.
http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_white_paper09186a008009256b.shtml
EAP-TLS is much more secure because it requires a unique certificate generated by the CA installed on each client.

WLC 2106 and Microsoft IAS and Windows XP Supplicant

For one of my SSID's I am using 802.1x with WPA2/AES. I have configured IAS on windows server 2003 and from the server message logs I am able to authenticate a user. I never complete the authentication through the eyes of the WLC though. In using debug commands on the WLC I can see an error that I can not solve.
Wed Apr 7 03:09:40 2010: 00:23:4e:70:a9:97 Received EAPOL-Key from mobile 00:23:4e:70:a9:97
Wed Apr 7 03:09:40 2010: 00:23:4e:70:a9:97 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:23:4e:70:a9:97
Wed Apr 7 03:09:40 2010: 00:23:4e:70:a9:97 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:23:4e:70:a9:97
Wed Apr 7 03:09:40 2010: 00:23:4e:70:a9:97 Stopping retransmission timer for mobile 00:23:4e:70:a9:97
I suspect my issues revolves around the message: Ignoring invalid EAPOL version (1) in EAPOL-key message
Anyone have any idea or insight on additional debug steps that can be taken?
Regards,
Justin

ERD Commander (ERD 5.0) is the version that supports Windows XP. The next version is DaRT Supported Vista and later

Help Please: WLC 2106 and RADIUS

Hello,
In the WLC there are two groups (say A and B). How would I take group B and point it to a RADIUS server for authentication please? Looking for a step by step answe please. The server is ping reachable. I have seached but did not see any difinitive answer.
Thanks!

You can achieve what you want per WLAN.
configure authentication servers order in wlan settings as per this image:
HTH
Amjad
You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".

WLC 2106 Configuration steps

I have WLC 2106,And 5 LWAP, 3 Cat3560 Switches.and my 2851 CME router providing DHCP for Data VLAN 1 nad Voice VLAN 100
any one can please help me how to do the basic configuration
when i configure Managment and AP manager on WLC 2106 on untaged VLAN 0 i can able to ping but when i cahnged the VLAN to 1 im not able to communicate to WLC from switch or any port from WLC
please help me to configure the WLC
Thanks & Regards
PRajoth

The software guide states "A zero value for the VLAN identifier (on the Controller > Interfaces page) means that the interface is untagged.
The default (untagged) native VLAN on Cisco switches is VLAN 1. When controller interfaces are configured as tagged (meaning that the VLAN identifier is set to a non-zero value), the VLAN must be allowed on the 802.1Q trunk configuration on the neighbor switch and not be the native untagged VLAN.
Cisco recommends that only tagged VLANs be used on the controller. You should also allow only relevant VLANs on the neighbor switch's 802.1Q trunk connections to controller ports. All other VLANs should be disallowed or pruned in the switch port trunk configuration. This practice is extremely important for optimal performance of the controller.
Note Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for management interfaces to ensure that controllers properly route VLAN traffic"
Can you supply a screen shot of the interfaces page from your WLC and supply the WLC switch port configuration also? Just to sanity check what you have so far?

Issues with WLC 7.0.116 and iPhone/iPads iOS devices

We are using a WLC 2106 running 7.0.116 and notice that when iPhones are streaming data (e.g. YouTube) during WPA re-auths we get the following log entry:
Max EAPOL-key M3 retransmissions exceeded for client xxxxx
And the iPhone prompts for the username/password for EAP-PEAP.
This occurs on two different lab setups, one local auth, one MS IAS. Changing EAPOL timeout settings does not fix the problem.
Note that we rolled back to WLC 6.x software and the problem appears fixed. Is this a known issue in 7.0.116 that others have seen?
thanks,
Simon

Its speculation at this point stating its tied to CPU processing. If you obtain a capture of both low CPU and high CPU you could then state its CPU bound.
Specific to the session timeout, Increasing or disabling it makes sense. The only purpose of the session timeout is to regen the MSK keys which then seed the PMK,GMK. Cisco recommends to disable session timeout on voice because of its known problems with voice reliability.
In addition, client idle timeout impacts Apple "i" deivces more than any other divice. Do a lab and capture the traffic coming out of a iPad for exmaple. These devices dont chatter on the network like other devices.
Its not uncommon for iPads to drop off the network with default settngs on the WLC (but this doesnt explain your 7 vs 6 code). In fact we lab this where iPads client records get deleted after 300 seconds (default timer) and have to reauth becuase of this very issue. An adjustment of the timers aided this situation.
Call TAC see what they tell you ... I suspect they will review these same items and the EAP timeout, that you mentioned already.
I just checked and we have 768 ipads on our network at this very moment including mine.
I just moved my auth time to 5 minutes and I am pulling youtube and watched 3 auths and there is no problems.
You need to do a L2 capture and see what the iPad is doing. If the ipad sends its EAP creds and the WLC doesnt respond then you know its the WLC.

AP 1140 and WLC 2106

Does someone know if WLC 2106 support AP 1140 ? I read that AP 1140 is CAPWAP only and I don't know if WLC 2106 supports CAPWAP.
Thanks

Yes it does, you may have to upgrade your controller software to get 802.11n and CAPWAP, use the latest code 6.0.182.
CAPWAP was supported from code 5.2.157
The max throughput on the 2106 though is only 100mbps so yo wont see the highest speeds

WLC 2106 problem

Hello,
I have problem with new one WLC 2106 controller. I make this basic configuration (after reset):
(Cisco Controller) >show interface summary
Interface Name                   Port Vlan Id IP Address      Type    Ap Mgr Guest
ap-manager                       1    10       10.10.10.21     Static Yes    No
management                       1    10       10.10.10.20     Static No     No
virtual                          N/A N/A      1.1.1.1         Static No     No
At this point, everything works OK. Controller is accesible via HTTPS, AP (one 1130) is connected too. But next I need create new WLAN and another interface VLAN - named ak-lan
config interface create ak-lan
config interface port ak-lan 1
HTTPS acces is still working, but when I configure IP adress:
config interface address dynamic-interface ak-lan 10.10.11.10 255.255.255.0 10.10.11.1
HTTPS acces stops. In fact, it seem like HTTPS starts on new interface - it's accesible via 10.10.11.10, but (after certificate warning) shows only empty page (Page is not accesible..)
I dont have an idea why. I tray downgrade software (originaly comes with 7.0.98.0) to 6.0.196.0, whitch I use on another same controller, but the behavior is the same. Now I use software 6.0.199.4. Again the same behavior.
"show interface summary" says:
(Cisco Controller) >show interface summary
Interface Name                   Port Vlan Id IP Address      Type    Ap Mgr Guest
ak-lan                           1    11       10.10.11.10     Dynamic No     No
ap-manager                       1    10       10.10.10.21     Static Yes    No
management                       1    10       10.10.10.20     Static No     No
virtual                          N/A N/A      1.1.1.1         Static No     No
(Cisco Controller) >
All interfaces (excluding virtual) matched to ping. All ïnterfaces have netmask 255.255.255.0.
There was another strange thing - "show sysinfo" says that I use sw 6.0.199.4 and emergency is 7.0.98.0, but "show boot" says:
(Cisco Controller) >show boot
Primary Boot Image............................... 6.0.199.4 (active)
Backup Boot Image................................ 6.0.196.0
(Cisco Controller) >
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
RTOS Version..................................... 6.0.199.4
Bootloader Version............................... 4.0.191.0
Emergency Image Version.......................... 7.0.98.0
Build Type....................................... DATA + WPS
System Name...................................... ak-wlc
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.828
IP Address....................................... 10.10.10.20
System Up Time................................... 0 days 0 hrs 46 mins 35 secs
System Timezone Location.........................
Configured Country............................... DE - Germany
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +55 C
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 0
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ E0:5F:B9:63:7B:00

Switch is C2960, port Gi0/2:
Gi0/2     T wlc              connected    trunk      a-full a-100 10/100/1000BaseTX
interface GigabitEthernet0/2
description T wlc
switchport trunk allowed vlan 10,11,100
switchport mode trunk
end
VLANs are set properly. Router is ASA 5510, and routing is fine. Morever, interfaces on WLC is accesible via ping (I dot't try telnet or ssh).

WLC 5508 and LAP1310 - Not syncing up!

As the title states I have a WLC 5508 and a LAP1310 that will not sync up.
The error stated in the traps log is "AP with MAC (xxxx.xxxx.xxxx.xxxx) is unknown."
WLC software release is : 7.2.103.0
IOS on the AP is : 12.4(18a)JA2
Upon some investigation I found that the "AP with MAC is unknown" error usually points to one of two things:
A. WLC firmware needs to be updated
B. AP needs to be updated.
C. The AP is not compatible with the WLC.
I am leaning toward solution C and I am looking for a conformation or a correction, if anyone could help out that would be greatly appreciated!
I've tried reading the compatibility matrix released by Cisco, but I found it mildly confusing as to what is and isn't supported by each software release.
Sources - http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml#lap1250
Problem 11: 1250 LAP Not Able to Join WLC
The setup consists of a 2106 WLC that runs version 4.1.185.0. A Cisco 1250 AP is not able to join the controller.
The log on the WLC shows this:
Mon Jun 2 21:19:37 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
Mon Jun 2 21:19:37 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:26 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:20 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
Mon Jun 2 21:19:20 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:09 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:03 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
Solution: This is because the Cisco 1250 series LAP is not supported on version 4.1. The Cisco Aironet 1250 Series AP is supported from controller versions 4.2.61 and later. In order to fix this issue, upgrade the controller software to 4.2.61.0 or later.
Problem 16: 1000 series LAPs not able to join the Wireless LAN controller, WLC runs version 5.0
This is because WLC software release 5.0.148.0 or later is not compatible with Cisco Aironet 1000 series APs. If you have a Cisco 1000 series LAP in a network, which runs WLC versions 5.0.48.0, the 1000 series LAP does not join the controller and you see this trap message on the WLC.
"AP with MAC xx:xx:xx:xx:xx:xx is unkown"

videoaudiojack
What version of Premiere Elements are you using and on what computer operating system is it running?
What are the properties of this .mp4 video import (video and audio compressions, frame size, frame rate, interlaced or progressive, pixel aspect ratio)?
If you have any information about the video bitrate and audio bitrate of the file, that would be good to know.
What is the audio - stereo 2 channel or 5.1 channel?
What are you (manually) or the project automatically setting as the project preset to match the properties of your source video?
Let us start here and then decide what next.
Thank you.
ATR

AP1522 with WLC 2106

Hi.
I want to know how to join the AP1522 to a WLC 2106.
The Controller and the AP are in the network, but the AP can't be joined to the controller. What is missing?

First of all make sure that the APs can communicate and get IP address from DHCP server (it might be an external DHCP or internal pool running on WLC).
Are your APs on the same subnet as controller?

WLC 2112 and WLC 2504

This might be a really stupid question but I need to ask just so that I get a definitive answer. I have a customer that is using a WLC 2112 and has maxed out the licenses for the WLC. I have suggested for him to purchase a 2504 with 30 or 40 licenses to replace the existing 2112. He doesn't want to purchase 30 to 40 licenses and doesn't want to remove the 2112 from the network environment. He would rather purchase a WLC 2504 with 15 licenses and just add that into the network.
My question is, will there be a problem running a 2504 and a 2112 on the same network? Or can I just make one a primary and one a secondary?

That should be fine. Just make sure the WLCs are running the same code version and everything should work fine. This is required for APs failover from one WLC to another. You don't want the APs upgrading or downgrading code versions every time the ap moves from the primary to the secondary WLC.
Sent from Cisco Technical Support iPhone App

WLC 2106 question

Hello,
What is the recomended way to connect 5 APs 1242 to a wlc 2106?
Connect directly the 5 APs to the wlc and use one port for the management interface and connection to the switch or to connect the APs to a switch and use one connection for the wlc?
Thanks in advance.

Depends on the AP.
One FastEthernet connection to the switch doens't "really" create a bottleneck. Your AP might. If you, say, you have 1130 or older then I'd say no significant bottleneck because the APs are also FastEthernet.
If you use the newer ones, like the 1250 and newer, which has GigEthernet and/or higher throughput (if you enable 802.11n) the yes. The switch AND the WLC 2100 are both the bottleneck.

WLC 2106 and iPhones

Similar Messages

Maybe you are looking for