5760 WLC and 5760 HA WLC question

Similar Messages

• WLC and LWAP Registration Log Question

  We have a Cisco 4404 WLC and and about 70 Cisco 1131 APs.  I am very new to the Cisco WLC and I need to know how to view its AP registration and unregistration logs.  We have a AP that has unregistered and we can't seem to find what switchport it was attached to.  It would be helpful to know the IP address and ideally any CDP information it had.  Unfortunately you can only view this information in the WLC if the AP is registered, but at this point it is not.  Any help would be appreciated.

  You will not be able to find that info unless you still see the information on the log about the AP. You would have to either review the switch cdp info as long as the AP is still functioning or else you will just need to physically track it down. If you have WCS or NCS, you should be able to review the past history and the maps would show you where that AP was located if the ap were positioned correctly.
  Thanks,
  Scott Fella
  Sent from my iPhone

• Another 5760 WLC and 5760 HA WLC question

  Hi all,
  I have two 5760 Controllers, one licensed and one a HA SKU Controller. I have configured them for N+1 fail-over. They are configured to be in the same L2 management network and in the same Mobility Group. The customer had an issue and tried to fail-over the APs to the secondary controller at the weekend but only about 15 out of 185 APs actually failed-over. Does anyone have any thoughts as to why they all didn't fail-over. The controllers are both running 3.3.3SE code and High Availability under Global AP Configuration is set on bot the primary and secondary.
  Thanks

  Refer the document :
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/5700/software/release/3e/high_availability/configuration_guide/b_ha_3e_5700_cg.pdf

• Is it possible to use a 5500 WLC and a 2500 WLC as failover?

  I am curious to know if there are any technical issues with this design. The 5500 WLC would be the primary and 2500 WLC would be the secondary. The only need for the secondary would be in the event of failure of the primary, and support needs when doing maintenance such as code upgrades.
  We would use the same version of code on each controller and apply the necessary amount of AP licenses on each. The controllers would have identical configurations and host multiple SSID's, including offering guest services. Does the 2500 support guest network services?

  Yeah, believe the 2500 only does multicast-multicast mode.  Which isn't that big of a deal usually.  MM being the preferred method.
  the 2504 also has that 300M backplane limitation.  SO if you are going to use the 2504 I would recommend HREAP so you don't have to worry about that.
  Not supported on 2504.
  •Support for wired guest access.
  •Cisco 2500 Series Controller cannot be configured as an auto anchor controller. However you can configure it as a foreign controller.
  •Supports only multicast-multicast mode.
  •Bandwidth Contract feature is unsupported.
  •Access points plugged directly into the WLC.
  •Service port support
  •Apple Talk Bridging
  •LAG
  •Wired Guest
  Steve

• Ask the Expert: NGWC (3850/5760): Architecture and Deployment

  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about NGWC (3850/5760): Architecture and Deployment.
  Ask questions from Monday, April 13th, 2015 to Friday, April 24th, 2015
  This Ask the Expert Session will cover questions spanning NGWC products (3850/5760) on Implementation and Deployment from the Wired and Wireless perspective. This will be more specific to Customer’s and Partners questions covering 3850/5760 configuration, Implementation and deployment.
  Dhiresh Yadav is a customer support engineer in High-Touch Technical Services (HTTS)  handling supporting Wireless and Network Management based Cisco products and is based in Bangalore. His areas of expertise include Cisco Wireless CUWN and NGWC Product line. He has over 7 years of industry experience working with large enterprise and service provider networks. He also holds CCNP (RS) and CCIE (DC-Written) and CCIE Wireless certification.
  Naveen Venkateshaiah is working as a Customer support engineer in High-Touch Technical Services (HTTS) handling  and supporting Lan-switching and Data center Products. His areas of expertise include Catalyst 3k,4k , 6500 , Nexus 7k Platform  He has over 7 years of industry experience working with large Enterprise and Service Provider networks. He also holds CCNA, CCNP (RS) and  CCDP-ARCH,CCIE-R&S Written, AWLANFE, LCSAWLAN Certification.
  Find other  https://supportforums.cisco.com/expert-corner/events.
  **Ratings Encourage Participation! **
  Please be sure to rate the Answers to Questions

  Hi Dhiyadav,
  thank you for your reply it cleared some doubts that were in my mind but i need your more support to guide me a converged access deployment which i am going to deploy within few days.
  i have 
  2x5508 in HA as MC
  30x3850 switches, and all will be used as MA(s) with multiple SPGs
  2X5508  1:1 as an anchor controller
  1xISE 1.3 for guest access
  1xCPI for wireless mgmt and monitoring purpose
  1xMSE3355 with wips and context aware licenses
  200x cisco 3702i WAP
  50x WSSI module for monitoring the channels
  can you please put a light on the design and guide me that which are the best possible solutions to get this job done very smoothly.
  i will also let you know about my proposed design scenario but for sure i need your recommendations as well :)
  so,
  i will use 2x5508 wlcs in HA as a MC which are AP-Count and HA licensed..
  3850 switches will be MA and i ll configure SPGs per floor switches stacks 
  WAPs will join on these 3850 MAs base on each floor
  i would have 2 ssid like employee and guest
  i will configure them on each 3850 stack MA along with their SVIs for users access like (empolyee and guest ssid)
  here my question is for guest ssid and its vlan... do i configure it here or on anchor controller???
  i want ISE to be integrated with wireless for employee 802.1x and for guest web Auth. so, how i will integrate ISE with wireless. i mean weather i will integrate it anchor controller or with each 3850 MA???
  between foreign and anchor controller i will use new mobility instead of old EOIP!!!
  where shall place ISE in my network, in DMZ or with Core switch?
  my target for guest users to do not have access to any corporate network sources ?
  MSE:
  can i use both wips and context aware on the single MSE box?
  if yes, than what is the best practice for configuring them?
  are each 3850 MA will be added in MSE?
  WSSI module . will be used for monitoring purpose for wips and context aware profiles.
  all access point will be worked in local mode for serving users access.
  thank you

• Connection between 5508 WLC and 3750-24PS switch

  I have to realize a connection between  an 5508 WLC and 3750 switch using one SFP cable. I found on Cisco documentation some reference about two different SFP cables.
  The first one is CAB-SFP-50CM, but this is used to interconnect two 3560 switches.
  The second is SFP-H10GB-CU1M. This one has SFP+ transceivers on both ends which I don’t know if are compatible with the standard SFP ports that can be found both on WLC and switch.
  My question is if I can use one of these cables in order to connect my devices, or if you know other one piece SFP cables.
  Many thanks

  I know that you can use those SFP transceivers, but I want to know if someone tried to use the SFP-H10GB cables for this kind of connection. Because I saw on another vendor website that the SFP+ cables are compatible with standard SFP ports, and I wanted to see if it is the same for Cisco cables too.
  Regards

• WLC 5508 and 5760 Compatibility

  Hi, 
  We have 5508 WLC and adding a new 5760..
  is it possible for this 2 to be in the N+1 model?
  If the 5508 WLC goest down, does the AP previously associated to 5508 need to re-download the image to join 5760?
  Or as long as it's running within the following compatibility matrix, The AP wouldn't need to re-download?
  Table 4 Software Compatibility Matrix
  Cisco 5700 WLC
  Catalyst 3850
  Catalyst 3650
  Cisco 5508 WLC or WiSM2
  MSE
  ISE
  ACS
  Cisco PI
  03.03.01SE
  03.03.01SE
  03.03.01SE
  7.6
  7.5
  7.5
  1.2
  5.2, 5.3
  2.0
  03.03.00SE
  03.03.00SE
  03.03.00SE
  7.6
  7.5
  7.5
  1.2
  5.2, 5.3
  2.0
  Thanks for all the answers

  Yes, you can put them in same mobility group.
  To do this you have to enable "New Mobility" feature of your 5508 & configure the mobility between each others.
  Since 7.5.x is deffered only 7.6.x is the option for this. (7.4.x is not supporting this feature). This will enable CAPWAP inter-controller communication instead of EoIP (used by legacy controllers 5508,2504, WiSM)
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Has anyone deployed converged access with 3850 switches and 5760 WLCs?

  Has anyone deployed a converged access network architecture with 3850 switches and 5760 WLCs? I have done lots of projects with the 5508 WLCs In a centralized deployment. Basically with this design, I manage 2 logical networks as the wireless network is an overlay over the wired network. I can design firewall to segregate traffic between the wired and wireless hence I can carry both staff and guest traffic.
  Now Cisco is telling us that there is new design such that the dats plane traffic can be dropped locally through the 3850 switched. I am not sold on this and have not found any recommended best practices on when should we use a converged access architecture.
  Pros
  With converged access, data traffic is terminated at the MA which is on the switches, hence the WLC will not be a bottleneck? This is to prepare adoption for 802.11ac?
  Less hops for voice calls from user A to user B as data control traffic is dropped locally.
  Cons
  Now how do I segregate guest and staff traffic if my security folks say I need a firewall?
  Troubleshooting wireless client mobility will be a nightmare as the 3850 switches are MA.
  Pushing and upgrading code for the Code will mean upgrading the stack of switches in the LAN riser. This will be painful in a huge campus environment like an university.
  Can someone convince me why would a customer choose converged access?
  Sent from Cisco Technical Support iPad App

  They choose CA because of the capwap termination at the switch. You can still use a 5508 and tunnel guest to a DMZ segment if you wish. You will need a 5508 though is you want to tunnel traffic to an anchor WLC.
  Sent from Cisco Technical Support iPhone App

• WLC 5508 and LightWeight APs Deployment question

  Hi There,
  Can you please wit the following question in regards to the deployment of a new WLC and new LAPs,
  I have configured and connected a 5508 WLC and 3500 series LAP.
  LAG is enabled in the WLC and successfully connected to the neighboring switch (using etherchannel) and to the network.
  The port-channel port is set to trunk mode obviously and certain vlan ids are currently allowed (3-5)
  The management interface has this IP address 192.168.5.250/24
  I created a WLAN with WLAN ID 3, Interface set to Management and say SSID test1
  I have connected a new LAP to the network, which switchport interface is set to access mode and assigned with vlan id 3. The LAP is able to join the WLC successfully with an IP address, such as, 192.168.3.100 (assigned via DHCP).
  When I try connecting a mobile client to the wireless LAN, it can successfully detect and connect to the WLAN, created in the WLC (test1) however it gets an IP address by DHCP, in the 192.168.5.0/24 network, which is the IP range of the management interface's IP address.
  What can I do to get the clients connecting on network 192.168.3.0/24? I thought this would be the case since I allocated the WLAN Id of 3 in the WLAN test1 configuration and since the LAP switchport is set to access mode with vlan ID 3.
  Cheers,
  egua5261

  Hi,
  The WLAN ID has no effect with the VLAN ID. WLAN ID is just an identifier for the WLAN.
  you said "Interface set to Management and say SSID test1" and here is your issue.
  You set the interface of the WLAN to the management. So, the WLAN will be mapped to the VLAN to which the management interface is mapped to.
  What you need to do is to create a dynamic interface with ip range in 192.168.3.0/24 and provide VLAN ID for that interface and assign your WLAN to this new interface. This way your clients will get an IP from this specified range.
  HTH
  Amjad

• ISE 1.2 With WLC and AD

  Hi everyone,
  What is the steps and Procedure implement Wired and wireless authentication with ISE, WLC and AD for a LAB environment. currently the following are done.
  The wireless network is configured with 2 SSID (Staff and Guest) 
  Active Directory, DNS, DHCP, and  NTP configured & synced.
  ISE and AD running on C220 VMs, and WLC is 5760 Appliance.
  Please provide your thoughts and assistance.
  Regards

  You have to implement dot1x and radius between your NAD and ISE device.
  Using the switch 3850, that are the steps: 
  username RADIUS-HEALTH password radiusKey1 privilege 15
  aaa new-model
  aaa authentication login default local
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization auth-proxy default group radius
  aaa accounting update periodic 5
  aaa accounting auth-proxy default start-stop group radius
  aaa accounting dot1x default start-stop group radius
  !this password will be used to communicate with ISE and to verify reachability
  !between ISE and Switch
  aaa server radius dynamic-author
   client 172.16.1.18 server-key 7 radiuskey
   client 172.16.1.20 server-key 7 radiuskey
  ip domain-name lab.local
  ip name-server 172.16.1.1
  dot1x system-auth-control
  interface GigabitEthernet1/0/3
   switchport mode access
   switchport voice vlan 50
   switchport access vlan 10
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action authorize voice
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  ip access-list extended ACL-ALLOW
   permit ip any any
  !the comm between radius and ise will occur on these Port
  ip radius source-interface Vlan100
  logging origin-id ip
  logging source-interface Vlan100
  logging host 172.16.1.20 transport udp port 20514
  logging host 172.16.1.18 transport udp port 20514
  ip radius source-interface Vlan100
  logging origin-id ip
  logging source-interface Vlan100
  logging host 172.16.1.20 transport udp port 20514
  logging host 172.16.1.18 transport udp port 20514
  snmp-server community ciscoro RO
  snmp-server community public RO
  snmp-server trap-source Vlan100
  snmp-server source-interface informs Vlan100
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 10 tries 3
  radius-server vsa send accounting
  radius-server vsa send authentication
  !defining ISE servers
  radius server ISE-RADIUS-1
   address ipv4 172.16.1.20 auth-port 1812 acct-port 1813
   automate-tester username RADIUS-HEALTH idle-time 15
   key radiusKey
  Please be sure that NTP servers and time are synchronized. 
  enable dot1X on windows machine, or using cisco NAM. 
  you can enable debugging on aaa authentication to see the events. 
  you have to create this user on ISE (RADIUS-HEALTH). 
  3850#test aaa group radius username password new-code 
  and observe the result. You are supposed to have user authenticated successfully. 
  You Must also have define these device in ISE on the radius interface.
  ip radius source-interface ..... use this interface ip address to define Ip address of the NAD device in ISE. 
  administration-->network resources -->Network Devices-->Add
  input the name
  input the Ip address for radius communication
  select the authentication settings and field the corresponding shared secret radius key
  select snmp settings and select version 2c. 
  snmp community : ciscoro
  you can customize the polling interval if you want and that all. 
  you are supposed to received message communication between your NAD and ISE. 
  After you can do the procedure for WLC device. 
  I will fill it after you have passed the first steps (3850 authentication). 

• Configuring WLC and AP'S

  Hi all, some questions
  1.Do I need to put an ip on the ap manager interface?
  2.does the ap manager interface go on the same subnet at the access points?
  3.Im using 2 wlc's for redudancy, what special config do I need to do on them, do I need to tell each WLC what the other WLC is?
  4.should I set the WLC addresses on the access points manually to avoid inter controller roaming?

  1) Yes
  2) Yes
  3) They will participate in the same group
  here are some good links:
  wlc 4400 configuration
  http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html
  This is a great link
  http://www.cisco.com/en/US/products/ps6366/prod_configuration_examples_list.html
  failover example:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml
  4) that depends... some people prefer to assign static ips to the APs, it really depends on your preference and how many APs.
  Currently, I use dhcp with the scope split between 2 dhcp servers with a long lease

• WLC and WCS conflict

  Hi I am currently using 21 X WLC with N+1 Redundancy and 1X WCS with 1000++ of LAP1020. If had been observed that the antenna type and power TX had been changed with no reason. Is there any settings that may affect with AP customized Tx Power and antenna settings other than using the WCS template to push the configure to the APs instead of the WLC.

  Sorry for jumping in on the question with another question but it seemed the right place.
  I have an AIR-CT5508-25-K9 WLC and +25AP license : L-LIC-CT5508-25A.
  As far as I understand it the WLC should already have a 25AP license installed and with the adder license I should have a count of 50 APs.
  However, after installing the adder license the count is still 25.
  Could you please let me know if it's just something wrong in my reasoning or should a case be opened?
  Thank you,
  Barbara

• WLC Guest Internet - Wired Guest Question.

  We're currently not running a version on our WLC's that supports wired guests (4.1.185) but am evaluating upgrading to 4.2.112. What is the current limitation of wired guests? Is it 5, curious as to why this is if so. My question develops out of this in this scenerio:
  Our main campus is on LWAPP, our secondary campus is not at this point. So the secondary campus is running something different fro Guest access (Chillisoft). I'm curious if a backhaul a vlan over to the other campus that has the Cisco Guest Internet from the WLC and redistribute it from Campus2's core, then add the vlan to the AP's there how this would work out. I know I can get the vlan over there, that's simple and we do it for a few other things, but not sure how well it'd work out for this environment. I 'think' the only thing stopping me would be any wired user limitations, which am curious as to why there is if there is.

  There is no need to backhaul the VLAN from one campuis to other. Just configuring the same VLANs induvidually on the APs would do. Here is a deployment guide http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html for WLC.

• WLC and AP in L3

  Hello everyone
  I hope if anyone can help me.
  a Building has 3 companies (A,B and C)
  and I have one WLC
  in each company there is 3 AP
  I want to configure WLC whereas any AP in company A cant communicate to other AP in company B and C
  and the same to all companies
  I mean totally separate in IP scheme (no routing between them)
  can that done with WLC and LWAP ??
  PLZ advice

  thank you all for your reply
  I would like to ask you another question fo another scenario.
  I have one WLC installed in one subnet, let's say in the head quarter network, while the LAPs are installed in the branches and there is WAN connectivity between the HQ and the branch and OSPF routing is enabled between this WAN network. How can I do my configuration in order to register the LAPs installed in the branch with WLC installed in the HQ?
  Thanks,

• IPv6 for management and control plane on WLCs and LWAPs

  Good morning, everybody!
  I am trying to find answer to a question that has been previously asked by people but never successfully answered
  The question is about IPv6 support on Cisco Wireless LAN Controllers and access points... Does Cisco have a roadmap to include support for IPv6 used in CAPWAP, control plane and management? There are couple of posts on this topic that do not unfortunately provide any answer to this point.
  https://supportforums.cisco.com/message/3018843
  https://supportforums.cisco.com/docs/DOC-15667
  Infamous "Cisco IPv6 Solution" at http://www.cisco.com/en/US/partner/technologies/collateral/tk648/tk872/tk373/technologies_white_paper_09186a00802219bc_ps6553_Products_White_Paper.html briefly states "Wireless Solutions... In future, IPv6 control plane features may get added to those components."
  Has anyone heard of any more specific roadmap for IPv6 support for CAPWAP, control plane and management on WLCs and LWAPs?

  Full ipv6 support will never be available on the Wism and 440x controllers because they have a NPU to forward traffic and it was not designed with ipv6 in mind.
  The 5508 and Wism2 and all new controllers all have CPU based forwarding and ipv6 is coming in next releases.
  WLC 8.0 is only for december 2011/2012 and I have to say I don't know if it will support native ipv6.
  my 2 cents