5508 Controller & Direct Connection

Similar Messages

• Minimum connection speeds 5508 controller and 2602E APs

                     We have an applicaiton that is sensitive to network speeds.  Is there a way to guarantee a minimum wireless network speed such as 100 MBs utilizing a 5508 controller and 2602e APs?

  We have an applicaiton that is sensitive to network speeds.  Is there a way to guarantee a minimum wireless network speed such as 100 MBs utilizing a 5508 controller and 2602e APs?
  Not easy.   Wireless is a shared medium.  This means if one client talks, everyone else has to stop and wait for their turn.
  It's like doing video.  Video is time-sensitive.  If you put a single AP in a room (granted you've got full 1Gbps ethernet access all the way), and you get 25 people continuously streaming videos, then you'll see some impact.  Bring the number down to say, 8 to 10 and you'll see improvements.
  What kind of application are we talking about here?

• 5508 Controller & Muliticast

  have a Cisco 5508 controller (version 6.0.199.4) that when I enable global multicast mode it will work for an hour or two and then it will kill the network.  All internet both wired and wireless, access to server everything dead.  I then have to directly connect to the service port and disable the global multicast mode.  Then two reasons for enabling it are Docs2Go and LanSchool both require multicast to be enabled.  I have it enabled on our wired network and it works OK there.  I am probably just missing something stupid.  Any thoughts or suggestions would be greatly appreciated.

  On the Controller tab.
  so if you're not setting a multicast address, then you are running in Unicast mode. 
  Multicast - Unicast - This is the easiest method to use.  When the WLC receives a Multicast packet, it replays that packet to every AP that is connected.   Now this does work, but can be very network intense, as every AP gets  the stream.  So if you have 100 AP, there are 100 streams, 300 AP 300  streams.
  Mulicast  - Multicast - This is the better method to use.  With this method, the  AP will join to a multicast group, that you configure, preferably in the  239.x.x.x administratively scoped space.  Now when the WLC gets a  mutlicast packet, it replays it once to the group.
  Now,  the WLC side is easy.  Select Mutlicast - Multicast and configure your  group, each WLC in your mobility group should use a unique address.  For  the WLC you are done.
  HTH,
  Steve
  Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

• Cisco 2504 OEAP NAT directly connect AP's no ip

  I setup my 2504 to work with OEAP.  When I enabled NAT on the management interface the one AP I have directly connected to the WLC is no longer getting an IP address.  Any idea why this is?

  First, it is not recommended to have an AP directly connected to the WLC, you really need to connect it to an upstream switch and let it connect that way.
  My first thought would be that you need to take a look a the below link that talk about how the NAT ip commands work.
  http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/command/reference/cli70MR1commands.html#wp14087790
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Getting disconnected randomly (5508 controller, 3300 series LAPs)

  I am at one of our remote offices and I am noticing my laptop, despite excellent signal strength is periodically losing IP connectivity on the wireless network.  When it drops, all of my IP connectivity stops (pings fail, RDP sessions "await reconnection", etc...).  The lower right corner still shows I'm connected to the hidden WPA2 Enterprise SSID.  The only way to reconnect is to select disconnect on it, then click connect again.  Immediately everything IP based starts working.
  There is a 5508 controller in the headquarters.  The site I am at has a 30mbps fiber point to point WAN to the headquarters.  This site has 2 x 3300 series LAPs which are very good coverage.  H-REAP mode is on so traffic terminates at the local office because it is more efficient than traversing the LAN twice for things like local file and print sharing, dhcp, proper active directory sites and services mapping, etc...
  The 5508 has a 2008 R2 server running NPS to do radius authentication and it verifies a domain certificate.  To be on the wireless you have to be a member of the domain.
  Seems to not give me any problems at the home office so any idea's?
  On the 5508 I see this around the times I lose IP connectivity:
  *Dot1x_NW_MsgTask_4: Jan 08 14:00:53.599: #DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:861 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 24, Key type 1, client 88:53:2e:xx:xx:xx
  *Dot1x_NW_MsgTask_4: Jan 08 14:00:52.551: #DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:861 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 24, Key type 1, client 88:53:2e:xx:xx:xx
  *Dot1x_NW_MsgTask_4: Jan 08 14:00:52.387: #DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447  Authentication Aborted for client 88:53:2e:xx:xx:xx
  I have 0 (unlimited) as the max for user login policies so not sure why Authentication Aborted message appears.
  WLC Software version
  7.4.100.0
  On the NPS server (2008 R2) I just see my username granted access because it matches the network health policy.
  Laptop Sony VAIO SE2
  Intel Centrino Advanced-N 6230
  Driver version 15.1.1.1 Date: 3/12/2012

  Well I'm going to try to move the EAP-Broadcast Key Interval back.  It was set to 3600 which in seconds equals 1 hour.  Seems like not only my laptop but others now have been reporting that every hour on the dot, they stop passing IP traffic.  The regular users just reboot, while people "in the know" disconnect and reconnect, and they are good for an hour.
  Towards the bottom of this thread here:
  https://discussions.apple.com/thread/3753111?start=0&tstart=0
  They suggested this.
  I ran this
  (Cisco Controller) >config advanced eap bcast-key-interval 86400
  Now when I show advanced eap I get this:
  EAP-Identity-Request Timeout (seconds)........... 30
  EAP-Identity-Request Max Retries................. 2
  EAP Key-Index for Dynamic WEP.................... 0
  EAP Max-Login Ignore Identity Response........... enable
  EAP-Request Timeout (seconds).................... 30
  EAP-Request Max Retries.......................... 2
  EAPOL-Key Timeout (milliseconds)................. 1000
  EAPOL-Key Max Retries............................ 4
  EAP-Broadcast Key Interval....................... 86400
  I just will take note if this fixes the problem or  not.  If it does not maybe I will return it back to the default 3600.
  Your idea of a hidden SSID in the clear to rule out auth issues is a good one, but security wise I don't want an open SSID - hidden or not for an hour in public places.  Sure I could throw it on a VLAN with just one server and run a continuous ping... but I'm at the home office now which never has this issue.
  Seems like when it's time for the key to be renewed, I'm thinking the renewal handshake at remote sites is just not making it back to the controller.  However the initial key handshake when you first boot up or associate to the SSID goes over the WAN no issue.  I only say this because at the home office where the WLC is physically located, there is no issue.
  The WANs are a minimum of 10mbps over a Ethernet Virtual Private Line which is a busness level service provided by Verizon.
  Some WLC info:
  Product Version.................................. 7.4.100.0
  Bootloader Version............................... 1.0.16
  Field Recovery Image Version..................... 6.0.182.0
  Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
  Build Type....................................... DATA + WPS

• Third-Party access to AP health-information over 5508 controller

  Hello,
  Situation:
  Third-Party Tool (Whats up gold) has connectivity to a 5508 controller, only.
  There is no connectivity to the remote LAP access-points from the third-party tool.
  Is it possiply to get the health information (AP available or not) over a controller via SNMP?
  Sven

  Just to elaborate on what Steve is saying:
  The SNMP monitoring of APs is still through the WLC itself. You would be pulling this information out of the WLC not via reachability to the AP itself from your tool.
  Or you could use Whatsup for just an IP reachability (ping) of the AP which would require interaction with the WLC.
  Can Whatsup be a trap receiver? I believe the WLC will send TRAPs for AP up/down events which I would think you could query off of.....

• 5508 controller 8 ports ?

  I am looking to configure if, 5508 controller's ports particularly in different VLANs and pull cable from the port and put it in L3 to it's belonging VLAN ? and at the same time all the different SSID will work as usual our standard and best practice that we do.

  you could but then you are limiting yourself to 1G of connectivity.
  You'd probably be better served by just ether channeling the ports that connect to the WLC and tagging the vlan/dynamic-interfaces so you can have up to 8G of aggregate bandwidth.
  HTH,
  Steve

• Channel-Group on 5508 Controller

  Ok .. I have an odd question regarding creating channel groups to connect 5508 controllers to my network.
  Today I have a single 5508 Controller and it is attached to the network using two interfaces configured as a channel group. I am in the process of adding a second controller to be an HA for the existing controller. Here is my question. Do I simply add the interfaces of the new controller to the existing channel group or do I need to create a unique channel group for the new secondary controller?  I am thinking that the channel groups are basically a point to point type connection and are basically connection specific right?
  Brent

  Assuming you aren't doing VSS. I keep the channel numbers the same on both side. 
  See below:
  A-SIDE
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  1      Po1(SD)          -        
  200    Po200(SU)        -        Gi7/9(P)       Gi7/10(P)      
  201    Po201(SU)        -        Gi7/11(P)      Gi7/12(P)      
  250    Po250(SU)        -        Gi3/15(P)      Gi3/16(P)      
  6500-A#
  B-SIDE
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  1      Po1(SD)          -        
  200    Po200(SU)        -        Gi7/9(P)       Gi7/10(P)      
  201    Po201(SU)        -        Gi7/11(P)      Gi7/12(P)      
  250    Po250(SU)        -        Gi3/15(P)      Gi3/16(P)      
  6500-B#

• Cisco 5508 controller

  I have Cisco 5508 controller in our high school. I changed the password for one of our WLANs yesterday.(WLANs>WLANs>WLAN in question (in my case OBSD-Internal)>Security>Layer 2. For some reason it reverted back to the previous password ( this was confirmed by a client attempting to connect). What could possibly cause this?                  

  Hi Sean,
  May be you did not saved the config on WLC(After changing the password).
  Regards

• Cannot join AP to 5508 controller

  Hi all
  We have an infrastructure with a Cisco 4402-50 controller. We've just installed another controller, a 5508, and WCS as an "umbrella" to control the systems.
  I have trouble joining some AP's to the 5508 controller. Note that all AP's connect fine to the older 4402 controller. It seems that our older AP's join fine, but the newer 1142 models just won't join. As far as as I can tell both controllers have exactly the same configuration (except for IP-adresses and such of course), I've even used configuration templates in WCS to ensure this.
  If I go to Monitoring-->Statistics-->AP join on the 5508 controller, it says that the reason is "RADIUS authentication is pending for the AP". I don't understand this, because I've not set up any RADIUS authentication for AP's (only clients). I use MIC's and a local MAC database on the controller to authenticate the AP's.
  Btw, the software controller version is 6.0.188.0.
  Thanks in advance for any response!

  Hi leolaohoo, and thanks for your response.
  I've tried to configure the 5508 as primary, but that didn't cut it.
  However, I've just fixed the problem by upgrading the firmware on the 5508 to 7 (ED), that - for some reason - did the trick.
  This problem is now solved.

• Catalyst 3650 as MC with non-directly connected APs

  Hello,
  I have a Catalyst 3650 operating as a Mobility Controller.  I had to change the interfaces on the 3650 that connected to the access points to explicit access ports (switchport mode access).  Before that command was configured, the APs sparatically dropped from the controller - now they are fine.  I have a few other APs in the building that cannot be directly connected to the 3650, but need to terminate CAPWAP with it.  The uplink from another switch (Access Switch 1) to the 3650 is a trunk, and the port from Acccess Switch 1 to the AP is an access port, however I getting the same message in the 3650's logs about it not being an access port and the AP is dropping connection to the MC.
  How can I properly terminate CAPWAP from an AP connecting to Access Switch 1 through a trunk to the 3650 operating as a Mobility Controller?
  Thanks

  with the 3850, the AP needs to be directly connected to the switch for it to be able to terminat the CAPWAP tunnel.  If your other closet switch is a 3850, you can put it in MA mode, and build the SPG to the MC.
  http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/deployment_guide_c07-727067.html
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Access points are directly connected to 2016 wlc but not functional

  Hello All,
  access points are directly connected to 2016 wlc.
  Event log from the wlc
  AP event log download completed.
  ======================= AP Event log Contents =====================
  *Mar 1 00:00:30.157: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar 1 00:00:30.161: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Mar 1 00:00:30.190: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar 1 00:00:30.191: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar 1 00:00:30.204: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar 1 00:00:31.190: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  *Mar 1 00:01:00.088: %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
  *Mar 1 00:01:00.088: %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
  *Mar 1 00:01:00.089: %LWAPP-3-CLIENTEVENTLOG: Did not get any DNS options from DHCP.
  *Mar 1 00:01:00.089: %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
  *Mar 1 00:01:00.089: %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER
  *Mar 1 00:01:12.094: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
  *Mar 1 00:01:12.094: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
  *Mar 1 00:01:12.094: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
  *Mar 1 00:01:12.094: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar 1 00:01:12.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  (Cisco Controller) >show port summary
             STP   Admin   Physical   Physical   Link   Link
  Pr  Type   Stat   Mode     Mode      Status   Status  Trap     POE
  1  Normal  Forw Enable  Auto       100 Full   Up     Enable  N/A
  2  Normal  Disa Disable Auto       Auto       Down   Enable  N/A
  3  Normal  Disa Disable Auto       Auto       Down   Enable  N/A
  4  Normal  Disa Disable Auto       Auto       Down   Enable  N/A
  5  Normal  Disa Disable Auto       Auto       Down   Enable  N/A
  6  Normal  Disa Disable Auto       Auto       Down   Enable  N/A
  7  Normal  Forw Enable  Auto       100 Full   Up     Enable  Enable  (Power On )
  8  Normal  Forw Enable  Auto       100 Full   Up     Enable  Enable  (Power On )
  but still access points are not functional ????
  any idea ??
  Regards

  Your AP-manager and management interfaces is mapped to port 1:
  ap-manager                       1    80       10.41.80.2      Static  Yes    No
  only APs connected to port 1 will work.
  You need to either use a switch and keep port 1 connected to it while APs join through the switch or you need to create a new ap-manager interface. not even sure if you can map it to the same port or different port! not even sure about the management interface!! it is mapped to port 1 and should be reachable anyway. it is a mess!!! have you read the best practice document that I put the link for earlier?
  So you need eventually a switch to fix your issue. direclty connected APs are not recommended.
  I am still not knowing how Cisco provided such swtich that is supposed to handle direclty connected Aps while it does not provide a smooth way to do so.
  Use a switch and everything supposed to be fine.
  HTH
  Amjad

• Is direct connection from SAP BI 7.0 to XCelsius already available?

  Hello,
  Is direct connection from SAP BI 7.0 to XCelsius already available?
  Thanks

  In Xcelsius SP2, visualizations can be connected to an SAP system and use live data returned by an SAP query.
  Refer Xcelsius SP2 what's new guide:
  http://help.sap.com/businessobject/product_guides/xcelsius2008SP2/en/sp2_xcelsius_new_en.pdf

• Problems setting up my TC. Have just bought new iMac(OS 10.6.8) and  TC. I set it up. iMac cannot find it. I have tried direct connection with an ethernet cable to Mac or my wireless router but nothing. Just a flashing orange light. Help for a simpleton p

  Problems setting up my TC. Have just bought new iMac(OS 10.6.8) and  TC. I tried to set it up. iMac cannot find it. I have tried direct connection with an ethernet cable to Mac or direct to my wireless router but nothing. Just a flashing orange light. Help for a simpleton please. Have tried reseting TC, but to no avail.

  Just updated from 10.6.7 ---> 10.6.8 and had the same issue. Despite having done a clean install from 10.6 and got everything back off my TC, now Time Machine can't find it!
  Green light is on, ethernet cable conected, network CP says its conected but nothing. Airport Utility can't find it. Hit reset button, Orange flashing light but still no show in Airport Utility.
  But I know its there, as rebooting from 10.6 SL disk shows the backups are still ok?
  Hmm, ideas anyone?
  SBB

• TS1398 I have an iPad mini, because of my work network firewalls I am not able to use the airprint function to print. I was told you can direct connect to a printer. I am not sure how as I have not seen any cables for a lightning connection to a printer c

  I have an iPad mini, I am connected to my work wireless connection. My printer also is on the same wireless network, however I am not able to print to my airprint enabled printer through this wireless connection. Is there a way to direct connect to the printer via a cable ?
  I am missing something here on the connection. I am thinking possibly a firewall here at work will not allow me to use the airprint function. Help ?

  There is no support for wired printing.
  It is probably a firewall issue, possibly where all inbound communications are blocked. Since you're at work, I'd call your work IT department and find out from them what you can/can't do.