2106 WLC and 4 LWAPP (1252G)

Similar Messages

• 2106 WLC Software Upgrade

  Hi Guys,
  I bought a brand new 2106 WLC and a 1142AP. After going through the standard setup, the 1142 LAP was blinking red, yellow and green. I checked the logs and found the following message;
  *Apr 18 10:20:29.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.219.1.26 peer_port: 5246
  *Apr 18 10:20:29.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Apr 18 10:20:30.392: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.219.1.26 peer_port: 5246
  *Apr 18 10:20:30.394: %CAPWAP-5-SENDJOIN: sending Join Request to 10.219.1.26
  *Apr 18 10:20:30.394: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Apr 18 10:20:30.405: %CAPWAP-3-ERRORLOG: This AP is not supported in controller version 6.0.196.0
  *Apr 18 10:20:30.489: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
  *Apr 18 10:20:30.490: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.219.1.26:5246
  I requested the latest IOS and Boot image for the controller from the supplier but he has provided only
  AIR-WLC2100-K9-7-0-220-0.aes, no equivalent boot image and has insisted that it is enough to upgrade the controller.
  My question is this: Is the AIR-WLC2100-K9-7-0-220-0.aes compatible with the 1142 LAP? And would I be able to upgrade the controller with only the
  AIR-WLC2100-K9-7-0-220-0.aes IOS and no equivalent boot image?
  Thanks for your promt response.
  Regards,
  FON

  The time and date are correct. April 18 was the day I got the logs.
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 6.0.196.0
  RTOS Version..................................... 6.0.196.0
  Bootloader Version............................... 4.0.191.0
  Emergency Image Version.......................... N/A
  Build Type....................................... DATA + WPS
  System Name...................................... WLAN
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.828
  IP Address....................................... 10.219.1.25
  System Up Time................................... 2 days 21 hrs 45 mins 1 secs
  System Timezone Location.........................
  Configured Country............................... Multiple Countries:US,BE
  Operating Environment............................ Commercial (0 to 40 C)
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +49 C
  --More-- or (q)uit
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 1
  3rd Party Access Point Support................... Disabled
  Number of Active Clients......................... 0
  Burned-in MAC Address............................ 40:55:39:8D:D4:62
  APc471.fe8f.f3dc>sh version
  Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEASE SOFTWARE (fc3)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2010 by Cisco Systems, Inc.
  Compiled Tue 01-Jun-10 12:53 by prod_rel_team
  ROM: Bootstrap program is C1040 boot loader
  BOOTLDR: C1040 Boot Loader (C1140-BOOT-M) Version 12.4(23c)JA, RELEASE SOFTWARE (fc3)
  APc471.fe8f.f3dc uptime is 0 minutes
  System returned to ROM by power-on
  System image file is "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco AIR-LAP1042N-E-K9    (PowerPC405ex) processor with 98294K/32768K bytes of memory.
  Processor board ID FGL1527S1LS
  PowerPC405ex CPU at 333Mhz, revision number 0x147E
  Last reset from power-on
  LWAPP image version 7.0.94.21
  1 Gigabit Ethernet interface
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: C4:71:FE:8F:F3:DC
  Part Number                          : 73-12836-04
  PCA Assembly Number                  : 800-33767-04
  PCA Revision Number                  : A0
  PCB Serial Number                    : FOC14425AJ2
  Top Assembly Part Number             : 800-33775-01
  Top Assembly Serial Number           : FGL1527S1LS
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-LAP1042N-E-K9
  Configuration register is 0xF
  APc471.fe8f.f3dc>sh inventory
  APc471.fe8f.f3dc>

• 2106 1131AP and mesh mode

  Hi guys,
  i have a 2106 WLC with three 1131AP LWAPP.
  I should cover a zone where there is no network cabling and i was thinking about another 1131 in mesh mode.
  Do I need particular software release?
  Can anyone provide documentation from which i can start to configure the system(WLC)?
  thx....

  Unfortunately, the only access point that can handle Mesh is the 1500-series. Mesh isn't meant for indoor applications like the 1131AG is meant for. Mesh is meant for city-wide deployments and wireless coverage.
  Your only option using 1131AGs is to get a cable out there somewhere. If you purchase a couple of 1242AGs in autonomous mode, you can set up a mesh-like link using link-role flexibility. You can configure your A-radio to be a bridge link, and configure the G-radio to service clients. This can only be done 1-to-1, though, so you'll need two APs for every one you need in an area without cabling. Hopefully that makes sense.

• 2106 wlc different vlan accessibility

  I have 1 2106 wlc 6 1131AG LAPs that are going to be placed in three vlans. All three vlans are created and configured on a 3550G switch.
  I created two additional virtual interfaces on the WLC, tagged it with appropriate vlan number and connected the port with untagged vlan identifier to a dot1q enabled trunk port on the 3550 switch. That is,
  man int - untagged, port 1
  vlan2, tagged -2, port 2,3
  vlan3, tagged -3, port 4,5
  vlan4, tagged - 3, port 6
  and port 1 is connected to a trunk port on the 3550G switch with dot1q.
  I am not able to reach the created vlan interfaces on the WLC !?1?!
  Kindly help?

  jeff.velten, wouldn't that break the very use of the WLC? documents I referred from cisco recommend to connect the WLC to a trunked port. Like here: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml
  So how are the vlan tags from the wlc not passed on to the trunk port? Is there something I missed, somewhere?

• Guest-Anchor-WLC and NAC integration guide

  I was trying to find some design reference for the Guest-WLC and NAC integration guide. Anyone can share some experience/cisco docs/links?

  User traffic is locally bridged on a 1030 in REAP mode so packet forwarded to the default gtw would follow the NAT rules on the firewall but the real challenge is the LWAPP control channel. In that past using 1:1 NAT I was successful with a CP firewall but I had to play tricks with the mobility group and use the FW logs to track and define the right ports.

• WLC's L2 LWAPP or L3 LWAPP

  Hi, everyone
  I have some puzzle for WLC's L2 LWAPP and L3 LWAPP
  1, Is it right for the following depolyment:
  4404 have 4 GE distribute port, For L2 LWAPP, on each corresponding port on switch, the first should be trunk, the last 3 should be access static port and each have different vlan id.
  for L3 LWAPP, 4 GE ports all should be configured with trunk. And these ports are enabled with LAG by default?
  2, according to CCO, With a Layer 2 LWAPP configuration, you should distribute access points across different vlan manually. Does that mean some AP should be terminated at AP-manager interface 1, and some at AP-manager interface 2; but how to configured it and how to deploy?
  Is there the same question for L3 LWAPP?
  3, what is advantage and disadvantage for L2 LWAPP and L3 LWAPP deployment. Anyone can provide some useful link for WLC's deployment?
  Very thanks.

  Hi,
  1) you can use the GB ports separately or as bundle. It depends on you only. Management and dynamic VLANs can be put on individual ports natively without tagging or like a taged trunk. The switch has to have propper config too.
  For example - you can bundle ports 1 and 2 like an Etherchannel and put there the management and ap-manager interface natively (VLAN ID 0). Switch must have the same Etherchannel as "switchport mode access".
  Next you can bundle ports 3 and 4 and put there all dynamic interfaces (user VLANs) like a tagged trunk. Switch must have the same Etherchannel as "switchport mode trunk".
  2) All AP communicates witch the controller through management subnet. If you use L3 mode, you can put them into the same one or into another. In the case of another subnet, routing must work properly.
  3) definelly use L3 LWAPP, L2 has no advantages and I think it is obsoleted

• 2106 WLC replacement

  Hi everybody,
  thanks for a super forum!
  I just had a 2106 WLC die on me, there is a backup controller so everything is still running. BUT i have a replacement unit here on my desk.
  Dead WLC
  Software version: 4.0.206.0
  Replacement WLC:
  Software version: 4.1.185.0
  The APs are set up with primary / secondary controllers, and there might be a default mobility group. The plan is to use the replacement WLC as the new secondary WLC. And this is where my insight is a bit vague...
  I read somewhere that mobility groups could consist of misc. platforms and i assume versions...
  So what happens if the primary (running the older firmware) dies and all APs register with their secondary (running a newer firmware)? Will they then start upgrading and be offline for the time that takes. And will they downgrade again once the primary comes back online?
  Cheers

  If you choose upgrade option, then you have to do this it in following manner (see table 1 of the below release note) as a step by step upgrade.(assuming you go for 7.0MR1 which is 7.0.116.0)
  4.1.185.0 ->4.2.176.0 ->4.2.209.0 -> 7.0.116.0
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_0_116_0.html
  Safer approach would be restore the config to the new 2106 (if you already have a backup of the dead wlc config) while it is on the software code 4.1.185.0. Then upgrade the controller (offline) to 7.0.116.0 & bring it online.
  If that is the primary WLC, then your AP should register for that controller. Once all APs register to that controller you can upgrade the 2nd WLC to the  same image following the same process.
  HTH
  Rasika
  *** Pls rate all useful responses ***

• Trunk with WLC and 1400BR problem

  hi everybody,
  i have the next proble, i hope someone can help me
  Actually I wrok with a 1522 Mesh Network,1130 LWAPP and Bridge 1400 point to point. 1522 and 1130 are asociated with WLC.
  I have a WLC4402 (4.1.192.22M (Mesh)image) this wlc is conected via trunk to Sw3750 ex:
  interface GigabitEthernet1/0/1
  switchport trunk encapsulation dot1q
  switchport mode trunk
  RAP1 is connected to the sameSw3750 ex:
  interface FastEthernet1/0/23
  description RAP1
  switchport access vlan 10
  **(VLAN 10 is Mgmt)**
  AP1(1130) is connected to the same Sw3750 ex:
  interface FastEthernet1/0/1
  description AP1
  switchport access vlan 10
  The 1410BR Root is connected via trunk to same Sw3750 ex:
  interface FastEthernet1/0/19
  description BR-1400R
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 10
  switchport mode trunk
  In the other point is the Non-Root connected to a Sw2960 ex:
  interface GigabitEthernet1/0/1
  switchport trunk native vlan 10
  switchport mode trunk
  AP2(1130) connected to the same Sw2960 ex:
  interface fa0/23
  descriptipon AP2
  switchport access vlan 10
  The network is work fine, Mesh UP (RAP and MAPs), and 1130 too.I connected the 1400 Bridge point after the Mesh is up, and the link between Root and Non Root is UP
  Now, when the Sw3750 goes down or reboot,the RAP and AP1(1130) can't associated to WLC. The ports of RAP and 1130 are down and up many times, so can't associated to a WLC. Only the Bridge point 1400 Root and Non-root are UP, and the AP2(1130) in the other side can associated to the WLC.
  When shutdown the port of the Root Bridge, Now the RAP1 and AP1(1130) can associated to the WLC and the Mesh Net is UP. Then no shutdown the Root Bridge port and the link between Bridges are UP, AP2(1130) up to the controller too.
  But after several minutes the Bridge down, and the event log in the Root is:Interface Dot11Radio0 Radio transmit power out of range.
  So i have this problems
  1) Trunks between WLC and 1400 BR
  2) Bridge conectivity range.
  Regards
  Antonio

  The Outdoor Bridge Range Calculation Utility uses parameters that include regulatory domain, device type, data rate, antenna gain, and a few others as inputs.
  You can avoid connectivity problems with the Outdoor Bridge Calculation Utility, as this tool helps you to predict the distance between devices. In a wireless environment without a tool like this, you cannot predict the distance between the bridges, the height at which you must place the antennas for maximum throughput, and other variables. This utility also helps you decide on the type of antenna that you must use in order to cover the distance between the bridges.

• How to let AP1262 download from WLC and been managed.

  Hi Friends,
  Some days ago, I download standard IOS image for 1262 and installed, now this 1262 AP can start up without WLC. but I don't know how to recovery this AP image, and let's startup / download the image from WLC and has been managed...
  Is that ONLY remove the existence image ? and it's will be auto find WLC ?
  Thanks.

  Okay... here are the steps:
  1. Install an external TFTP tool such as tftpd32 tool from http://tftpd32.jounin.net/
  2. Assign IP address in the range 10.0.0.2 - .254 ( Ex : 10.0.0.2) to the tftp server (your laptop or pc).
  3. Download the IOS to lwapp image onto the tftp's root directory. Use http://www.cisco.com
  The filename that you need to rename will show up when you are consoled into the AP
  4. Rename ap3g1-rcvk9w8-tar.124-23c.JA3.tar to ap3g1-rcvk9w8-tar.default
  5. Make sure you set the IP address on the BVI interface of the AP if not set. Set it in the 10.0.0.x range. Default is 10.0.0.1.
  6. Connect the Ethernet port on AP to your TFTP Server ( Laptop ) DISABLE YOUR FIREWALL
  7. Hold the mode button and power off the AP.
  8. Power back the AP while continually holding the mode button for 20
  seconds.

• ISE 1.2 With WLC and AD

  Hi everyone,
  What is the steps and Procedure implement Wired and wireless authentication with ISE, WLC and AD for a LAB environment. currently the following are done.
  The wireless network is configured with 2 SSID (Staff and Guest) 
  Active Directory, DNS, DHCP, and  NTP configured & synced.
  ISE and AD running on C220 VMs, and WLC is 5760 Appliance.
  Please provide your thoughts and assistance.
  Regards

  You have to implement dot1x and radius between your NAD and ISE device.
  Using the switch 3850, that are the steps: 
  username RADIUS-HEALTH password radiusKey1 privilege 15
  aaa new-model
  aaa authentication login default local
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization auth-proxy default group radius
  aaa accounting update periodic 5
  aaa accounting auth-proxy default start-stop group radius
  aaa accounting dot1x default start-stop group radius
  !this password will be used to communicate with ISE and to verify reachability
  !between ISE and Switch
  aaa server radius dynamic-author
   client 172.16.1.18 server-key 7 radiuskey
   client 172.16.1.20 server-key 7 radiuskey
  ip domain-name lab.local
  ip name-server 172.16.1.1
  dot1x system-auth-control
  interface GigabitEthernet1/0/3
   switchport mode access
   switchport voice vlan 50
   switchport access vlan 10
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action authorize voice
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  ip access-list extended ACL-ALLOW
   permit ip any any
  !the comm between radius and ise will occur on these Port
  ip radius source-interface Vlan100
  logging origin-id ip
  logging source-interface Vlan100
  logging host 172.16.1.20 transport udp port 20514
  logging host 172.16.1.18 transport udp port 20514
  ip radius source-interface Vlan100
  logging origin-id ip
  logging source-interface Vlan100
  logging host 172.16.1.20 transport udp port 20514
  logging host 172.16.1.18 transport udp port 20514
  snmp-server community ciscoro RO
  snmp-server community public RO
  snmp-server trap-source Vlan100
  snmp-server source-interface informs Vlan100
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 10 tries 3
  radius-server vsa send accounting
  radius-server vsa send authentication
  !defining ISE servers
  radius server ISE-RADIUS-1
   address ipv4 172.16.1.20 auth-port 1812 acct-port 1813
   automate-tester username RADIUS-HEALTH idle-time 15
   key radiusKey
  Please be sure that NTP servers and time are synchronized. 
  enable dot1X on windows machine, or using cisco NAM. 
  you can enable debugging on aaa authentication to see the events. 
  you have to create this user on ISE (RADIUS-HEALTH). 
  3850#test aaa group radius username password new-code 
  and observe the result. You are supposed to have user authenticated successfully. 
  You Must also have define these device in ISE on the radius interface.
  ip radius source-interface ..... use this interface ip address to define Ip address of the NAD device in ISE. 
  administration-->network resources -->Network Devices-->Add
  input the name
  input the Ip address for radius communication
  select the authentication settings and field the corresponding shared secret radius key
  select snmp settings and select version 2c. 
  snmp community : ciscoro
  you can customize the polling interval if you want and that all. 
  you are supposed to received message communication between your NAD and ISE. 
  After you can do the procedure for WLC device. 
  I will fill it after you have passed the first steps (3850 authentication). 

• Problem share folder WLC and pc macbookpro

  I am doing a migration from my wireless network in the old network in the PC MacBookPro I can see shared files on the network. But when I connect to the SSID configured on the WLC and I can not see shared files on the network. I have no ACL configured on the SSID.

  Bonjour is a non-routabe multicast based service. A trick I use sometimes is to configure the WLAN to be in hreap mode if the ap is located locally to the target bonjour device.if your running in local mode, make sure they are on the same vlan and global multicast is enabled.
  Sent from Cisco Technical Support iPad App

• Cisco 8510 WLC and RTU licence

  Hi Guys,
  I have a simular issue where is shows the status as active, not-in-use.
  What does this mean and how do I get this to be in use.
  This is a Controller with HA-SKU license.
  The licenses has been inherited from the Primary Controller.
  Any license on HA-SKU controller is disregarded.
  Feature name: ap_count (adder)
  License type: Permanent
  License state: Active, Not-In-Use
  License Nodelocked: No
  RTU License Count: 50
  Hope to hear from you soon.
  Regards,
  Clifton.

  Hi,
  since this is a HA-SKU WLC, and the license is inherited from the active then no need to have a permenant license on it.
  is the HA working fine?
  please review the following link for the HA licensing requirements
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#licensing

• WLC and WCS conflict

  Hi I am currently using 21 X WLC with N+1 Redundancy and 1X WCS with 1000++ of LAP1020. If had been observed that the antenna type and power TX had been changed with no reason. Is there any settings that may affect with AP customized Tx Power and antenna settings other than using the WCS template to push the configure to the APs instead of the WLC.

  Sorry for jumping in on the question with another question but it seemed the right place.
  I have an AIR-CT5508-25-K9 WLC and +25AP license : L-LIC-CT5508-25A.
  As far as I understand it the WLC should already have a 25AP license installed and with the adder license I should have a count of 50 APs.
  However, after installing the adder license the count is still 25.
  Could you please let me know if it's just something wrong in my reasoning or should a case be opened?
  Thank you,
  Barbara

• Cisco wlc and steel belted radius

  we have cisco wlc controller  that have  two ssid  one for user and one for guest
  we need the  user in ssid 1 take user name and password from  user group in active directory through steel belted radiu
  please send to me any integrated guide between cisco wlc and steel belted radius
  regards

  Hi                                                      Mohammad,
  I am unaware of a specific Steel Belted RADIUS intrgration guide for the WLCs, however the configuration process on the controller will be the same:
  Cisco WLC Configuration Guide 7.0 - Configuring RADIUS:
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70sol.html#wp1388328
  You may wish to contact your RADIUS vendor for additional configuration steps on the server.
  Best,
  Drew

• WLC and LDAP

  Hi to all,
  i want to use local-eap+LDAP (microsoft AD) and i'm experiencing some issue.
  First of all i'm not able to bind WLC and LDAP...if a perform a debug aaa ldap enable i get this output:
  Any idea about how to solve this issue?
  Regards
  Ale

  It sounds like .... invalid credentials ? :-)
  Please post your LDAP config on WLC.
  Is your admin username with which you're binding within the search context that you defined ? this is very important