8510 WLC

Similar Messages

• 8510 WLC realase 8.1 New mobility?

  Hi,
  Does someone know when the release 8.1 for the 8510 WLC is coming? Does it going to support the New Mobility stuff? As far as I know, Cisco was planning to include this feature back again in version 8.1.
  Thank you.
  Joana.

  We have a 8510 WLC as a foreign controller and a 5760 as a mobility anchor in the DMZ. Will this be supported?
  Yes, Guest anchoring will be supported between 8510 with new mobility & 5760
  We have been advised to use 2504 WLCs as mobility anchors for smaller sites. Do you think they will interoperate fine with our core/foreign 8510 WLCs?
  I would think so. 2504 with new mobility, you should be able to peer it with 8510.
  HTH
  Rasika
  *** Pls rate all useful responses ****

• Initial AP registration on a 8510 WLC HA-SKU and N+1 deployment

  Hi,
  We have several 8510 controllers and one of them needs to be configured as HA SKU for N+1 deployment. I am testing the scenario with two controllers right now, so I have the primary and the secondary controller configured as part of the same Mobility Group and they appear UP. Please, see the rest of the configuration below.
  When I power off the Primary controller, the APs don’t register to the HA SKU controller (secondary). These two controllers are in different parts of the network but they are members of the same mobility group.
  Do I need to specify the HA SKU controller in the DHCP scope for the APs? I am not sure what I am missing....
  Do you have any suggestions?
  Thank you.
  Primary Controller:
  (Cisco Controller) >show redundancy summary
   Redundancy Mode = SSO DISABLED
       Local State = ACTIVE
        Peer State = N/A
              Unit = Primary
           Unit ID = XX:XX:XX:XX:XX:XX
  Redundancy State = N/A
      Mobility MAC = XX:XX:XX:XX:XX:XX
  Redundancy Management IP Address................. 0.0.0.0
  Peer Redundancy Management IP Address............ 0.0.0.0
  Redundancy Port IP Address....................... 0.0.0.0
  Peer Redundancy Port IP Address.................. 169.254.0.0
  Wireless --> Access Points -->  Global Configuration:
  (Cisco Controller) >show redundancy summary
   Redundancy Mode = SSO DISABLED
       Local State = ACTIVE
        Peer State = N/A
              Unit = Secondary - HA SKU
           Unit ID = XX:XX:XX:XX:XX:XX
  Redundancy State = N/A
      Mobility MAC = XX:XX:XX:XX:XX:XX
  Redundancy Management IP Address................. 0.0.0.0
  Peer Redundancy Management IP Address............ 0.0.0.0
  Redundancy Port IP Address....................... 0.0.0.0
  Peer Redundancy Port IP Address.................. 169.254.0.0
  Controller--> General:

  Hi Scott,
  Yes, it is N+1 HA with HA-SKU what I need to implement.
  “6000 Access Points Supported” is shown in the main GUI page.
  I followed the guide you mentioned to do this configuration:
  1 - From the primary controller, configure the backup controller on the primary to point to the secondary controller:
  (Cisco Controller) >config advanced backup-controller primary Secondary 10.9.51.252
  (Cisco Controller) >show advanced backup-controller
  AP primary Backup Controller .................... Secondary 10.9.51.252
  AP secondary Backup Controller ..................  0.0.0.0
  2 - On the permanent AP count WLC, use the config redundancy unit secondary command to convert the controller into an HA-SKU secondary controller:
  (Cisco Controller) >config redundancy unit secondary
  (Cisco Controller) >
  3- On the CLI, use the show redundancy summary command to view the status of the primary and secondary controllers:
  Primary:
  (Cisco Controller) >show redundancy summary
   Redundancy Mode = SSO DISABLED
       Local State = ACTIVE
        Peer State = N/A
              Unit = Primary
           Unit ID = F8:72:EA:66:B8:A0
  Redundancy State = N/A
      Mobility MAC = F8:72:EA:66:B8:A0
  Redundancy Management IP Address................. 0.0.0.0
  Peer Redundancy Management IP Address............ 0.0.0.0
  Redundancy Port IP Address....................... 0.0.0.0
  Peer Redundancy Port IP Address.................. 169.254.0.0
  Secondary:
  (Cisco Controller) >show redundancy summary
   Redundancy Mode = SSO DISABLED
       Local State = ACTIVE
        Peer State = N/A
              Unit = Secondary - HA SKU
           Unit ID = F8:72:EA:66:E4:40
  Redundancy State = N/A
      Mobility MAC = F8:72:EA:66:E4:40
  Redundancy Management IP Address................. 0.0.0.0
  Peer Redundancy Management IP Address............ 0.0.0.0
  Redundancy Port IP Address....................... 0.0.0.0
  Peer Redundancy Port IP Address.................. 169.254.0.0
  As far as I can tell I have completed all the steps. In my configuration, “Redundancy Management IP Address” and “Peer Redundancy Management IP Address” are 0.0.0.0; these are the only differences I can find with the configuration in the Guide.
  Redundancy Management IP Address................. 0.0.0.0
  Peer Redundancy Management IP Address............ 0.0.0.0
  Thank you.
  Joana.

• 8510 WLC in HA mode over OTV

  Hi
  I am looking at installing some 8510s in High Availability mode. As the 8510s will be in different Data Centres I need to take into account the HA failover connectivity.
  I can see on CCO some info on L2 connectivity been needed for WiSMs but cant find any info on 8510s.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.pdf
  The Redundancy VLAN should be a non routable VLAN. In other words, no layer 3 interface should be
  created for this VLAN and can be allowed on VSL Link to extend HA setup between multiple chassis
  in VSS setup. It is important to make sure this VLAN is dedicated for the HA process and is not part of
  any Data VLAN, or else it may result in unpredictable results.
  The connectivity between the Data Centres uses Nexus 7k & 5k's, with Layer 2 provided by OTV.
  Does or has anyone installed 8510s or other WLC appliances over a dedicated L2 VLAN between different switches using OTV and can it be configured ?
  cheers
  Hi
  re this part of the response
  5500/7500/8500 WLCs have a dedicated Redundancy Port which should be connected back to back in order to synchronize the configuration from the Active to the Standby WLC. Keep-alive packets are sent on the Redundancy Port from the Standby to the Active WLC every 100 msec (default timer) in order to check the health of the Active WLC.
  can the dedicated redundancy Port be connected over an OTV link to mimic a back to back connection as we need to put the 8510s into 2 different Data Centres

  Hi Vinod,
  After reading your answer above, please correct me if i am wrong that for the HA to happen it has been connected back to back through the redundant port for checking its keep alive.
  but as per cisco this is there statement.
  High availability (HA): Client SSO
  Enables client stateful switchover for 1:1 redundant controller deployments
  Industry's first and only controller redundancy solution reduces client downtime to less than a second for business-critical applications, with no client reauthentication needed. The redundant controllers can be geographically distributed over a Layer 2 connection for data center level redundancy
  so how is this possible? i have configured OTV for the Management port but question araises for the redundant port which uses link local address how we will get the layer 2 capabilities for that.

• Cisco 8510 WLC and RTU licence

  Hi Guys,
  I have a simular issue where is shows the status as active, not-in-use.
  What does this mean and how do I get this to be in use.
  This is a Controller with HA-SKU license.
  The licenses has been inherited from the Primary Controller.
  Any license on HA-SKU controller is disregarded.
  Feature name: ap_count (adder)
  License type: Permanent
  License state: Active, Not-In-Use
  License Nodelocked: No
  RTU License Count: 50
  Hope to hear from you soon.
  Regards,
  Clifton.

  Hi,
  since this is a HA-SKU WLC, and the license is inherited from the active then no need to have a permenant license on it.
  is the HA working fine?
  please review the following link for the HA licensing requirements
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#licensing

• 8500 WLC Console Access

  Hi,
  It might be a silly question, but I stuck with it from 30 mins trying to Console to Cisco 8500 WLC.
  As per the Installation and Configuration Guide, I used DB-9 to RJ-45 Converter to console into the WLC. But Putty and Teraterm doesn't detect the console cable at all.
  I tried to find the procedure from Cisco docs, but no luck.
  I have connected VGA, USB ports to Monitor and Keyboard - Mouse and the boot process stuck at
  Decompressing Linux......done.
  Booting the kernel
  I looked at the following post, which has same issue, but no resolution posted there
  https://supportforums.cisco.com/thread/2234788
  Any help as how to gain console access to the Cisco 8500 WLC using DB-9 to RJ-45 Converter and RF-45 cable.
  Thanks,
  CJ

  Did you find any solution to this?. I am facing the same issue with a recently purchased 8510 WLC.
  This box is similar to the ISE so I decided to use the VGA, USB ports to Monitor and Keyboard - Mouse but as indicated above, the boot process stuck at:
  Decompressing Linux, done
  Booting the kernel
  Cisco sent the box with a DB-9 - 3.5mm termination (like headphone cable termination) black cable but the ports to connect that 3.5 termination to the WLC said in the Figure 1-6 of Cisco doc: "CONSOLE PORT NOT USED". 
  Looks like I should open a TAC Case. Any ideas?
  thanks

• WLC 5508 HA Anchor DHCP issue

  Hi Cisco Support Community,
  I am currently notice some issues within my WiFi infrastructure.
  Our infrastructure is setup with a 8510 WLC high availability cluster (AP SSO) and a 5508 WLC high availability cluster (AP SSO) as mobility anchor within the DMZ zone.
  The issue I noticed is that if there is a switchover on the 5508 WLC high availability cluster the users wont be able to receive a DHCP IP address.
  I already read some of the other threads regarding this topic. (About Mobility Anchor: Policy Manager State = DHCP_REQD) (DHCP Anchor controller problem.)
  But unfortunately I was unable to find any solution for my issue.
  We currently have three SSID´s with anchoring active and I have noticed that only the SSID´s with layer 3 security enabled are affected by this issue.
  The one SSID with PSK and MAC Auth are not affected by this issue.
  I already checked the configuration for the SSID´s between the main controller and the anchor controller the SSID´s are configured the same except the breakout interface.
  Even the described SSID with PSK and MAC Auth configured uses the same breakout interface as one of our layer 3 security enabled SSID´s.
  The configuration works so far only in case of failover the clients connected to one of the SSID´s with layer 3 security enabled are unable to receive a IP address by the DHCP server.
  I also performed some troubleshooting for the client on the anchor side.
  I added part oft the troubleshooting outputs as workingssid.txt and notworkingssid.txt to this thread.
  Maybe one of you guys have some advice for me to address the issue.
  Thanks for your support in advance
  With kind regards
  Benedikt

  As far as your L3 roaming is concerned ,Make sure your using latest and most stable firmware for WLC,
  Make sure Mobility group are same and config on WLCs before switchover happens. Make sure if DHCP is out the network then option 43 is set and you are able to get ip from both WLC manually and able to ping. Make sure AP-manager interface virtual ip is set. Make sure SSO is enabled on both controller.
  Check the following link also.
  https://supportforums.cisco.com/discussion/11662541/layer-3-roaming-and-dhcp
  Please confirm and mark it correct answer if your issue resolved.

• N+1 & OfficeExtend Access Points

  There seems to be a lot of conflicting information out there so I thought I'd ask you guys.
  Is N+1 supported with OfficeExtend Access Point (OEAP) 600 clients supported?
  I want to implement it on the following
  2* 8510 WLC's
  release 7.5

  On any AP that joins the WLC including the OEAP 600, you can specify the access points high availability. That is the definition of N+1, specifying the primary, secondary and or tertiary wlc's.
  I also just verified this on our lab network with OEAP 600's.
  Sent from Cisco Technical Support iPhone App

• Cryptic authentication failure message in PI

  We've a 8510 WLC (running 7.6.130.0) in HA setup, working fine.
  However, in Prime Infrastructure (2.1) managing this 8510 I see the following error message/event a lot:
  General Info
  Failure Source <wlc_name>
  Category Wireless Controller
  Generated Thu Feb 26 2015 13:13:52 CET
  Generated By Wired Switch
  Device IP Address <wlc_ip>
  Severity Minor
  Messages
  Device '<wlc_ip>'. Authentication failed for request from 'Unknown'.
  Always three at a time (same contents), with sometimes 2 minutes and sometimes more then an hour between them.
  Attached is a screenshot of one of those messages.
  I checked the controller with a 'debug aaa events enable' but came up with nothing. Also both the RADIUS and TACACS+ log on the ACS, but no mention of anything failed.
  I've no idea where to look. Any ideas?

  Hi Munna,
  if your WAS requires user authentication you should do this:
  1. set-up security options of Logical Port in you WS Model (Security tab > set HTTP Authentication)
  2. before WS executing set user name and password:
  wdContext.currentRequest_UMWebService_getMappingElement().modelObject()._setUser("user");
  wdContext.currentRequest_UMWebService_getMappingElement().modelObject()._setPassword("pwd");
  Let me know if this help,
  regards
  Pavel

• Duplex mismatch between N7k and 5508

  Hi All,
  I met a duplex mismatch issue in our new DC.
  The port configuration on the N7k and controller is the same as in other DC
  Only difference is version of the NxOS on the N7k.
  On N7k 5.2(1) works
  On N7k 5.2(7) i get below logs :
  2013 Aug 21 22:23:24 xxx %CDP-4-DUPLEX_MISMATCH: Duplex mismatch discovered on Ethernet10/8, with LAGInterface0/3/1
  2013 Aug 21 22:24:24 xxx last message repeated 8 times
  2013 Aug 21 22:25:24 xxx last message repeated 8 times
  2013 Aug 21 22:27:24 xxx last message repeated 16 times
  2013 Aug 21 22:29:24 xxx last message repeated 16 times
  Port configuration :
  interface Ethernet10/8
    description WLC 5508-1
    switchport
    switchport mode trunk
    switchport trunk native vlan 50
    switchport trunk allowed vlan 50,500,570
    spanning-tree port type edge trunk
    channel-group 1100
    no shutdown
  xxx# sh int e 10/8
  Ethernet10/8 is up
  Dedicated Interface
    Belongs to Po1100
    Hardware: 10/100/1000 Ethernet, address: 0006.f6b1.d2f7 (bia 0006.f6b1.d2f7)
    Description:WLC 5508-1
    MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA
    Port mode is trunk
    full-duplex, 1000 Mb/s
  Controller 5508 version 7.3.112.0
  Controller ports :
  Port Summary
             STP   Admin   Physical   Physical   Link   Link
  Pr  Type   Stat   Mode     Mode      Status   Status  Trap     POE    SFPType
  1  Normal  Forw Enable  Auto       1000 Full  Up     Enable  N/A     1000BaseTX
  2  Normal  Forw Enable  Auto       1000 Full  Up     Enable  N/A     1000BaseTX
  3  Normal  Forw Enable  Auto       1000 Full  Up     Enable  N/A     1000BaseTX
  4  Normal  Forw Enable  Auto       1000 Full  Up     Enable  N/A     1000BaseTX
  How can i fix this issue ? Ports are set up and show the same - 1000 / Full
  the messages are annoying as loggs are almost full of them.
  Thank you in advance

  Hi Matthew,
  The issue is related to bug -> "CDP duplex mismatch when using LAG on 5508 & 8510 WLC” (CSCuc94082)
  The fastest way to solve (workaround) this is disable cdp on the controller by executing following command:  config cdp advertise-v2 disable
  Hope this helped you
  Regards,
  Radek

• Allowing Static IP Addresses for Clients

  When I setup my two 8510 WLC's, I think I may have not allowed static IP's for clients. How can I see on the CLI or GUI if that setting is enabled or disabled? I can't find this anywhere.

  Thanks Steve. I looked at that piece of it and yes, it was fine. On the basic setup when the controller first comes up, there was an option for "Allow Static IPs" and I am pretty sure I said yes, but for some reason, I can't use any static addresses on WLAN's that I am able to use on other controllers. There is no command on the CLI that shows if that is enabled or disabled? It may not have anything to do with this as it may be a global configuration for allowing the controller to use a static. Not sure.

• WLC 8510 7.5.102.0 image needed

  Hi Guys,
  anyone can share 8510 7.5.102.0 image?
  our client need it urgently, on cisco web that image is deffered already. cant download any longer
  really appreciate if you can share,
  regards,
  Victor

  Hi Rasika,
  yes noted for that,, thank you.
  but for this case we already implemented 7.5.102.0 on all WLCs, our n+1 device that having problem that need that image, at this momment we cant upgrade/change the code.
  appreciate if someone still have it on local HD and can share to me.
  Regards,
  Victor

• WLC 8510 Time Based ACL Support

  Hi,
  I see something like this in the Data Sheet of 8510 "A wireless policy engine on the Cisco 8500 Series enables profiling of wireless devices and enforcement of policies such as VLAN assignment, QoS, access control lists (ACLs), and time-of-day- based access." I wonder if does WLC 8500 has time-based ACL support, or data sheet is talking about anything else?
  Thank you for replies.
  M.S.Temelli / Istanbul Technical University

  You want a straight answer or you want an answer coming out from the SALES team? 
  Sales team will say "YES".  Will it be effective?  Not one bit.    You go to Security > Local Policy.  You create a Local Policy (and attached to your SSID) and determine what time/day you want specific criterea (like wireless client manufacturer).  
  However, if you want what time/day you want the SSID to go down or UP, then you'll need something more robust, like a Layer 3 ACL.  
  If you want something like a time/day you want the radio(s) of the AP to go down/up then you need something like EnergyWise or WCS/NCS/PI.

• Filter RADIUS Attributes transmitted by WLC?

  Afternoon all,
  I've got an 8510 on the latest 7.6.120.0 software and I have a standard WPA2/802.1x Wireless LAN.  When Users authenticate we send their traffic off to a RADIUS Server, but when we do, the WLC includes all sorts of superfluous RADIUS attributes in the request (various things like default VLAN ID and all sorts of Cisco Airespace bits)
  The RADIUS Server we're using can't filter these attributes out, so I'd like to find a way of having the WLC not send them in the first place...  Any suggestions?
  Cheers,
  Richard

  Hi Richard,
  As far as I know you cannot do anything on WLC to stop this. 
  Did you speak to TAC and ask about this ? Not sure any hidden commands to do this though.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Cisco 8510 redundancy in different data center

  Hi
  I have a costumor that has set up two 8510 in AP SSO mode using version 7.4 between two data centres.
  The redundancy port is connected using a flat vlan spanning the two centers. I know that this is not recommended, but this is how it done.
  Now reading the deployment guide for version 7.5 (and 7.6) the RP connection is now longer needed.
  I have read the configuration steps in the two types of setup; same and different data centers.
  As I see it the only difference there there is no connection between the RP ports.
  So now my question. To change the setup to the recommended design is all I have to do is remove the back-to-back fiber link between the controllers ?
  Regards Rasmus

  Here is the thing with AP SSO
  And having the WLC's in different locations.
  If your spanning all the vlan's over, I guess that would be fine, but is that a good design? If the primary ails and the HA takes over, well your interfaces have to match what's on the primary. It really comes down to design. N+1 would be better if your not spanning subnets. AP SSO is fine if you keep the WLC's in the same location. Always look at what will happen during a failover and how will clients access the network.
  Sent from Cisco Technical Support iPhone App