Cisco vWLC extra vCPU.

Similar Messages

• VMware tools and hardware version for Cisco vWLC

  I am currently running a Cisco vWLC (v8.0.100.0) on VMware vSphere 5.5U2 supporting about 20 APs. I just recently upgraded to vSphere 5.5U2 and I was working my way through updating the VMware tools and VM Versions on all my VMs when I glanced at this info for the vWLC. The vWLC shows a VM version of 1 with the VMware tools not running and not installed. I am curious if it is necessary or even possible to update the VMware tools and VM version for the vWLC. The vWLC is working perfectly fine and I have no issue with leaving well enough alone, but this just kind of peeked my curiosity as I really couldn't find any concrete answers in any online documentation. Does anyone have any insight on this matter?

  If it's working, then leave it alone. Some of the Cisco virtual, well maybe most, don't support the VMWARE tools. Updating the version to the latest will make you have to use vCenter as the sphere client will not allow you to edit the VM anymore. 
  -Scott

• Cisco vWLC and Central Web Authetication ISE Issue

  Hello!
  I have an issue with Wireless Central Web Authentication. Wired CWA woking fine.
  My APs woking in FlexConnect mode with local switching. When I connect to the WLAN with CWA, web page with guest portal in not opening, but I see, that redirect is working...
  When I try to ping ISE, and have a strange result:
  y@5733Z:~$ ping 10.10.2.47
  PING 10.10.2.47 (10.10.2.47) 56(84) bytes of data.
  64 bytes from 10.10.2.47: icmp_seq=5 ttl=63 time=1.45 ms
  64 bytes from 10.10.2.47: icmp_seq=8 ttl=63 time=2.22 ms
  64 bytes from 10.10.2.47: icmp_seq=10 ttl=63 time=1.43 ms
  ^C
  --- 10.10.2.47 ping statistics ---
  21 packets transmitted, 3 received, 85% packet loss, time 20106ms
  rtt min/avg/max/mdev = 1.430/1.703/2.223/0.367 ms
  When I change the security method on the WLAN to open or any other, ping to ISE working fine. Please help!

  Central Web Auth (CWA) works different on controllers/APs running in FlexConnect mode. Please check this guide and confirm that you have similar setup. 
  http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html
  If so, please post screen shots with your configs (Redirect ACLs, policies in ISE and the WLC SSD settings). 
  Also, the version of code that you are running in ISE and your controller. 
  Thank you for rating helpful posts!

• Cisco vwlc ha

  Hi,
  is it possible to configure ha in virtual WLC??
  thanks,
  nitesh

  Cisco Virtual Wireless Controller (vWLC) - Release 7.3 supports HA. The latest 7.3 release enables a second controller to be configured in “Hot Standby” mode to a designated primary controller.
  The redundancy ports of these two controller appliances are connected with an Ethernet cable. In case of WiSM2, you can have a redundant blade in the same or across chassis with VSS. This connection is used to exchange the configurations, the CAPWAP states of APs, and regular keep-alives. This is how a sub-second failover can be achieved for hundreds of access points to the standby controller in case of a hardware failure or network loss for the primary Controller. This means that there is NO SSID Outage because of Access Points Stateful Switch Over (AP-SSO) from primary to the standby  controller.
  In addition, the standby controller also syncs the Pairwise Master Key (PMK) key cache from the active primary controller, so when the client re-associates to the access point, there is no need for the controller to re-authenticate with the RADIUS server, resulting in downtime of only a handful of seconds.

• Cisco vWLC - AP's not broadcasting SSID's

  I am running the demo of the virtual WLC and have one 1142N AP connected to it.  I have two WLAN's created and they are configured to broadcast their SSID's.  However, when I look on my laptop or Android, I cannot see either of them.  I checked the AP to see if it has the WLAN's on it and it does.  I did this by going to Wireless -> Access Points -> Radios -> 802.11a/n AP Interfaces -> Details.  Under Station Configuration Parameters -> Number of WLAN's, there are 2, which is correct. 
  I had this demo running on VMware workstation and had some bridging issues with it and thought that was the issue.  I now have it running on ESX5.1 and am still having this issue.  I am at a loss as to what is causing this problem.
  One other note, the AP is receiving power through a power injector.  Not sure if that makes a difference or not.
  TIA for any help.
  Dan

  what are the WLAN ID's for them?  If you created them as => 17, you need to create an AP group
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Move AP´s form 4400 to vWLC

  Hello Community.
  At the moment we migrate AP´s from our old 4402 WLC (Version 7.0.235) to a new vWLC (Version 7.5.102) 
  I have to load a new image to the AP´s that they will connect with the new vWLC. 
  My Problem is, when i upgrade a AP in a Branch Office everthing works fine. I enter the new controller IP directly to the AP, becouse the DNS points to the old controller which is the productiv at the moment. 
  When i try to migrate a AP in our central, where also is the physikal old controller, the AP´s will not connect to the new vWLC. I make the Update from the AP and clear the private config and enter the ip of the new controller on the CLI of the AP. After a reboot the AP joins automaticly the old wlc and makes a firmwaredowngrad. 
  Why ignores the AP the static configured controller IP?
  Regards Stefan

  I would recommend to pay extra attention to Troubleshooting – AP Considerations section of the deployment guide. It literally states the following
  An AP must be at software version 7.3.1.35 and above to successfully join a virtual controller. Virtual controllers use SSC in order to validate an AP before joining.
  There are other items listed as well, but the main requirement is in that one sentence. Cisco Lightweight AP will not join vWLC if that AP lacks Software Release 7.3 or above. For clarity sake, the latest Cisco WLC 4400 Software Release is 7.0.250.0, which implies that it won’t be possible to migrate Lightweight APs from Cisco WLC 4400 to Cisco vWLC in a direct manner.
  If you try to associate an AP that runs pre 7.3 WLC Software Release, you will likely notice the following messages in the console CLI, which is a good sign you need to upgrade AP’s software before it can join vWLC:
  *Mar 28 12:07:20.227: %CAPWAP-5-SENDJOIN: sending Join Request to 10.175.1.200
  *Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
  *Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
  *Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
  *Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.175.1.200
  *Mar 28 12:07:20.231: %DTLS-5-ALERT: Received WARNING : Close notify alert from 10.175.1.200
  *Mar 28 12:07:30.243: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  Before you even start to migrate APs to the vWLC, you have to understand if those APs are being supported in the new version of WLC software (7.3 and above).
  Check the WLC 7.3.112.0 Release Notes, specifically “Software Release Support for Access Points” section. There’s a table that lists the majority of Cisco Access Point models and information about their life cycle – First Support and Last Support release versions. The latest column is of highest interest. You can expect an AP to work with the new WLC Software Releases if a dash is displayed in that column. Otherwise you will have to consider replacing APs as well, and not only the WLC.
  For example, Cisco Lightweight AP 1142 can be upgraded to software version 7.3 (Last Support release column has the dash). At the same time Cisco Lightweight AP 1220 can not be upgraded (Last Support release version is 7.0.x). After you confirmed that your APs are being supported by WLC 7.3 or above, you can proceed further.
  There are two ways to meet this main requirement: Manual and Automatic.
  Manual Upgrade (slow, not recommended in large deployments)
  This methods does not require any special kit except the console cable and network connectivity to the TFTP server. Process is as follows
  Get a recovery image software from the download section at Cisco.com, for WLC 7.3 or above. For example, IOS software that corresponds to WLC Software Release 7.3.112.0 is 15.2(2) JA1 – c1140-rcvk9w8-tar.152-2.JA1.tar;
  Interrupt AP boot process by holding Mode button for 30 seconds (until led becomes RED);
  Format flash, and download new software from the TFTP server.
  load_helper
  flash_init
  format flash:
  set IP_ADDR 192.168.0.200
  set NETMASK 255.255.255.0
  set DEFAULT_ROUTER 192.168.0.1
  tftp_init
  tar -xtract tftp://192.168.10.5/c1140-rcvk9w8-tar.152-2.JA1.tar flash:
  boot
  Reboot AP. It will begin a join process (will upgrade/downgrade to vWLC version, if required);
  Automatic Upgrade (recommended)
  This process is suitable for large environments, but it requires a presence of hardware WLC that supports Software Release 7.3 and above, like Cisco WLC 5508. Hardware WLC does not require AP to authenticate through SSC (Self-Signed Certificates) hash, thus making it possible for Lightweight AP to join hardware controller with Software Release 7.3 and above without extra efforts, and as result upgrading to the same version of software. The process is described below.
  Change an existing DHCP Option 43 to list an IP address of the hardware WLC 7.3 or above (Cisco 5508 will do the trick);
  Login to the old WLC’s web page (the one from where you want to migrate compatible APs);
  Choose an AP and select “Clear All Config”. This will remove the CAPWAP configuration from AP’s cache and reboot it;
  Wait for AP to reboot. It will join hardware WLC 7.3 and upgrade own software. Wait until AP’s status changes to REG;
  Change DHCP Option 43 again but this time it has list an IP address of the vWLC
  Force an upgraded AP to reboot with factory default settings (“Clear All Config”);
  Wait for AP to join vWLC. It may reboot a couple of times, if software versions on hardware and virtual WLCs differ;
  Voila – AP will join vWLC without physical intervention.
  You can repeat steps 1 through 7 for the rest of APs one by one or in bulk.
  One other important requirement to consider is that vWLC will only work with Lightweight APs configured to operate in FlexConnect mode (ex H-REAP). Even though, once upgraded, APs will eventually join vWLC, they won’t be able to associate clients until you switch them to FlexConnect mode. This can be done manually using web interface
  Or, vWLC can be configured to automatically convert all APs to work in FlexConnect mode after they join the controller for the first time, and after all required upgrades are complete. To do that, execute the following command using vWLC’s CLI:
  config ap autoconvert flexconnect enable
  Once applied, every single AP associated with this controller, will be switched to FlexConnect mode automatically.

• ISE 1.2 rejects RADIUS messages from vWLC

  Hello,
  I have an ISE appliance with the Wireless license. The Cisco vWLC is configured to send Radius traffic to the device, but is getting the error message:
  11054 Request from a non-wireless device was  dropped due to installed Wireless license
  The vWLC is showing up under endpoints as a VMWARE workstation, and not a WLC, and so under the licensing requirements will not allow RADIUS to be received from anything other than a WLC. I tried hard-coding the policy to match a Cisco WLC with a condition of matching its MAC address, and even disabled the VMWARE profile policy, but the endpoint then only matches the "Unknown" policy. Any ideas?

  Check the Cisco ISE dashboard (
  Operations > Authentications
  ) for any indication
  regarding the nature of RADIUS communication loss. (Look for instances of your
  specified RADIUS usernames and scan the sy
  stem messages that are associated with
  any error message entries.)
  Log into the Cisco ISE CLI
  2
  and enter the following command to produce RADIUS
  attribute output that may aid in debugging connection issues:
  test aaa group radius
  new-code
  If this test command is successful, you should see the following attributes:
  Connect port
  Connect NAD IP address
  Connect Policy Service ISE node IP address
  Correct server key
  Recognized username or password
  Connectivity between the NAD and Policy Service ISE node
  You can also use this command to help narrow the focus of the potential problem
  with RADIUS communication by deliberatel
  y specifying incorrect parameter values
  in the command line and then returning to the administrator dashboard (
  Operations
  > Authentications
  ) to view the type and frequency
  of error message entries that
  result from the incorrect command line. For example, to test whether or not user
  credentials may be the source
  of the problem, enter a username and or password that
  you
  know
  is incorrect, and then go look for error message entries that are pertinent
  to that username in the
  Operations > Authentications
  page to see what Cisco ISE
  is reporting.)
  Note
  This command does not validate whether or not the NAD is configured to use
  RADIUS, nor does it verify whether th
  e NAD is configured to use the new
  AAA model.

• VWLC clients getting DHCP address from management VLAN

  Hi,
  We have a strange scenario whereby some wireless employees are obtaining addresses from the management VLAN.
  Some details:
  DHCP managed by MS DHCP 2008 R2 (in remote data centre)
  Cisco vWLC AIR-CTVM-K9 running v7.6.110.0
  AP's are a mix of 2602 and 3702 (46 and 2 of each respectively)
  SSID's are employee, guest, and production devices (all mapped to their own interface with relevant VLAN tag as per normal)
  AP's all in FlexConnect mode as per vWLC caveats
  Some employees are receiving addresses in the wireless management VLAN. This network only has six DHCP addresses available as it is solely for AP's, WLC and HSRP gateway. Obviously this gets exhausted very quickly leaving us with a scenario where clients are not obtaining DHCP addresses.
  I understand that with FlexConnect mode, it will assign IP's from the native VLAN. What I don't understand is why most clients receive addresses in the correct VLAN, but a handful do not, and then cannot get an address from DHCP. Obviously the ideal scenario would be to put the AP's into local mode but unless this has changed in a SW release then I don't believe it's possible...
  My question is: How do I get ALL the employees to obtain addresses from their interface and not the management VLAN?
  Thanks in advance.

  Hi,
  I think we need a closer look to your configurarion to eliminate some possibilities:
  - What is the WLAN security you choose?
  - What is the interface that is configured under the WLAN?
  - Does your WLAN have local switching enabled?
  - If your security is using RADIUS server, do you have AAA override enabled under the WLAN config?
  - If your security is using RADIUS server, do you send any attributes to the users?
  - You have eliminate that clients that got management vlan IPs are always on same AP or they can be on any AP.
  HTH
  Amjad

• Cisco WLC WebAuth Page Not Found

  Hi All,
  I'm using Cisco VWLC 7.4.100.60, I'm facing a problem of the internal web auth with Local Net User , any client access the guest SSID, which can re-direct to the virtual port ip http://1.1.1.1/login.html, but browser also show page not found.
  May I know how can I fix it?
  Many Thanks!
  hang

  Can be many things... first off, make sure DNS is working and that the guest homepage is not a secure web site (https).  Also make sure you didn't add and DNS hostname in the VIP interface unless you installed a cert and the FQDN is resolving.  Here is a good guide:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080bf7d89.shtml
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Maximum number of AP supported has already joined cisco

  Dear all,
  We have vWLC, AP connected through MPLS network,  we also have ap base license for 15 AP, the problem is that AP cant joint to WLC because of
  this error:
  Maximum number of AP supported has already joined cisco
  WLC shows that all 15 licenses are used, but we have only 3 AP
  What is that? bug or not?, everything worked fine before we put new 4 AP into the network
  thank you
  I attached outputs in photos:

  This license is evaluate and it works fine, but when it is our license it shows no AP in summary
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.4.100.60
  RTOS Version..................................... 7.4.100.60
  Bootloader Version............................... 7.4.100.60
  Emergency Image Version.......................... 7.4.100.60
  Build Type....................................... DATA + WPS
  System Name...................................... Cisco VWLC
  System Location.................................. ESXI
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
  IP Address....................................... 192.168.6.1
  System Up Time................................... 0 days 17 hrs 29 mins 9 secs
  System Timezone Location......................... (GMT +4:00) Muscat, Abu Dhabi
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  Configured Country............................... Multiple Countries:BY,MX,US
  --More-- or (q)uit
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 7
  Number of Active Clients......................... 41
  Memory Current Usage............................. Unknown
  Memory Average Usage............................. Unknown
  CPU Current Usage................................ Unknown
  CPU Average Usage................................ Unknown
  Burned-in MAC Address............................ 00:50:56:9F:68:43
  Maximum number of APs supported.................. 200
  (Cisco Controller) >show ap summary
  Number of APs.................................... 3
  Global AP User Name.............................. Not Configured
  Global AP Dot1x User Name........................ Not Configured
  AP Name             Slots  AP Model              Ethernet MAC       Location          Port  Country  Priority
  Meeting_Room         2     AIR-LAP1142N-E-K9      54:75:d0:f5:3a:e4  default location  1        BY       1
  Fttb                 2     AIR-CAP3602I-A-K9     30:f7:0d:29:03:42  default location  1        MX       1
  Technical            2     AIR-LAP1142N-E-K9      c8:9c:1d:f4:72:8a  default location  1        BY       1

• VWLC issue with guest vlan

  Hi Team,
  I installed Cisco vWLC for the first time. Everything works fine except my guest vlan doesnt get IP address from the designated dmz network. I was wondering if I am missing something. Currently Flexconnect it configured on the wlans with LOCAL mode. I've alredy tried to go under each AP and perform vlan mapping but ... no luck so far.
  Please get back to me if you have any ideas.
  Respectfully,
  Marty-

  Hello Marty,
  As per your query i can suggest you the following solution-
  Guest vlan doesnt get IP address from the designated dmz network.So please apply the appropriate native vlan to the Flexconnect configured in the local mode.Also make sure to do vlan mapping in order to match Physial switch Vlan matching. Finally configure trunk on the Access-Point port with the corresponding native Vlan.
  For more information please refer to the link-
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
  Hope this will help

• Virtual wireless controller

  Hi.. i have running cisco vWLC controller in my location A, its working perfectly here. Now i have another location B where i have APs registered with controller in location A. I have created another WLAN and set location B dhcp server assign location B network ip. But issue is that when we connect to this wlan it gets connected but no ip gets assigned. wireless controlloer can reach to location B dhcp server, there is no connectivity issue b/w these.
  what else settings do i need to set so that clients can get ip through dhcp.

  Is location B WLAN configured with local or central switchinng?
  If traffic is central switched (tunneled back to the WLC in location A) that may the problem in your case. I assume location A and B are in separate broadcast domains, so there should be an issue with the dhcp discovers from clients.
  You should try to local switch the traffic for WLAN B or if it has to be central switched you should switch locally dhcp packets from clients.

• Time mismatch between controller and AP, why?

  Hello all,
  I have a lab setup with a Cisco vWLC deployed in VMWare ESXI and 2x 1131 APs, 
  The APs are failing to join the controller due to a certificate error. I have noticed that the time that APs are using is an hour out from the controller.
  The controller time and timezone are set correctly (London timezone, it's currently summer time here so its GMT+1), but the APs are being set to an hour early (GMT+0) and are failing to join.
  I tried setting the time manually on the APs, but as soon as they talk to the controller it sets itself wrong again!
  How can I resolve this?
  Thanks
  Ben

  How can I resolve this?
  You can't.  
  LWAPP/CAPWAP standards do not include the APs to inherit timezones of the controller.  So the controller can have different timezones but the controller-based APs are always in UTC/GMT/Zulu timezones.

• Limit monthly bandwidth usage

  Hi,
  We have a customer with a Cisco CISCO1941/K9. The router has 2 WAN connection. 1 connection has a monthly bandwith limit of 20GB/month and is an high speed connection. The second connection is unlimited and used as a fallback connection in case the primary line is unreachable.
  We need to prevent the primary connection to use more as 20GB/monthly and in case it uses 20GB make the router switch to the second connection till the new billing period starts.
  Is there any way to do this on a Cisco CISCO1941/K9 without Cisco Prime / extra hardware/software costs?
  Thanks in advance for any reply.
  Sven

  There is one line that needs to be removed when using an interface that is not cellular which is "regsub -all {r} $interface "r " interface"   This changed the "Cellular0" to "Cellular 0"   I commented it out in the attached file and it is working as expected.
  *Jun 20 12:19:01.840: %HA_EM-6-LOG: data_limit.tcl: C819-4G FastEthernet1 has used 34297149. Bytes with a monthly subscription of 100000000 Bytes  (34.297149 % used)
  *Jun 20 12:20:01.856: %HA_EM-6-LOG: data_limit.tcl: C819-4G FastEthernet1 has used 34308997. Bytes with a monthly subscription of 100000000 Bytes  (34.308997 % used)
  *Jun 20 12:21:01.836: %HA_EM-6-LOG: data_limit.tcl: C819-4G FastEthernet1 has used 34331844. Bytes with a monthly subscription of 100000000 Bytes  (34.331844 % used)

• Cisco UC Virtualization Hypervisor - Supported vCPU and RAM BE6000 HD SERVER ?

  How much vCPU  and total RAM is supported by the default Cisco UC Virtualization Hypervisor shipped with BE6000 HD Server  ?
  The BE6000 High Density Server has a total of 16vCPU and 48 GB of RAM.
  How much total vCPU and total RAM is Supported/Licensed by the default Cisco UC Virtualization Hypervisor ?

  The total server CPU and memory is capped at what comes in the BE6k and BE7k bundle SKU. Per-VM limits are listed here: http://docwiki.cisco.com/wiki/Unified_Communications_VMware_Requirements#Purchasing_.2F_Sourcing_Options_for_Required_Virtualization_Software