5508 1142 H-Reap anyone?
Hello,
Does anyone have a 5508 controller with 1142's setup in H-Reap mode with wpa2/aes/psk authentication?
No matter what configuration i try I cannot get a client connected if the access point is communicating with the controller. As soon as I disable/block the access point from communicating with the controller, the client can connect.
Has anyone else come across this problem? Could anyone else verify the same thing I have?
Thanks,
Dan.
An 1142 access point in hybrid-REAP mode sometimes enters stand-alone mode. If the access point is rebooted while in stand-alone mode, the 802.11a radio changes to a different channel than the one configured by the controller after a few minutes.
Similar Messages
-
Mapping Multiple VLANs to Multiple SSIDs as one-one in WLC 5508 via H-REAP?
Hi All,
Can anyone please show me how to map a SSID/WLAN ID to a local vlan of a LAP in WLC 5508 using H-REAP local switched? The reason of doing this is to separate Data subnet/traffic from Voice as currently all 7925 handsets using same SSID as PCs. I would like to create two VLANs on APs and map them to two SSIDs. I could not see any option in WLC5508 to do this. Also when I change the AP mode from H-REAP to local and configuring sub interface using dot1q on the interface Gi0 then unable write running-config to startup-config because I get NVRAM Verification Failed as WLC protects any local changes on any registered LAP at NVRAM.
Your help is much appreciated.Mehdi:
I am talking about HREAP groups, not AP groups.
You can not achieve what you want if you are using the same SSID on same AP with only a WLC (same AP with same SSID is mapped to different VLANs). You may need a radius server to dynamically assign a VLAN to the clients if you are using same SSID for data and voice.
If you are using different SSIDs for voice and data, you can map each SSID to its corresponding VLAN on the remote site using the VLAN mapping option under HREAP tab in the AP config page.
You can not configure the AP from its console. Lightweight APs can only be configured from the controller. (a few exceptions are available that do not apply here) .
HTH
Amjad
Rating useful replies is more useful than saying "Thank you" -
We did wireless coverage testing using some 1142 units in autonomous mode, and got a satisfactory result, but upon converting these test units to Lightweight and adding them to our WLC5508 controller, the coverage has decreased noticably. Does anyone know of any tips or tricks to getting lightweight 1142 APs to have a range as far as the same hardware with autonomous firmware?
Just like Leo prompted, the transmit power could be the issue.
You check the transmit power on the APs. what is it?
You can check that from the radio settings.
Check this: http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70rrm.html#wp1099018
If the power level is not 1 (maximum) then it can be increased to reflect better coverage area. Howeber, if the WLC choose automatically to use power level less than the maximum this would indicate that the coverage is a satisfactory without the need to transmit with the max power available.
You check your settings and let us know.
HTH
Amjad -
Machine Certificate will not be recognized
Hi All, i have a Setup as Follows
- 5508/1142
- heterogenous Client with WZC, XP, SP3, SSO
- ACS 5.2, MS AD
Target is Songle Sign On wih Machine Cerificates against AD. For testing purpose we tested with EAP-PEAP/MS Chapv2 and Machine Auth, works fine. Now we installed a Machine cert in the Machine cert Store (no User Cert) and reconfigured the WZC for using certs and Machin Auth. What we see is an Error Message in the System Tray that there is no certificate available. We checked it again, the MMC shows us a Machine cert in the Store.
Where am i wrong, any help welcome.
BR, MichaelHi Michael,
This is how it works when you select the certificate method under the WZC:
Computer authentication works only before logon
By default, after logon, only user authentication works. This means that each user on the system needs a certificate (!) including administrator This can be overridden by AuthMode=2, but this is system-wide, implying that for a different wireless network user authentication won't work either. So AuthMode is not an option (except the computer is only used in one 802.1X network)
This implies too that as soon as there is a computer certificate and no user certificate the network just does not work!
This way it is not possible to use e.g. EAP-TLS with certificates for computers and PEAP-MSCHAPv2 with username/password for users
So if you wish to use certificate based authentication for the machine, you need to use also for user authentication (using WZC).
If you have both user and machine certificate, then after installing the certs, reboot the machine and verify if it works.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
If you drilll down in the POODLE security advisory ( Advisory ID: cisco-sa-20141015-poodle) into the Affected products and then to the vulnerable produst and almost at the end you find
Cisco Wireless LAN Controller (WLC) [CSCur27551]
If you open up this bug report it ONLY identifies and lists the 5508. So... does this mean that none of the other controllers such as the 4400.2500, WiSM and WiSM2 are effected? Kind of difficult to beleive since they are are interrelated (at least the 5508 and WiSM2).
Anyone know?
Thanks!Hmmm, two answers for which WLC's are vulnerable, both marked correct and contradicting each other. I have to wonder why Cisco only listed the 5508 in the bug report and only listed 2 versions of RTOS. I hate to make assumptions even if they seem to make sense so hopefully Cisco will update and revise the advisory...
Thanks! -
H-REAP OfficeExtend issue with 1142 on 5508
I am trying to setup an 1142 as an office extend AP with a 5508 controller, but have not yet been successful...
The AP joins the controller across the internet and through the firewall fine, and I see clients probing the AP, but none will associate.
If I look at the log on the AP, I see it joining the controller and the DTLS tunnel coming up:
*Dec 23 14:15:49.592: %CAPWAP-5-CHANGED: CAPWAP changed state to UP
*Dec 23 14:15:49.772: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller SVB_WLC04
*Dec 23 14:15:49.825: %CAPWAP-5-DATA_DTLS_START: Starting Data DTLS handshake. Wireless client traffic will be blocked until DTLS tunnel is established.
*Dec 23 14:15:49.826: %LWAPP-3-CLIENTEVENTLOG: SSID SVBDATA01 added to the slot[0]
*Dec 23 14:15:49.988: %LWAPP-3-CLIENTEVENTLOG: SSID SVB Public added to the slot[0]DTLS keys are plumbed successfully.
*Dec 23 14:15:50.041: %CAPWAP-5-DATA_DTLS_ESTABLISHED: Data DTLS tunnel established.
*Dec 23 14:15:50.042: %LWAPP-3-CLIENTEVENTLOG: SSID SVBDATA01 added to the slot[1]
*Dec 23 14:15:50.083: %LWAPP-3-CLIENTEVENTLOG: SSID SVB Public added to the slot[1]
*Dec 23 14:15:51.337: %WIDS-5-ENABLED: IDS Signature is loaded and enabled
but then a few minutes later I get this error repeatedly:
*Dec 23 15:15:59.917: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 23 15:15:59.917: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230
*Dec 23 15:18:58.998: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 23 15:18:58.998: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230
*Dec 23 15:28:00.001: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 23 15:28:00.001: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230
*Dec 23 15:28:00.090: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 23 15:28:00.090: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230
*Dec 23 15:36:59.918: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 23 15:36:59.918: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230
OfficeExtend#
The 5508 is running 7.0.220.0 code.
I am NATing the internal controller's management interface to 65.121.114.230 on my firewall. The AP has a Public IP statically assigned to it and the rules set in the firewall allow all ports between this AP and Controller (at least for now until the testing is complete).
I have H-REAP enabled for the AP mode, and Enable Office Extend AP is checked under the H-REAP tab.
I have tried this with H-REAP Local Switching both enabled and disabled...no change in the log.
I have tried this with Data Encryption enabled and disabled...no change in the log.
I even disabled the radios on the AP temporarily and still see the message in the log...
Anyone have an idea of what this error means, or what I am missing to get this to work?
Thanks in advance...You need to set the Public IP address that the traffic is getting NATTED to on the Interface Config on the controller, as that address gets embedded in the CAPWAP response from the controller to the AP as well. You also need to enable the checkbox that turns on NAT.
A good reference is here : http://jenniferhuber.blogspot.com/2011/11/configuring-3500-series-access-point-as.html
Please remember to rate helpful posts or to mark the question as answered so that it can be found later. -
WLC 5508, SW 6.0.199.4, 1142 AP: Clients getting dropped intermittently
We have deployed a WLC 5508 w/ SW version 6.0.199.4, 1142 AP's & open authentication w/ MAC filtering. Clients are randomly getting dropped with "Limited Access" shown in Win 7. In this state, the client machine is unable to ping the gateway and sometimes lose their DHCP assigned IP as well. A manual disconnect/re-connect to the SSID is required everytime.
I ran a debug on one the clients stuck in the "Limited Access" state (debug client xx:xx:xx:xx):
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Adding mobile on LWAPP AP 3c:ce:73:c5:1e:b0(0)
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 23) in 5 seconds
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 apfProcessProbeReq (apf_80211.c:4722) Changing state for mobile e0:91:53:60:1f:e4 on AP 3c:ce:73:c5:1e:b0 from Idle to Probe
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.225: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.225: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.646: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.646: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.666: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.666: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:28.553: e0:91:53:60:1f:e4 apfMsExpireCallback (apf_ms.c:418) Expiring Mobile!
*Apr 15 16:59:28.554: e0:91:53:60:1f:e4 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [3c:ce:73:c5:1e:b0]
*Apr 15 16:59:28.554: e0:91:53:60:1f:e4 Deleting mobile on AP 3c:ce:73:c5:1e:b0(0)
On doing a manual re-connect, got the following logs:
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Association received from mobile on AP b8:62:1f:e9:9f:30
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying site-specific IPv6 override for station e0:91:53:60:1f:e4 - vapId 7, site 'Academy', interface 'students'
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying IPv6 Interface Policy for station e0:91:53:60:1f:e4 - vlan 15, interface id 14, interface 'students'
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying site-specific override for station e0:91:53:60:1f:e4 - vapId 7, site 'Academy', interface 'students'
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1276)
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [b8:62:1f:e5:6a:90]
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 Updated location for station old AP b8:62:1f:e5:6a:90-0, new AP b8:62:1f:e9:9f:30-0
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 apfProcessAssocReq (apf_80211.c:4268) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from Probe to AAA Pending
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 20) in 10 seconds
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 START (0) Initializing policy
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP b8:62:1f:e9:9f:30 vapId 7 apVapId 2
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 apfPemAddUser2 (apf_policy.c:213) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from AAA Pending to Associated
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 49) in 65535 seconds
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Including FT Mobility Domain IE (length 5) in Initial assoc Resp to mobile
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Sending Assoc Response to station on BSSID b8:62:1f:e9:9f:30 (status 0) Vap Id 2 Slot 0
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 apfProcessRadiusAssocResp (apf_80211.c:1957) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from Associated to Associated
*Apr 15 17:01:38.189: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
*Apr 15 17:01:38.189: e0:91:53:60:1f:e4 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0, mobility state = 'apfMsMmQueryRequested'
*Apr 15 17:01:39.953: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4166, Adding TMP rule
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP b8:62:1f:e9:9f:30, slot 0, interface = 13, QOS = 0
ACL Id = 255, Jumbo F
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 Sent an XID frame
*Apr 15 17:01:40.807: e0:91:53:60:1f:e4 Orphan Packet from STA - IP 169.254.201.128
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP processing DHCP DISCOVER (1)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 1280, flags: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP processing DHCP OFFER (2)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 0, flags: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 10.6.2.160
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP successfully bridged packet to STA
*Apr 15 17:01:43.240: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 316, port 13, encap 0xec03)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP processing DHCP REQUEST (3)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 1280, flags: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP requested ip: 10.6.2.160
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP processing DHCP ACK (5)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 0, flags: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 10.6.2.160
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 DHCP_REQD (7) Change state to RUN (20) last state RUN (20)
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Reached PLUMBFASTPATH: from line 4972
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP b8:62:1f:e9:9f:30, slot 0, interface = 13, QOS = 0
ACL Id = 255, Jumbo Frames = NO,
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Successfully plumbed mobile rule (ACL ID 255)
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 Assigning Address 10.6.2.160 to mobile
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 DHCP successfully bridged packet to STA
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 Added NPU entry of type 1, dtlFlags 0x0
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 Sending a gratuitous ARP for 10.6.2.160, VLAN Id 15
*Apr 15 17:01:46.428: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
*Apr 15 17:01:46.428: e0:91:53:60:1f:e4 DHCP processing DHCP INFORM (8)
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP xid: 0xbb0d5d87 (3138215303), secs: 0, flags: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP ciaddr: 10.6.2.160, yiaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP processing DHCP ACK (5)
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP xid: 0xbb0d5d87 (3138215303), secs: 0, flags: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP ciaddr: 10.6.2.160, yiaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
show client e0:91:53:60:1f:e4 (after re-connect)
(Cisco Controller) >show client detail e0:91:53:60:1f:e4
Client MAC Address............................... e0:91:53:60:1f:e4
Client Username ................................. N/A
AP MAC Address................................... b8:62:1f:e9:9f:30
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 7
BSSID............................................ b8:62:1f:e9:9f:31
Connected For ................................... 105 secs
Channel.......................................... 11
IP Address....................................... 10.6.2.160
Association Id................................... 8
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 65535
Client CCX version............................... No CCX support
QoS Level........................................ Silver
Diff Serv Code Point (DSCP)...................... disabled
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
U-APSD Support................................... Disabled
Power Save....................................... OFF
Current Rate..................................... m7
Supported Rates.................................. 1.0,2.0,5.5,11.0,6.0,9.0,
............................................. 12.0,18.0,24.0,36.0,48.0,
............................................. 54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
Interface........................................ students
VLAN............................................. 15
Quarantine VLAN.................................. 0
Access VLAN...................................... 15
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 1
Fast BSS Transition........................ Not implemented
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 36509
Number of Bytes Sent....................... 32902
Number of Packets Received................. 300
Number of Packets Sent..................... 66
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Key Msg Timeouts............. 0
Number of Data Retries..................... 95
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 1
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -66 dBm
Signal to Noise Ratio...................... 29 dB
Nearby AP Statistics:
APSOEBFF_COR3(slot 0) .....................
antenna0: 50 seconds ago -91 dBm................. antenna1: 50 seconds ago -76 dBm
APSOEAFF_FAC(slot 0) ......................
antenna0: 108 seconds ago -89 dBm................ antenna1: 108 seconds ago -87 dBm
APSOEBGF_FAC(slot 0) ......................
antenna0: 50 seconds ago -82 dBm................. antenna1: 50 seconds ago -71 dBm
APSOEBGF_STAFF(slot 0) ....................
antenna0: 49 seconds ago -74 dBm................. antenna1: 49 seconds ago -58 dBm
WLAN config
WLAN Identifier.................................. 9
Profile Name..................................... STAFF
Network Name (SSID).............................. STAFF
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 32
Exclusionlist.................................... Disabled
Session Timeout.................................. Infinity
CHD per WLAN..................................... Disabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ staff
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled (Global Infrastructure MFP Disabled)
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
HELPPPP!We have 75 evenly distributed AP's servicing the 500 odd users. Found the below traps on WLC. I was making some changes in the WLAN settings at the time:
Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:8c:a9:82:5d:d2:dc Base Radio MAC :3c:ce:73:c6:fe:00 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
106 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:58:94:6b:f2:24:c8 Base Radio MAC :c8:f9:f9:4c:01:30 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
107 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:bc:77:37:72:dc:0b Base Radio MAC :3c:ce:73:c6:53:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
108 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:00:26:c7:7d:12:76 Base Radio MAC :3c:ce:73:c4:79:80 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
109 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:bc:77:37:75:1f:93 Base Radio MAC :c8:f9:f9:2b:85:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
110 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:ac:72:89:58:8e:b9 Base Radio MAC :3c:ce:73:c6:53:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
111 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:bc:77:37:26:cd:e3 Base Radio MAC :3c:ce:73:c5:1f:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
112 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:ac:72:89:25:ea:e0 Base Radio MAC :3c:ce:73:c6:77:70 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
113 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:00:24:2c:6a:85:3d Base Radio MAC :3c:ce:73:c6:6a:50 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
114 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:68:5d:43:61:16:51 Base Radio MAC :3c:ce:73:f6:0c:20 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
115 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:7c:d1:c3:8a:64:f6 Base Radio MAC :3c:ce:73:c4:74:20 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2 -
WLC 5508 H-REAP config problem
Hello,
I have a problem with H-REAP configuration.
I have a 5508 controller in HQ and a lot of 1242 lap in remote sites.
I have only one SSID (used only in remote sites) and only default vlan 1 in all sites.(a big subnet for every site).
I created only one WLAN on WLC, map it to the management interface (cause there is no need for a dynamic interface cause i will not use SSID locally, i want clients to receive an ip address from the subnet they are trying to connect to), I enabled "H-REAP switching local" from Advanced tab and also from Wireless Tab -> AP->Details-> enable vlan mapping with native vlan 1.
The problem is the AP are registered with the controller, i have L3 connectivity btw controller and AP and also clients cant see any SSID when trying to connect to AP.
The DHCP server is in HQ.
The port where APs are plugged in are trunk.
Am I missing smth?
Any help will be really appreciated.
Best regards,The problem that we ran into was having the WLAN ID above 8 apparently the 1131, 1242, 1252 cant use WLAN IDs above 8 when utilizing HREAP. Try pulling the WLAN ID down to 8 or below and see if that fixes things.
Local Switching:
A WLAN on H-REAP is said to operate in local switching mode if the data traffic of that WLAN terminates locally at the wired interface of the LAP itself, without getting tunneled to the WLC.
Note: Only WLANs 1 through 8 can be configured for H-REAP Local Switching because only these WLANs can be applied to the 1130, 1240 and 1250 Series APs that support H-REAP functionality.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml#conf -
WLC 5508 - upgrade image + H-REAP
All, good day.
I have a bug reported (CSCsy23704) for the H-REAP functionality. This sunday I will perform an image upgrade to try to solve this issue.
What would it be the best image to go for?.
After the upgrade, what will happen with the APs?, should I reconfigure them or they will enter in contact with the WLC automatically?.
Current image is 6.0.199.0
The WLC is a 5508
Thanks in advance!!After you load the code on the WLC you can use the pre download feature. Tis will allow you to push the new image to the ap before you reboot.
Steve
Sent from Cisco Technical Support iPad App -
IPad & 3502i WAP wlc 5508 H-REAP
I have a wierd situation occouring at a new remote location.
Here is my scheme.
At my phyiscal location =WHQ
wlc 5508 (7.0.98.0)
vlan 800
ssid KWD-Guest
open authentication
wep 48bit key
(ACL restricted to internet only access)
Remote physical location = 80NY
2821 router (12.4ios) - routes and dhcp for the locations networks.
3560-48 switch - user connections and WAP connections.
3502i WAP - H-REAP back to WHQ for management and configuration.
Remote physical location = 1441NY
3825 router (12.4ios) - routes and dhcp for the locations networks.
3560-48 switch - user connections and WAP connections.
1131AG WAP - H-REAP back to WHQ for management and configuration.
Here is the issue we are running into.
At 80NY the users want to connect to the guest vlan 800 ssid KWD-Guest with iPads and smart phones (model unknown).
They can see the ssid broadcasting. Try to connect to the ssid, input the wep key. wait, wait and time out on dhcp, giving themselves a 168.x.x.x addy
From the router side, I can see the dhcp request on the correct vlan hitting the correct dhcp pool.
The router hands out a valid ip address and associates it to the correct wireless devices Mac-Address
But as I said the client times out waiting for the dhcp address.
Now the kicker here is that the very same iPad and smart phone CAN connect to the guest ssid at 1441NY which is also hosted off the same 5508 at WHQ.
The only difference I see is the WAP model and the network addresses I hand out at each location.
To the best of my ability I have double checked my router/switch and controller/WAP configurations against each site to make sure there is a mirror in place.
Any ideas?
SR 617433573dmantill,
Good morning and thank you for linking in the pdf.
I read it and hit several of the hyperlinks included in the pdf.
While I found the information useful and informative overall I did not really see anything that explained or covered the issue I am encountering.
I have a SR open now and the TAC engineer wants me to capture some debugs on the client mac. Once I can get the local tech onsite again we will perform the connection attempt with the debugging enabled.
FYI this is what the engineer wants to see.
Here is the information that I need to see when the problem occurs:
Disable/Disconnect the wireless client from the network – wait 1-2 mins
Open Telnet/SSH session to the WLC CLI - (Use Putty/SecureCRT with logging enabled)
type: Debug client
Turn the wireless device back on and let it authenticate/associate to the wireless network. Once the client experiences the problem, disable the debug process using the command:
debug disable-all
Filename: DebugClient.TXT -
I am wanting to know about methods of getting a wap to join a wlc. I’ve got 5508 wlc’s and the wap’s are the 1142’s. Are there other methods of getting wap’s to join wlc’s other than option 43 of dhcp? Also, is it possible to get a wap to automatically join a secondary controller if the first one it is trying to join is full?
The wap’s do not seem to be finding the other controller when being added. They just look for one controller only and do not attempt to find the other. Also, on the wap’s, when you enter the primary and secondary controller on the controller admin site. It does not move the wap’s to the other controller as primary. The secondary controller has 11 wap’s to go before full. The primary controller is full
-
How to H-REAP on Redundant 5508s across WAN ?
Hi,
We have started to implement lightweight APs with WLCs on a couple of our locations. Our initial design was to put in two 5508s on each locations that have around 30 APs installed, to save on $$ we were thinking about re-deploying the second WLC 5508 to a central location and have it as the secondary backup for all of our 8 locations running HREAP groups. Now my questions is, how do you define the APs on the local WLC and on the remote backup WLC? .. Do you define the APs as H-REAP mode on both the local and remote WLC? so do you only define them as H-REAP on the remote WLC and leave it as local mode on the local WLC.. ?
Thanks in advance ...It is important to note that the AP Mode is actually an AP configuration and follows the AP around as it moved among WLCs. Sure you configure it from the WLC, but what you're really doing is configuring the AP "through" the WLC. In other words, you'll find that on your remote WLC, there is no way to list APs as HREAP, as the APs aren't connected there.
So.... if I understand your question correctly, you're going to want to do the following:
Set up your WLANs on all WLCs to be identical configuration and order. If you build AP groups, add the wlans in the same order as well.
Configure your APs to allow HREAP Local Switching
Join APs ot your local WLC and change the AP Mode from Local to HREAP
Configuring the VLAN Mappings for each HREAP AP (since you're locally switching traffic)
Per AP, set High Availability Primary WLC to be the @site WLC, and set the secondary to be the @Central WLC.
At this point in time, your HREAP should be functional @site, and if something happens, they should join the @central and operate no differently.... -
Does anyone have a site survey config for autonomous 1142 AP?
We're going to start using the 1142s as our survey access points. We use autonomous 1242s now and I'm wondering if anyone has any canned 1142 configs they're willing to share.
Thanks in advance!Scott,
I've always surveyed with power local = 14, which should be 25mw. I use channels 1,6 & 11, of course for 2.4 GHz.
Also use 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 as my data rates.
My goal is to take two surveys of the same building - a small building, that is. One survey with the 1242s, and the second survey with the 1142s. I want to compare the coverage to see if the 1142s do better, etc.
I've heard you just don't "swap out" the 1242s for 1142s or 3502s, but that may be just what we end up doing for simplicity. And I agree, if we were going to forklift to the 802.11n APs and forklift the clients, we could survey to 802.11n since we would not have any 802.11g clients to worry about. But that's just not the case since we do not control what clients come on our network. So we almost have to design to the "least common denominator".
Thanks! -
I've deployed a Cisco 1142 in locally switched H-Reap mode and both 2.4GHz and 5GHz is working but I'm not getting 802.11n speeds. Any Ideas or settings I can check?
Sent from Cisco Technical Support iPhone AppHi,
Whats the WLAN security configured?? N can be acheived by using Either Open Auth with no encryption with all MCS rates enabled and WMM enabled.. OR with WPA2 -AES as the auth-encryption with MCS and WMM enabled.
are we using the same??
lemme know if this answered your question..
Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull -
Eos 1142-e-k9....anyone know why?
Cisco have EOS 1142-E model only. Any technical reason? Issues with DRS that are not supported in Etsi I hear but not sure.
Have you tried restarting or resetting your iPad?
Restart: Press On/Off button until the Slide to Power Off slider appears, select Slide to Power Off and, after It shuts down, press the On/Off button until the Apple logo appears.
Reset: Press the Home and On/Off buttons at the same time and hold them until the Apple logo appears (about 10 seconds).
Maybe you are looking for
-
I have a nokia n95 8gb RM-421 Firmware- 11.2.011 When i went on the site it says my version is not compatible with the n-gage application. Is there any way to get around this problem? This really sucks seeing as my old N95 was the right version and
-
Broadwell Intel Audio Only HDMI Output
I have been trying for the last couple of days to get audio working on my Dell New XPS 13 (too new, maybe?). I don't think it's a hardware failure because the laptop is only four days old and the audio works when booted into Windows 8.1 (which is my
-
Hi have been reading the blog for two hours now and I am no closer to a "fix" for this for our network users. All users on the SOE build now cannot view or preview image files in windows explorer it is showing just the default icon for all images f
-
I am having trouble with my iPad, i can start it, but the iPad does not work. i tried to use the power and home button at the same time, the apple logo appears, but the iPad does not work. What am I suppose to do?
-
How do I view videos on YouTube on my New MacBook Pro?
How do I view videos on YouTube on my New MacBook Pro? Any help would be greatly appreciated. Thanks! Gary