5508 wireless controller - and limit SSID's

Similar Messages

• Adding second 5508 Wireless Controller, how to best configure for load balancing and redundancy?

  We recently purchased a second 5508 wireless controller (both licensed for 100+ AP's).  What is the easiest way to configure and add the second controller so I can split the load between the 2 controllers and provide failover capability?  I do not want to run in an active/standby mode since that will effectively cut our AP capacity by half even with both controllers running. 
  Should I just manually configure the new controller (long and drawn out process to configure all the parameters), backup the current controller configuration and import to the second controller (then change the ip address) or is their an easier way to cause the two controllers to synchronize the configurations? 
  We are currently running 7.0.240.0 on our active controller and I would rather not upgrade it until we get the new controller online so I can have less downtime and fail AP's between controllers.
  What can you recommend? 
  Jim

  I'm assuming then, when I update the software on the controllers I won't be able to choose which controller is primary for an AP anymore and will lose access to the 100 AP licenses (and the capability to have 100 AP's registered, 100 licenses on each Controller).
  Read the Deployment Guide.  It should mention that you can choose which controller is the "primary" and which one is the "secondary".
  If I'm not concerned about quick failover can I still assign a primary and secondary controller for each AP and utilize all 200 AP licenses that are split between the 2 controllers?
  You sure can.  But this "old school" method is a very expensive method.  Why?  Because this means that you have two controllers with similar AP licenses.  The newer AP SSO means one controller has a full license and the other has only an HA SSO license, which is a lot cheaper.

• Redirect to web authentication not working on Cisco 5508 Wireless Controller

  Hi,
  I have a wlan with web authentication:
  http://i55.tinypic.com/w145zk.png
  and
  http://i51.tinypic.com/344sfm0.png
  When I connect to  the SSID (I get correct IP from the Cisco 5508 Controller) and try to  surf, I do not get redirected to the web authentication page (https://1.1.1.1/login.html), when I manually insert the URL I get "cannot display the webpage". Any idea?
  The virtual interface is 1.1.1.1.
  Here is a screenshot of interface and internal dhcp:
  http://i52.tinypic.com/2vkm1d2.png
  Any idea why clients are not redirecting?
  Thanks!

  Thanks for the reply dmantil!
  When I changed the Virtual DNS name to 1.1.1.1 (the same as the IP) I get redirected if I use http://198.133.219.25, but not with http://cisco.com, I get redirected only if I use IP.
  I forgot to mention that the controller is in a lab with no access to DNS server. Does the controller check if the domain is valid before redirecting users? I cant find any documentation on how the controller redirect users.

• 5508 Foreign controller and 4400 Anchor controller

  Hi,
  We have a customer that have 2 5508 as primary and backup controller and a 4400 as an anchor controller.  We plan to upgrade the 5508 to 7.3.112.0 and the 4400 is already 7.0.116.0.  Will there be any issue if the anchor controller is not the same code as the foreign controller?  Do I also have to upgrade the acnhor controller to 7.0.240.0?
  Regards,

  Here is a link to the inter release controller mobility matrix to keep handy
  http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html#wp123314
  Sent from Cisco Technical Support iPhone App

• Problems between a Wireless Controller and a Switch.

  I have a Wireless Controller 4402 connected to one sw2960G.
  I configured the controller with LAG and the switch (sw2960G) with etherchanel.
  I connected the controller 2 distribution ports to the 2 ports of the switch (configured with etherchanel).
  It worked like it should work.
  But the problem is like this: if I take one cable that is connected to the switch and unplugged that cable from the switch (if that cable is the one connected to controllers port one) I have connectivity between both machines.
  If I plug in the switch the cable connected to controller port one and take the other cable and unplugged that cable from the switch I stop the connectivity between the two machines.
  I think that was not supposed to happen… because the LAG in the controller should put every AP in the second controller's port, and the connectivity between the machines should not end.
  Can any one help me?
  Can any one tell me what I am doing wrong?
  Thanks in advance,
  Rui

  With LAG enabled in the controller I think I can have only one ap-manager interface.
  The LAG will (it is supposed to) do the load balance automatically.
  I mean, if one of the interfaces is “down” the other will have to coupe with all the AP's.
  I should have always connection between the controller and the switch.
  The STP of the controller is configured by default (STP Mode = OFF).
  In the case of etherchannel load balance… I saw the Cisco documentation and I did not saw any thing about that. I think that The LAG as to do that for the controller… I'm right about that?
  I will see the link that you advised…
  Can you help me?
  Thanks,
  Rui

• Question about Wireless Controller and LAG.

  I have a Wireless Controller 4400.
  When I configure the controller with LAG, I have to connect the controller to a L3 switch?
  If I connect the controller to a L2 switch the LAG works?
  Some one can tell me something about this?
  Thanks in advance,
  Rui

  Copper? so you are using rj-45 Gb SFPs on the controller. If that is the case, what is the speed of the switchports on the 2960?
  I use the rj-45 Gb SFPs on our 4402s and they work fine connected to Gb rj-45 ports on the switches.
  Also, check out the following:
  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42mint.html#wp1116136
  "Using the CLI to Verify Link Aggregation Settings
  To verify your LAG settings, enter this command:
  show lag summary
  Information similar to the following appears:
  LAG Enabled
  Configuring Neighbor Devices to Support LAG
  The controller's neighbor devices must also be properly configured to support LAG.
  •Each neighbor port to which the controller is connected should be configured as follows:
  interface GigabitEthernet
  switchport
  channel-group mode on
  no shutdown
  •The port channel on the neighbor switch should be configured as follows:
  interface port-channel
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan
  switchport trunk allowed vlan
  switchport mode trunk
  no shutdown

• Wireless controller and Acess points

  Hi
  which protocal is used between wlc and acess point. and what is  CAPWAP.

  which protocal is used between wlc and acess point.
  It used to be called LWAPP but now it's called CAPWAP.
  Access Point Communication Protocols
  In controller software release 5.2 or later, Cisco lightweight access points use the IETF standard Control and Provisioning of Wireless Access Points protocol (CAPWAP) to communicate between the controller and other lightweight access points on the network. Controller software releases prior to 5.2 use the Lightweight Access Point Protocol (LWAPP) for these communications.
  CAPWAP, which is based on LWAPP, is a standard, interoperable protocol that enables a controller to manage a collection of wireless access points. CAPWAP is being implemented in controller software release 5.2 for these reasons:
  •To provide an upgrade path from Cisco products that use LWAPP to next-generation Cisco products that use CAPWAP
  •To manage RFID readers and similar devices
  •To enable controllers to interoperate with third-party access points in the future
  LWAPP-enabled access points can discover and join a CAPWAP controller, and conversion to a CAPWAP controller is seamless. For example, the controller discovery process and the firmware downloading process when using CAPWAP are the same as when using LWAPP. The one exception is for Layer 2 deployments, which are not supported by CAPWAP.
  You can deploy CAPWAP controllers and LWAPP controllers on the same network. The CAPWAP-enabled software allows access points to join either a controller running CAPWAP or LWAPP. The only exception is the Cisco Aironet 1140 Series Access Point, which supports only CAPWAP and therefore joins only controllers running CAPWAP. For example, an 1130 series access point can join a controller running either CAPWAP or LWAPP whereas an 1140 series access point can join only a controller running CAPWAP.
  Guidelines for Using CAPWAP

• Wireless Controller and Microsoft Windows 2008 NPS

  Hello Community,
  Got a Nightmare project to convert our Wireless over to Windows 2008 NPS for AP, Controller and User Athenication.  Anyone have a link to a good Deployment Guide/How To on what is needed for the NPS Server (esp the attributes for AP, Contoller and Users)?
  Thank You
  Michael

  So you are looking to use RADIUS to authenticat the managment users and the actual wireless clients?
  RADIUS Managment
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080782507.shtml
  This goes over what attribute you need to return from the RADIUS server.
  For the users:
  http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bfb19a.shtml
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Cisco 5508 Wireless Controller with Splash Page Disclaimer

  How do one configure a splash disclaimer page on a Cisco Wireless Controller 5508 with no authentication?
  Jimmy

  There are many options to you in this scenario, but if you're looking to simply provide a splash page via the WLC without interacting with any other web servers, you can configure Local Web Authentication (LWA) as seen in this configuration example.
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html?referring_site=RE&pos=1&page=http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71881-ext-web-auth-wlc.html
  If you are not wanting the authentication, you can choose the "passthrough" method which will not require any credentials, only accepting an AUP or whatever you want.

• Help with wireless controller and VLANs

  Hi I'm trying to setup a wireless controller in preparation for a large site go live later this year. I'm struggling to get the controller and the WLAN using the correct VLAN. I want the controller on VLAN 100 and the clients on the WLAN on VLAN 200.                 
  My thought is that I would need a config similar to:
  Switchport for wireless controller management port set to trunk VLAN 100 and 200 with no native VLAN set.
  The management interface on the controller set to VLAN 100.
  A dynamic interface created on VLAN 200.
  When setup like this I can get to the controller on its management address but only from VLAN100 not from another VLAN on site or from other sites over the WAN.
  I have setup a WLAN which is set to use the dynamic interface on VLAN 200.
  I have set the AP to use HREAP and set the native VLAN as 200 and added the dynamic interface into the VLAN mappings
  When I connecting a client to the WLAN I get an address on VLAN 100.
  The switchport for the AP is set to native VLAN 100 and trunk 200 – this setup works for standalone APs at other sites.
  What am I missing?
  Also any idea why the management interface address is not routing? The netmask and gateway are set correctly.
  Thanks
  Paul

  Just to add to Steve's post... You only need to create a dynamic interface for vlan 200 if you have ap's also in local mode.  If your ap's are in H-REAP/FlexConnect mode, you don't need a dynamic interface for vlan 200.
  In you H-REAP/FlexConnect ap, you would set the wlan to vlan mapping there and the switchport configuration would be a trunk allowing vlan 100 (im assuming your native vlan for your ap) and vlan 200.  You should see something like the following:
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• 5 wireless controller and roaming security

  i want to connect 5 wlan controller to core switch with 470 ap . client must roaming and dont have disconnect. what security must configured

  Stephen,
  I dropped these questions in the Ask the Expert forum, but they are relevant here:
  Our intention is to use the Mobility Group to distribute AP connections among many controllers on several campuses for redundancy in the event of catastrophic failure. With this in mind, several questions arise as to how this can be achieved:
  1. What is the formula by which an AP, once it has a list of candidate controllers to join, chooses a specific controller? We understand it has something to do with the number of APs and clients a controller is managing, but what are the quantitative criteria/tiebreakers in the AP decision process? What are the relative/absolute values?
  2. If we use DHCP Option 43 to point to the APs to a Master Controller, and subsequently re-assign via the controller GUI the APs Primary, Secondary, and Tertiary controllers, will the APs automatically join the Primary, or do they have to be rebooted? And if rebooted, will these WLC assignments override the DHCP Option 43 if not changed?
  3. In the above setup, will the AP stop searching for available controllers if the Pri/Sec/Ter WLC assignments fail? Can other, unassigned controllers in the Mobility Group provide a connection for an AP? Or is N + 1 + 1 the limit?
  4. Assuming the AP tries them in sequential order, can we place all WLCs in a Mobility Group inside Option 43, or is it limited to 3 entries like the controller-based assignment?
  Thanks for any assistance,

• Wireless Controller and security

  Hi,
  One of our companies is implementing a wireless network . We would like to do the following :
  - For conference rooms we would like to have a separate wireless network which has access to internet . All pc's that are not from the company should be able to connect.
  PC's that are from the company should not be able to use the wireless connection.This wireless network should be setup without authentication.
  - Secure wireless connection : Company pc's should only use the secure wireless network .
  I was thinking about using mobility groups but that doesn't block a company pc going to the unsecured wireless network and connect himself .
  I'm not an expert in wireless so hopefully I'm not asking a stupid question :-)
  gr
  wim

  You can use vlan override to allow certain ssid's on certain ap's. To block company pc's from accessing the guest network, you can either use a webauth and create a username and password that is only given out to guest and not internal users. Antoher way is to lock down the wireless through group policy.

• Problem getting Airprint (Bonjour) to communicate to HP LaserJet CP1525nw printer across a Cisco 5508 Wireless Controller

  I cannot get my IPad2 to print (it cannot find the printer) using a Laserjet CP1525nw color printer across a wireless network using a Cisco 1508 Wireless Controller with 49 wireless access points. HELP!!!!
  What is the secret to getting Bonjour to work on it?
  I can get the IPad2 to locate the HP CP1525nw printer without a hitch using a low budget Netgear WAG102 stand alone wireless access point on the same network.

  If it helps somebody, here is what you need to do.
  It worked for me, but only in Multicast-Unicast mode.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0 080bb1d7c.shtml

• Cisco wireless controller and AP-binding domain how do you integrate wireless domain authentication?

  With Cisco equipment wlc 2500 and AP 1600 combines windows 2008 r2 domain controller to achieve the following purposes, 
  1, all cell phones and laptops can access the wireless network with a domain user authentication. 
  2, the guest network should how to do it? 
  My idea is: 
  Made a total of two ssid below 
  Mobile users cnnewcity_mobile: Use webportal certification, so the center certification, local forwarding 
  Computer users cnnewcity_wifi: transparent certification, local forwarding, local authentication 
  The basic steps are as follows: 
  1, set the Radius server clients (AP or controller) 
  2, locking authorization group --- this should be based on the domain user group authorization radius server 
  3, the mobile roaming - different locations on the DHCP server choose to do this you have to consider the next 43 
  4, the establishment of a two vlan to a mobile user to the computer user, create a DCHP scope on the DHCP
  I do not know if you have wood there are better ways?

  Integrating the AD to the WLC Requires:
  1. AD to be registered:
   AT: Security->AAA
      AT: LDAP     
      CLICK: New
      Server IP:    <AD IP>
      Port Number:    389     
      Simple Bind:    Authenticated
      Bind User:    CN=Administrator,CN=Users,DC=testing,DC=local,DC=com
      Bind Pass:    <LDAP Admin pass>
      Confirm Pass: <LDAP Admin pass>
      User Base DN:    OU=WebAuth_Users,DC=testing,DC=local,DC=com
      User Attrib:    sAMAccountName      
      User Obj. Type:    person        
  Enable at WLAN Profile
  1. AT: WLAN->WLANs
      CLICK: <Desired WLAN> -typically web authentication
  2. AT: Security Tab
      AT: AAA Servers
  3. AT: LDAP Servers
      **Select Created LDAP
  4. Apply to Save
  Source: Tried it in implementations :))

• Cisco 5508 Wireless Controller in HA mode

  Hello,
  is there a support of 1+1 mode (HA mode) at 5508 Controller?
  If yes Is there a HA bundle or do we have to order two identical 5508 controller ?
  Thanks for response.
  Richard

  Hello Richard,
  FYI, WLC 7.3 has been released that includes HA features. Following are the links for your reference,
  https://supportforums.cisco.com/docs/DOC-26827
  http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps10315/qa_c67-714540.html
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#req