Cisco 8510 WLC and RTU licence
Hi Guys,
I have a simular issue where is shows the status as active, not-in-use.
What does this mean and how do I get this to be in use.
This is a Controller with HA-SKU license.
The licenses has been inherited from the Primary Controller.
Any license on HA-SKU controller is disregarded.
Feature name: ap_count (adder)
License type: Permanent
License state: Active, Not-In-Use
License Nodelocked: No
RTU License Count: 50
Hope to hear from you soon.
Regards,
Clifton.
Hi,
since this is a HA-SKU WLC, and the license is inherited from the active then no need to have a permenant license on it.
is the HA working fine?
please review the following link for the HA licensing requirements
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#licensing
Similar Messages
-
Help required to implement Cisco 2504 WLC and 1042 Access Points
Hi,
My name is Vidya Sagar. I am new to Wireless technology. We are planning to implement Wireless in our office. I have given the requirements below. Kindly go through the details and let me know how to start.
We have purchased Cisco 2504 Wireless Controller (One) and Ciscon 1042 Access Points (Five). At present I am going to use 3 access points only.
I have attached a simple diagram of our office network. We have more than 30 VLANs configured in Core Switch, we are planning to give wifi access to only 3 VLANs.
1. VLAN 121 ( IP Segment - 10.52.121.0 /24)
2. VLAN 116 ( IP Segment - 10.52.116.0 /24)
3. VLAN 100 ( IP Segment - 192.168.100.0 /24) (Guest)
Please give me a implementation plan to do this. I would like to use LDAP or ACS for authentication purpose.
Regards,
Vidya SagarLets just do this simple first before you start using ACS as that will require a certificate installed on the ACS for using PEAP.
So first off, the WLC we will say is in vlan 10. When you are going through the startup wizard, make sure you define the vlan tag to 10 on the management interface. Make sure your virtual interface is an IP address that is not routed in your network, like an out of band IP.
Make sure the WLC time is correct or use NTP!!!!
Now you should be able to http or https to the WLC. I would upgrade the code to v7.4 and install the FUS image. Please reference this link for the upgrade procedure. You don't have to upgrade now... I would wait till you get everything working first.
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
Now I would connect the APs on the same vlan as the WLC for now. Make sure there is dhcp on that subnet. Once the APs have joined, then you can move them to any subnet you want. Since you don't have many APs it would be okay to leave them in the same vlan as the WLC management or out them on any other vlan you choose. The APs will be connected to an access port NOT a trunk port!!!!
The WLC will need to be connected on a dot1q trunk port only allowing vlans 10,100,116,121. The 2504 running v7.4 will support LAG (etherchannel). Any ways, your switch port should look like this for example only
Interface gigabit1/0/1
description WLC2504
switch port trunk encapsulation dot1q
switchoort mode trunk
switch trunk allowed vlans 10,100,116,121
spanning-tree portfast trunk
channel-mode group 10 mode on << only for v7.4 if you use lag
Don't connect all four ports right now, just port one!!!!
Your Guest vlan, you will need to create an ACL to block traffic from accessing the internal network. You might want to allow dhcp and DNS bit I would leave it open first until you can verify everything is working.
Now on the WLC you need to create a dynamic interface for vlan 100, 116, and 121. If you click on the Controller tab in the GUI and click on interfaces on the left hand side, that will take you to where you can add/delete/modify your interfaces. When creating these interfaces, make sure you add the dhcp server IP address for the primary and or backup.
Now that you have your dynamic interfaces created, its time I create your SSID. Now click on the WLAN tab on the GUI and click on WLAN and then on the too right select Create New and then click go. Select WLAN on the drop down menu and then for the profile name I would use the SSID name also for simplicity.lean e the WLAN id to 1 for this and 2 for the next and so on. After defining these and clicking Apply you can now define your SSID. On the General tab, enable the status and leave the radio policy to all for now, you can decide later what you want to use. Choose your interface you wan to place this SSID on and enable Broadcast SSID for now and leave everything else alone. Now click on the Security tab and on the layer 2 Security, leave it at WPA + WPA2, only check WPA2 Policy and for WPA2 encryption choose AES only. Now go to the bottom of that screen and choose PSk. We will do pre shared key for now so you get to understand the setup and make sure everything is working first. Now on the PSK format, choose ASCII and put your pre shared key in the input box. Make this simple to for testing. You don't want to put in symbols or anything like that. When you are don with that, check apply on the top right and test.
Now you can repeat this with your other SSIDs just to test. Your guest network you can leave open for now to test open authentication.
Here are some links for the WebAuth feature:
https://supportforums.cisco.com/docs/DOC-13954
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b1a506.shtml
Now if you want to use ACS with PEAP, here is some links for that:
https://supportforums.cisco.com/videos/2499
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bd1100.shtml
https://www.google.com/url?sa=t&source=web&cd=8&ved=0CFQQtwIwBw&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWk_bRdmsQlA&ei=_BEyUeCYM8TdqAHHsICAAw&usg=AFQjCNF8PiVBQK1Kipb4j8AzD153bKtmgA&sig2=smHhNVmCr2of2NzbnDhGmw
Well that is it, hopefully you can get the wireless up for testing and verifying everything works!
Sent from Cisco Technical Support iPhone App -
Cisco 526 WLC and 2106 WLC in one Mobility Group
Hi,
is it possbile to build a solution with one Cisco 526 Wireless Express Mobility Controller and one Cisco 2106 Wireless LAN Controller in one Mobility Group regarding seamless roaming??
Thank for your answers
Best regards
StephanI don't know if it is possible, but I would think if you had any issues, TAC wouldn't support it. Try opening a case with TAC to see.
-
We are having problems getting apple tv to work for a customer. We have this working on a different controller and the AP (non Hreap). The AP/SSID that is having problems is setup the same (Blocking is set to disabled, and mutlicast is enabled). This one is setup for hreap, is that the problem, is it possible to utilize the airplay with an hreap installation?
Thanks,
JoeHi Joe,
What is the wlc model and code running on it?
Is the concerned WLAN enabled for local switching?
- If its in local switching mode, AP multicast mode set to multicast-to-multicast mode will not work, basically not supported. Is that the case?
- If its centrally switched it should work.
- Check if you have other multicast settings set-up correctly, global multicast and IGMP snooping enable.
I assume multicast routing is enabled on all WLc management, AP manager/AP, client vlan.
Regards
Sahil -
New installation of Prime Infrastructure 2.2.0 (PI-VA-2.2.0.0.158.ova)
installed fixes/software/device packs:
PI 2.2.1 Poodle Fix (installed)
PI 2.2.1 Maintenance Release (installed,ncs stopped,rebooted)
Prime Infrastrucutre 2.2 Device Pack 3 (installed,ncs stopped,rebooted)
Licences installed (ncs stopped,rebooted)
Added all devices via Bulk Import (Inventory>Device Management>Network Devices)
Problem 1:
The Cisco 5500 WLCs are not listed in Inventory>Device Management>Network Devices (see screen shot) but listed under "All Devices"!
The Cisco 4400 WLCs and the 8500 WLCs are listed within their subgroup.
Devices are in "Managed State"
Problem 2: fixed! (Browser issue)
Problem 3:
Unable to run "Wired Detailed Device Inventory" report because I get the error message: Failed to run report: Unable to retrieve data for: Chassis Information (if Chassis Information is selected, if System Information is selected I get the error message with ...retrieve data for:System Information)
All devices do have an "Admin Status = Managed" and the Last Inventory Collections Status = Completed.
Has anyone the same issues or a tip for me?
Another topic, the "User Defined Fileds" are not exported when with running a "Device Export" (Inventory > Device Management > Network Devices). ;-(
BR
BastianHallo Bastian,
I think you still have browser issue, Using IE is still the best with Prime.
I have exactly same prime 2.2 and installed fixes/software/device packs.
I have no problem I can see all views. I use now IE 11, with Chrome 42.0.2311.90 and firefox 37.01 I have problems too with lots of views. You have not tell what browser + version you have.
Since you have same prime 2.2 as me. I have other problems, can you check yours?
Can you see a functional CLI template page at Configuration > Templates > Features & Technologies:
https://supportforums.cisco.com/discussion/12481691/can-cisco-prime-22-still-do-simple-ad-hoc-deployment-job-cli-over-all-switches
Do you have SNMP Connectivity Failed while Verify Credentials has no errors all green and checked.
https://supportforums.cisco.com/discussion/12494786/snmp-request-exceeds-internal-data-buffer-512-bytes-prime-22-asa-5545 -
Hi,
I am configuring up a Cisco 5760 WLC and wondering if it is required to put in a default route? In this document it says to put one in but i dont see why it is needed as it is connected to a switch via a layer 2 Trunk.
Reference:
https://supportforums.cisco.com/docs/DOC-34430
Another question, since there is no more Dynamic Interfaces and they are replaced with Layer 2 & 3 interfaces instead. Do all Layer 2 interfaces you create require a layer 3 interface IP address to be configured also? As shown below:
ThanksSo by default the 5760 has IP routing enabled so you will need to put in a default route. A default gateway won't work unless you disable IP routing first.
Sent from Cisco Technical Support iPhone App -
WLC and LWAP Registration Log Question
We have a Cisco 4404 WLC and and about 70 Cisco 1131 APs. I am very new to the Cisco WLC and I need to know how to view its AP registration and unregistration logs. We have a AP that has unregistered and we can't seem to find what switchport it was attached to. It would be helpful to know the IP address and ideally any CDP information it had. Unfortunately you can only view this information in the WLC if the AP is registered, but at this point it is not. Any help would be appreciated.
You will not be able to find that info unless you still see the information on the log about the AP. You would have to either review the switch cdp info as long as the AP is still functioning or else you will just need to physically track it down. If you have WCS or NCS, you should be able to review the past history and the maps would show you where that AP was located if the ap were positioned correctly.
Thanks,
Scott Fella
Sent from my iPhone -
Initial AP registration on a 8510 WLC HA-SKU and N+1 deployment
Hi,
We have several 8510 controllers and one of them needs to be configured as HA SKU for N+1 deployment. I am testing the scenario with two controllers right now, so I have the primary and the secondary controller configured as part of the same Mobility Group and they appear UP. Please, see the rest of the configuration below.
When I power off the Primary controller, the APs don’t register to the HA SKU controller (secondary). These two controllers are in different parts of the network but they are members of the same mobility group.
Do I need to specify the HA SKU controller in the DHCP scope for the APs? I am not sure what I am missing....
Do you have any suggestions?
Thank you.
Primary Controller:
(Cisco Controller) >show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Primary
Unit ID = XX:XX:XX:XX:XX:XX
Redundancy State = N/A
Mobility MAC = XX:XX:XX:XX:XX:XX
Redundancy Management IP Address................. 0.0.0.0
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 0.0.0.0
Peer Redundancy Port IP Address.................. 169.254.0.0
Wireless --> Access Points --> Global Configuration:
(Cisco Controller) >show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Secondary - HA SKU
Unit ID = XX:XX:XX:XX:XX:XX
Redundancy State = N/A
Mobility MAC = XX:XX:XX:XX:XX:XX
Redundancy Management IP Address................. 0.0.0.0
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 0.0.0.0
Peer Redundancy Port IP Address.................. 169.254.0.0
Controller--> General:Hi Scott,
Yes, it is N+1 HA with HA-SKU what I need to implement.
“6000 Access Points Supported” is shown in the main GUI page.
I followed the guide you mentioned to do this configuration:
1 - From the primary controller, configure the backup controller on the primary to point to the secondary controller:
(Cisco Controller) >config advanced backup-controller primary Secondary 10.9.51.252
(Cisco Controller) >show advanced backup-controller
AP primary Backup Controller .................... Secondary 10.9.51.252
AP secondary Backup Controller .................. 0.0.0.0
2 - On the permanent AP count WLC, use the config redundancy unit secondary command to convert the controller into an HA-SKU secondary controller:
(Cisco Controller) >config redundancy unit secondary
(Cisco Controller) >
3- On the CLI, use the show redundancy summary command to view the status of the primary and secondary controllers:
Primary:
(Cisco Controller) >show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Primary
Unit ID = F8:72:EA:66:B8:A0
Redundancy State = N/A
Mobility MAC = F8:72:EA:66:B8:A0
Redundancy Management IP Address................. 0.0.0.0
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 0.0.0.0
Peer Redundancy Port IP Address.................. 169.254.0.0
Secondary:
(Cisco Controller) >show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Secondary - HA SKU
Unit ID = F8:72:EA:66:E4:40
Redundancy State = N/A
Mobility MAC = F8:72:EA:66:E4:40
Redundancy Management IP Address................. 0.0.0.0
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 0.0.0.0
Peer Redundancy Port IP Address.................. 169.254.0.0
As far as I can tell I have completed all the steps. In my configuration, “Redundancy Management IP Address” and “Peer Redundancy Management IP Address” are 0.0.0.0; these are the only differences I can find with the configuration in the Guide.
Redundancy Management IP Address................. 0.0.0.0
Peer Redundancy Management IP Address............ 0.0.0.0
Thank you.
Joana. -
Cisco wlc and steel belted radius
we have cisco wlc controller that have two ssid one for user and one for guest
we need the user in ssid 1 take user name and password from user group in active directory through steel belted radiu
please send to me any integrated guide between cisco wlc and steel belted radius
regardsHi Mohammad,
I am unaware of a specific Steel Belted RADIUS intrgration guide for the WLCs, however the configuration process on the controller will be the same:
Cisco WLC Configuration Guide 7.0 - Configuring RADIUS:
http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70sol.html#wp1388328
You may wish to contact your RADIUS vendor for additional configuration steps on the server.
Best,
Drew -
Hi, I want to integrate my Cisco WLC directly into Microsoft NAP. Is this possible?
Thanksfollow the table in the link http://www.cisco.com/en/US/docs/security/nac-nap/1.0/release/notes/NACNAPRN.html#wp1134942 for the integration of WLC and Microsoft NAP
-
Mobility between Cisco WLC and Meraki(other vendor)
Is it possible that users can roam between Cisco WLC and other vendor wireless gear? Meraki keeps saying it is possible.
They keep saying it is a IEEE feature and everone should support but I do not understand how?While theoretically possible with the adoption of capwap, it would require all the manufacturers to follow the specs exactly the same. Kind of like hearding cats, not impossible, but highly unlikely.. That's just my opinion
Sent from Cisco Technical Support iPad App -
8510 WLC realase 8.1 New mobility?
Hi,
Does someone know when the release 8.1 for the 8510 WLC is coming? Does it going to support the New Mobility stuff? As far as I know, Cisco was planning to include this feature back again in version 8.1.
Thank you.
Joana.We have a 8510 WLC as a foreign controller and a 5760 as a mobility anchor in the DMZ. Will this be supported?
Yes, Guest anchoring will be supported between 8510 with new mobility & 5760
We have been advised to use 2504 WLCs as mobility anchors for smaller sites. Do you think they will interoperate fine with our core/foreign 8510 WLCs?
I would think so. 2504 with new mobility, you should be able to peer it with 8510.
HTH
Rasika
*** Pls rate all useful responses **** -
ISE 1.2 With WLC and AD
Hi everyone,
What is the steps and Procedure implement Wired and wireless authentication with ISE, WLC and AD for a LAB environment. currently the following are done.
The wireless network is configured with 2 SSID (Staff and Guest)
Active Directory, DNS, DHCP, and NTP configured & synced.
ISE and AD running on C220 VMs, and WLC is 5760 Appliance.
Please provide your thoughts and assistance.
RegardsYou have to implement dot1x and radius between your NAD and ISE device.
Using the switch 3850, that are the steps:
username RADIUS-HEALTH password radiusKey1 privilege 15
aaa new-model
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
!this password will be used to communicate with ISE and to verify reachability
!between ISE and Switch
aaa server radius dynamic-author
client 172.16.1.18 server-key 7 radiuskey
client 172.16.1.20 server-key 7 radiuskey
ip domain-name lab.local
ip name-server 172.16.1.1
dot1x system-auth-control
interface GigabitEthernet1/0/3
switchport mode access
switchport voice vlan 50
switchport access vlan 10
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
ip access-list extended ACL-ALLOW
permit ip any any
!the comm between radius and ise will occur on these Port
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
snmp-server community ciscoro RO
snmp-server community public RO
snmp-server trap-source Vlan100
snmp-server source-interface informs Vlan100
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 10 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
!defining ISE servers
radius server ISE-RADIUS-1
address ipv4 172.16.1.20 auth-port 1812 acct-port 1813
automate-tester username RADIUS-HEALTH idle-time 15
key radiusKey
Please be sure that NTP servers and time are synchronized.
enable dot1X on windows machine, or using cisco NAM.
you can enable debugging on aaa authentication to see the events.
you have to create this user on ISE (RADIUS-HEALTH).
3850#test aaa group radius username password new-code
and observe the result. You are supposed to have user authenticated successfully.
You Must also have define these device in ISE on the radius interface.
ip radius source-interface ..... use this interface ip address to define Ip address of the NAD device in ISE.
administration-->network resources -->Network Devices-->Add
input the name
input the Ip address for radius communication
select the authentication settings and field the corresponding shared secret radius key
select snmp settings and select version 2c.
snmp community : ciscoro
you can customize the polling interval if you want and that all.
you are supposed to received message communication between your NAD and ISE.
After you can do the procedure for WLC device.
I will fill it after you have passed the first steps (3850 authentication). -
Problem share folder WLC and pc macbookpro
I am doing a migration from my wireless network in the old network in the PC MacBookPro I can see shared files on the network. But when I connect to the SSID configured on the WLC and I can not see shared files on the network. I have no ACL configured on the SSID.
Bonjour is a non-routabe multicast based service. A trick I use sometimes is to configure the WLAN to be in hreap mode if the ap is located locally to the target bonjour device.if your running in local mode, make sure they are on the same vlan and global multicast is enabled.
Sent from Cisco Technical Support iPad App -
With Cisco equipment wlc 2500 and AP 1600 combines windows 2008 r2 domain controller to achieve the following purposes,
1, all cell phones and laptops can access the wireless network with a domain user authentication.
2, the guest network should how to do it?
My idea is:
Made a total of two ssid below
Mobile users cnnewcity_mobile: Use webportal certification, so the center certification, local forwarding
Computer users cnnewcity_wifi: transparent certification, local forwarding, local authentication
The basic steps are as follows:
1, set the Radius server clients (AP or controller)
2, locking authorization group --- this should be based on the domain user group authorization radius server
3, the mobile roaming - different locations on the DHCP server choose to do this you have to consider the next 43
4, the establishment of a two vlan to a mobile user to the computer user, create a DCHP scope on the DHCP
I do not know if you have wood there are better ways?Integrating the AD to the WLC Requires:
1. AD to be registered:
AT: Security->AAA
AT: LDAP
CLICK: New
Server IP: <AD IP>
Port Number: 389
Simple Bind: Authenticated
Bind User: CN=Administrator,CN=Users,DC=testing,DC=local,DC=com
Bind Pass: <LDAP Admin pass>
Confirm Pass: <LDAP Admin pass>
User Base DN: OU=WebAuth_Users,DC=testing,DC=local,DC=com
User Attrib: sAMAccountName
User Obj. Type: person
Enable at WLAN Profile
1. AT: WLAN->WLANs
CLICK: <Desired WLAN> -typically web authentication
2. AT: Security Tab
AT: AAA Servers
3. AT: LDAP Servers
**Select Created LDAP
4. Apply to Save
Source: Tried it in implementations :))
Maybe you are looking for
-
Black background after update to 10.6.7 or 10.6.8
Hello Community, im new in here and would like to ask for help. My Problem is that when i will update my machine from 10.6.6 to 10.6.7/10.6.8 my backgrounds in Finder and the rest of my OS Control panels are in black so that i can´t use my machine re
-
Backup in NOARCHIVELOG mode using RMAN
I'm trying to do a cold backup of a database as outlined in the 'Backup and Recovery Guide': - shutdown database using SVRMGRL - run the backup from RMAN: However I get the following error messages: RMAN> run { 2> allocate channel dev1 type disk; 3>
-
How do I change the size of images for a collage?
I am trying to create a collage in Photoshop CS4. I have found info on this and know that I need to create the background layer and then drag the images I want onto the background layer, then free transform the images to make them the sizes that I w
-
Hi All, I have application, which eats all the memory, when I load big structure in JTree. So I have modified following function DefaultTreeMutableNode { public void insert(MutableTreeNode newChild, int childIndex) { children = new Vector()
-
Hi, I have a I7 macbook pro. And when a use videos or photos my macbook crash down and restart. Appear this message below. Can u help me? Anonymous UUID: E72ED860-0FF2-9700-F2B3-E0F0D082BEE0 Sun Mar 30 02:16:22 2014 panic(cpu 0 caller 0xffffff7