Altering VLAN-Konfiguration Controller Management-Interface

Hello
I tried to alter the vlan configuration for the management interface on 4402 controller. The management interface are tagged with the vlan 55.
Now, I d'like to change this vlan 55 definition to a untagged configuration. On the corresponding switchport, I configured the command "sw trunk native vlan 55".
I think with this config the management interface works in the vlan 55 again, but the interface is not reachable after this changes.
Is it possible to do such changes on a working config?
Does anyone know what is wrong with my config?
Regards
Pascal

I know there is a bug on the 5.0 code, which might still be on the 5.1, but I don't have that info. There also was a bug on the 4.1, in which you would have to load the webauth page to the wlc, set the wlc to use the default page and hit apply. Then you would choose to use custom webauth and hit apply and that would fix the issue. You can try that to see if that works, or else if you configurations are correct, then maybe open a TAC case. Like I said earlier, that code is too new.

Similar Messages

  • What VLAN should the management interface be in on a 4400 controller?

    Hi,
    Some documentations put the management interface on a 4400 controller into a regular tagged VLAN. But some documentations put it in an untagged Native VLAN, the tag=0. What is the difference? Which configuration is optimal?
    Thanks,
    Justin

    The answer is "it depends" :-)
    I would not say any particular config is optimal though. If you have an established VLAN for management interfaces, I would use that. However if you put the management interface in the same VLAN as your AP's, AP's find your controllers easier. Otherwise you can use DHCP to point AP's to controllers.
    I prefer to tag the frame as to which VLAN it belongs to, even if that is the same as the native VLAN.

  • Wlc 5508 management interface vlan - access point vlan

    Is it required that the access points are in the same vlan as the management interface on a wlc 5508?

    There is a story behind this .. Just yesterday my guy was like "aps wont join" .. I let him hammer away at it .. It was the check box
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • Cannot crate ap-manager interface

    Hello everybody hope you are doing great!
    Yesterday I was in one of our client premises configuring a WLC 5508 with software 7.2, went through the initial configuration wizard with no problem whatsoever, my issue began when trying to configure a ap-manager interface.
    In many WLC configuration guides cisco states that for 5508 it is not required to configure an ap-manager interface because the management will suffice, but then they put a side note recommending it's configuration for best practices and better performance. OK so I saw that in an earlier version document and now they do not make the recommendation but the still use the word required and for me that's still is not a limitation.
    Well anyways, I can't create the ap manager interface because when I put the VLAN ID it says the it is being used by another interface. Any help?
    Thank you in advance

    For 5500 series controllers, you are not required to configure an AP-manager interface,
    the management interface acts like an AP-manager interface by default.
    If desired, you can disable the management interface as an AP-manager
    interface and create another dynamic interface as an AP manager.
    Make sure that you have disable the option of ap manager on the management interface before creating the new AP manager interface and on the 5508 WLC the AP-manager interface can not be on the same VLAN as the managment interface like on the old WLCs.

  • Any advantages to setting the AP-Manager and Management interface to an untagged vlan?

    Any advantages to setting the AP-Manager and Management interface to an untagged vlan? Currently, our controllers have their management and ap-manager interfaces on the same untagged vlan. Would it be wise to change this? Are there any gotchyas I should be aware of?

    No really, there won't be a problem. Management an AP-manager can be on different vlans.
    The vlan you chose to untag is the vlan you should declare as native on the switch, that's it.
    No advantage in having interfaces configured in a way or another.
    Some people want the management to be in a "management" subnet and the ap-manager will be in the subnet with all the APs. Some others have several AP subnets so the ap-manager is in the same as management ... no importance whatsoever as long as the config is coherent.
    The only thing that is worth considering is the size of AP subnet to me. If you give a /16 for APs and have 1000 APs in a single subnet, ARP and broadcast storms will be hitting the fan. But the vlan tag/untags that you chose are not important
    To rate an answer, click on the stars below it. 1 for not so useful and 5 for very useful.
    Nicolas
    ===
    Don't forget to rate answers that you find useful.

  • WLC to use Management Interface & Few more getting started Questions

    Hello,
    I'm yet to implement the Wireless LAN in one of our client's corporate office. There 40 x 1130AG LWAPP AP's and 4404 WLC with ACS 4.x for the Authentication of the Wireless Clients who is trying to access the LAN.
    For the WLC to connect to the Dual Core Switch, i need to use only one Management Interface with Distribution System port 1 being the Primary and mapping the DS Port 2 as the Backup port for the Management Interface. Is this Right? or do i have configure Dynamic Interfaces as well. Is management interface for accessing / management and configuration only? Management Interface will communicate with ACS for AAA and AP's who would like to associate with the WLC, is this Right?
    Note: WLC, AP's, Wireless Clients & AP's are in the same IP Subnet.
    Few other question of WLAN's so it helps me during implementation -
    • Can I use the 802.1x Authentication application found in the Windows XP for the Wireless Interface; instead of Cisco Client Application. For this; I have to configure the WLC / Wireless Client to use EAP algorithm; is this Right?
    • With the help of RRM, the channel interference between multiple AP's (3 - 4 AP's) in the same area is controlled by the WLC by changing the Channels used by the AP which is not same on all the AP's. Is this right?
    • How many Client Users will connect per Channels. 802.11 a / g will provide 11 Channels, is this Right?.
    • I'm trying to set in the WLC to limit the Client connections per AP to 25, can this be achieved?
    Please, can anyone help me in calrifying the above points.
    Regards,
    Keshava Raju

    Many Thanks Mr. Dennis for your help & Clarification.
    With ref to your reply point no# 1. I have actually planned to connect one Gig port of the controller to each of the Dual Cisco Core Switch setup. Can i use all 4 Controller Interfaces configured as LAG and Port 1 & 2 connecting to Core Switch 01 and Port 3 & 4 connecting to Core Switch 02?
    I have Final two more questions, Request you to help me calrifying this?
    • I'm willing to configure Multicast communication between the WLC & AP's. For this configuration is it necessary to Connect the WLC in a different VLAN than the VLAN of the AP's. Is it necessary that I have to set the controller to LWAPP Layer 3 mode to support the Multicast communication?
    • Though I do not have implementation experience of the WLAN. My understanding of the Interface settings on the WLC - is I will have to configure one Management Interface for in-band management. Do I have to configure AP-Manager Interface (to support Multicast communication) and to make the WLC to communicate with ACS for Client Authentication. All of the Wireless Devices including the ACS are in one VLAN / IP Subnet, is only one Management Interface is enough for communicating with AP's (with Multicast) and communicating with ACS for forwarding the Authentication messages between the ACS & Wireless Clients?

  • WLC 5508 AP-Manager interface

    Hi, I own a WLC 5508 and I (probably) do not understand AP-Manager interfaces. I have a lab with 2x 1242AG and 1x 1252AG connected to c2960. APs are in vlan 10 (192.168.10.0/24, configured via DHCP), APs are connected to "switchport mode access" interface. c2960 is connected via a trunk to c4506, and WLC is plugged in gi1/3 and gi1/4 (both through twingig). Both ports are configured as "switchport mode trunk". Management interface on WLC is on WLC port 8 (connected to gi1/4), and AP-Manager is on WLC port 1 (connected to gi1/3). Management interface on WLC has "Dynamic AP management" set to disabled, and AP-Manager has it set to enabled. Both, Management and AP-Manager interfaces are tagged, vlan id 12 and 13 (subnets 192.168.12.0/24, 192.168.13.0/24) respectively. APs receive their IP configuration via DHCP (server located in vlan 20, 192.168.20.0, ip helper-address in use), and try to discover WLC by DNS resolution (CISCO-CAPWAP-CONTROLLER.some.domain resolves to AP-Manager IP correctly). But APs do not join to controller, WLC says "Ignoring discovery request received on non-management interface", AP has "not joined" status in Monitor/Statistics/AP Join.
    But if I set management interface as "Dynamic AP enabled", and change DNS to resolve CISCO-CAPWAP-... to it's IP everything works fine - AP joins at once. Please help, how to join LAP to AP-Manager interface? Join to WLC manager is simple, but my design requires at least 2 AP-Manager interfaces.

    Hello,
    I just wanted to mention foremost; a split LAG configuration is not supported on the WLCs.  This "can" be achieved if you are splitting your LAG ports amongst VSS configuration on your two capable devices, but is not a recommended or supported configuration. I would highly suggest a LAG configuration over your individual port.  As far as the "ap-manager" concern you have of managing more than 48 APs, you are correct in that the AP-manager cannot handle more than 48 APs, however only when in an individual port configuration.  The LAG will overcome this limitation.
    George was correct about your DNS entry, this needs to point to the WLC's management interface.  This is why the AP joined when you pointed the DNS entry back to the management address-- as intended.
    This link is anchored to the mgmt, ap-manager, and dynamic interface creation for the 7.0.116.0 Config Guide: http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_ports_interfaces.html#wp1286790
    "If" you want to keep an individual port configuration, and need more than 60 APs connected, you will need to create more than one "ap-manager" interface.  You will just make a new dyanamic intreface and place it on the same network as the current ap manager (ie, management interface) and mark it for dynamic ap management.  All APs will still need to only see the management interface for joining; the WLC will assign to the appropriate AP manager as needed.  The WLC will fill up the first AP manager before joining building tunnels through the next AP-manager interface, so in your lab you will not really be able to test this behavior, assuming the 3-4 APs you were using.
    1. You can keep your management interface with "dynamic ap management" enabled so this serves as the first AP manager; if you desire. 
    2. You will need to create another dynamic interface mapped to the next port.  enabled "dynamic ap management" again here, and place this new "ap-manager" interface on the same vlan as the mgmt.  Keep in mind creating a dynamic interface and designating it as an AP manager prevents mapping that interface to a WLAN, see note below.
    *NOTE (from config guide): When you enable this feature, this dynamic interface is configured as an AP-manager interface (only one AP-manager interface is allowed per physical port). A dynamic interface that is marked as an AP-manager interface cannot be used as a WLAN interface.
    I would highly suggest the LAG configuration so there is no need to worry about the ap manager interfaces, regardless of the number of APs communicating. This also allows for growth if WLC needs to be licensed for more and more APs.

  • 5508 WLC HA pair - change management interface settings

    Hi,
    We have a pair of 5508 WLC's in a HA configuration that is working well at the moment, however I have noticed that the management interface is configured as untagged. I would like to change this to tagged and change the attached switch to trunk for these devices but if I try and edit the management interface through the GUI the VLAN and IP address section is greyed out and cannot be changed. While I could attempt it through the CLI and am comfortable doing that, the fact that it cannot be changed through the GUI implies that this should not be changed and so I am after further information. I don't have any lab equipment other than the HA pair in production so I cannot try changing it through the CLI at the moment. 
    The WLC's are in LAG mode if that makes any difference. I realise there may be downtime required for making this change but I am trying to work out the steps to get this done without having to drastically reconfigure things. 
    Any assistance would be appreciated. 

    Introduction of New Interfaces for HA Interaction
    Redundancy Management Interface
    The IP address on this interface should be configured in the same subnet as the management interface. This interface will check the health of the Active WLC via network infrastructure once the Active WLC does not respond to Keepalive messages on the Redundant Port. This provides an additional health check of the network and Active WLC, and confirms if switchover should or should not be executed. Also, the Standby WLC uses this interface in order to source ICMP ping packets to check gateway reachability. This interface is also used in order to send notifications from the Active WLC to the Standby WLC in the event of Box failure or Manual Reset. The Standby WLC will use this interface in order to communicate to Syslog, the NTP server, and the TFTP server for any configuration upload.
    Redundancy Port
    This interface has a very important role in the new HA architecture. Bulk configuration during boot up and incremental configuration are synced from the Active WLC to the Standby WLC using the Redundant Port. WLCs in a HA setup will use this port to perform HA role negotiation. The Redundancy Port is also used in order to check peer reachability sending UDP keep-alive messages every 100 msec (default timer) from the Standby WLC to the Active WLC. Also, in the event of a box failure, the Active WLC will send notification to the Standby WLC via the Redundant Port. If the NTP server is not configured, a manual time sync is performed from the Active WLC to the Standby WLC on the Redundant Port. This port in case of standalone controller and redundancy VLAN in case of WISM-2 will be assigned an auto generated IP Address where last 2 octets are picked from the last 2 octets of Redundancy Management Interface (the first 2 octets are always 169.254).

  • Help with Cisco 5508 management interface

    Hello,
    I'm trying to verify some behaviors I'm seeing with my 5508 controller setup and forgive me for missing anything obvious, I've zero experience with this hardware and clueless on the best practices. With that said... out of the box I ran through the AutoInstall process.
    I gave my service port an IP address on my subnet, 10.10.8.0/24 vlan 100 and gave the management interface the ip address 10.10.30.5/24 vlan 130
    From my host I can ping the management interace 10.10.30.5 and the interface gateway 10.10.30.1
    I cannot connect to the controller via 10.10.30.5 either through the web GUI or telnet
    I can connect to the controller via 10.10.8.200 both through the web interface and telnet
    while connected to the service port, I can ping the management port IP but I cannot ping the 10.10.30.1 gateway.
    We have attached two test 3502I AP's and they found the controller and pulled correct ip addresses, clients can authenticate and access network resources as well as the Internet so for the most part, things are working but it concerns me that the management interface can't ping its own gateway.
    Keep in mind, I did no other configurations besides what got configured in the AutoInstall process. What should I look at to resolve?
    Thanks!
    Mike

    The service port is for out of band management and should not be connected to the network.  If connected tot he network, it should not have connectivity to the management interface of the wlc. 
    You can create an ACL to block the service port ip to the managment vlan if you want.  I normally do not connect the service port to the network.

  • WLC Duplicate IP address detected for AP-Manager Interface

    I am getting an error log in the WLC saying, its IP address is duplicate by another machine with MAC address A.B.C.D
    But this MAC address A.B.C.D is the MAC address of the AP-Manager Interface in the same controller.
    Model No.                   AIR-WLC2106-K9
    Software Version                 7.0.116.0
    %LWAPP-3-DUP_IP: spam_lrad.c:27626 Adding client 58:b0:35:83:72:86 to  exclusion list due to IP Address conflict with AP 'AP_DUXO_3'
    %LWAPP-3-DUP_AP_IP: spam_lrad.c:27612 Duplicate IP address  detected for AP AP_DUXO_3, IP address of AP  10.184.1.224, this is a  duplicate of IP on another machine (MAC address 58:b0:35:83:72:86)
    Cisco AP Identifier.............................. 1
    Cisco AP Name.................................... AP_DUXO_3
    Country code..................................... US  - United States
    Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-A
    AP Country code.................................. US  - United States
    AP Regulatory Domain............................. 802.11bg:-A    802.11a:-N
    Switch Port Number .............................. 1
    MAC Address...................................... cc:ef:48:1a:e4:af
    IP Address Configuration......................... Static IP assigned
    IP Address....................................... 10.184.1.224
    IP NetMask....................................... 255.255.0.0
    Gateway IP Addr.................................. 10.184.20.2
    Domain...........................................
    Name Server......................................
    NAT External IP Address.......................... None
    CAPWAP Path MTU.................................. 1485
    Telnet State..................................... Enabled
    Ssh State........................................ Disabled
    Cisco AP Location................................ DUXO_BOX
    Cisco AP Group Name.............................. default-group
    Does anyone have an issue like this ?

    Are you sure this MAC address 58:b0:35:83:72:86 isn't some type of Apple device?  Its OUI is registered to apple.  How do clients get ip addresses DHCP?  It appears that the IP 10.184.1.224 is statically assigned to your ap-manager and that this client 58:b0:35:83:72:86 is either getting that same IP from DHCP or the client is statically assigning it themselves. 

  • I accidently deleted my ap-manager interface How can I get it back? WLC440

    I accidently deleted my ap-manager interface How can I get it back? WLC4400
    Thanks in advance..
    admin_users 1 301 10.147.1.8 Dynamic No
    hvac 1 268 172.19.15.8 Dynamic No
    management 1 447 10.147.8.8 Static No
    nwlan 1 862 10.147.6.8 Dynamic No
    service-port N/A N/A 192.168.168.200 Static No
    switch mgmt 1 1 192.168.15.8 Dynamic No
    virtual N/A N/A 1.1.1.1 Static No
    voice 1 860 10.147.4.8 Dynamic No

    Take a look at this documentation:
    http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52mint.html#wpmkr1159694
    It should help with creating ap-manager interfaces.

  • Setting management interface WLC 7.4.121.0

    Hello.
    I have a problem setting Management interface IP in new controller 5508. I get the error "Error in setting management interface IP".I can not place a management controller IP.
    Starting IPv6 Services: ok
    Starting Config Sync Manager : ok
    Starting Hotspot Services: ok
    Starting PMIP Services: ok
    Starting Portal Server Services: ok
    Starting mDNS Services: ok
    Starting Management Services: 
       Web Server:    CLI: ok
       Secure Web: Web Authentication Certificate not found (error). If you cannot access management interface via HTTPS please reconfigure Virtual Interface.
       License Agent: ok
    (Cisco Controller) 
    Welcome to the Cisco Wizard Configuration Tool
    Use the '-' character to backup
    Would you like to terminate autoinstall? [yes]: -
    Invalid response
    Would you like to terminate autoinstall? [yes]: no
    System Name [Cisco_bf:dd:c4] (31 characters max): 
    AUTO-INSTALL: process terminated -- no configuration loaded
    Enter Administrative User Name (24 characters max): admin
    Enter Administrative Password (3 to 24 characters): ********
    Re-enter Administrative Password                 : ********
    Service Interface IP Address Configuration [static][DHCP]: none
    Service Interface IP Address: 1.1.1.1
    Service Interface Netmask: 255.255.255.0
    Enable Link Aggregation (LAG) [yes][NO]: no
    Management Interface IP Address: 192.168.10.1
    Management Interface Netmask: 255.255.255.0
    Management Interface Default Router: 192.168.10.10
    Error in setting management interface IP 
    Management Interface IP Address: 10.10.10.1
    Management Interface Netmask: 255.255.255.0
    Management Interface Default Router: 10.10.10.100
    Error in setting management interface IP 
    Management Interface IP Address: 
    Does anyone faced this issue?
    Thanks. 

    Hi,
    Try these:
    1. With the WLC, Please set flow control(in SecureCRT or hperterminal) to none. Once the changes are made, CLI will start working as usual.
     2. Another  common reason can be related to the virtual interface configuration of the controller. In order to resolve this problem, remove the virtual interface and then re-generate it with this command:
    WLC>config interface address virtual 1.1.1.1
    Then, reboot the controller. After the controller is rebooted, re-generate the webauth certificate locally on the controller with this command:
    WLC>config certificate generate webauth
    In the output of this command, you should see this message: Web Authentication certificate has been generated.
    Now, you should be able to access the secure web mode of the controller upon reboot.
    3. Try to use some diff IP address for service interface don't use 1.1.1.1.
    Regards
    Dont forget to rate helpful posts

  • WLC 5508 - Ignoring Primary discovery request received on non-management interface (2) from AP

    Hello,
    Im receving this error on my syslog server:
    capwap_ac_sm.c:1443 Ignoring Primary discovery request received on non-management interface (2) from AP
    already checked the configuration and everything seems ok. They are registered and with clients associated.
    What could be the cause?
    Thanks in advance,
    Chris

    Thanks Scott for your fast response.
    No, I'm not using LAG.
    What do you mean with separate AP Managers?
    I have one AP Manager on vlan 100 (10.100.0.25) and the Management interface on the same Vlan (10.100.0.26)
    And users use vlan 150 (10.150.0.x).
    The switch port where the AP is plugged is configured with:
    interface GigabitEthernet2/0/20
    switchport access vlan 100
    switchport mode access
    spanning-tree portfast
    On WLC I can also check the AP history:
    Last Error Occurred Reason            Layer 3 discovery request not received on management interface

  • WLC IP Conflict with AP-Manager Interface

    I am getting an error log in the WLC saying, its IP address is being used by another machine with MAC address A.B.C.D
    But this MAC address A.B.C.D is the MAC address of the AP-Manager Interface in the same controller.
    have anyone faced an issue like this ?
    The same issue is having in another controller also. But I have two more controllers with the same IOS , which are working fine.

    Hey Scott...
    Thanks for ua quick response.
    We have controller 4402.
    We have all the two ports connected to core. But we have enabled LAG as well.
    It was working perfect since almost an year and half. Recently we had an image upgradation to 6.0.182.0.
    Upgradation was done for all the 5 controllers. But two are having this error log since then.
    Its not continously coming.. Only sometimes..

  • 4404 wireless lan controller managment via wireless clients

    I am having an issue managing a 4404 wireless lan controller via wireless clients.
    I have checked the box "enable controller management to be accessible from wireless clients" under management. For some reason that does not seem to fix the problem (page cannot be displayed). I cannot ping the controller by IP but other devices on the same subnet respond. Everything else works fine.
    I CAN manage the controller when plugged in a wired connection.
    When I do a route print it is identical wireless or wired. The route simple points to my interface. If I modify the route on my computer to actually point to our gateway instead of the interface then everything works. But why should I have to do this only for my wireless connection and not my wired to manage this box?

    Thanks for the info. I narrowed the problem down to an ARP issue.
    In order for me to connect to the controller, I run a batch file that creates a static ARP entry on my laptop. I don't have to do this for any other device except the controller. Not sure what the underlying cause is, but that works as a workaround right now.

Maybe you are looking for