2106 WLC and 4 LWAPP (1252G)
I have a 2106 WLC with 4 AP's (AIR-LAP1252AG-A-K9)
One of the AP's (port 4) is only connecting at 10Mbps, not 100Mbps and I don't know why?
All the ;ports are set on the controller to AUTO, When I try to force that port to 100Mbps, the link drops.
Could it be a cabling issue... or could I have a bad port on the 2106? How to I troubleshoot this. It's odd, because
that particular AP is about 100ft from thte WLC and the closest to it.
Any ideas?
Joe
Primary Software Version 7.0.116.0
Predownload Retry Count
Boot Version 12.4.18.1
IOS Version 12.4(23c)JA2
Mini IOS Version 3.0.51.0
Primary Software Version 7.0.116.0
Predownload Retry Count
Boot Version 12.4.18.1
IOS Version 12.4(23c)JA2
Mini IOS Version 3.0.51.0
Interesting... I unplugged the LAP (data and power) and removed it from the wall of our training room 75ft from our computer room, walked the AP into the computer room and with a 15' patch cord and power supply plugged it back into the WLC 2106. Waited a min for the AP to reboot and now my port speed is showing 100Mbps connection.
The issue must be with the cable run...? Thanks for pointing out the obvious. This now begs another questions regarding 2106 best practices and the idea of connecting our 4 AP's directly into network switches and not the WLC 2106 itself. That seems to be the recommendation. Any comments?
Joe
Similar Messages
-
Hi Guys,
I bought a brand new 2106 WLC and a 1142AP. After going through the standard setup, the 1142 LAP was blinking red, yellow and green. I checked the logs and found the following message;
*Apr 18 10:20:29.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.219.1.26 peer_port: 5246
*Apr 18 10:20:29.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 18 10:20:30.392: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.219.1.26 peer_port: 5246
*Apr 18 10:20:30.394: %CAPWAP-5-SENDJOIN: sending Join Request to 10.219.1.26
*Apr 18 10:20:30.394: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Apr 18 10:20:30.405: %CAPWAP-3-ERRORLOG: This AP is not supported in controller version 6.0.196.0
*Apr 18 10:20:30.489: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Apr 18 10:20:30.490: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.219.1.26:5246
I requested the latest IOS and Boot image for the controller from the supplier but he has provided only
AIR-WLC2100-K9-7-0-220-0.aes, no equivalent boot image and has insisted that it is enough to upgrade the controller.
My question is this: Is the AIR-WLC2100-K9-7-0-220-0.aes compatible with the 1142 LAP? And would I be able to upgrade the controller with only the
AIR-WLC2100-K9-7-0-220-0.aes IOS and no equivalent boot image?
Thanks for your promt response.
Regards,
FONThe time and date are correct. April 18 was the day I got the logs.
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.196.0
RTOS Version..................................... 6.0.196.0
Bootloader Version............................... 4.0.191.0
Emergency Image Version.......................... N/A
Build Type....................................... DATA + WPS
System Name...................................... WLAN
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.828
IP Address....................................... 10.219.1.25
System Up Time................................... 2 days 21 hrs 45 mins 1 secs
System Timezone Location.........................
Configured Country............................... Multiple Countries:US,BE
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +49 C
--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ 40:55:39:8D:D4:62
APc471.fe8f.f3dc>sh version
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
ROM: Bootstrap program is C1040 boot loader
BOOTLDR: C1040 Boot Loader (C1140-BOOT-M) Version 12.4(23c)JA, RELEASE SOFTWARE (fc3)
APc471.fe8f.f3dc uptime is 0 minutes
System returned to ROM by power-on
System image file is "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1042N-E-K9 (PowerPC405ex) processor with 98294K/32768K bytes of memory.
Processor board ID FGL1527S1LS
PowerPC405ex CPU at 333Mhz, revision number 0x147E
Last reset from power-on
LWAPP image version 7.0.94.21
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: C4:71:FE:8F:F3:DC
Part Number : 73-12836-04
PCA Assembly Number : 800-33767-04
PCA Revision Number : A0
PCB Serial Number : FOC14425AJ2
Top Assembly Part Number : 800-33775-01
Top Assembly Serial Number : FGL1527S1LS
Top Revision Number : A0
Product/Model Number : AIR-LAP1042N-E-K9
Configuration register is 0xF
APc471.fe8f.f3dc>sh inventory
APc471.fe8f.f3dc> -
Hi guys,
i have a 2106 WLC with three 1131AP LWAPP.
I should cover a zone where there is no network cabling and i was thinking about another 1131 in mesh mode.
Do I need particular software release?
Can anyone provide documentation from which i can start to configure the system(WLC)?
thx....Unfortunately, the only access point that can handle Mesh is the 1500-series. Mesh isn't meant for indoor applications like the 1131AG is meant for. Mesh is meant for city-wide deployments and wireless coverage.
Your only option using 1131AGs is to get a cable out there somewhere. If you purchase a couple of 1242AGs in autonomous mode, you can set up a mesh-like link using link-role flexibility. You can configure your A-radio to be a bridge link, and configure the G-radio to service clients. This can only be done 1-to-1, though, so you'll need two APs for every one you need in an area without cabling. Hopefully that makes sense. -
2106 wlc different vlan accessibility
I have 1 2106 wlc 6 1131AG LAPs that are going to be placed in three vlans. All three vlans are created and configured on a 3550G switch.
I created two additional virtual interfaces on the WLC, tagged it with appropriate vlan number and connected the port with untagged vlan identifier to a dot1q enabled trunk port on the 3550 switch. That is,
man int - untagged, port 1
vlan2, tagged -2, port 2,3
vlan3, tagged -3, port 4,5
vlan4, tagged - 3, port 6
and port 1 is connected to a trunk port on the 3550G switch with dot1q.
I am not able to reach the created vlan interfaces on the WLC !?1?!
Kindly help?jeff.velten, wouldn't that break the very use of the WLC? documents I referred from cisco recommend to connect the WLC to a trunked port. Like here: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml
So how are the vlan tags from the wlc not passed on to the trunk port? Is there something I missed, somewhere? -
Guest-Anchor-WLC and NAC integration guide
I was trying to find some design reference for the Guest-WLC and NAC integration guide. Anyone can share some experience/cisco docs/links?
User traffic is locally bridged on a 1030 in REAP mode so packet forwarded to the default gtw would follow the NAT rules on the firewall but the real challenge is the LWAPP control channel. In that past using 1:1 NAT I was successful with a CP firewall but I had to play tricks with the mobility group and use the FW logs to track and define the right ports.
-
Hi, everyone
I have some puzzle for WLC's L2 LWAPP and L3 LWAPP
1, Is it right for the following depolyment:
4404 have 4 GE distribute port, For L2 LWAPP, on each corresponding port on switch, the first should be trunk, the last 3 should be access static port and each have different vlan id.
for L3 LWAPP, 4 GE ports all should be configured with trunk. And these ports are enabled with LAG by default?
2, according to CCO, With a Layer 2 LWAPP configuration, you should distribute access points across different vlan manually. Does that mean some AP should be terminated at AP-manager interface 1, and some at AP-manager interface 2; but how to configured it and how to deploy?
Is there the same question for L3 LWAPP?
3, what is advantage and disadvantage for L2 LWAPP and L3 LWAPP deployment. Anyone can provide some useful link for WLC's deployment?
Very thanks.Hi,
1) you can use the GB ports separately or as bundle. It depends on you only. Management and dynamic VLANs can be put on individual ports natively without tagging or like a taged trunk. The switch has to have propper config too.
For example - you can bundle ports 1 and 2 like an Etherchannel and put there the management and ap-manager interface natively (VLAN ID 0). Switch must have the same Etherchannel as "switchport mode access".
Next you can bundle ports 3 and 4 and put there all dynamic interfaces (user VLANs) like a tagged trunk. Switch must have the same Etherchannel as "switchport mode trunk".
2) All AP communicates witch the controller through management subnet. If you use L3 mode, you can put them into the same one or into another. In the case of another subnet, routing must work properly.
3) definelly use L3 LWAPP, L2 has no advantages and I think it is obsoleted -
Hi everybody,
thanks for a super forum!
I just had a 2106 WLC die on me, there is a backup controller so everything is still running. BUT i have a replacement unit here on my desk.
Dead WLC
Software version: 4.0.206.0
Replacement WLC:
Software version: 4.1.185.0
The APs are set up with primary / secondary controllers, and there might be a default mobility group. The plan is to use the replacement WLC as the new secondary WLC. And this is where my insight is a bit vague...
I read somewhere that mobility groups could consist of misc. platforms and i assume versions...
So what happens if the primary (running the older firmware) dies and all APs register with their secondary (running a newer firmware)? Will they then start upgrading and be offline for the time that takes. And will they downgrade again once the primary comes back online?
CheersIf you choose upgrade option, then you have to do this it in following manner (see table 1 of the below release note) as a step by step upgrade.(assuming you go for 7.0MR1 which is 7.0.116.0)
4.1.185.0 ->4.2.176.0 ->4.2.209.0 -> 7.0.116.0
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_0_116_0.html
Safer approach would be restore the config to the new 2106 (if you already have a backup of the dead wlc config) while it is on the software code 4.1.185.0. Then upgrade the controller (offline) to 7.0.116.0 & bring it online.
If that is the primary WLC, then your AP should register for that controller. Once all APs register to that controller you can upgrade the 2nd WLC to the same image following the same process.
HTH
Rasika
*** Pls rate all useful responses *** -
Trunk with WLC and 1400BR problem
hi everybody,
i have the next proble, i hope someone can help me
Actually I wrok with a 1522 Mesh Network,1130 LWAPP and Bridge 1400 point to point. 1522 and 1130 are asociated with WLC.
I have a WLC4402 (4.1.192.22M (Mesh)image) this wlc is conected via trunk to Sw3750 ex:
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
RAP1 is connected to the sameSw3750 ex:
interface FastEthernet1/0/23
description RAP1
switchport access vlan 10
**(VLAN 10 is Mgmt)**
AP1(1130) is connected to the same Sw3750 ex:
interface FastEthernet1/0/1
description AP1
switchport access vlan 10
The 1410BR Root is connected via trunk to same Sw3750 ex:
interface FastEthernet1/0/19
description BR-1400R
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
In the other point is the Non-Root connected to a Sw2960 ex:
interface GigabitEthernet1/0/1
switchport trunk native vlan 10
switchport mode trunk
AP2(1130) connected to the same Sw2960 ex:
interface fa0/23
descriptipon AP2
switchport access vlan 10
The network is work fine, Mesh UP (RAP and MAPs), and 1130 too.I connected the 1400 Bridge point after the Mesh is up, and the link between Root and Non Root is UP
Now, when the Sw3750 goes down or reboot,the RAP and AP1(1130) can't associated to WLC. The ports of RAP and 1130 are down and up many times, so can't associated to a WLC. Only the Bridge point 1400 Root and Non-root are UP, and the AP2(1130) in the other side can associated to the WLC.
When shutdown the port of the Root Bridge, Now the RAP1 and AP1(1130) can associated to the WLC and the Mesh Net is UP. Then no shutdown the Root Bridge port and the link between Bridges are UP, AP2(1130) up to the controller too.
But after several minutes the Bridge down, and the event log in the Root is:Interface Dot11Radio0 Radio transmit power out of range.
So i have this problems
1) Trunks between WLC and 1400 BR
2) Bridge conectivity range.
Regards
AntonioThe Outdoor Bridge Range Calculation Utility uses parameters that include regulatory domain, device type, data rate, antenna gain, and a few others as inputs.
You can avoid connectivity problems with the Outdoor Bridge Calculation Utility, as this tool helps you to predict the distance between devices. In a wireless environment without a tool like this, you cannot predict the distance between the bridges, the height at which you must place the antennas for maximum throughput, and other variables. This utility also helps you decide on the type of antenna that you must use in order to cover the distance between the bridges. -
How to let AP1262 download from WLC and been managed.
Hi Friends,
Some days ago, I download standard IOS image for 1262 and installed, now this 1262 AP can start up without WLC. but I don't know how to recovery this AP image, and let's startup / download the image from WLC and has been managed...
Is that ONLY remove the existence image ? and it's will be auto find WLC ?
Thanks.Okay... here are the steps:
1. Install an external TFTP tool such as tftpd32 tool from http://tftpd32.jounin.net/
2. Assign IP address in the range 10.0.0.2 - .254 ( Ex : 10.0.0.2) to the tftp server (your laptop or pc).
3. Download the IOS to lwapp image onto the tftp's root directory. Use http://www.cisco.com
The filename that you need to rename will show up when you are consoled into the AP
4. Rename ap3g1-rcvk9w8-tar.124-23c.JA3.tar to ap3g1-rcvk9w8-tar.default
5. Make sure you set the IP address on the BVI interface of the AP if not set. Set it in the 10.0.0.x range. Default is 10.0.0.1.
6. Connect the Ethernet port on AP to your TFTP Server ( Laptop ) DISABLE YOUR FIREWALL
7. Hold the mode button and power off the AP.
8. Power back the AP while continually holding the mode button for 20
seconds. -
ISE 1.2 With WLC and AD
Hi everyone,
What is the steps and Procedure implement Wired and wireless authentication with ISE, WLC and AD for a LAB environment. currently the following are done.
The wireless network is configured with 2 SSID (Staff and Guest)
Active Directory, DNS, DHCP, and NTP configured & synced.
ISE and AD running on C220 VMs, and WLC is 5760 Appliance.
Please provide your thoughts and assistance.
RegardsYou have to implement dot1x and radius between your NAD and ISE device.
Using the switch 3850, that are the steps:
username RADIUS-HEALTH password radiusKey1 privilege 15
aaa new-model
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
!this password will be used to communicate with ISE and to verify reachability
!between ISE and Switch
aaa server radius dynamic-author
client 172.16.1.18 server-key 7 radiuskey
client 172.16.1.20 server-key 7 radiuskey
ip domain-name lab.local
ip name-server 172.16.1.1
dot1x system-auth-control
interface GigabitEthernet1/0/3
switchport mode access
switchport voice vlan 50
switchport access vlan 10
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
ip access-list extended ACL-ALLOW
permit ip any any
!the comm between radius and ise will occur on these Port
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
snmp-server community ciscoro RO
snmp-server community public RO
snmp-server trap-source Vlan100
snmp-server source-interface informs Vlan100
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 10 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
!defining ISE servers
radius server ISE-RADIUS-1
address ipv4 172.16.1.20 auth-port 1812 acct-port 1813
automate-tester username RADIUS-HEALTH idle-time 15
key radiusKey
Please be sure that NTP servers and time are synchronized.
enable dot1X on windows machine, or using cisco NAM.
you can enable debugging on aaa authentication to see the events.
you have to create this user on ISE (RADIUS-HEALTH).
3850#test aaa group radius username password new-code
and observe the result. You are supposed to have user authenticated successfully.
You Must also have define these device in ISE on the radius interface.
ip radius source-interface ..... use this interface ip address to define Ip address of the NAD device in ISE.
administration-->network resources -->Network Devices-->Add
input the name
input the Ip address for radius communication
select the authentication settings and field the corresponding shared secret radius key
select snmp settings and select version 2c.
snmp community : ciscoro
you can customize the polling interval if you want and that all.
you are supposed to received message communication between your NAD and ISE.
After you can do the procedure for WLC device.
I will fill it after you have passed the first steps (3850 authentication). -
Problem share folder WLC and pc macbookpro
I am doing a migration from my wireless network in the old network in the PC MacBookPro I can see shared files on the network. But when I connect to the SSID configured on the WLC and I can not see shared files on the network. I have no ACL configured on the SSID.
Bonjour is a non-routabe multicast based service. A trick I use sometimes is to configure the WLAN to be in hreap mode if the ap is located locally to the target bonjour device.if your running in local mode, make sure they are on the same vlan and global multicast is enabled.
Sent from Cisco Technical Support iPad App -
Cisco 8510 WLC and RTU licence
Hi Guys,
I have a simular issue where is shows the status as active, not-in-use.
What does this mean and how do I get this to be in use.
This is a Controller with HA-SKU license.
The licenses has been inherited from the Primary Controller.
Any license on HA-SKU controller is disregarded.
Feature name: ap_count (adder)
License type: Permanent
License state: Active, Not-In-Use
License Nodelocked: No
RTU License Count: 50
Hope to hear from you soon.
Regards,
Clifton.Hi,
since this is a HA-SKU WLC, and the license is inherited from the active then no need to have a permenant license on it.
is the HA working fine?
please review the following link for the HA licensing requirements
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#licensing -
Hi I am currently using 21 X WLC with N+1 Redundancy and 1X WCS with 1000++ of LAP1020. If had been observed that the antenna type and power TX had been changed with no reason. Is there any settings that may affect with AP customized Tx Power and antenna settings other than using the WCS template to push the configure to the APs instead of the WLC.
Sorry for jumping in on the question with another question but it seemed the right place.
I have an AIR-CT5508-25-K9 WLC and +25AP license : L-LIC-CT5508-25A.
As far as I understand it the WLC should already have a 25AP license installed and with the adder license I should have a count of 50 APs.
However, after installing the adder license the count is still 25.
Could you please let me know if it's just something wrong in my reasoning or should a case be opened?
Thank you,
Barbara -
Cisco wlc and steel belted radius
we have cisco wlc controller that have two ssid one for user and one for guest
we need the user in ssid 1 take user name and password from user group in active directory through steel belted radiu
please send to me any integrated guide between cisco wlc and steel belted radius
regardsHi Mohammad,
I am unaware of a specific Steel Belted RADIUS intrgration guide for the WLCs, however the configuration process on the controller will be the same:
Cisco WLC Configuration Guide 7.0 - Configuring RADIUS:
http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70sol.html#wp1388328
You may wish to contact your RADIUS vendor for additional configuration steps on the server.
Best,
Drew -
Hi to all,
i want to use local-eap+LDAP (microsoft AD) and i'm experiencing some issue.
First of all i'm not able to bind WLC and LDAP...if a perform a debug aaa ldap enable i get this output:
Any idea about how to solve this issue?
Regards
AleIt sounds like .... invalid credentials ? :-)
Please post your LDAP config on WLC.
Is your admin username with which you're binding within the search context that you defined ? this is very important
Maybe you are looking for
-
Target operation is unavailable: cleanup of previous target with the same n
Greetings, In OEM 12c I have several clusters. For one, from the console I deleted the cluster and then manually added the cluster target back. The operation was successful but for one of the high availability (has) services a metric collection error
-
HT1178 Can the time capsule be used with a pc running Windows Vista , 7 or 8 as a backup drive
Can the time capsule be used with a pc running Windows Vista , 7 or 8 as a backup drive. If so what software do I need to buy?
-
How can I download songs i made with my ipod on my pc ?
How can I download songs i made with my ipod on my pc, i tried to share them with iTunes but it never worked i don't know where the file goes and iTunes doesn't seem to have the file...
-
NAC Guest Server 2.0.5
Hello Everybody, We have NAC Guest Server version 2.0.5, our customer has two requeriments, one of them is to assign manually password to a new account, the second is change the state inactive of the account to active state. As I saw in this version,
-
Oracle Support Site Changed?
HI, I used to be able to log in do advanced search for patches then choose my OS and version and product. Then it would list all the patches and have nice pdf's to view that had great information. Now I go there and I can't find anything. Specificall