AP to WLC connectivity
Hello All,
When ap's are providing multi-gig performance 802.11ad, connectivity between AP and WLC would be not just ethernet right.!!!
What media type we are going to use and how about the POE requirement for AP in future..?
Thankyou Leo , I totally agree with you :), what I meant in that thread is the POE tech will remain same ( just more power would be needed which I skipped , my fault ) , it is quite understandable that higher frequency operation and jumps over multi standards will consume more power!!
Prasan, as Leo said, the power fed will be more here, since we can see we are operating very high frequency.The purpose is same as we have in our telecom towers!! telecom towers communicate with each other using microwaves ( high frequency ,power and less wavelength ). There also the line of sight should be clear. rays cant penetrate the obstacles.
Regarding, AP to WLC connectivity, our APs already have gig -uplinks to handle the traffic. I don't know how the traffic more than 1 gig around 7 ( 802.11ad bets ) , probably link aggregation could be the solution.
For more info please read, http://www.radio-electronics.com/info/wireless/wi-fi/ieee-802-11ad-microwave.php
If I will find more resources i will post here.
Similar Messages
-
WLC connect LDAP for Authentication, but could not connect to server
Hi Everyone, I got a problem when I use WLC 5508 connect to LDAP for authentication, but no luck there, it's a simple config, but not easy to work on my job, I got the following messgae:
Service Port - Not connected
Distrubution port include:
Management Interface - in AP Management VLAN - 30
Student AP interface - in Student VLAN - 20
Staff AP interface - in Staff VLAN - 10
AD is in Staff VLAN - 10
WLC LDAP Server setting
Base DN:OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
User Attribute: sAMAccountName
User Object Type: Person
Debug aaa all enable message
*LDAP DB Task 1: Jul 09 01:40:58.969: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Jul 09 01:41:00.969: ldapInitAndBind [1] configured Method Anonymous lcapi_bind (rc = 1005 - LDAP bind failed)
*LDAP DB Task 1: Jul 09 01:41:00.969: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to RETRY
*LDAP DB Task 1: Jul 09 01:41:00.969: LDAP_OPT_REFERRALS = -1
WLC GUI Log:
*LDAP DB Task 1: Jul 09 02:56:13.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
*LDAP DB Task 1: Jul 09 02:56:11.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
*LDAP DB Task 1: Jul 09 02:56:09.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
LDP Message of LDAP BaseDN:
Expanding base 'CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
4> objectClass: top; person; organizationalPerson; user;
1> cn: Frankie F. Yeung;
1> sn: Yeung;
1> givenName: Frankie;
1> initials: F;
1> distinguishedName: CN=Frankie F. Yeung,OU=OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
1> instanceType: 0x4 = ( IT_WRITE );
1> whenCreated: 8/10/2011 10:28:14 China Standard Time China Standard Time;
1> whenChanged: 8/10/2011 10:31:26 China Standard Time China Standard Time;
1> displayName: Frankie F. Yeung;
1> uSNCreated: 3850555;
1> uSNChanged: 3850571;
1> name: Frankie F. Yeung;
1> objectGUID: 6ebfc7e9-6989-4f11-bae7-62c23af67edc;
1> userAccountControl: 0x10200 = ( UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD );
1> badPwdCount: 0;
1> codePage: 0;
1> countryCode: 0;
1> badPasswordTime: 0;
1> lastLogoff: 0;
1> lastLogon: 0;
1> pwdLastSet: <ldp error <0x0>: cannot format time field;
1> primaryGroupID: 513;
1> objectSid: S-1-5-21-3867848445-1581729766-1247451615-2172;
1> accountExpires: <ldp error <0x0>: cannot format time field;
1> logonCount: 0;
1> sAMAccountName: fckyeung;
1> sAMAccountType: 805306368;
1> userPrincipalName: [email protected];
1> objectCategory: CN=Person,CN=Schema,CN=Configuration,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
Hope I can resolve this problem ASAP, thanks!Your AD is in the Staff Vlan so maybe the WLC uses the Staff interface instead of management to contact the AD. I don't know how you sniffed exactly.
The comment about eap methods you saw is when you use LDAP with dot1x security. It is the same as saying "You cannot do peap-mschapv2 or eap-fast-mschpv2 with LDAP".
But you can do LDAP for web authentication, that has no eap methods.
Your original problem was a binding problem from the WLC, so we can expect that the WLC really is sending traffic towards AD. -
CISCO WLC , connecting SSID with local net user
Dears,
Created Local Net User
created SSID and Broadcasted, users can connect to SSID with PSK
But not able to connect using Local net user created in WLC
EdwinHi,
What kind of Layer 2 Security are you using on your SSID?
You can't have both PSK and Local user database authentication on the same SSID.
Best regards,
Sebastian -
Cisco3750G WLC connection issue
wireless connection drops quit frequently on random APs. We have reloaded the WLC and the router but it is still happening.
Any ideas to why this is.How many APs do you have? Are they in the same subnet as the controller Management interface? There is a Cisco doc saying that you should not have more than 16 APs in this subnet... are your APs still connected to the controller? Which code do you use? What do you see in the controller logs?
-
UTP to Fibber Media converters for WLC connection to a Catalyst fiber blade
Hi Netpros,
Just wondering whether any of you have used a media converter to connect the WLC to a catalyst fibber port ..? If so which model have you used ? I am looking at something like this
http://www.omnitron-systems.com/downloads/datasheets/4370DS-C.pdf
Your response is much appreciatedHi Fernando,
This would work. Why don't you purchase a GLC-TX instead? -
Hi,
I have two installation with WLC 4402 to Cisco Switches 3750. The Connection is Fibre with GLC-SX and channeld. The Problem I have is, tha 10% of the Packets are underruns. Has anybody encounterred the same issue?
I also have two other installaions with 4402 and 4404 and the connected switches are 6509 and there it is working with G-Bics and SFPs.
Thanks for your helpHi Ankur,
Here is the config snippet of te Port config.
SH1-2OG-SWI01#sh run int Po 1
Building configuration...
Current configuration : 201 bytes
interface Port-channel1
description *** sh1-2og-wlc01 ***
switchport trunk encapsulation dot1q
switchport trunk native vlan 4
switchport trunk allowed vlan 4,20,29,31
switchport mode trunk
end
SH1-2OG-SWI01#sh run int g1/0/1
Building configuration...
Current configuration : 233 bytes
interface GigabitEthernet1/0/1
description *** sh1-2og-wlc01 ***
switchport trunk encapsulation dot1q
switchport trunk native vlan 4
switchport trunk allowed vlan 4,20,29,31
switchport mode trunk
channel-group 1 mode on
end
SH1-2OG-SWI01#sh run int g1/0/2
Building configuration...
Current configuration : 233 bytes
interface GigabitEthernet1/0/2
description *** sh1-2og-wlc01 ***
switchport trunk encapsulation dot1q
switchport trunk native vlan 4
switchport trunk allowed vlan 4,20,29,31
switchport mode trunk
channel-group 1 mode on
end
SH1-2OG-SWI01#
Thanks your reply
regards
ray -
How to change operational status of a WLC-connected AP?
Hello everybody.
I'm noticing two of my 30+ APs having the 802.11a radio with "Operational Status = DOWN". The Admin Status is ENABLED, but I don't know where to act to put the op. stat. UP!
WLC is running 7.5.102.0, as well as the APs. The affected ones are 3502 models.
Any help will be much appreciated.
Thanks and regards,
Flavio.Hello Sandeep.
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.5.102.0
Bootloader Version............................... 1.0.16
Field Recovery Image Version..................... 7.0.112.21
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... VXWLC1
System Location.................................. Ibach, Serverraum 2
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 172.30.0.100
Last Reset....................................... Software reset
System Up Time................................... 36 days 21 hrs 46 mins 1 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin, Rome, Vienna
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... Multiple Countries:CH,US
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +44 C
External Temperature............................. +24 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 9
Number of Active Clients......................... 144
Burned-in MAC Address............................ 50:3D:E5:AE:92:A0
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 37
ap52#sh inv
NAME: "AP3500", DESCR: "Cisco Aironet 3500 Series (IEEE 802.11n) Access Point"
PID: AIR-CAP3502I-E-K9 , VID: V01, SN: FCZ1553W027 -
We have a WLC connected to a 6500 Switch, when tried to enable LAG the connectivity goes down, the switch can't ping the controller nor the controller to the switch, we check tha cables, the minigybics, we changed them for new ones,the status of the interfaces is UP UP, we tried revert the config, using LAG disabled and no success, i can't reach the management interface. with the service port i can connect to the controller.
Thanks, RegardsMake sure you have the management and ap-manager interface set to "0" untagged and also make sure the trunk ports are set to native vlan . Also make sure that the trunk port is set to channel-group X mode on.
-
Connect an AP to a Guest Anchor WLC?
We have two WLC 5508 and one foreign guest anchor WLC at the primary data center, also a 5508 box. I would like to connect an AP directly to the guest anchor WLC through its guest VLAN interface, so that the same configuration is applied to it as other APs connected to frontend WLCs connecting users.
Would this work or should I create a separate interface on the guest anchor WLC to connect the local AP?
Thanks
SankungNot a best practice but as long as your AP is just for guest traffic it would be fine. If your also want to have it like your other APs and have other SSID's, then I wouldn't do that since you have to pole holes in your firewall to allow traffic inside unless you do a reverse anchor to the foreign WLC. You might be better to just use FlexConnect and AP Groups and have the AP terminate to the foreign WLC, but I don't know your setup.
Sent from Cisco Technical Support iPhone App -
Good day.
I have new installation of AIR-CT2504. I try to connect by console, but no response on terminal. (Use notebook+ USB -COM + console cable). When connect ethernet cable to 1st port of WLC and switch port(SF200) i see controller by CDP. At first, when I see IP-address of WLC, connect notebook to it's port, and configure controller with Web-interface (maybe somthing incorrect). I change IP-address of management interface. WLC reboot, and now i cann't connect to it anymore.
By CDP I see new IP and native VLAN 0, but cann't ping it.
How can I configure WLC now? Or what trouble with console?
P.S. Sory for my bad english.Well the wireless equipment is different. If you console into the AP, does it work? If not, then double check your settings.
Make sure of this. This can be different from the switches and routers.
No hardware flow control
Sent from Cisco Technical Support iPhone App -
Connecting WLC to 6509 Core ... Connectivity Issues
Hi,
I have all four ports of a 4404 WLC connected to a 6509 via fiber cables. However, I am not able to ping the WLC or see it.
I have a couple questions about this ... First, if I want to do LAG it is necessary that all ports are active and plugged in, correct?
Second, in the switch config, to my knowledge all ports should be trunk ports, however the customer has configured them as "switchport trunk encapsulation isl" instead of "switchport trunk encapsulation dot1q" ... does this matter? I have never used the isl command so I am really wondering if this is supported in the WLC?
Any help would be greatly appreciated!
Thanks!You can do it either way. I do not use Lag currently on my 4402 controllers, instead, I use two ap-managment interfaces.
Yes, etherchannel reference = portchannel -
WLC Physical COnnection and security
Currently our wireless environment inclued 1200ap and a wds. we have maxed our and want to upgrade to a more conrolled environment. I am suggesting and putting togather a diag. for 4404 wlc and the ap will work with the version 12.3.7 version. My question is about the physical design. Will all 4 ethernet port on the WLC connect to the switch? all on the same vlan as the AP's? also we are using eap-tls Want to migrate to eap-Fast does this require a foot print on the client laptop?
The ports on the 4404 will trunk with the switch. You can put them in LAG mode which is the equivilent of ehterchannel. You will have to put the switch ports in trunk mode either way.
You don't have to connect all 4 ports, but it is recommended for failover & maximum possible AP support. You will need assign the management interface on the 4404 (ap-management interface if operating Layer-3 mode) to a vlan/subnet that
the APs will reside in. All other dynamic interfaces that you create on the controller to bind with wlans will reside in other vlans that get pushed thru the trunk links between the 4404 & the switch(s). be sure to prune out any vlans that you don't need or want to cross the trunk to the 4404. for lwapp APs assign the switch-ports that the APs connect to the same vlan as the management ports on 4404. Not sure about your 1200s. It will work if you trunk the interfaces to the APs as well, but that is more of a shotgun approach for lwapps APs. the last time I had to work with an autonomous AP, it was a stand alone unit and not combined with a WLC. That scenario required a trunk link.
have you confirmed that you can convert your 1200s to lwapp mode?
Correct me if I am wrong, but I believe you will need to place a cert on the client laptops for eap-tls. I did this a while back using XP & freeradius and got it to work, but it has been a while. -
Web authentication on WLC fails to redirect when we enter URL i browser
I have a problem with a customer of mine. We have deployed two new WLC5508 running r7.0.116.0 and AP1142s, also WCS with r7.0.172. When we setup a "Guest Access" we ran into trouble .....
The problem is that we can associate to the SSID/AP and get an ip-adress. When we open the web-browser we do not get redirected to the virtual interface but instead the _hostname_ of the WLC. Like this:
https://cisco6a19c4/login.html?redirect=nyttintranet.sem10.se/
I we manually replace "cisco6a19c4" with 1.1.1.1 it works as it should, the login page appears, we login and can access the internet.We have tested and disabled web-auth on the ssid an everything works, we can directly go out on the internet, DNS works without any problems.
A little more info:
2x WLC5508 runnnig r7.0.116.0 and APs are 1142
WLCs connected to Cat4503 via LAG
Guest network (VLAN) is transfered from WLC via the trunk to the Cat4503 and then connected on a access-port to a separate broadband-router, then to the inetrnet.
DHCP to guest-users from separate broadband-router which is def gwy and "DNS".
On the virtual interfaces no hostname is configured.
ANY ideas??!?!?!???
Best Regards
Göran BlomqvistOoop.... waddyaknow.... As it turned out, one of the WLC _did have_ a name configured under the virtual interface, of course it was NOT the one that "our" AP was associated with....
That has now been corrected and the guest access is working as intended......
(Oh, yes we tried with 3 PCs and 2 smartphones when we discovered the 'malfunction'....)
Thanx for the mental push Stefan!!
Regards
Göran -
Using ISE for guest access together with anchor controller WLC in DMZ
Hi there,
I setup a guest WLAN in our LAB environment. I have one internal WLC connection to an anchor controller in our DMZ. I'm using the WLC integrated web-auth portal which works fine.
To gain more flexibility regarding guest account provisioning and reporting my idea is to use Cisco Identity Services Engine (ISE) for web-authentication. So the anchor controller in the DMZ would redirect the guest clients to the ISE portal.
As the ISE is located on the internal network while the guest clients end up in the DMZ network this would mean that I have to open the web-auth portal port of ISE for all guest client IPs in order to be able to authenticate.
Does anyone know of a better solution for this ? Where to place the ISE for this scenario, etc ?
Thx
FrankSo i ran into a similar scenario on a recent deployment:
We had the following:
WLC-A on private network (Inside)
ISE Servers ISE01 and ISE02 (Inside)
WLC-B Anchor in DMZ for Guest traffic (DMZ)
ISE Server 3 (DMZ)
ISE01 and ISE02 are used for 802.1X for the private network WLAN.
Customer does not allow guest traffic to move from a less secure network to a more secure network (Compliance reasons).
The foreign controller (WLC-A) must handle all L2 authentication and it must use the same policy node that the clients will hit for web auth. Since we want to do CWA, we use Mac Filtering with ISE as the radius server. If you send this traffic RADIUS authentication for Mac Filtering to ISE01/ISE02, it will use https://ise01.mydomain.com/... to redirect the client to. Since we don't allow traffic to traverse from the DMZ with the anchor in it back inside to the network where ISE01 and ISE02 are, client redirection fails. (This was a limitation of ISE 1.1. Not sure if this persists in 1.2 or not.
So what now? In our deployment we decided to use a 3rd ISE policy node (ISE03 in the DMZ) for guest authentiction from the Foreign controller so that the client will use a DNS of https://ise03.mydomain.com/... to redirect the client to. Once the session is authenticated, ISE03 will send a CoA back to the foreign which will remove the redirect for the session. Note, you do have to allow ISE03 to send a CoA.
In summary, if you can't allow guest traffic to head back inside the network to hit the CWA portal, you must add a policy node in a DMZ to use for the CWA portal so they have a resolvable and reachable policy node. -
Hello,
I have problem with new one WLC 2106 controller. I make this basic configuration (after reset):
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
ap-manager 1 10 10.10.10.21 Static Yes No
management 1 10 10.10.10.20 Static No No
virtual N/A N/A 1.1.1.1 Static No No
At this point, everything works OK. Controller is accesible via HTTPS, AP (one 1130) is connected too. But next I need create new WLAN and another interface VLAN - named ak-lan
config interface create ak-lan
config interface port ak-lan 1
HTTPS acces is still working, but when I configure IP adress:
config interface address dynamic-interface ak-lan 10.10.11.10 255.255.255.0 10.10.11.1
HTTPS acces stops. In fact, it seem like HTTPS starts on new interface - it's accesible via 10.10.11.10, but (after certificate warning) shows only empty page (Page is not accesible..)
I dont have an idea why. I tray downgrade software (originaly comes with 7.0.98.0) to 6.0.196.0, whitch I use on another same controller, but the behavior is the same. Now I use software 6.0.199.4. Again the same behavior.
"show interface summary" says:
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
ak-lan 1 11 10.10.11.10 Dynamic No No
ap-manager 1 10 10.10.10.21 Static Yes No
management 1 10 10.10.10.20 Static No No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >
All interfaces (excluding virtual) matched to ping. All ïnterfaces have netmask 255.255.255.0.
There was another strange thing - "show sysinfo" says that I use sw 6.0.199.4 and emergency is 7.0.98.0, but "show boot" says:
(Cisco Controller) >show boot
Primary Boot Image............................... 6.0.199.4 (active)
Backup Boot Image................................ 6.0.196.0
(Cisco Controller) >
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
RTOS Version..................................... 6.0.199.4
Bootloader Version............................... 4.0.191.0
Emergency Image Version.......................... 7.0.98.0
Build Type....................................... DATA + WPS
System Name...................................... ak-wlc
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.828
IP Address....................................... 10.10.10.20
System Up Time................................... 0 days 0 hrs 46 mins 35 secs
System Timezone Location.........................
Configured Country............................... DE - Germany
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +55 C
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 0
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ E0:5F:B9:63:7B:00Switch is C2960, port Gi0/2:
Gi0/2 T wlc connected trunk a-full a-100 10/100/1000BaseTX
interface GigabitEthernet0/2
description T wlc
switchport trunk allowed vlan 10,11,100
switchport mode trunk
end
VLANs are set properly. Router is ASA 5510, and routing is fine. Morever, interfaces on WLC is accesible via ping (I dot't try telnet or ssh).
Maybe you are looking for
-
Export all tracks as audio files in LPX has suddenly ceased to function correctly
I have been working on a project for the past three months, which requires me to work from home ,then export all my tracks as audio files and take them into another studio. This is because my collaborator's DAW of choice is now Nuendo. So far, this h
-
[solved] console doesn't refresh using nano
the problem presents when exiting nano after editing a file in the console (ttyX). the screen doesn't clear, and keeps displaying the last thing nano was showing. also, if something outputs some text on the console while nano is open, the text is ech
-
Hi guys , just joined!!! I am a PHP developer and have 'forced' into some work with java. Now I am a complete noob here and I have what I hope is a fairly straight forward request. I have a jar file that I have extracted so I can view all teh classes
-
In windows 7, how do I make firefox start automatically when I turn on the pc.?
In windows 7, how do I make firefox start automatically when I turn on the pc
-
Differences between infrastructure dba and production dba
Hi DBAs, I have graduated and interested in heading into dba path. I heard there's 2 kind of dba, infrastrucrue dba and production dba. can anyone advise what's the differences as i'm new to working society? heard that the infrastructure dbas are act