Cisco 2504 WLC - Facebook WI-FI service

Similar Messages

• Power adapter for cisco 2504 WLC

  Hi all ,
  Is there any other part numbers for cisco 2504 WLC power adpater other than
  PWR-2504-AC= ?
  Thanks,
  Regards,
  Vijay.

  No "PWR-2504-AC=" is the only power adapter option for 2504.
  Please check the datasheet:-
  http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html

• Help required to implement Cisco 2504 WLC and 1042 Access Points

  Hi,
  My name is Vidya Sagar. I am new to Wireless technology. We are planning to implement Wireless in our office. I have given the requirements below. Kindly go through the details and let me know how to start.
  We have purchased Cisco 2504 Wireless Controller (One) and Ciscon 1042 Access Points (Five). At present I am going to use 3 access points only.
  I have attached a simple diagram of our office network. We have more than 30 VLANs configured in Core Switch, we are planning to give wifi access to only 3 VLANs.
  1. VLAN 121 ( IP Segment - 10.52.121.0 /24)
  2. VLAN 116 ( IP Segment - 10.52.116.0 /24)
  3. VLAN 100 ( IP Segment - 192.168.100.0 /24) (Guest)
  Please give me a implementation plan to do this. I would like to use LDAP or ACS for authentication purpose.
  Regards,
  Vidya Sagar

  Lets just do this simple first before you start using ACS as that will require a certificate installed on the ACS for using PEAP.
  So first off, the WLC we will say is in vlan 10. When you are going through the startup wizard, make sure you define the vlan tag to 10 on the management interface. Make sure your virtual interface is an IP address that is not routed in your network, like an out of band IP.
  Make sure the WLC time is correct or use NTP!!!!
  Now you should be able to http or https to the WLC. I would upgrade the code to v7.4 and install the FUS image. Please reference this link for the upgrade procedure. You don't have to upgrade now... I would wait till you get everything working first.
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
  Now I would connect the APs on the same vlan as the WLC for now. Make sure there is dhcp on that subnet. Once the APs have joined, then you can move them to any subnet you want. Since you don't have many APs it would be okay to leave them in the same vlan as the WLC management or out them on any other vlan you choose. The APs will be connected to an access port NOT a trunk port!!!!
  The WLC will need to be connected on a dot1q trunk port only allowing vlans 10,100,116,121. The 2504 running v7.4 will support LAG (etherchannel). Any ways, your switch port should look like this for example only
  Interface gigabit1/0/1
  description WLC2504
  switch port trunk encapsulation dot1q
  switchoort mode trunk
  switch trunk allowed vlans 10,100,116,121
  spanning-tree portfast trunk
  channel-mode group 10 mode on << only for v7.4 if you use lag
  Don't connect all four ports right now, just port one!!!!
  Your Guest vlan, you will need to create an ACL to block traffic from accessing the internal network. You might want to allow dhcp and DNS bit I would leave it open first until you can verify everything is working.
  Now on the WLC you need to create a dynamic interface for vlan 100, 116, and 121. If you click on the Controller tab in the GUI and click on interfaces on the left hand side, that will take you to where you can add/delete/modify your interfaces. When creating these interfaces, make sure you add the dhcp server IP address for the primary and or backup.
  Now that you have your dynamic interfaces created, its time I create your SSID. Now click on the WLAN tab on the GUI and click on WLAN and then on the too right select Create New and then click go. Select WLAN on the drop down menu and then for the profile name I would use the SSID name also for simplicity.lean e the WLAN id to 1 for this and 2 for the next and so on. After defining these and clicking Apply you can now define your SSID. On the General tab, enable the status and leave the radio policy to all for now, you can decide later what you want to use. Choose your interface you wan to place this SSID on and enable Broadcast SSID for now and leave everything else alone. Now click on the Security tab and on the layer 2 Security, leave it at WPA + WPA2, only check WPA2 Policy and for WPA2 encryption choose AES only. Now go to the bottom of that screen and choose PSk. We will do pre shared key for now so you get to understand the setup and make sure everything is working first. Now on the PSK format, choose ASCII and put your pre shared key in the input box. Make this simple to for testing. You don't want to put in symbols or anything like that. When you are don with that, check apply on the top right and test.
  Now you can repeat this with your other SSIDs just to test. Your guest network you can leave open for now to test open authentication.
  Here are some links for the WebAuth feature:
  https://supportforums.cisco.com/docs/DOC-13954
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b1a506.shtml
  Now if you want to use ACS with PEAP, here is some links for that:
  https://supportforums.cisco.com/videos/2499
  http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bd1100.shtml
  https://www.google.com/url?sa=t&source=web&cd=8&ved=0CFQQtwIwBw&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWk_bRdmsQlA&ei=_BEyUeCYM8TdqAHHsICAAw&usg=AFQjCNF8PiVBQK1Kipb4j8AzD153bKtmgA&sig2=smHhNVmCr2of2NzbnDhGmw
  Well that is it, hopefully you can get the wireless up for testing and verifying everything works!
  Sent from Cisco Technical Support iPhone App

• Cisco 2504 WLC client VPN Access

  Hi,
  I was reading couple of posts related to Cisco WLC + Client VPN passthrough .. and got  a query.
  https://supportforums.cisco.com/thread/2183687
  https://supportforums.cisco.com/thread/2219356
  The second link says that "Remote Acces VPN connections through the WLC work out of the box". Is this True? No need to configure Layer 3 VPN-Pass though for the SSID?
  They are using WPA2+PSK as Layer 2 Security. Here WPA2-PSK + VPN Passthrough is the right combination for WLAN Layer2 + Layer 3 Security?
  Thanks,
  Jagan

  It works out of the box... you don't need to configure any passthrough.. just connect to the ssid and VPN away.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Using Auto-Install with Cisco 2504 WLC

  I have a config file that would like to deploy to multiple 2504 controllers.
  I am trying to get Auto-Install to upload my config file but I keep getting the 'no interfaces registered' message.
  I have my config file on  the root of the tftpd32 folder and have TFTP and DHCP servers enabled.
  Any ideas what could be causing this?
  Thanks

  Did you configure DHCP option 150, so that the WLC knows where to find the TFTP server? This should be possible in tftp32.
  See for more info this document, it is kinda aged but still accurate.

• Backing up Cisco 2504 WLC

  Hi Guys,
  Could you plese advise me on how i can take backup of configuration from my WLC. I got ftp or tftp server but when i try to go under commands and upload file its not working.. please help..

  In the upload file from controller, you would put under the server details, file path..

• Wi-Fi Installation in large property W/Cisco 2504

  Hi,
  I have an interesting job where i am having to fit a wifi network through a large property. I was advised to use the Cisco 2504 WLC and 9 x Cisco AIR-AP1142N access points.
  I know that out of the box the AP's (in standalone versions) have the GUI enabled.
  Not being completley up with CLI etc, is the WLC GUI enabled straight out of the box? if not, is it complicated to get it up and running? I'm pretty good at learning/understanding these things just as long as i have a rough idea of what to do!
  Thanks in advance,
  Josh                  

  Thats great, Thanks steve.
  I have the Controller (although AP's are still on order - out of stock ) but i have one final question before i start to set it up!
  I'm looking at this guide: http://www.cisco.com/en/US/docs/wireless/controller/2500/quick/guide/ctr2504_q_s.html#wp34023 and it talks about Management interface. I presume the management IP address would be the fixed ip of the controller if you like.
  So if i had a network with a DHCP server. The Router/Server was 192.168.2.1 and the DHCP range started from .10, i could set this to be 192.168.2.2 with the router of the management interface to be .2.1. I then could set the VLAN id to be 0 as i don't need a seperate managment lan (it's only for a house afterall, and if i lock it down with passwords it should be fine).
  With the Management Port, i presume that can be the port that connects into the main PoE Switch, similalry the Management DHCP server would be 192.168.2.1?
  Virtual Gateway IP address i guess is irelevant as there will be no mobility group?
  And DHCP bridging, like on any other wifi system/AP would be 'No' as the Router will be dealing with all DHCP requests?
  Thanks again for your fantastic help so far!
  Josh

• Cisco 2504 Local radius configuration, is their any ways for backing up the user db? In case the WLC dies

  Cisco 2504 Local radius configuration, is their any ways for backing up the user db?  In case the WLC dies

  Please find the guide to keep the backup:-
  http://www.cisco.com/en/US/partner/docs/wireless/controller/7.0/configuration/guide/c70mfw.html#wp1063850

• Configuring 2504 WLC for LanSchool/AppleTV

  Good Day to All,
  Recently my small elementary schools have upgraded to Cisco Air-Cap2600 series AP's and a 2504 WLC. Very much a sweet step up from 10 year old Apple Airport Extremes.
  My question is what would be the best pratice to enable Multicast via the GUI for the needs of those platforms and any other future P2P services?
  Thanks in advance from a newbie,
  GEP

  What is the WLC software version running on your 2504 ?
  If it is 7.4.x follow the below reference guide
  http://www.cisco.com/en/US/docs/wireless/technology/bonjour/Bonjour_Deployment.html
  If it is 7.5.x following config guide should help
  http://www.cisco.com/en/US/docs/wireless/controller/7.5/config_guide/b_cg75_chapter_01011.html
  HTH
  Rasika

• Will the 2504 WLC internal DHCP give IP addresses to clients?

  Is there a way to configure the 2504 WLC so that its internal DHCP only services the LAPs?
  I don't want the controller to give out IP addressed to wireless clients.
  Thanks

  No. 
  DHCP on the WLC is never intended to offer DHCP services to any "wired" side devices, which includes your APs.  These DHCP pools are specifically to hand addresses out to wireless clients attached to WLANs of the specific WLC it is configured on.  Even then, unless you absolutely cannot offer DHCP somewhere else, DHCP on the WLC is not a suggested practice.
  DHCP Pool Configuration and Restrictions.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_01000110.html

• Cisco 2504 WCL and 1702i

  I have just purchase a Cisco 2504 along with two 2702i and one 1702i.
  The WLC works fine with both 2702i.
  Unfortunately, it won't locate the 1702i.
  I have just see that the problem could be that the 2504 is running software 7.6.120.0 and that I should upgrade.
  Unfortunately, I don't have a service agreement with Cisco and therefore can't!
  Am I the only one who thinks it unreasonable that you can purchase new products that are advertised to work together to then be told that your five day old WLC doesn't come with the latest firmware and that I only have RMA support and can't download the latest software?
  Regards
  Daniel

  Hi Scott
  Thankfully, TAC took pity on me and sent me the latest firmware.
  That has now fixed the problem and the 1702i is working fine with the 2504 WLC.
  I shall look into the cost of a service agreement for future problems.
  Regards
  Daniel

• How-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device

  Dear All
  I have a 2504 Wireless Controller with multiple radios attached. I currently have a "private" WLAN configured (taking ip from windows server based DHCP of Range 192.1681.0/24 ) and working, but I need to add a Guest/Public WLAN which should take the IP from Other DHCP Configured on Fortigate UTM of range 172.16.0.0/24.
  We have one SG300 switch in the office and the rest are basic switches.
  Our firewall/router is a Fortigate UTM 240D
  Find the attached network diagram for the issue.
  Is there a SIMPLE way to enabling guest access that doesn't require VLANS (or are VLANS easier than I'm making them)? 
  Thanks.
  - See more at: https://supportforums.cisco.com/discussion/12473186/how-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device#sthash.aj1XcWI0.dpuf

  Complete these steps in order to configure the devices for this network setup:
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html
  Configure Dynamic Interfaces on the WLC for the Guest and Internal Users
  Create WLANs for the Guest and Internal Users
  Configure the Layer 2 Switch Port that Connects to the WLC as Trunk Port

• Please help me to configure 2504 WLC as secondary in N+1 HA mode. My primary WLC is 5508 and both have 50 AP license.

  Please help me to configure 2504 WLC as secondary in N+1 HA mode. My primary WLC is 5508 and both have 50 AP license. I want to deploy the AP in the same location.

  Go HERE:  https://supportforums.cisco.com/discussion/12219106/high-availibility-2500

• OOB Management of Cisco 2504

  Hello,
  I am wondering if this is possible, and how to execute. 
  We have a separate physical network for guest wireless access that we will be using a cisco 2504 controller and AP's. I wanted to manage the WLC from the corporate network, and wanted to have a management interface on our DMZ to allow 443 management from inside our corporate network.
  I tried making the built in management interface on our corporate DMZ network, and another interface for the Guest Network, but I am unsuccessful:
  Management port 1: 192.168.x.x
  Dynamic interface port 2: 10.5.x.x
  Once I enable Dynmaic AP management on the Guest network, I cant ping any devices on that network.
  I also tried making a VLAN for the management network and another vlan for the Guest network and mapping them to the single built in management port, but I have been unsuccessful in that.

  Hi,
  ip http server
  ip http authentication local
  ip http secure-server
  username cisco password cisco.
  HTH,
  Bjornarsb

• Cisco ISE 1.1 Guest Portal Services

  Do you have to have separate ISE appliances or VM clusters to have have 2 separate "Guest Portal" services?
  I have two sites that have their own equipment (Arizona / Illinois):
  - Cisco ISE Server
  - Cisco Wireless LAN Controller
  - Cisco Wireless Anchor Controller
  - Cisco ASA
  My understanding is that I'd need to have the ISE boxes running in "STAND ALONE" mode in order to have two separate "Guest Networks / Portal".
  Thanks in advance!!!

  Hi,
  Each Cisco ISE policy services node can run a guest portal also if they run in one deployment.
  Depending on the way you mean "separate", your requirement can be met in one deployment or in two stand alone deployments.
  Depending on your approach you need four Cisco ISE machines to build the in "one deployment" option.
  2 Admin/Monitoring Nodes (Admin is Active/Standby, Monitoring is Active/Active) and two Policy Services Nodes (RADIUS Servers).  Both Policy Services Nodes can run the guestportal. The configuration of the WLC determines which Policy Services Node is being used. ISE use RADIUS URL redirect is used to redirect to it's own guest portal.
  Hope that helps.