1510 Mesh A.P with 5508 WLAN Controller

Similar Messages

• AIR-LAP1310G-E-K9 acces point not joining to 5508 wlan controller

  Hi,
  I have Cisco AIR-LAP1310G-E-K9 access point and 5508 wlan controller with version 7.0.220 and it is joining to the WLAN controller.  I have enabled dhcp in the lan controller and i dont have external dns server. How to fix this issue?  Can this LAN controller version will support this access point? 
  My Lan Controller Management IP Address is 10.10.10.5
  Please find the below configuration of 1300 access point.
  AP001d.4513.dd68#reload
  Proceed with reload? [confirm]
  %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
  %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.
  flashfs[0]: 4 files, 2 directories
  flashfs[0]: 0 orphaned files, 0 orphaned directories
  flashfs[0]: Total bytes: 7741440
  flashfs[0]: Bytes used: 2052608
  flashfs[0]: Bytes available: 5688832
  flashfs[0]: flashfs fsck took 14 seconds.
  Base ethernet MAC Address: 00:1d:45:13:dd:68
  Initializing ethernet port 0...
  Reset ethernet port 0...
  Reset done!
  ethernet link up, 100 mbps, full-duplex
  Ethernet port 0 initialized: link is up
  Unable to get our ip address: no "IP_ADDR" variable set
  The system has been encountered and error initializing
  tftp file system. The system is ignoring the error and
  continuing boot. If you interrupt the system boot process,
  the following commands will set IP_ADDR, DEFAULT_ROUTER
  and NETMASK environment variables, initializing tftp file
  system, and finish loading the operating system software:
      set IP_ADDR
      set DEFAULT_ROUTER
      set NETMASK
      tftp_init
      boot
  Loading "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx"...############################################################################################################################################################################################
  File "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx" uncompressed and installed, entry point: 0x3000
  executing...
                Restricted Rights Legend
  Use, duplication, or disclosure by the Government is
  subject to restrictions as set forth in subparagraph
  (c) of the Commercial Computer Software - Restricted
  Rights clause at FAR sec. 52.227-19 and subparagraph
  (c) (1) (ii) of the Rights in Technical Data and Computer
  Software clause at DFARS sec. 252.227-7013.
             cisco Systems, Inc.
             170 West Tasman Drive
             San Jose, California 95134-1706
  Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2008 by Cisco Systems, Inc.
  Compiled Wed 19-Mar-08 19:09 by prod_rel_team
  Image text-base: 0x00003000, data-base: 0x003BE9E0
  Initializing flashfs...
  flashfs[1]: 4 files, 2 directories
  flashfs[1]: 0 orphaned files, 0 orphaned directories
  flashfs[1]: Total bytes: 7741440
  flashfs[1]: Bytes used: 2052608
  flashfs[1]: Bytes available: 5688832
  flashfs[1]: flashfs fsck took 2 seconds.
  flashfs[1]: Initialization complete....done Initializing flashfs.
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco AIR-LAP1310G-E-K9R   (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
  Processor board ID FHK1133E002
  PowerPCElvis CPU at 262Mhz, revision number 0x0950
  Last reset from reload
  LWAPP image version 3.0.51.0
  1 FastEthernet interface
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 00:1D:45:13:DD:68
  Part Number                          : 73-8960-09
  PCA Assembly Number                  : 800-24963-06
  PCA Revision Number                  : A0
  PCB Serial Number                    : FOC113000V7
  Top Assembly Part Number             : 800-28479-05
  Top Assembly Serial Number           : FHK1133E002
  Top Revision Number                  : B0
  Product/Model Number                 : AIR-LAP1310G-E-K9R
  The name for the keys will be: ap.cisco.com
  % The key modulus size is 1024 bits
  % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
  ip ssh version 2
      ^
  % Invalid input detected at '^' marker.
  transport input ssh
                   ^
  % Invalid input detected at '^' marker.
  aaa new-model
  ^
  % Invalid input detected at '^' marker.
  aaa authentication login default enable local none
  ^
  % Invalid input detected at '^' marker.
  o
  ^
  % Invalid input detected at '^' marker.
  Press RETURN to get started!
  *Mar  1 00:00:05.442: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
  *Mar  1 00:00:06.473: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
  *Mar  1 00:00:07.817: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2008 by Cisco Systems, Inc.
  Compiled Wed 19-Mar-08 19:09 by prod_rel_team
  Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
  transport input ssh
                   ^
  % Invalid input detected at '^' marker.
  *Mar  1 00:00:33.860: %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
  *Mar  1 00:00:33.860: %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER
  *Mar  1 00:00:33.861: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
  logging origin-id string AP:001d.4513.dd68
           ^
  % Invalid input detected at '^' marker.
  logging 255.255.255.255
          ^
  % Invalid input detected at '^' marker.
  logging trap 3
          ^
  % Invalid input detected at '^' marker.
  *Mar  1 00:00:37.440: Logging LWAPP message to 255.255.255.255.
  AP001d.4513.dd68>
  %LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
  %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
  Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
  %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  AP001d.4513.dd68>

  Your debug is very telling ..
  AP001d.4513.dd68>
  %LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
  %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
  Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
  %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  AP001d.4513.dd68>
  What are you using to tell the AP where the contoller lives ? Since you are consoled into the ap you can use the -> capwap ap controller ip address
  This will point the ap to your controller
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Cisco WLC 5508 WLAN Controller

  Hallöchen kennt sich jemand mit den Dingern tiefgründiger aus? Ich hätte da mal ein frage bzgl. der interface Groups.
  Und  Zwar kann man ja mehrere Vlans (somit auch IP Ranges) in eine Gruppe  packen und diese dann wiederum ein SSID zu ordnen. Kann mir jemand  erklären wie indem Falle die IP Adresse Zuweisung (DHCP  der Clients  unterschieden wird?
  Und die 2. Frage wäre kann man verschiedene LAG Gruppen bauen oder oder nimmt er automatisch alle 8 in eine LAG Gruppe?
  Danke für eure Hilfe schonmal.

  is ist poosible the to create more than one LAG portgroup or binds the controller all 8 ports automatically in the same group? My idea is to cerate a 3 groups for 3 costumers with  2GB uplinks to the bachground network.
  When it comes to WLC, it's either you turn on LAG or you don't.  You can only have one LAG. 
  Here's what we've done in our deployment:
  We have a single outbound interface, let's call it INTERNET.  We have multiple sites.  So we create multiple dynamic interface with specific DHCP server. 
  We have created a PERL script and it's attached to our LINUX RADIUS box which specifies that all traffic goes out the INTERNET dynamic interface, however, each client gets an IP address based on the site where they come from.

• Best solution for 22 APs with no WLAN controller

  Hello,
  I have 22 aironet 1130 access points installed in a large building together with an ACS 4.1. what is the best solution to manage the APs, provide QOS and centrally authenticate and control the AP.
  Will enabling WDS on AP provide radio management without WLSE or wlan controllers.

  If you are dead set on autnomous, WLSE is probably your best bet.
  I worked with some third party managment software before for cisco access points and it wasnt very fun.
  You can ebay used controllers pretty cheap these days. Once the 5500s are released you may even see them dip a bit lower ...

• Cisco AP 700w as a Work Group Bridge with a WLAN Controller

  I am trying to setup an AP 700w as a Work Group Bridge as it would be interesting to have this running, because it has the built-in 4 port switch.
  I have WiSM based WLCs running the version 7.0.240.0. I converted a 700w to an autonomous AP and on the AP I installed the IOS Version 15.3(3)JA1.
  When I use an autonmous based AP to connect the 700w as a WGB everything works fine. I can connect clients through the 4 port switch.
  If I try to use a Controller based WLAN environment it does not work. The config is simple:
  ap#sh run
  Building configuration...
  Current configuration : 1805 bytes
  ! Last configuration change at 18:37:11 UTC Thu Mar 5 2015
  version 15.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap
  logging rate-limit console 9
  enable secret 5 $1$b5Da$QTI6Geq7ARZud34ZqA45.0
  no aaa new-model
  led display off
  no ip source-route
  no ip cef
  dot11 syslog
  dot11 ssid LAGERWPA
     authentication open
     authentication key-management wpa
     wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  username CISCO password 7 14341B180F0B
  bridge irb
  interface Dot11Radio0
   no ip address
   encryption mode ciphers aes-ccm tkip
   ssid LAGERWPA
   antenna gain 0
   packet retries 64 drop-packet
   station-role workgroup-bridge
   bridge-group 1
   bridge-group 1 spanning-disabled
  interface Dot11Radio1
   no ip address
   shutdown
   antenna gain 0
   peakdetect
   no dfs band block
   packet retries 64 drop-packet
   channel dfs
   station-role root
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface GigabitEthernet0
   no ip address
   duplex auto
   speed auto
   bridge-group 1
   bridge-group 1 spanning-disabled
  interface BVI1
   mac-address 18e7.2801.9610
   ip address dhcp client-id GigabitEthernet0
   ipv6 address dhcp
   ipv6 address autoconfig
   ipv6 enable
  ip forward-protocol nd
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  lan-port port-id 1
    no shutdown
  lan-port port-id 2
    shutdown
  lan-port port-id 3
    shutdown
  lan-port port-id 4
    shutdown
  bridge 1 route ip
  line con 0
  line vty 0 4
   login local
   transport input all
  end
  The association is OK, it is seen as a WGB, I can reach resources on our network from the AP, ping works, I can use a telnet from client to access the AP 700w etc.:

  20... Here is an old post for reference.
  https://supportforums.cisco.com/thread/2119996
  Sent from Cisco Technical Support iPhone App

• Single WLAN Controller Limitations

  Aside from redundancy, are there any other limitations to deploying a single Cisco 5508 WLAN Controller that I should be aware of?   The configuration guide states you need multiple controllers for the following:
  A multiple-controller system has the following additional features:
  •Autodetecting and autoconfiguring RF parameters as the controllers are added to the network.
  •Same-subnet (Layer 2) roaming and inter-subnet (Layer 3) roaming.
  •Automatic access point failover to any redundant controller with a reduced
  Is it true you can't have those roaming capabilities with a single controller?

  No... You have all those except for redundancy.
  Sent from my iPhone

• WLAN Controller 2125 VLAN issue

  Hello,
  i purchased a WLan Controller 2125.
  this is my first time with Cisco's Wireless Controller :-)
  previously i have worked with Motorola WLan Controller. configuring Vlan was easy.
  now coming back to cisco Controller
  i have installed and completed the initial configuration such as management console and 1st SSID working fine.
  according to Company's requirement there should be 3 SSID's
  1) management    VLAN-1 identifier   subnet  15.15.x.x           (SSID - VLAN-1)(interface1)
  2) Guest             VLAN-20 identifier  subnet  192.168.10.0      (SSID - VLAN-20)(interface2)
  3) employees      VLAN-30 identifier  subnet   20.20.x.x          (SSID - VLAN-30)(interface3)
  now the issue is only the SSID VLAN-1 is working. i beleive it is because its under the VLAN1 and management interface.
  as for fulfilling network requirement i have connected controller with L3 switch as below
  controller's interface1 connected to trunking interface on the switch
  controller's interface2 connected to interface vlan-20 on the switch
  controller's interface3 connected to interface vlan-30 on the switch
  i have also configured DHCP on controller for each SSID(interface)
  I CANT EVEN PING the GATEWAY FROM THE SSID VLAN-20 & VLAN-30.
  HELP Pls

  First at all, test those other 2 vlans fromthe switch side just to make sure are working.
  If it is working and not wirelessly, then I would need the show run-config and show arp switch
  from the switch side, show cdp nei detail and show run and show arp

• Problem Wlan Controller 5508

  Friends,
  I have a problem authenticate with AP AIR-LAP1131AG-AK9 to Wlan Controller 5508 (software versión of the Wlan Controller6.0.202.0 ). This AP always tries to authenticate with Wlan Controller. Maybe it tries to download the ios version.
  Could be a hardware problem.
  I am going to attach the log file.
  Thank.
  Marco.

  *Nov 23 20:28:50.348: %APF-3-AID_UPDATE_FAILED: apf_80211.c:5744 Error updating Association ID for REAP AP Client64:00:f1:12:b1:d0 - AID 4
  *Nov 23 20:28:50.348: %LWAPP-3-MAX_AID2: spam_api.c:1045 Reached max limit on the association ID for AP (max association ID 256)
  Looks like a great case for TAC.
  This is an HREAP AP?   It looks like it is associated fine with the WLC (no logs indicating it is trying) but instead it looks like Client Associations are breaking because it thinks it is up to 256 AIDs.....?
  Maybe this is a common error, but it hasn't cross my path before...

• WLAN Controller 5508 - Latest IOS (april/2013)

  Dears,
  Can somebody confirm please what is the latest IOS version for the Wlan Controller 5508 ?
  Actually I am using
  Software Version
  7.3.102.0
  I see the folliwing at Cisco website
  Latest Releases
  7.2.115.1(ED)7.3.112.0(ED)
  7.0.240.0(ED)
  7.4.100.0(ED)
  Version 7.2.115 seems to be the latest one (release date 19-APR-2013)... then I see 7.3.112.0 w/ release date 30-JAN-2013...
  I thought the IOS 7.4.100 would be the latest one but that release date is 17-DEC-2012
  Thats very wierd coz my controller uses a 7.3.102.0.....
  Can someone help me ?
  What IOS is really the latest one ?
  What should be the best one for me ?
  Software Version
  7.3.102.0
  Field Recovery Image Version
  System Name
  XXX-XXXX-XXX
  Thanks in advance!!!

  Lets make it simple. There are different trains. 7.0 is one, 7.2 is another, 7.3 is another and 7.4 is another. So if your on 7.2.x, the latest for that version is the .x. Each one listed above is different as far as features so you need to look at the latest for train that your on.
  Sent from Cisco Technical Support iPhone App

• Wlan Controller 4402 with 15 APs (1242 ag)

  Can anyone help me to configure 4402 wlan controller ( deploying procedure ) with 15 access points .
  Rgds,
  Senthil

  Hi Senthil,
  Very broad question but I will send you some links and see if that helps. You can please come back if you have any doubts on the same.
  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42lwap.html
  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/ccfig42.html
  HTH
  Ankur
  *Pls rate all helpfull post

• Can Wlan Controller work with Third party Aps

  Can Cisco Wlan Controller work for 3rd party Aps which does not have LWAPP running. If yes How.If no then how we can manage existing Ap's of say 3com in the network...

  Hi Friend,
  No, Cisco WLC will not support any third party APs. Even if Cisco APs are not lwapp AP then WLC will not be able to manage them.
  We need to have Cisco Lwapp APs only for wireless lan controller to manage them.
  For 3com Aps you need to talk to 3com guys or any third party tool if available to manage these APs.
  HTH
  Ankur

• WLC 5508 - wlan stability problems

  Hi.
  I have a WLC 5508 with half a dozen LAPs (AIR-CAP3502I-E-K9).
  They have been working but sometimes clients detect conectivity problems with the wlan.
  Here is the message log I can obtain from the controller:
  Nov 09 12:16:31.886: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!*dot1xMsgTask: Nov 09 12:16:10.286: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 00:26:c6:12:e8:32Previous message occurred 7 times.Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!*apfReceiveTask: Nov 09 11:51:30.788: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *spamApTask2: Nov 09 11:51:20.144: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.23.1.118*dot1xMsgTask: Nov 09 11:50:44.878: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client e0:ca:94:93:be:67*apfReceiveTask: Nov 09 11:50:40.672: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:38.625: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:35.531: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:31.068: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:29.257: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:28.707: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  Can somebody help me to understand these messages?
  1)
  *apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  2)
  Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!
  3)
  *dot1xMsgTask: Nov 09 11:50:44.878: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client e0:ca:94:93:be:67
  Thanks

  1)
  *apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  //APs are rebooting. don't panic, check the up time of AP. This message seen when AP rebooted/freshly joined and waiting for wlc to assign channel.
  2)
  Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!
  //It is cosmetic and can be ignored.
  3)
  *dot1xMsgTask: Nov 09 12:16:10.286: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 00:26:c6:12:e8:32
  //Keys M1-M5 used for wireless auth, here client having struggle completing the auth process.
  get output of, WLC>debug client

• WAP4410N Access point and 4404 WLAN Controller.

  Hello to all,
  I am planning to setup a new WLAN using WAP4410N Wireless N Access Point. Is it possible to manage the AP using 4404 WLAN controller ?
  I need to buy arround 42 AP for covering the entire building.
  Regards,
  Aslam

  leolaohoo
  Could u please tell me which series can be used with 4404 WLANC ?
  Also the AP Should support Bridging or Mesh.

• Cisco LWAP & WLAN Controller Flexconnect Across HP Switches

  Hello All, I'm looking for a little guidance in making the needed routing and switching configuration changes on our Corporate Network to accomadate flex connect functionality for Cisco Lightweight Access Points (LWAPs).  The LWAPs that are currently configured on our network only work when our WLAN Controller is up and running and I need for them to be disconnectable so that we can move the WLAN Controller to our virtual co-lo.  It should be known that I inhereted this network from the previous admin and have been working hard to map everything out to the best of my ability.  Also, the WLAN controller is already operating in our production network so it limits my ability to do much testing. 
  Just FYI, I'm a new Systems Admin promoted from a Desktop Support role and have my CCENT (Currently working on CCNA & MCITP Server Admin) so I have some knowledge but it is limited on the networking and switching side of things.  Unfortunately, the Senior Systems Admin has even less knowledge of networking than me and I don't really have anyone to turn to which is why I'm posting here.  I would have utilized GNS to help me simulate the configuration however there are HP switches in the mix and no means of emulating them.
  -Relevant Device List-
  (CONSA251) Sonicwall  NSA 240 - 10.1.1.251
    Interface Information 
  Interface    IP Address    Description   
  X0  ->  LAN
    10.1.1.251   LAN Interface  
  X1  ->  WAN
    *************   Time Warner WAN  
  X2  ->  DMZ
    *************   DMZ Interface  
  X3  ->  WAN
    *************   Sprint WAN  
  X0-V20  ->  LAN
    10.1.101.1   Corporate WLAN  
  X0-V30  ->  LAN
    192.168.1.1   Guest WLAN 
  (CORT250) Cisco 3845 - 10.1.1.250
  (CO-WLAN-CTRLER) Cisco 5508 Wireless Controller - 10.1.1.2
  (COSW240) HP Procurve 4108GL - 10.1.1.240
  (COSW238) HP Procurve 2510B-24 - 10.1.20.238
  (CORP-AP-MIS) AIR-LAP1131AG-A-K9 - 10.1.1.79
  (COSW239) HP1810G-24 - No IP (Inaccesible but being replaced)
  I will now go on to explain our network topology as it pertains to the WAPs and WLAN Controller and how I believe it needs to be configured in order to operate from my perspective. 
  Our Corporate and Guest Wireless Access is provided via the Sonicwall CONSA251 through a connection from the X0 interface to HP Switch COSW239 which is then connected to WLAN Controller CO-WLAN-CTRLER as detailed below:
  Device - Interface Name/Port
  CONSA251 - X0
  COSW239  - 2
  COSW239  - 18,19
  CO-WLAN-CTRLER - 2,3
  The WLAN Controller currently communicates with all the LWAPs via Layer 3 TCP\IP as I understand it and then routes all DHCP requests and traffic destine for the 10.1.101.1 (corporate WLAN) and 192.168.1.1 (Guest WLAN) to the Sonicwall and vice versa.
  Now what I am trying to do is VLAN the LWAP CORP-AP-MIS across the HP Switches to the X0 interface on the Sonicwall NSA240 where it will be able to route traffic via VLAN 20 & 30.  The problem lies in my inexperience with HP VLAN configurations and how the ports need to be configured on each device so it can route traffic to the Sonicwall when the WLAN Controller is shutdown.
  The LWAP CORP-AP-MIS layer 2 trace to the WLAN Controller is as shown below:
  Device - Interface Name/Port
  CORP-AP-MIS -  FA/0
  COSW238     - 16
  COSW238     - 25
  COSW240     - B4
  COSW240     - H6
  CORT250     - GigabitEthernet0/0
  CORT250     - Se1/0
  CONSA251    - X0
  Now for all intesive purposes the Corporate Router CORT250 should probably be handling the routing for our Corporate and Guest Wireless network however that was not the way it was originally setup and I have to work with what was inhereted.  The Corporate Router CORT250 has a default route to the Sonicwall and the Sonicwall CONSA251 has all the routing already in place for the Corporate & Guest WLANs.
  What I would like to do is VLAN off the X0-V20&V30 accross multiple switches and switchports to each LWAP in our building.  I do have the LWAP I'm testing on configured with Flex Connect which I understand is required for it to be disconnectable.
  Any guidance on how I would go about configuring this accross devices would be appreciated.  I know there are some difference between HP and Cisco Switching terms and how tagging, untagging, and trunking works however I lack the experience to apply this in practice especially in a production environment. 
  I will be happy to provide any additional information or clarification that is needed.  Thank you in advance for the help.

  Just to add about the ISE... you can profile, but having only one ssid might or might not work in your situation.  Also if you end up with remote sites or ap's in h-reap mode, currently ISE cant do any profiling.  If you go with the 7500 or 5508/WiSM2, they don't really do an active-active or active backup. They are both up and you can split the load or put all ap's on one, its up to you.  I usually split the load just to make sure both are working.  I don't want to all of a sudden loose the primary and then find out my secondary/backup is not working.

• Virtual WLAN Controller Guest Anchor

  We are planning a WLAN upgrade and the security policy is to forward wireless Guest user traffic to the DMZ controllers. We are now considering the Virtual WLAN Controller and all AP's will register with the virtual controllers and we will use Flexconnect for Staff and internal traffic that will switch their traffic onto the local switch.
  We wish to forward the guest traffic to the DMZ Guest Anchor controller which will be a 5508 controller. This will also offer Office Extend AP service.
  I have looked at teh virtual controller docs and not very clear if this deployment model is supported. Below is a diagram of what we wish to deploy and can anyone advise if thsi is a supprted deployment model.

  Well you can use the vWLC to anchor to a 5508, but not the other way around. So if you use the DMZ 5508 for OfficeExtend, you will not be able to anchor the traffic back to the inside. Cisco doesn't support reverse anchoring for a Remote-LAN in OfficeExtend and requires you to actually have the OfficeExtend AP's connect to an inside WLC. In v7.0.x you were able to do this reverse anchor, but it was removed on later codes.
  Sent from Cisco Technical Support iPhone App