5760 WLC Clean Air question

Similar Messages

• 5760 WLC and 5760 HA WLC question

  Hi everyone,
  I assume this information must exist... I just cannot locate it. Customer purchasing two 5760 WLCs:
  1     AIR-CT5760-500-K9
  1     AIR-CT5760-HA-K9
  I am looking for info on how to configure these 2 WLCs to work together.  How do you inform the production WLC that a HA WLC is available to sync with? Do WLCs have to be L-2 adjacent, or will HA operate at L-3?  How does this HA setup work? etc.
  Any help would be really appreciated.

  Hi,
  Any news regarding this issue?
  We've have the same scenario:
  1     AIR-CT5760-500-K9
  1     AIR-CT5760-HA-K9
  Both running
  IOS XE 03.03.01SE
  I've activated Global AP Failover Priority in both WLC and from a total of 47 APs, i've configured 8 with Priority Critical, 7 APs with Priority High and  3 APs with Priority Medium.
  We've issued an reload to the primary WLC and it took 7 minutes for the APs recover from the Secondary to the Primary
  13:14 - reload issued on the primary WLC
  13:15 - service granted by the secondary WLC (required an shut/no shut to the "Network Status" of the radio interfaces)
  13:22 - service recovered to the primary WLC
  Edit - Forgot to mention that the priority values mentioned above didn't show much improvement in the AP recovery time...

• Ncs, wlc and clean air

  Hi,
  we have this:
  1x wlc 5508 7.2.103
  1x cisco prime infrasture physical appliance 1.2
  And for test of clean air 1x ap 3600 series
  But i have a question if i would like see bluetooth device in neighborhood.D you really have to other device?
  On the cisco web i founded 3355 or virtual appliance.Do I need this device?
  Thank you
  Sent from Cisco Technical Support iPad App

  You need, a minimum, the AP and the WLC if you want to see how BT is being detected.
  CPI is only for show-and-tell. 

• Clean Air - WLC 5508

  Hello
  Do I need to buy additional license for clean air to work, currently my BOQ cover
  WLC 5508 with 50 AP license  ( part no : AIR-CT5508-50-K9 )
  20 AP ( model 3502  )
  Redundant Power supply
  LIC-CT5508-50  ( is this required to be mentioned )
  Also I would like to understand are there any better model than AP 3502 & newer WLC model than 5508 ( I would have application users accessing application via Wireless LAN )
  thanks
  ST

  Thank you Scott for the guide will have a look at that.
  5500 series WLC got 8SFP uplinks hence;-
  Can we Group 2 or more SFP for a specific SSID only configured on WLC and other SSID to route traffic from other uplink ports
  Uplinks from WLC to Core are generally configured for failover or link aggregation
  On WLC there are 5 SSID configured for example , the AP installed in HR room should broadcast only ONE SSID ( is this possible )
  thanks
  ST

• WLAN Clients not browsing on Cisco Wireless Controller WLC NME-AIR-WLC12-K9

  HiI have a question and i need a solution and expert help.I have done a deployment which involves Security (ASA5540), Routing/voice gateway/wlc NME-AIR-WLC12-k9) and Switching (Cisco3845-ccme/k9)Below is the list of equipment used:1. Cisco ASA 5540 - which is connected at the edge to the ISP router
  2. Core Switch WS-C4948E as core and DHCP Server for all VLANs
  3. Access/Distribution Switches WS-C3560G-48PS-S connected as trunk to the core switch
  4. Router/Voice Gateway/WLC Cisco3845-CCME/K9 - This is the voice gateway and also the WLC
  5. Wireless APs AIR-LAP1242AG-E-K9 (12 qty)Here is the deployment scenario:1. G0/0 of the ASA is connected to a 7200 router from the ISP (Public IP Add)
  2. G0/1 of the ASA is connected to gig 1/3 on the Core Switch on VLAN 2 which is the management VLAN (Local IP 10.1.1.2)
  3. Port 3 of the Core switch is on vlan 2 connected to ASA - Management IP of Core Switch is 10.1.1.1. Core Switch is the DHCP Server for all VLANS on the network.
  4. All the Access/Distribution switches are configured with IP Addresses on VLAN 2
  5. Telephony Services is configured on the router and DHCP Pool for Access Points and Wireless Clients is running on the router.
  6. Two DHCP pools were created on the router for APs and Wireless Clients.
  7. G0/0 of the router is configured on the same network that issues dhcp ip to the AP and is connected to gig 1/1 on the core switch
  8 G0/1 of the router is configured as the voice port for the IP Telephony Services and is connected to G 1/2 on the core switch1. Clients receiving DHCP IP on the Core Switch can communicate with all vlans and can browse to the Internet.
  2. IP Telephony Services is running well.
  3. Client on wireless can get IP from the DHCP on the router but cannot browse.I have pings from the router to the core switch and firewall, but clients connected to the wireless
  cannot ping other vlans on the core switch and vice versa.The port connecting the router to the core switch is an Access Port, i have changed to to trunk but still no changes.My biggest problem now is how to make the clients on the wireless communicate with other clients on the network and be able to browse to the Internet.Below is the configs on the router and core switch.Router ConfigNimc_Voice_Router#sh run
  Building configuration...
  Current configuration : 10513 bytes
  ! Last configuration change at 13:03:55 Nigeria Mon Nov 29 2010 by admin
  ! NVRAM config last updated at 13:03:56 Nigeria Mon Nov 29 2010 by admin
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Nimc_Voice_Router
  boot-start-marker
  boot-end-marker
  ! card type command needed for slot/vwic-slot 0/2
  logging message-counter syslog
  enable secret
  aaa new-model
  ! aaa authentication login default local
  aaa session-id common
  clock timezone Nigeria 1
  dot11 syslog
  ip source-route
  ip dhcp excluded-address 10.1.12.1 10.1.12.10
  ip dhcp excluded-address 192.168.1.1 192.168.1.10
  ip dhcp pool LWAAP-AP
  network 10.1.12.0 255.255.255.0
  default-router 10.1.12.1
  option 43 hex f104.c0a8.0002
  dns-server 83.229.88.30 4.2.2.2 193.238.28.249
  option 60 ascii "Cisco AP c1240"
  ip dhcp pool Wireless
  network 192.168.1.0 255.255.255.0
  default-router 192.168.1.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  ip cef
  no ip domain lookup
  ip domain name nimc.gov.ng
  ip name-server 83.229.88.30
  ip name-server 193.238.28.249
  ip name-server 4.2.2.2
  no ipv6 cef
  multilink bundle-name authenticated
  voice-card 0
  archive
  log config
  hidekeys
  interface GigabitEthernet0/0
  description Connection to AP
  ip address 10.1.12.1 255.255.255.0
  ip helper-address 192.168.0.2
  load-interval 30
  duplex auto
  speed auto
  media-type rj45
  interface Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/1
  ip address 10.1.2.2 255.255.255.0
  duplex auto
  speed auto
  media-type rj45
  interface FastEthernet0/0/0
  no ip address
  shutdown
  duplex auto
  speed auto
  interface Serial0/1/0
  no ip address
  shutdown
  no fair-queue
  clock rate 2000000
  interface Serial0/1/1
  no ip address
  shutdown
  clock rate 2000000
  interface Integrated-Service-Engine1/0
  ip address 192.168.0.1 255.255.255.0
  no keepalive
  interface Integrated-Service-Engine1/0.15
  encapsulation dot1Q 15
  ip address 192.168.1.1 255.255.255.0
  interface Integrated-Service-Engine1/0.100
  encapsulation dot1Q 100
  ip forward-protocol nd
  ip forward-protocol udp 12223
  ip route 10.1.0.0 255.255.255.0 10.1.1.1
  ip route 10.1.1.0 255.255.255.0 10.1.1.1
  ip route 10.1.2.0 255.255.255.0 10.1.1.1
  ip route 10.1.3.0 255.255.255.0 10.1.1.1
  ip route 10.1.4.0 255.255.255.0 10.1.1.1
  ip route 10.1.5.0 255.255.255.0 10.1.1.1
  ip route 10.1.6.0 255.255.255.0 10.1.1.1
  ip route 10.1.7.0 255.255.255.0 10.1.1.1
  ip route 10.1.8.0 255.255.255.0 10.1.1.1
  ip route 10.1.9.0 255.255.255.0 10.1.1.1
  ip route 10.1.10.0 255.255.255.0 10.1.1.1
  ip route 10.1.11.0 255.255.255.0 10.1.1.1
  ip route 10.1.12.0 255.255.255.0 10.1.1.1
  ip route 192.168.0.0 255.255.255.0 10.1.1.1
  ip route 192.168.1.0 255.255.255.0 10.1.1.1
  no ip http server
  ip http secure-server
  !Core Switch Configsh run
  Building configuration...Current configuration : 10622 bytes
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  service compress-config
  hostname Nimc_Core
  boot-start-marker
  boot-end-marker!
  aaa new-model
  aaa authentication login default local
  aaa session-id common
  storm-control broadcast include multicast
  ip subnet-zero
  no ip domain-lookup
  ip domain-name nimc.gov.ng
  ip dhcp excluded-address 10.1.2.1 10.1.2.10
  ip dhcp excluded-address 10.1.4.1 10.1.4.10
  ip dhcp excluded-address 10.1.5.1 10.1.5.10
  ip dhcp excluded-address 10.1.6.1 10.1.6.10
  ip dhcp excluded-address 10.1.7.1 10.1.7.10
  ip dhcp excluded-address 10.1.8.1 10.1.8.10
  ip dhcp excluded-address 10.1.9.1 10.1.9.10
  ip dhcp excluded-address 10.1.10.1 10.1.10.10
  ip dhcp excluded-address 10.1.3.1 10.1.3.10
  ip dhcp pool Voice
  network 10.1.2.0 255.255.255.0
  next-server 10.1.2.1
  option 150 ip 10.1.2.2
  default-router 10.1.2.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  ip dhcp pool SF_DGs_Office
  network 10.1.3.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.3.1
  dns-server 81.199.3.7
  lease 10
  ip dhcp pool Admin_Process_Fac_Mgt
  network 10.1.4.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.4.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool SF_IDD
  network 10.1.5.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.5.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool Finance_Fin_Inv
  network 10.1.6.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.6.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool Finance_CS
  network 10.1.7.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.7.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool FF_Human_Capital_Mgt
  network 10.1.8.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.8.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool FF_Legal_Services
  network 10.1.9.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.9.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool SF_Procurement_Serv
  network 10.1.10.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.10.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip vrf mgmtVrf
  errdisable recovery cause bpduguard
  errdisable recovery interval 180
  power redundancy-mode redundant
  spanning-tree mode mst
  spanning-tree portfast bpduguard default
  spanning-tree extend system-id
  spanning-tree mst configuration
  name xxxx
  revision 1
  instance 1 vlan 1-20
  spanning-tree mst 1 priority 0
  spanning-tree vlan 1-20 priority 0
  vlan internal allocation policy ascending
  interface FastEthernet1
  ip vrf forwarding mgmtVrf
  no ip address
  speed auto
  duplex auto
  interface GigabitEthernet1/1
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface GigabitEthernet1/2
  switchport access vlan 4
  switchport mode access
  spanning-tree portfast
  interface GigabitEthernet1/3
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/4
  switchport mode access
  spanning-tree portfast
  interface GigabitEthernet1/5
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/6
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/7
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/8
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast!
  interface GigabitEthernet1/9
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/10
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/11
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/12
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/13
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/14
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/15
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/16
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/17
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/18
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/19
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/20
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/21
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/22
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/23
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/24
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/25
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/26
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/27
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/28
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/29
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/30
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/31
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfastinterface GigabitEthernet1/32
  switchport access vlan 2
  switchport voice vlan 4
  interface GigabitEthernet1/33
  switchport mode access
  interface GigabitEthernet1/34
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/35
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/36
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/37
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/38
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/39
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/40
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/41
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/42
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/43
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/44
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/45
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/46
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/47
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface GigabitEthernet1/48
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface Vlan1
  no ip address
  shutdown
  interface Vlan2
  description Management
  ip address 10.1.1.1 255.255.255.0
  interface Vlan3
  description Enterprise
  ip address 10.1.0.1 255.255.255.0
  interface Vlan4
  description Voice
  ip address 10.1.2.1 255.255.255.0
  interface Vlan5
  description SS_DGs_Office
  ip address 10.1.3.1 255.255.255.0
  interface Vlan6
  description Admin_Process_Fac_Management
  ip address 10.1.4.1 255.255.255.0
  interface Vlan7
  description SF_National_Identity_Database
  ip address 10.1.5.1 255.255.255.0
  interface Vlan8
  description Fin_Finance_Investment
  ip address 10.1.6.1 255.255.255.0
  interface Vlan9
  description Fin_Corporate_Services
  ip address 10.1.7.1 255.255.255.0
  interface Vlan10
  description FF_Human_Capital_Management
  ip address 10.1.8.1 255.255.255.0
  interface Vlan11
  description FF_Legal_services
  ip address 10.1.9.1 255.255.255.0
  interface Vlan12
  description SF_Procurement_Services
  ip address 10.1.10.1 255.255.255.0
  ip default-gateway 10.1.1.2
  ip route 0.0.0.0 0.0.0.0 10.1.1.2
  ip route 10.1.1.0 255.255.255.0 10.1.1.2
  ip route 10.1.2.0 255.255.255.0 10.1.1.2
  ip route 10.1.3.0 255.255.255.0 10.1.1.2
  ip route 10.1.4.0 255.255.255.0 10.1.1.2
  ip route 10.1.5.0 255.255.255.0 10.1.1.2
  ip route 10.1.6.0 255.255.255.0 10.1.1.2
  ip route 10.1.7.0 255.255.255.0 10.1.1.2
  ip route 10.1.8.0 255.255.255.0 10.1.1.2
  ip route 10.1.9.0 255.255.255.0 10.1.1.2
  ip route 10.1.10.0 255.255.255.0 10.1.1.2
  ip route 10.1.11.0 255.255.255.0 10.1.1.2
  ip http server
  --More--                 
  control-plane
  line con 0
  stopbits 1
  line vty 0 4
  end
  Please i need somebody to help me

  I wouldn't configure an ip address on the service engine subinterface.
  Try setting up a vlan interface on the router with that ip address and the subinterface will be linked to the vlan interface through the encapsulation command. A vlan interface will better work as a gateway for the wireless clients
  Nicolas

• Migrating to Clean Air

  I have a question that I need answered preferably by a Cisco employee or someone who has migrated to Clean Air.  We are thinking of migrating to the Cisco 3500 series APs in our environment.  I was told a while back that Clean Air is only supported as a fork lift upgrade, meaning all APs would need to be 3500 in order to migrate.  I was also told that we could use the 3500s in monitor mode for troubleshooting, but could not intermingle AP models.
  I am aware that the code level needs to be at 7.0 to have the features of clean air, but is it true that I can not migrate slowly to replace my present APs?  I am in a pretty large wireless environment with multiple WiSMs.  There is just no way to do this all at once. 
  Erick

  So will I still be able to see the benefits of the Clean Air technology in a mixed environment?  Interestingly, that is not the information I was given initially. Are there any features in the 7.0 code that I will not have be able to take advantage of or are there any gotchas I need to be aware?  While the benefits of Clean Air may not be recognized with our b/g clients, will the 3500 APs still service b/g clients for network access?
  I found this straight from the Cisco documentation regarding the Clean Air design guide.
  Mixing CleanAir LMAP and legacy non CleanAir APs in the same installation
  Why should I not mix CleanAir LMAP and Legacy LMAP APs in the same physical area? This question pertains to this use case:
  “I currently have non CleanAir APs deployed (1130,1240, 1250, 1140) in local mode. I want to add just a few CleanAir APs to increase my coverage/density. Why can’t I just add some APs and get all the CleanAir features?”
  This is not recommended because CleanAir LMAPs only monitor the serving channel and all CleanAir features rely on measurement density for quality. This installation would result in indiscriminate coverage of the band. You could well end up with a channel (or several) that has no CleanAir coverage at all. However with the base installation, you would be using all of the channels available. Assuming RRM is in control (recommended) it is entirely possible that all of the CleanAir APs could be assigned to the same channel in a normal installation. You spread them out to try to get the best spatial coverage possible, and that actually increases the odds of this.
  You certainly can deploy a few CleanAir APs in with an existing installation. It is an AP and would function fine from a client and coverage standpoint. CleanAir functionality would be compromised and there is no way to really guarantee what the system would or would not tell you regarding your spectrum. There are far too many options in density and coverage which can be introduced to predict. What would work?
  AQ would be valid for the reporting radio only. This means it is only relevant for the channel that it is serving, and this could change at any time.
  Interference alerts and zone of impact would be valid. However, any location derived would be suspect. Best to leave that out all together and assume closest AP resolution.
  Mitigation strategies would be ill-advised to operate because most of the APs in the deployment would not operate the same way.
  You would be able to use the AP to look at spectrum from Spectrum Connect.
  You would also have the option to temporarily switch to monitor mode at any time in order to perform a full scan of the environment.
  While there are some benefits, it is important to understand the pitfalls and adjust expectations accordingly. It is not recommended, and issues arising from this type of deployment are not supportable based on this deployment model.
  A better option if your budget does not support adding APs that do not serve client traffic (MMAP) is to collect enough CleanAir APs to deploy together in a single area. Any area that can be enclosed on a map area can contain a Greenfield CleanAir deployment with full feature support. The only caveat on this would be location. You still need enough density for location.
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b4bdc1.shtml

• 5508 as mobility anchor to 5760 WLC

  I have 4 5508 WLCs in my environment now, installed at various locations. One 5508 is acting as an anchor for guest access.  All other 5508s connect back to the anchor for the same SSID, the guest wireless WLAN.  A new office is opening up with several new APs using a newer 5760 WLC running as an MC.  Currently the 5508's do not have New Mobility enabled.  I'm pretty sure I need to enable this on the anchor at least, but the question is do all 5508 WLCs need to be changed to support New Mobility; and if so, does it require any new configuration so that I don't break the guest wireless SSID?  I am new to New Mobility so I am not sure what to expect.  Other than rebooting a few WLCs to turn on New Mobility.
  All 5508's run 7.6.130.0.  The newer 5760 runs 03.06.02E. 
  Thanks
  Jeff

  OK, so to recap;
  - place the 2nd WLC in the DMZ with only 1 port (set for dynamic AP management)?
  - Then Anchor the guest SSID (on it's DMZ IP instead of management IP as is now)
  And to make that kind of anchoring work, I have to open ports below on the firewall.. right?
  UDP port 16666 for inter-WLC  communication, and IP protocol ID 97 Ethernet in IP for client traffic.
  and:
  •TCP 161 and 162 for SNMP 
  •UDP 69 for TFTP 
  •TCP 80 or 443 for HTTP, or HTTPS for GUI access 
  •TCP 23 or 22 for Telnet, or SSH for CLI access
  Thanks to confirm that

• Cisco 5760 WLC initial config

  Hi,
  I am configuring up a Cisco 5760 WLC and wondering if it is required to put in a default route? In this document it says to put one in but i dont see why it is needed as it is connected to a switch via a layer 2 Trunk.
  Reference:
  https://supportforums.cisco.com/docs/DOC-34430
  Another question, since there is no more Dynamic Interfaces and they are replaced with Layer 2 & 3 interfaces instead. Do all Layer 2 interfaces you create require a layer 3 interface IP address to be configured also? As shown below:
  Thanks

  So by default the 5760 has IP routing enabled so you will need to put in a default route. A default gateway won't work unless you disable IP routing first.
  Sent from Cisco Technical Support iPhone App

• Clean Air Express

  Hello)
  I have the question and I didnt find good explanation about it((( So I have Cisco 1602 which supports Clean Air Express. Does it change the channel when detect interferrer? Or not? On cisco.com it just says "makes adjustments to optimize coverage"((( Please clarify what does it mean?

  When I say 'is done on software", the analysis of the interference is done on software.  Unlike the other models, this stage is done with a dedicated hardware, thereby leaving the APs CPU with more space to do other stuff.  
  With CleanAir being done on software, this process is slower in some cases as the CPU has to share resources with other processes.
  Go to Wireless > 802.11a > CleanAir and see if CleanAir is enabled globally.

• Clean Air Technology

  Good day guys!
  I would like to ask if a Mobility Service Engine is really needed to make Clean Air functional on a Cisco 3500?
  Thanks!

  No.  All you need is 7.X to run on the WLC.
  One thing though ... For CleanAir to function optimally, it's recommended that you use 3500i/e exclusively.  You can't (you can but CleanAir won't run clean, excuse the pun) mix the 3500 with other non-CleanAir APs.

• Clean air

      hi,
  what is cisco clean air?
  I have WLC 4404 and 1242AG AP...
  can i configure this on wlc and ap?
  if yes, how

  Cisco CleanAir Technology
  I have WLC 4404 and 1242AG AP...can i configure this on wlc and ap?
  No.  Only the 3500 WAP supports CleanAir.

• Loss of AP signal strength after upgrading to Clean Air on 5508's.

  After upgrading three 5508's (which support 150 AP's) from WLC/WCS version  6.0.182.0 to version 7.0.98.0, our users complained about low signal strength.  Our pre-upgrade RSSI benchmarks confirmed a decrease of -10dB to -20dB signal strength across all AP's, effectively causing wireless networking to be unusable in key areas.
  After confirming our Global signal strength settings in WCS and WLC's were still at the same settings they were at prior to upgrading, we contacted our VAR for advice.
  He suggested that perhaps the upgrade caused all AP's to run at a lower signal strength.  He was right.
  At his recommendation, we reconfigured the WCS to set two AP's to use Individual mode instead of Global mode.  This is found in Radios/802.11b/g/n/Tx Power Level Assignment.  Setting them to level 2 resulted in an average -15dB increase of RSSI, solving our problems in the test environment.  In one case we saw an increase of -30 dB for one AP.
  The signal strength loss due to the upgrade was not expected, based on the upgrade documentation.  Now we must change the settings manually on the remaining 148 AP's.
  I'd like to hear from anyone else who has experienced a decrease in signal strength after upgrading to Clean Air 7.  If you have information from Cisco that documents this problem, I'd REALLY like to read it.
  Hoping this may help you,
  RS

  Hi Rick,
  this is not "expected" or "on purpose". It just happens that improving the RRM algorithm makes things better for 90% of the people but maybe worse for 10% of the people.
  This is why you can set the Tx power treshold on the RRM or set the overal RRM algorithm sensitivity.
  If you put the Tx power treshold to a louder number (=closer to 0) then the APs will reduce less their power level.
  Hope this helps.
  Nicolas
  ===
  Don't forget to rate answers that you find useful

• Has anyone deployed converged access with 3850 switches and 5760 WLCs?

  Has anyone deployed a converged access network architecture with 3850 switches and 5760 WLCs? I have done lots of projects with the 5508 WLCs In a centralized deployment. Basically with this design, I manage 2 logical networks as the wireless network is an overlay over the wired network. I can design firewall to segregate traffic between the wired and wireless hence I can carry both staff and guest traffic.
  Now Cisco is telling us that there is new design such that the dats plane traffic can be dropped locally through the 3850 switched. I am not sold on this and have not found any recommended best practices on when should we use a converged access architecture.
  Pros
  With converged access, data traffic is terminated at the MA which is on the switches, hence the WLC will not be a bottleneck? This is to prepare adoption for 802.11ac?
  Less hops for voice calls from user A to user B as data control traffic is dropped locally.
  Cons
  Now how do I segregate guest and staff traffic if my security folks say I need a firewall?
  Troubleshooting wireless client mobility will be a nightmare as the 3850 switches are MA.
  Pushing and upgrading code for the Code will mean upgrading the stack of switches in the LAN riser. This will be painful in a huge campus environment like an university.
  Can someone convince me why would a customer choose converged access?
  Sent from Cisco Technical Support iPad App

  They choose CA because of the capwap termination at the switch. You can still use a 5508 and tunnel guest to a DMZ segment if you wish. You will need a 5508 though is you want to tunnel traffic to an anchor WLC.
  Sent from Cisco Technical Support iPhone App

• Rogue Ap' s and clean air

  Hi 
  Is there a relation between rogue access point detection and clean air , Rogue access point detection is based on the clean air technology  ?

  No, its not.
  Along with what Salodh suggested, following details might help.
  Rogue APs are:
  APs which are not recognised by our controller.
  APs not been created and managed by our controller.
  The controller put those APs in a category called Rogue.
  Disclaimer: Proper Authorization required to attack a Rogue AP. For Example its our building, our floor and a rogue AP shows up in the middle of it, at that point we might have the authorization to disrupt the services of that AP.
  On the other hand,
  CleanAir Technology identifies and resolves RF interference challenges.
  The term Air Quality Index ranges from 1 to 100 (where 100 means that the Radio Frequency doesn't have much interference and 1 means that AP needs to make changes)
  When and AP detects interference, it rates it by Interference Severity Levels (1=Low Interference Severity and 100=Terrible Interference)
  The Interference Severity reduces the AQI levels.
  AQI Sensitivity Levels:
  High sensitivity: If AQI drops below 60, take action to move channels.
  Medium Sensitivity: If AQI drops below 50, take action to move channels.
  Low Sensitivity: If AQI drops below 35, take action to move channels.

• Attach WAP4410N as WGB to Cisco 5760 WLC with LWAP 3702

  I have 5760 WLC with 3702 wireless infrastructure. Can i connect a WAP4410N AP as WGB to be attached to my current wifi network so i can provide connectivity to some wired devices? Any tips on doing so? And any limitation can be imposed for using this WAP instead of any other AP that are supported by WLC5760? If the wired clients are passive, configuring passive-client on WLC will work normally?

  Thanks Eric for the reply, however, this AP is not expected to be controlled by WLC as you mentioned since it is not lightweight and not supported by this WLC for compatibility. But in this scenario, i'm talking about operating it in WGB mode to be attached to the unified wireless infrastructure. In this scenario, it is just attached as a client that pass the traffic of its clients to the other side.
  I have noticed the below statement in this guide page (539)
  http://hcsdemo.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/37e/consolidated_guide/b_37e_consolidated_3650_cg.pdf
  When non-Cisco WGBs are used, the switch has no information about the IP address of the clients on the wired segment behind the WGB. Without this information, the switch drops the following types of messages:
  • ARP REQ from the distribution system for the WGB client.
  • ARP RPLY from the WGB client.
  • DHCP REQ from the WGB client.
  • DHCP RPLY for the WGB client.
  Accordingly, if the switch will drop all this traffic, then no traffic will be passed from the WGB clients to the network ! what I’m missing here?!!!