4 Wisms deployment

i have a job to do and you guys support is highly appreciated from me.
i have 2 cisco switches on two seprated chasis
VS-C6509E-S720-10G
and i have 4 wism cards(WS-SVC-WISM-1-K9=)    (SWISMK9-50)
to install 2 on each chassis respectivly and 4 wism means i have 8 controllers each contrller support 150 access points.
i have total number of access point are 600 to install in sevral buildings
i allready configures 1 or 2 contrller in other jobs but this time is something is very bigger than that and i am a little confused.
let me tell you the senario that i will distribute them.
all controllers will communicate to each other in one RF-Group
off coursre there is redundacy for the access points
i have approximatly 42 ssids will be configured on each controller
and number of total building are 7
i want the pruning in ssids like for each building have separate separate ssids and i want just that ssids to broadcast and enable in that building
The question is that if i configure all of them on controllers than contrllers will push all that to each access points right?
How i can disable them for specific building and just broadcast the one that i have for that building only? and how i can do that i mean where i have to configure and what to configure?
Also for redundancy of the access points what is the best practice in my design as per of your knowledge please share with me?
OR anyone can help me to how i have to start for the implementaion of this design with his own experience and ideas? to done this job successfully?
your reply will be highly appreciated.
thanks

all controllers will communicate to each other in one RF-Group
Cisco doesn't recommend this.
i have approximatly 42 ssids will be configured on each controller and number of total building are 7i want the pruning in ssids like for each building have separate separate ssids and i want just that ssids to broadcast and enable in that buildingThe question is that if i configure all of them on controllers than contrllers will push all that to each access points right?How i can disable them for specific building and just broadcast the one that i have for that building only? and how i can do that i mean where i have to configure and what to configure?
AP Group is your best candidate to achieve this.
Also for redundancy of the access points what is the best practice in my design as per of your knowledge please share with me?
1.  Make sure each chassis is located in different location, different power feed source (aside from UPS/generator).
2.  Make sure your links have redundant dark fibre.
3.  Configure Primary and Secondary controller on your WAPs where the secondary controller is a controller found in the opposite chassis.

Similar Messages

  • WISM Deployment

    Dear all
    i hope your doing well,
    i have a university project for unified wireless network deployment
    there i have two 6500 series two core switches
    i have four wism card to install in that chassies and have 800 ap of 1242 series
    actually i did wlan setup before but just used only one controller but it is something bigger than that all i did before
    and i have to configure redundency for all wisms
    now i am wonder that what i ll do to build proper setup for that wlan
    as i know i need 8 subnets for per wism 2 for management and 8 for ap manager as well.
    and the configuration will be same on all wisms as per i ll configure on one controller in one wism.
    for the redundency for sure i have four controllers on each chassis i will let joine half amount of ap to one wism and other half to another wism.
    but for redundency what is best practice to do for?? should i have to let join some aps to one and the some to second and the some to third vice versa.
    or there is any other technice to do that please help me on this this is very urgent for me because i have to start implementation the next coming week.
    OR if any one has any kind of documentation that will help me to do that in easy steps please share with me?
    i will be very thankfull to you for your help.

    so than 2 wisms cards on each chassis are perfet for all those APs
    If I had a network like this, then I'd still consider <580 APs as "cutting it too close".  I'd prepare a third WiSM on one chassis and a total of three WiSM on 6500-2.
    yes i agree with you to use 2 wisms on each chassis like 6500-1 primary  and 6500-2 secondry and put all aps in primary wisms on 6500-1 and also put them in other 6500-2 secondry for back up, once the primary core or the wisms are in this chassis will be fail or down than auto matically the APs will associate to the other chassis's wisms.
    But what happens if your entire chassis goes down?  In this particular situation, there is no clear-cut answer.  There are a number of good bar-fight arguments here.  For example, management might be amicable for an entire blade failure but due to some constraints, like budget, they are willing to "look the other way" in case a chassis failure should happen (knock on wood).
    but here i have small confusion that if only one wism will fail on primary than what about only one will get active from the secondry one?
    Dude, that easy!  Before I answer your question, I'm going to give you a "disclaimer".  I am very happy to talk to you about this if your firmware is the latest 4.X and 6.X or any in the 7.X.  I won't discuss anything in the 5.X range because it's a waste of time as I've already pulled all of my hair out.
    Here goes.  Cisco firmwares have a feature called "High Availability".  They can be configured in several ways:  the traditional CLI, per AP or globally.  Basically you can "tell" the AP that "in case there's a failure of the primary controller, go to the secondary.  If the secondary and primary controller fails, go to the tertiary controller.  If the primary or secondary controller recovers and you are the tertiary controller, swing across."
    Configuring Backup Controllers

  • WiSM and ACS frequen reauthentications

    We have a WiSM deployed. The WLANs use WPA2 and the session timeout is set to default (1800). The ACS is set to authenticate the LEAP clients against a windows AD server.
    Clients can associate to the WLAN without any trouble. But they need to reauthenticate every minute although the signal is stable. The clients do not notice this. The only trouble we have is that there are tons of entries (150 clients reauthenticating every minute :D ) in the ACS and the Controller log says twice a day that the ACS stopped responding for a short period of time.
    I think this could be a setting in the ACS or the trouble might come from the backend DB. What do you think? What could I do to get this down to an acceptable level?

    Check the user group properties in the ACS that your wireless users are authenticating against... there is a property near the bottom called "ieee session timeout" or something to that effect (in seconds)
    If you don't see this property then you will have to add it via the ACS services menu

  • Dynamic VLAN assignment with WLC and ACS for

    Currently, using our autonomous APs and ACS, our users get separate VLANs per building based on their security level (students or staff). Basically, the student VLAN in one building is different from that of the student VLANs in other buildings on campus. Currently, we do this by filling the Tunnel-Private-Group-ID IETF RADIUS attribute with the VLAN name. This all works because each individual AP can map VLAN names to different VLANs like this:
    dot11 vlan-name STUDENT vlan 2903
    dot11 vlan-name FACSTAF vlan 2905
    As we are working on our WiSM deployment, we see that the document below shows how to do the dynamic VLAN assignment on our WLAN controllers:
    http://www.cisco.com/en/US/customer/products/sw/secursw/ps2086/products_configuration_example09186a00808c9bd1.shtml
    However, we haven't figured out if it's possible to still provide our users with different VLANs for each building they're in.
    With the instructions above, it looks like ACS uses a Cisco RADIUS Attribute to indicate the Air-Interface-Name, mapping an ACS/AD group to a single WLC interface which can only have one VLAN/subnet associated with it.
    Does anybody know if what we're trying to accomplish is possible, or if we're really stuck with only one VLAN/subnet per mapped ACS group?

    We only have the one WiSM for all of campus, so it's handling everything. This Cisco docs do indicate how to put differnet users in different Vlans, but we don't currently see a way to also put them in different subnets per building.
    This being the case, any suggestions on how best to handle more than a Class C subnet's worth of users? Should we just subnet larger than Class C, or is there a more elegant way of handling this?

  • WISM and AP homing

    Hi
    We have just deployed approx 290 AP's and we have three WISM's (A,B,C) with 150 primary to A (secondary is B), 150 primary to B (secondary is A).
    Ignoring the fact that there are two controllers per WISM, when we shut WISM A down we get approx 250+ on B and the rest on WISM C.
    This number varies but we never manage to get all 290 AP's on WISM B. Its as if WISM B is so busy that numerous AP's give up and try something else.
    The interesting thing is we have NOT coded WISM C into any AP configs.
    So my questions are:
    1. Why haven't all 300 AP's managed to register with WISM B (as coded).
    2. If WISM C has been learnt by some other means is this expected behaviour to register to any WISM even if its not in your primary/secondary/tertiary settings.
    This is not how I understood it should work from Cisco. I do not want these particular AP's to register to WISM C. On the flipside, I could understand the rationale of wanting an AP to register to any controller if possible rather than be isolated.
    Has any one had similar experiences ?
    Are there any plans to prioritise which AP's can register to a controller i.e. If I had 310 AP's but only the backup capacity for 300 it would be nice to have a feature to predict which of the 300 register rather than the unpredicatable method of present.
    regards
    Paul

    I have deployed aprox 350 aps, since they are divided up among three different campuses, we never had one with more that 120 aps, recently we added 50 more aps, but one of the controller maxed out at 150, the other controller has failed to respond to the aps even though dhcp option 43 has its ip address configured.
    how were you able to have the aps load balance or fail over to the secondary controller.

  • WiSM-A and -B communication problem

    I am deploying a 6509-WISM with 120 x 1130 APs running 4.1.181.0. Both controllers (A and B) are configured as LWAPP Layer 3 mode with he same mobility and RF domain. The APs use DHCP to obtain their IP through option 43. All APs register only to WiSM-B and none go to WiSM-A. I even tried configuring the Primary and Secondary Controller with WISM-A only and the APs are still only registering to WiSM-B only. Any advice would be greatly appreciated.

    Hi Chris,
    Since I restarted both controllers this morning, here are the only messages that show up in the log.... There should be more than that as far as I am concerned.+
    Aug 24 15:20:39.932 hwutils.c:2159 INIT-0-MSGTAG007: Security Module not found.
    Aug 24 15:20:39.161 bootos.c:874 INIT-0-MSGTAG001: Starting code...
    We are also looking at the arp table on the default gateway and there is a MAC that is not making sense. On WISM-A ap-manager interface, the AMC shows up as being 001b.243d.a9f6 which is a Quanta Computer MAC..... but should be showing as a Cisco one. Will let you know.
    Any thoughts?
    Thanks

  • Does WiSM 6.0.196.0 suport AIR-LAP1131AG-N-K9 in H-REAP mode

    Hello,
    I have WiSMs running code version 6.0.196.0. I have to deploy AIR-LAP1131AG-N-K9 in H-REAP mode.
    Q1. Does AIR-LAP1131AG-N-K9 require CAPWAP or can run off of LWAPP?
    Q2. Does anyone know how to find out if a WLC is running LWAPP or CAPWAP?
    Q3. If one has to convert LWAPP to CAPWAP, how is it done?
    Thanks
    Bo

    Hi,
    Q1. Does AIR-LAP1131AG-N-K9 require CAPWAP or can run off of LWAPP?
    A1. The AP will run CAPWAP as soon the WLC is running a CAPWAP image. There is nothing special to do on the AP, once it joins the WLC, the WLC will check the image on the AP and if using a diferent one, the WLC will push the correct image to the AP that matchs the WLC version.
    Q2. Does anyone know how to find out if a WLC is running LWAPP or CAPWAP?
    A2. CAPWAP was introuduced in WLC version 5.2 and all versions above are running CAPWAP software.
    •If  your firewall is currently configured to allow traffic only from access  points using LWAPP, you must change the rules of the firewall to allow  traffic from access points using CAPWAP.
    •Make  sure that the CAPWAP UDP ports 5246 and 5247 (similar to the LWAPP UDP  ports 12222 and 12223) are enabled and are not blocked by an  intermediate device that could prevent an access point from joining the  controller.
    •If  access control lists (ACLs) are in the control path between the  controller and its access points, you need to open new protocol ports to  prevent access points from being stranded.
    Q3. If one has to convert LWAPP to CAPWAP, how is it done?
    A1. On the APs nothing has to be done. Once the WLC is running CAPWAP software, it will automatically push the corresponding AP software to the AP.
    WLC runs CAPWAP if the software version is earlier then 5.2. WLC version 5.2 and all versions above are running CAPWAP software.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Internal DHCP on WiSM

    Hi all!
    Tell me, please.
    Can I use internal DHCP server for my APs ?
    I have next syslog message from Wism :
    "DHCP-6-MSGTAG094: Dropping packet from 10.77.114.250 (unable to match to adhcp scope)"
    10.77.114.250 it is inerface DHCP Relay.
    The debug show next:
    >Tue Nov 13 17:01:32 2007: 00:0a:b8:3b:0b:02 dhcpProxy: Received packet: Client 00:0a:b8:3b:0b:02
    DHCP Op: BOOTREQUEST(1), IP len: 576, switchport: 29, encap: 0xec00
    Tue Nov 13 17:01:32 2007: 00:0a:b8:3b:0b:02 dhcp option len, including the magic cookie = 340
    Tue Nov 13 17:01:32 2007: 00:0a:b8:3b:0b:02 dhcp option: received DHCP DISCOVER msg
    Tue Nov 13 17:01:32 2007: 00:0a:b8:3b:0b:02 dhcp option: skipping option 57, len 2
    Tue Nov 13 17:01:32 2007: 00:0a:b8:3b:0b:02 dhcp option: skipping option 61, len 7
    Tue Nov 13 17:01:32 2007: 00:0a:b8:3b:0b:02 dhcp option: skipping option 12, len 16
    Tue Nov 13 17:01:32 2007: 00:0a:b8:3b:0b:02 dhcp option: skipping option 55, len 8
    Tue Nov 13 17:01:32 2007: 00:0a:b8:3b:0b:02 dhcp option: vendor class id = Cisco AP c1200 (len 14)
    Tue Nov 13 17:01:32 2007: 00:0a:b8:3b:0b:02 dhcpParseOptions: options end, len 340, actual 65
    Tue Nov 13 17:01:32 2007: 00:0a:b8:3b:0b:02 Received a DHCP Request from Gateway 10.77.98.62 for STA 00:0a:b8:3b:0b:02
    -- bouncing to local DHCP server.
    Tue Nov 13 17:01:32 2007: dhcpd: sending 301 bytes raw 10.77.114.250:67 -> 10.77.97.51:1067
    Tue Nov 13 17:01:32 2007: dhcpd: Received 301 byte dhcp packet from 0x0a4d72fa 10.77.114.250:67
    Any idea ?
    Thanks in advance,
    Basil

    The design in principle is correct, you will need to ensure that there is a way of delivering the controller IP addresses to the access point, either by dns, DHCP option 43 (not support on the internal DHCP server)or by pre staging the APs prior to deployment.
    You can use the internal DHCP server for wireless clients by defining itself as the DHCP server address under interface.
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml
    http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809d5097.shtml
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
    Hope this helps

  • 5508 to join with 2 Wism's as backup

    Dear Folks,
    I have a facility, where all the access points almost 250 of them are connected to two WisM's (One in each core switch ) . They are running in 6.0.199 firmware . These two WisM's are managed by WCS , which is running 6.0.188.
    As i need to add more access points and to make fully redundant , 5500 controller was ordered and it has with firmware 7.0 installed. Couple of queries related with it .
    1. Can 5500 be added in the WLC group, so that existing Access Points can be configured to use primary controller as 5500 and secondary / tertiary controller as WISM ?
    2. Will 5500 be able to be detected by WCS , as the version of 5500 is 7.0 and WCS version is 6.0.188 ?
    3. As WCS was already deployed and live, is it possible to upgrade, if the client has support contract like SUSA ?
    Appreciate your kind help and support .
    Regards,
    SID

    Thanks Scott for your valuable reply .
    Two more queries please,
    1. I saw in 5500 controller with two images installed by default,  one is 7.0 and other one is backup recovery image , which is 6.0.199 , can we boot the controller with that image , or we should directly downgrade it from 7.0 to 6.0.199
    2. With an existing service contract, is it possible to reinstall WCS with an upgraded version, as i understand , license would be tagged with the Computer's hostname , right

  • VLANs for the WiSM

    Hi Everybody,
    we followed the cisco layered model in our campus design where we have 6500 switch at the core, 4500 at the distribution and 3750 at the access layer.
    The connectivity between the core and the distribution is layer 3, the connectivity between the distribution and access layer is layer 2.we have all the intervlan routing on the distribution switches.we have recently installed two WiSM controllers in our core and planning to deploy light weight access points.
    we want to use the exiting VLANS that we created for the wired users on the distribution switch for Wireless LAN users . I wanted to know if this is possible because as the dynamic interfaces for the Wireless VLANS would be created on the WiSM that is on the core switch and as the dynamic interface are like SVIs for the Wireless VLANS.
    Secondly i wanted to know what does it mean to assign a VLAN to the WiSM
    Regards,
    Ahmed Zubedi

    I would recommend keeping the wired vlan separate from the wireless vlan.
    You need to assign a vlan for the service port of the controllers. This is local to the 6500 and is not routeable. This is how the controllers talk to the 6500. I normally do like a 192.168.1.x

  • Layer 3 and WISM failure

    Hi
    I'm designing a relatively large wireless deployment and it has been sized for approx 4K users.
    The network is to be layer3 with the intent of using AP groups to reduce the size of the broadcast domain.
    Are these assumptions then correct:
    1. During the failure of a WISM, all AP's reboot and reconnect to the secondary WISM. Clients reassociate and request new IP addresses from the new subnet.
    2. If 1. is correct then it is safe to presume that with a third controller I would need 4K * 3 = 12K addresses (worse case).
    3. As I am unlikely to be allocated 12K addresses the workaround would be to place all the WISM's AP interfaces into the same VLAN (layer2) so DHCP scope remains the same, and keep layer3 between WISM and AP's.
    Thanks in advance.
    Paul

    Hi paul,
    1. During the failure of a WISM, all AP's reboot and reconnect to the secondary WISM. Clients reassociate and request new IP addresses from the new subnet.
    A)The Cisco WiSM consists of two Cisco 4404 controllers; therefore, the IT staff must be aware that two separate controllers exist on a single module. The first controller is considered the WiSM-A card, while the second controller is considered the WiSM-B card. Interfaces and IP addressing have to be considered on both cards independently. WiSM-A manages 150 access points, while WiSM-B manages a separate lot of 150 access points. These controllers can be grouped together in a mobility group, forming a cluster,So the WISM will provide the L3&L2 fast roaming,And ther will not be any downtime for clients.Client will automaticaly get registed in another controller immmedatly.
    Pls refer the belwo mentioned URL,it may help you.
    http://www.cisco.com/en/US/products/hw/modules/ps2706/prod_technical_reference09186a0080702fe2.html
    I hope this will you..
    Thankx&Regds
    saji k.s
    DOHA

  • How many APs Can I join a WLC 4402 and WiSM?

    I have a WLC with 20 APs joined into the same management VLAN and
    I'll deploy other campus with 240 APs and 2 WiSMs Blade.
    Is there any recomendation about how many APs Can I put on the same management VLAN?
    thanks a lot

    Cisco recommends 60 - 100 access points per vlan. Attached is the best pratices document
    https://cisco.hosted.jivesoftware.com/docs/DOC-4204

  • WiSM Design Questions

    I am considering moving my WLAN off of the 4400 controller infrastructure and onto a WiSM architecture. I have to pretty much double my AP density for our RFid initiative.
    I have a couple questions as I am thinking this through.
    1 - Can I slot these WiSM modules into a 6500 distribution switch with other non-wireless modules in it. Our distribution 6500s serve our wired access switches. Is there a requirement to have WiSMs in their own chassis? Any best practice advice is appreciated.
    2 - Can the WiSM form EoIP tunnels and Guest Tunnels with 4400 series controllers? I have two 4402 guest anchor controllers that I would like to continue to use for our wifi guest solution. If I go to the WiSM will these need to be replaced? Or can I use them exactly as I am now by just having them form Guest Tunnels with the WiSMs.
    Thanks
    Chuck

    the controller on a design standpoint should be on the distribution layer. Access layer is OK, but it may involve some more troubleshooting when an AP can not join the controller, in my opinion. It may make sense, according to what your design is.
    It can be convenient to have wism in cat6k. I have seen setups with for example 6 WiSM blades in the same switch, that is 12 controllers.
    You can run any code you would like that is available on CCO:
    http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Wireless+Services+Modules+%28WiSM%29+Software&mdfid=280103774&treeName=Wireless&mdfLevel=SERIES&url=null&modelName=Cisco+Catalyst+6500+Series%2F7600+Series+Wireless+Services+Module+%28WiSM%29&isPlatform=N&treeMdfId=278875243&modifmdfid=null&imname=&hybrid=Y&imst=N
    Codes from 3.2 to 6.0 are posted there. Make sure to go over the release notes, when deciding on a version of controller, as this will list new features and caveats. I dont recommend you to run anything below 4.2.130.0 code.
    As far as why to choose WiSM or WLC, there quite a few white papers and deployment guides, that will give you a good picture of the environments:
    WiSM:
    http://www.cisco.com/en/US/products/ps6526/index.html
    4404:
    http://www.cisco.com/en/US/products/ps6366/index.html
    Q&A on WISM:
    http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6526/prod_qas0900aecd8036434e.html
    Release notes:
    http://cisco.com/en/US/products/ps6366/prod_release_notes_list.html

  • WiSM compatibility with 3600 series APs

    Hi All,
    We have WiSM cards installed at rel 7.0.116.0 currently and i'm wondering if they'll support the newer 3602I & E AP variants.
    I think I know the answer to this already but, before you ping the release notes over to me for he later revision of WiSM2 software, I'm curious to know if anyone has actually TRIED to use the 3602 series with eh older WiSM cards? 
    We have just deployed 14 of the newer APs and i'm having a sinking feeling over whether or not i'll need the cabling guys to swap them all out!!!
    HELP!

    The 3602's don't support any code that the WiSM can use. v7.2 is required for the 3600 and the WiSM 2, 5508, 2504, 7500 and 8500's will support these AP's. The Converged access wlc's will also too.
    Here is a compatibility matrix for all wireless equipment.
    http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
    Sent from Cisco Technical Support iPhone App

  • WiSM & AP Newbie

    I have 2 WiSM modules, and plan to implement redundancy. I also have a bunch of AP's (1200 series). I've been reading documents on WiSM, and these are the points I got out of those documents, and I'd like to confirm:
    -it appears that WiSM supports only LWAPP, is this correct?
    - If yes, we have to convert our AP to LWAPP capable software, right?
    Thanks
    -B

    Hi B,
    Here are some docs to help with this design and deployment;
    Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode
    http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp161272
    Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00806a426c.shtml
    LWAPP Upgrade Tool Troubleshoot Tips
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008072d9a1.shtml
    This is an excellent doc;
    Configuring a Cisco Wireless Services Module
    http://www.cisco.com/en/US/docs/wireless/technology/wism/technical/reference/appnote.html
    Hope this helps!
    Rob

Maybe you are looking for