Cisco WLC 5508 and LACP
Hi Fellows,
I wanna know if 5508 Cisco WLC support LACP or not. Actually i work in a project where i must
connect WLC 5508 in Enterasys Switches with Link Aggregation.
Enterasys Switches support LACP 802.3ad but when i learn Cisco Books i see that WLC 5508
doesn't support LACP.
Can you help please ?
Sincerely
Joseph
Hi,
Please take a look into the config guide:
http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mint.html#wp1277652.
You can read there:
Once the EtherChannel is configured as on at both ends of the link, it does not matter if the Catalyst switch is configured for either Link Aggregation Control Protocol (LACP) or Cisco proprietary Port Aggregation Protocol (PAgP) because no channel negotiation is done between the controller and the switch. Additionally, LACP and PAgP are not supported on the controller.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
Similar Messages
-
Hello,
i'm tryin to install a WLC 5508 with version 7.6.120 and with AP 2702i with the follwing firmware ap3g2-rcvk9w8-xx ( 15.2(4)JB5), i've configured saticly the capwapp with the follwwing configuration:
IP Address 172.17.255.234
IP netmask 255.255.0.0
Default Gateway 172.17.255.254
Primary Controller 172.17.255.239
The controller iw the IP 172.17.255.239 and i've connectivity between the both equipments, there's no firewalls between them, however i can't register the AP with the controller, anyone have some idea?Hi,
May be AP comes with mesh image: You cans ee in logs
If it is with mesh image then use this:
1. Log into your Wireless LAN Controller.
Select the Security tab.
Expand AAA and select AP Policies.
Click the Add button in the far right.
Under Add AP to Authorization List, enter the MAC Address of the Access Point in the MAC Address text box.
Click the Add button.
Click the Apply button
Now your AP must be in downloding state.
2. When the AP finally show up under the Wireless tab, check the AP Mode . It may operating in ‘Bridge’ mode. This is incorrect. It should be in ‘Local’ mode.
If your AP is in ‘Bridge’click the name of the AP under the AP Name column. Under the General tab, click the AP Mode drop down box and select ‘Local’. Click the Apply button in the top right.
Now AP should now be working fine.
Hope it helps.
Regards
Dont forget to rate helpful posts -
Cisco WLC 5508 not sending SNMP Traps
Hello Everyone.
I'm having a weird error on our WLC environment. We have an HA with two cisco WLC 5508 and i cannot get SNMP Traps working on a Windows PC running Kiwi Syslog server (free ed.).
I can receive correctly Syslog messages, but not traps.
I Tried also to send SNMP Traps from WLC to a different PC using Linux with snmptrapd and it works fine.
I tried then to send from my Linux box a snmp trap to my Windows PC, and it works fine, but i still cannot receive anything from WLC.
Using Wireshark to detect traffic, i cannot see any packet on udp port 162.
I cannot figure out any problem with my scenario, but i can see the following errors on syslog:
*rmgrTrasport: Mar 30 16:08:22.602: #RMGR-3-INVALID_PING_RESPONSE: rmgr_utils.c:270 Ping response from <my_windows_PC> is invalid. Ip address do not match.
My WLC Version is 7.6.130.0
Thank you for your support.I have gone through your query and found the following fruitful links ,please let me know if it helps and mark it correct answer if it is.
https://www.manageengine.com/network-monitoring/help/userguide/processing_traps.html
https://rscciew.wordpress.com/2014/10/12/snmp-configuration-on-wlc/
Thanks :) -
Need Information of cisco WLC 5508 LAG Interface
HI
We have cisco WLC 5508 in our network and right now ,this WLC is connected to two ports of each core switches.Both CORP and GUEST SSID are configured on this WLC.
Now we want to segregate the trafffic og GUEST to on core switches from WLC. SO my question is ,how can we achieve this without using guest anchor controller ?
Can i use one interfcae cisco WLC 5508 and connect it to the firewall or any device ?
Thanks
PuneetHi
Thanks ...I am using WLC as a DHCP server for Guest.
So i want to know ,is there any requirement that GUEST subnet should be pingable from WLC management IP address.
my topology is here...
Corp network and management network are reachable however management metwork is not pinagble from guest netowrk. -
Port channel WLC 5508 and 3750
Hi All,
I want to configure Port channel for WLC 5508 and cisco 3750 Stack Switch. What changes I need to make on WLC and where?
Thanks
JagdevThanks Chris,
LAG is enable on WLC, and Port channel is configured on 3750, Please see the configration and Port channel status below:-
(Cisco Controller) >show lag summary
LAG Enabled
interface Port-channel14
description Port Channel to WLC001
switchport trunk encapsulation dot1q
switchport mode trunk
end
sh etherchannel 14 summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 14
Number of aggregators: 14
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
14 Po14(SD) LACP Gi1/0/22(I) Gi2/0/22(I)
sh run int g1/0/22
Building configuration...
Current configuration : 209 bytes
interface GigabitEthernet1/0/22
description Trunk to WLC001 DistPort1
switchport trunk encapsulation dot1q
switchport trunk native vlan 254
switchport mode trunk
channel-group 14 mode active
end
sh run int g2/0/22
Building configuration...
Current configuration : 209 bytes
interface GigabitEthernet2/0/22
description Trunk to WLC001 DistPort2
switchport trunk encapsulation dot1q
switchport trunk native vlan 254
switchport mode trunk
channel-group 14 mode active
end -
IPhones not taking ipv4 addresses on Unified Wireless (WLC 5508 and AP 3602)
This is a really odd one...
Earlier this week we started having issues with our BYOD wireless network (802.1x, WPA2+AES) but only with Apple devices (iphone and ipad). Employees with Android or Windows phones are not having any problems at all.
A brief summary of what's observable for the issue:
Radius authentication succeeds (PASS observable in ACS logs)
IPhone status viewed on both controllers (foreign anchor in DMZ as well as corporate WLC) shows phone associated.
Debug client output shows an IPv4 address is actually being assigned to the phone however it appears to ignore it and restart the DHCP request process so debug output shows what looks to be a loop of DHCP request and offer stages.
Infrastructure notes
Cisco WLC 5508s are all running 7.4.121.0 (tried rolling back to 7.2.110.0 .....didn't help)
APs are all 3602I-N-K9
DHCP for the BYOD network is running on the anchor in the DMZ however this was temporarily moved to a switch (had no effect).
Any ideas?
DHCP Loop:
*mmListen: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 93, Local Bridging intf id = 12
*mmListen: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f Set bi-dir guest tunnel for a4:c3:61:7a:1a:4f as in Export Anchor role
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 Added NPU entry of type 1, dtlFlags 0x4
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f Pushing IPv6: fe80:0000:0000:0000: 0c00:0c94:459e:a9db , and MAC: A4:C3:61:7A:1A:4F , Binding to Data Plane. SUCCESS !!
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 1, flags: 0
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:53.754: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 3, flags: 0
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 8, flags: 0
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:45:07.059: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:45:07.059: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,Thanks Scott, here you go...
On Foreign:
WLAN Identifier.................................. 2
Profile Name..................................... BAI-Beta
Network Name (SSID).............................. BAI-Beta
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 42
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... CHTWLC
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Bronze
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
--More-- or (q)uit
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 172.24.13.20 1812
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
2 172.24.13.251 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled
On Anchor:
WLAN Identifier.................................. 1
Profile Name..................................... BAI-Beta
Network Name (SSID).............................. BAI-Beta
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 48
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... CHADWLC01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ bai-beta
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Bronze
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
--More-- or (q)uit
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 172.24.13.20 1812
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
1 172.24.13.251 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled -
Cisco WLC 5508
Software Version: 7.4.100.0
Windows Server 2008R2
I've got everything setup on the Windows Server 2008 side of things (certificates, radius clients, etc)
I added the radius server on the WLC, and configured a new WLAN to use it.
Both are on the same subnet.
When trying to conect to the WLAN it kept failing. I installed wireshark on the server to monitor the radius traffic, and to my surprise there was no radius traffic showing up on the server. The radius statistics on the WLC are at 0 as well, so it's like the WLC isn't even attempting Radius.
I reverified that the server was enabled on both the security tab and the WLAN itself on the WLC. Rebooted the controller and the server, all to no avail. I used a radius test client, and can successfully send radius commands to the server using that utility.
Frustrated, I just kept trying to reconnect on my wireless device, and after about the 15th try, finally I saw radius activity on wireshark. It rejected my access, but at least I saw activity. It also registerd radius statistcs on the WLC as well.
So now if I keep trying to connect repeatedly, about every dozen or so times the WLC actually will send a radius request to the server.
What in the world is going on here?I do have local management users on the controller.
Some hours later I added the option of authenticating management users, for the NPS server. Then logged inn to the management GUI using NPS radius, worked just fine.
However, these commands have been useful to me several times, to make sure unsuccessful requests appear in the Windows Event log:
auditpol /get /subcategory:"Network Policy Server"
If it shows ‘No auditing’ or just "Success", you can run this command to enable it:
auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
So now I know that the NPS radius server works, for management access. I will go to the customer's site some other day to test it for 802.1x authentication. If not, I'll do some debugging to decide wihich to blame - the WLC or NPS. -
WLC 5508 and Multiple DHCP servers in different sites?
Hi
I work for health authority in our region and we just purchased a Cisco wlc 5508 controller along with 25 3500 AP's. We have multiple sites with different IP subnets in each, all connected by a frame relay (owned by ISP). Each site has its own DHCP server. I have the controller in our main site. So when I take an AP to a remote site, the Ap gets an DHCP address from local DHCP server (which is great) and contacts controller and joins controller. Everything is good. BUT, when a client joins at the remote site, it gets an address from a previous site which will not work because the client is now on a different subnet. We dont use Vlans as they dont transvers the frame relay. I need those clients to obtain DHCP from the local DHCP server from the site they are on. Is that possible??
I have updated the controller to latest version as well.
Thanks
Bryan Yaciuk, CCNA
Parkland Regional Health AuthorityWe call this as HREAP LOCAL SWITCHING!! but here is the catch.. everytime the AP joins the new site.. we need to configure the VLAN mapping and this wil do it for you!! Here is the link which will resolve ur issue..
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml#ll
Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
Regards
Surendra -
WLC 5508 and remote site (DMVPN) Access Points
Hi All,
We just purchased a WLC 5508 and would like to know if it will control remote VPN site Access Points. Here are the details:
The 5508 will live at our home office. We have multiple remote sites that are connected via Cisco's DMVPN. Each site has one Cisco 1131 Access Point hanging off of either a Cisco 1841 or a 2811 that is using DMVPN back to the home office 2811. Can the 5508 manage the remote Access Points?
Thanks for your help guys!Are you are talking about OfficeExtend?
Cisco OfficeExtend
https://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns430/solution_overview_c22-523307_ns348_Networking_Solution_Solution_Overview.html
OfficeExtend supports 1130 & 1140 as long as you have the Wireless PLUS (WPLUS) Software.
OfficeExtend Access Point
http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0apcfg.html#wp1069890 -
WLC 5508 and LAP1310 - Not syncing up!
As the title states I have a WLC 5508 and a LAP1310 that will not sync up.
The error stated in the traps log is "AP with MAC (xxxx.xxxx.xxxx.xxxx) is unknown."
WLC software release is : 7.2.103.0
IOS on the AP is : 12.4(18a)JA2
Upon some investigation I found that the "AP with MAC is unknown" error usually points to one of two things:
A. WLC firmware needs to be updated
B. AP needs to be updated.
C. The AP is not compatible with the WLC.
I am leaning toward solution C and I am looking for a conformation or a correction, if anyone could help out that would be greatly appreciated!
I've tried reading the compatibility matrix released by Cisco, but I found it mildly confusing as to what is and isn't supported by each software release.
Sources - http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml#lap1250
Problem 11: 1250 LAP Not Able to Join WLC
The setup consists of a 2106 WLC that runs version 4.1.185.0. A Cisco 1250 AP is not able to join the controller.
The log on the WLC shows this:
Mon Jun 2 21:19:37 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
Mon Jun 2 21:19:37 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:26 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:20 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
Mon Jun 2 21:19:20 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:09 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:03 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
Solution: This is because the Cisco 1250 series LAP is not supported on version 4.1. The Cisco Aironet 1250 Series AP is supported from controller versions 4.2.61 and later. In order to fix this issue, upgrade the controller software to 4.2.61.0 or later.
Problem 16: 1000 series LAPs not able to join the Wireless LAN controller, WLC runs version 5.0
This is because WLC software release 5.0.148.0 or later is not compatible with Cisco Aironet 1000 series APs. If you have a Cisco 1000 series LAP in a network, which runs WLC versions 5.0.48.0, the 1000 series LAP does not join the controller and you see this trap message on the WLC.
"AP with MAC xx:xx:xx:xx:xx:xx is unkown"videoaudiojack
What version of Premiere Elements are you using and on what computer operating system is it running?
What are the properties of this .mp4 video import (video and audio compressions, frame size, frame rate, interlaced or progressive, pixel aspect ratio)?
If you have any information about the video bitrate and audio bitrate of the file, that would be good to know.
What is the audio - stereo 2 channel or 5.1 channel?
What are you (manually) or the project automatically setting as the project preset to match the properties of your source video?
Let us start here and then decide what next.
Thank you.
ATR -
Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
I've been given a fantastic "opportunity" by my boss to use our existing wireless infrastructure to provide internet access to potentially upto 2000 VIP guests arriving with BYOD devices, in a very densely populated area for a 3 day event. We are talking an area of approx 200m x 15m. Think of it as an awards ceremony/concert. The solution will also be mobile so we will be using internet breakout from different telcos as it will move to approx 20 countries. The area is also incredibly densely populated with other wifi APs. I did a brief site survey and AirMagnet could detect over 2500 other 'rogue' APs from where I was stood! I hope CleanAir works!
We need a simple authentication method for them to connect with zero admin from our side. We don't want to just offer up a rolling daily PSK as that's a bit amateur and we don't really want the VIP guests sharing the PSK with others during their stay. Ideally they could self-provision by providing an email address.
I know the WLC can handle webauth for local users but I don't think it scales very well. ie I don't think I can offer the account to several hundred people.
Cisco ISE looks a very expansive (and expensive) product but I don't think we need all it's capabilities (do I?). It would be nice to just ask a potential user for their email address and grant them access and email them next year. I've seen Cisco NAC but that looks over the top too for just guest users who will only be accessing a shared internet connection.
I've seen 3rd party supposed software solutions from Kiosk Antamedia etc do they work with Cisco Enterprise WLC solutions?
We'd like to limit users to a certain (low) bandwidth and block (say) torrent traffic to keep the general user experience worthwhile.
Does anybody have any case study documents or experience of such a project? As well as the authentication it's how well the APs will handle the dense potential number of clients trying to connect in such a confined space.
Any suggestions would be gratefully appreciated from the knowledgeable community.
Cheers,
MikeHi Rasika,
We are having WLC 5508 model with software version running 7.4.121.0. AP Models are AIR-CAP2602I.
Normally our WAN links are good even while the issue pertains. We are connected to remote offices over ipsec site to site vpn for WAN. The link latency in WLC between the AP and the controller shows <1ms.
currently the Guest network is using WPA2-PSK auth given in the controller. we are trying to find a option to make the Guest wireless auth local to the office, and see if this solves the problem.
any suggestions,
Thank you,
Arjun -
An issue with WLC 5508 and 7921 phone
Hello all!
I have a system with WLC 5508 and some 1242 APs. And I use a lot of 7921 phones.
One of 7921 phones was in trouble. It loses registration, disconnect conversations...
I installed the trial WLC and run voice diagnostics.
I saw some of "Potentially degraded QoS in downlink direction because of incorrect packet classification" messages and one "Fair upstream packet loss ratio: 1,2%, which is less than threshold 2.5%"
As I understand all of 7921 phones in these area are affected.
what does it mean? I set up Platinum QoS for voice WLAN. I don't have any qos configuration string for AP and WLC ports on switches...
any ideas?
thanx in advanceSergey:
There is one application called "WLC Config analyzer". You save your "show run-config" from your WLC in a text file and import it by this application. it will analyze the file for you and tell you what recommendations for voice are missing so you improve them.
When importing a config file you choose what voice clinets you are using, so you need to choose cisco 7921 to it tells you what config improvemetns is needed based on 7921 needs.
Here is the link to download the application:
https://supportforums.cisco.com/docs/DOC-1373
download the latest versoin.
BTW, how many voice/data clients are connected to one AP in that area? if I remember correctly if you are utilizing voice then the max number of clients connected to one AP should not exceed 17. If you have more than this number per AP try to minimize the number of users concurrently connected to the AP then try again.
Hope you'll find the config analyzer useful.
If useful please don't forget to rate.
Amjad -
Incompatibility issue - WLC 5508 and ACS 5.4
Hi,
This is my scenario:
Cisco WLC 5508 firmware 7.4.110.20 and ACS 5.4, two WLAN eap/tls, many client can't connect to WLAN and on ACS i receive the following error:
Authentication failed : 11051 RADIUS packet contains invalid state attribute
workaround:
1 -Check the network device or AAA Client for hardware problems.
2-known RADIUS compatibility issues.
3-Check the network that connects the device to ACS for hardware problems
there are some incompatibility issue between WLC and ACS ? the compatibility matrix document for wireless imposes the 7.5 firmware for WLC.
What do you think is possibile ?Are there any other errors shown in the details of the failed authentication?
We may need to look at service logs in debug mode, opening a TAC case would be the best way to go about this.
Javier Henderson
Cisco Systems -
Cisco WLC 5508 in HA mode error
Hai ,
I am Getting the below Error in Cisco WLC 5508, Version 7.4.100.0 in HAmode. The WLC contains Access Points having in local and Flex Connect Mode.
RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete,
I sam a same bug in Cisco WLC 7.4.100.0 release notes similar to the error like
RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbSpamSetRadSlotAntennaType.
Any Ideas?HI Mohamed,
its a open Caveats in 7.4.100.0
CSCud26632
Symptom: The following SNMP trap appears on the controller when you change the channel width number to 40-MHz:
RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbSpamSetRadSlotAntennaType.
Conditions: Controller is in an HA pair. Join the 802.11n access point to the controller and change the channel width to 40-MHz and channel number to 157.
Workaround: None
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
Reagrds
Please rate helpful posts -
Hello
i need your help
i want to configure Cisco WLC 5508 whith 03 vlans, 3750 as core swich
- management Vlan
- local-user vlan
- Guest Vlan
i want to know all steps or config to do on WLC
thxHi,
Just check this.
It may help u.
Wireless LAN Controller and Lightweight Access Point Basic Configuration Example
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/69719-wlc-lwap-config.html
http://rscciew.wordpress.com/2014/01/22/configure-dynamic-interface-on-wlc/
Webauth for guest users:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html
http://rscciew.wordpress.com/2014/06/19/wlc-webauth-configuration/
Regards
Maybe you are looking for
-
IOS 8 numbers not syncing with icloud
I have noticed today that documents I edit on my iPad Air (latest iOS 8) in Numbers are not syncing to iCloud. The up-arrow in the right hand corner of the document icon doesn't go away. Syncing isn't working the other way either - changes I make on
-
How does one record movie in N900 I see there is no icon in the menu area for video. How can I do video recording?
-
Adding Movies to 'Purchased' menu?
Is there any way that your Ripped DVD's/Movies can be viewed using Apple TV with out having a PC/Mac switched on with hme sharing? You can obviously watch purchased content via ATV but i wondered if there was a way to either add movies to the 'Cloud'
-
Need to determine which partner function level is pulling in the currency (
need to determine which partner function level is pulling in the currency (sold to, ship to , bill to or payer)on sales invoices Also I my requirement is to have different currency based on different ship to party for same sold to..then how set up th
-
Hi, I searched for info on this in the forum history but had no luck. Im having difficulty using a UDF. It is a form that we manually fill using data from either of two different sources: another form or a UDT in the database. When we fill it from