Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users

Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
I've been given a fantastic "opportunity" by my boss to use our existing wireless infrastructure to provide internet access to potentially upto 2000 VIP guests arriving with BYOD devices, in a very densely populated area for a 3 day event. We are talking an area of approx 200m x 15m. Think of it as an awards ceremony/concert. The solution will also be mobile so we will be using internet breakout from different telcos as it will move to approx 20 countries. The area is also incredibly densely populated with other wifi APs. I did a brief site survey and AirMagnet could detect over 2500 other 'rogue' APs from where I was stood! I hope CleanAir works!
We need a simple authentication method for them to connect with zero admin from our side. We don't want to just offer up a rolling daily PSK as that's a bit amateur and we don't really want the VIP guests sharing the PSK with others during their stay. Ideally they could self-provision by providing an email address.
I know the WLC can handle webauth for local users but I don't think it scales very well. ie I don't think I can offer the account to several hundred people.
Cisco ISE looks a very expansive (and expensive) product but I don't think we need all it's capabilities (do I?). It would be nice to just ask a potential user for their email address and grant them access and email them next year. I've seen Cisco NAC but that looks over the top too for just guest users who will only be accessing a shared internet connection.
I've seen 3rd party supposed software solutions from Kiosk Antamedia etc do they work with Cisco Enterprise WLC solutions?
We'd like to limit users to a certain (low) bandwidth and block (say) torrent traffic to keep the general user experience worthwhile.
Does anybody have any case study documents or experience of such a project? As well as the authentication it's how well the APs will handle the dense potential number of clients trying to connect in such a confined space.
Any suggestions would be gratefully appreciated from the knowledgeable community.
Cheers,
Mike

Hi Rasika,
We are having WLC 5508 model with software version running 7.4.121.0. AP Models are AIR-CAP2602I.
Normally our WAN links are good even while the issue pertains. We are connected to remote offices over ipsec site to site vpn for WAN. The link latency in WLC between the AP and the controller shows <1ms.
currently the Guest network is using WPA2-PSK auth given in the controller. we are trying to find a option to make the Guest wireless auth local to the office, and see if this solves the problem.
any suggestions,
Thank you,
Arjun

Similar Messages

Cisco wlc 5508 with 30 Vlan

Hello
i need your help
i want to configure Cisco WLC 5508 whith 03 vlans, 3750 as core swich
- management Vlan
- local-user vlan
- Guest Vlan
i want to know all steps or config to do on WLC
thx

Hi,
Just check this.
It may help u.
Wireless LAN Controller and Lightweight Access Point Basic Configuration Example
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/69719-wlc-lwap-config.html
http://rscciew.wordpress.com/2014/01/22/configure-dynamic-interface-on-wlc/
Webauth for guest users:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html
http://rscciew.wordpress.com/2014/06/19/wlc-webauth-configuration/
Regards

Cisco WLC 5508 with Nexus 5048 CDP error

Hello,
We got cisco WLC 5508 running 74.121.0
The WLC is connected to Nexus 5548 with dual-homed.
We receive CDP duplex mismatch from the Nexus switches.
Any ideas?

Can you check the duplex info. of the neighbor using
router#show cdp neighbors detail

Trying to get home shaing working on apple tv using Cisco Access points and a Cisco WLC 5508 with 7.2.110 code. I can get devices working individually but they never see each other. I can ping the apple tv from my laptop and ipad.

Trying to get home sharing working on a corporate wireless network. Cisco wireless.
WLC5508 controller
Cisco 3502 access points
All apple devices on same WLAN - security WPA2-PSK
ITunes account up to date
All devices laterst software.
Can ping apll tv from laptop
can ping apple tv from ipad
Can ping ipad from laptop
can ping laptop from ipad.
Apple tv never sees any other device.
Any ideas?

Fascinating just reading about your setup. I have a WRT350N and have noticed that it will drop its speed, sometimes down to 1Mbps. It seems to do so at about the same time every day, but usually comes back to speed in about 5 minutes. In my experience, the Apple TV will disconnect if the speed falls this low. Try monitoring the Linksys with Netstumbler, Vistumbler, or just in the Windows Network utility.
Check the "lease obtained" and "lease expired" times for your router to see if that is when the network fails. I've just finished reading an angry thread over at the Linksys forum about the WRT330N where someone mentioned that the router wasn't renewing its lease.
"I cannot set it run off automatic DHCP from the WRT330N, the router will not assign it an IP every time the lease expires, causing me to have to manually set an IP on the Print server. That's annoying. Having the router drop IP's to individual machines after 12-48 hours...very annoying."
http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&thread .id=67412
If that is the problem, then I would consider setting up a Static IP address for your Apple TV. You can do that through the user interface -> Settings -> Network -> Configure ... (Quite intuitive as you only have change IP address and the subsequent details remain the same.)
My router assigns IP Addresses in the ranges of 192.168.1.100 ->149. The idea here is to choose an address outside of that range but is not greater than 192.168.1.253 (and should not end in the number 1). You shouldn't have to change the linksys router as long as 50 clients are assigned in that range. You'll have to figure that out by accessing your router webpage at browser address 192.168.1.1 -> the default password is "admin" (without the quotes).
Good luck.

Deployment of WLC-5508 with 2702i-D have performance issue.

Hi Team,
We have centrally deployed WLC-5508 with 50 AP licence along with HA scenario. we have 3 locations.
1- HQ. have 26 AP with POWINJ5.
2- Branch location A- 8 AP with POWINJ5.
3. Branch location B have 8 AP with POWINJ4.
my exception is to achieve that single SSID with dynamic VLAN from group police (NPS). MY HO have 26 AP and those are working in local mode.
and branches are connected through flexconnect mode. and all are working with different-2 NPS.
Now i am facing a problem with this deployment are following.
1- branch A have performance issue.
2- HQ have performance issue.
3- i don't want to go with dedicated NPS for every location.
In order to achieve this deployment i want only single SSID with primary and secondary NPS at my HQ with dynamic VLAN for respective departmental users vlans..
above is my problem and concern. otherwise i am successfully achieving this solution with dedicated NPS with single group policy. but when i am going forward to achieve my expectation that time i am facing authentication issue at my HQ and sometimes am not able to get proper VLAN IPs. at my HQ.
kindly help me in that to understand where I am doing wrong things to achieve my expectation.
Thanks.
Nalin

I am facing 2 different problems.
1st issue- in existing setup we have throughput issue. (while downloading or uploading any data from the internet or Intranet, that time wireless clients are facing slowness of the Speed. and same time when i am trying from LAN i am not facing any issue)
2nd Issue- I want to achieve only single SSID with primary and secondary NPS (AD group is bind with vlan Attributes) with dynamic VLAN for respective departmental users.
for Issue no 2 i have created SSID to achieve the single ssid parameter for every location. in order to achieve i have change all access points mode local to Flexconnect mode after that i have created AP groups location wise and then create flexconnect Groups where i have mapped all the vlan through AAA VLAN-ACL mapping. created interface group and mapped all the vlans in that group.
for more understanding please go through the below mentioned CLI view.
Cisco Controller) >show wlan apgroups
Total Number of AP Groups........................ 4
Site Name........................................ GURGAON-AP-GROUP
Site Description................................. GURGAON-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Pol icy
3 gurgaon-interface Disabled None
--More-- or (q)uit
4 gurgaon-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
GUR-AP-01 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:e4 default location 1 IN 1
GUR-AP-05 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b5:18 default location 1 IN 1
GUR-AP-03 2 AIR-CAP2702I-D-K9 bc:16:65:13:71:00 default location 1 IN 1
GUR-AP-07 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:f8 default location 1 IN 1
GUR-AP-06 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:e0 default location 1 IN 1
GUR-AP-08 2 AIR-CAP2702I-D-K9 f4:4e:05:45:78:98 default location 1 IN 1
GUR-AP-02 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:2c default location 1 IN 1
GUR-AP-04 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:64 default location 1 IN 1
GUR-AP-09 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b4:44 default location 1 IN 1
Site Name........................................ MUMBAI-AP-GROUP
Site Description................................. MUMBAI-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
--More-- or (q)uit
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-7-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:d8 7th Floor 1 IN 3
--More-- or (q)uit
FAL-7-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:18 7th Floor 1 IN 1
FAL-7-AP14 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ad:e8 7th Floor 1 IN 1
FAL-7-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:4c 7th Floor 1 IN 1
FAL-7-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:bc 7th Floor 1 IN 1
FAL-7-AP13 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:80 7th Floor 1 IN 1
FAL-7-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:94 7th Floor 1 IN 1
FAL-7-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:e8 7th Floor 1 IN 1
FAL-7-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:f0 7th Floor 1 IN 3
FAL-7-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:e4 7th Floor 1 IN 1
FAL-7-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:84 7th Floor 1 IN 3
FAL-7-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:14 7th Floor 1 IN 1
FAL-7-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:c8 7th Floor 1 IN 3
FAL-7-AP11 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:08 7th Floor 1 IN 1
Site Name........................................ MUMBAI-THIRD-FLOOR-AP
Site Description................................. MUMBAI-THIRD-FLOOR-AP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
--More-- or (q)uit
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-3-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:a4 3rd Floor 1 IN 3
FAL-3-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:94 3rd Floor 1 IN 3
FAL-3-AP11 2 AIR-CAP2702I-D-K9 f4:0f:1b:73:00:74 3rd Floor- Eurek 1 IN 3
FAL-3-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:d0 3rd Floor 1 IN 3
--More-- or (q)uit
FAL-3-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b5:88 3rd Floor 1 IN 3
FAL-3-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:9c 3rd Floor 1 IN 3
FAL-3-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:af:a0 3rd Floor 1 IN 1
FAL-3-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:fc 3rd Floor- Eurek 1 IN 3
FAL-3-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:28 3rd Floor 1 IN 3
FAL-3-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:f4 3rd Floor 1 IN 3
FAL-3-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:8c 3rd Floor 1 IN 2
FAL-3-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:f4 3rd Floor 1 IN 3
Site Name........................................ RAHEJA-AP-GROUP
Site Description................................. RAHEJA-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
--More-- or (q)uit
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
5 raheja-interface Disabled None
2 raheja-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-RAHEJA-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:1c Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:37:3c Confrennce Room 1 IN 3
FAL-RAHEJA-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:48 Near Confrence R 1 IN 3
FAL-RAHEJA-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:c0 Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:a0 Near Server Room 1 IN 3
FAL-RAHEJA-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:20 Reception Area 1 IN 3
FAL-RAHEJA-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:68 USER BAY ROAD si 1 IN 1
FAL-RAHEJA-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:d4 Training Room 1 IN 1
--More-- or (q)uit
Site Name........................................ default-group
Site Description................................. <none>
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
3 gurgaon-interface Disabled None
4 gurgaon-guest Disabled None
5 raheja-interface Disabled None
6 test Disabled None
Cisco Controller) >show flexconnect group summary
FlexConnect Group Summary: Count: 4
Group Name # Aps
Gurgaon-AP 9
HQ-3RD-FLR-AP-GROUP 12
HQ-7THFLR-AP-GROUP 14
Raheja-AP-Group 8
(Cisco Controller) >show flexconnect group detail Gurgaon-AP
Number of AP's in Group: 9
bc:16:65:13:71:00 GUR-AP-03 Joined Flexconnect
f4:4e:05:45:78:98 GUR-AP-08 Joined Flexconnect
f4:4e:05:78:ae:64 GUR-AP-04 Joined Flexconnect
f4:4e:05:78:ae:e4 GUR-AP-01 Joined Flexconnect
f4:4e:05:80:b3:2c GUR-AP-02 Joined Flexconnect
f4:4e:05:80:b3:e0 GUR-AP-06 Joined Flexconnect
f4:4e:05:80:b3:f8 GUR-AP-07 Joined Flexconnect
f4:4e:05:80:b4:44 GUR-AP-09 Joined Flexconnect
f4:4e:05:80:b5:18 GUR-AP-05 Joined Flexconnect
Efficient AP Image Upgrade ..... Disabled
Master-AP-Mac Master-AP-Name Model Manual
Group Radius Servers Settings:
Type Server Address Port
Primary Unconfigured Unconfigured
Secondary Unconfigured Unconfigured
--More-- or (q)uit
Group Radius AP Settings:
AP RADIUS server............ Disabled
EAP-FAST Auth............... Disabled
LEAP Auth................... Disabled
EAP-TLS Auth................ Disabled
EAP-TLS CERT Download....... Disabled
PEAP Auth................... Disabled
Server Key Auto Generated... No
Server Key.................. <hidden>
Authority ID................ 436973636f0000000000000000000000
Authority Info.............. Cisco A_ID
PAC Timeout................. 0
Multicast on Overridden interface config: Disabled
DHCP Broadcast Overridden interface config: Disabled
Number of User's in Group: 0
Vlan :........................................... 203
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 205
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 204
--More-- or (q)uit
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 206
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 207
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 208
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 209
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 210
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 211
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 212
Ingress ACL :................................... None
Egress ACL :.................................... None
--More-- or (q)uit
Vlan :........................................... 216
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 217
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 218
Ingress ACL :................................... None
Egress ACL :.................................... None
Group-Specific FlexConnect Wlan-Vlan Mapping:
WLAN ID Vlan ID
WLAN ID SSID Central-Dhcp Dns-Override Nat-Pat
(Cisco Controller) >
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 6
WLAN ID WLAN Profile Name / SSID Status Interface Name PMIPv6 Mobility
1 FRACTAL-EMP-MUMBAI / FRACTAL Enabled group for mumbai none
2 FRACTAL-GUEST / FRACTAL-GUEST Enabled guest wifi none
3 FRACTAL-EMP-GURGAON / FRACTAL-GURGAON Enabled gurgaon-interface none
4 GURGAON-GUEST / FRACTAL-GUEST-GURGAON Enabled gurgaon-guest none
5 RAHEJA-EMP-WIRELESS / FRACTAL-R Enabled raheja-interface none
6 TEST-SSID / TEST-SSID Enabled test none
hope this will give you proper understanding.

WLC 5508 with version 7.0.98.0 and AIR-LAP1242ag

hi, recently i have deployed wlc 5508 with ap 1262. initially i had trouble with the existing version on the wlc (6..0.199.0) which AIR-LAP1262N-E-K9 was not registering with wlc. i have upgraded the wlc to 6.0.199.4 ver still it was not registering. finally i have upgraded to 7.0.98.0 and all the 40 AP's ( AIR-LAP1262N-E-K9 ) are addedd and its working fine.
Now my issue is, at the same site i have 12 nos of AIR-LAP1242ag autnomous AP's which i need to convert to lightweight ap and register with wlc. where i am stuck currently. after loading the recovery image (c1240-rcvk9w8-tar.123-7.JX9.tar) the ap reboots and can see it register with wlc within seconds contollers pushed the new image and once the ap reboots, never register again.
does anyone has any idea?

After adding the country codes GB and RU.. in my test setup 1242 is registered...i will have it run for couple hours and see the result
ref: below
(Cisco Controller) >show ap uptime
Number of APs.................................... 2
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name              Ethernet MAC       AP Up Time               Association Up Time
AP1cdf.0f66.79ca     1c:df:0f:66:79:ca 0 days, 00 h 43 m 35 s   0 days, 00 h 42 m 36 s
AP001e.be27.a7e6     00:1e:be:27:a7:e6 0 days, 00 h 16 m 56 s   0 days, 00 h 07 m 15
This issue sorted...thanks

Cisco WLC 5508 not sending SNMP Traps

Hello Everyone.
I'm having a weird error on our WLC environment. We have an HA with two cisco WLC 5508 and i cannot get SNMP Traps working on a Windows PC running Kiwi Syslog server (free ed.).
I can receive correctly Syslog messages, but not traps.
I Tried also to send SNMP Traps from WLC to a different PC using Linux with snmptrapd and it works fine.
I tried then to send from my Linux box a snmp trap to my Windows PC, and it works fine, but i still cannot receive anything from WLC.
Using Wireshark to detect traffic, i cannot see any packet on udp port 162.
I cannot figure out any problem with my scenario, but i can see the following errors on syslog:
*rmgrTrasport: Mar 30 16:08:22.602: #RMGR-3-INVALID_PING_RESPONSE: rmgr_utils.c:270 Ping response from <my_windows_PC> is invalid. Ip address do not match.
My WLC Version is 7.6.130.0
Thank you for your support.

I have gone through your query and found the following fruitful links ,please let me know if it helps and mark it correct answer if it is.
https://www.manageengine.com/network-monitoring/help/userguide/processing_traps.html
https://rscciew.wordpress.com/2014/10/12/snmp-configuration-on-wlc/
Thanks :)

WLC 5508 with LAP-1142n - Several Errors

Hello all,
I had installed a WLC 5508 with 7 LAP 1142n and 2 converted AP 1131abg.
I am seeing some errors relating 2 issues.
1st- One particular AP 1142 is disassociating and reseting the radios.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Thu Oct 28 11:50:49 2010
AP's Interface:0(802.11b)   Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface   reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:0(802.11b)   Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface   reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:1(802.11a)   Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface   reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:1(802.11a)   Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface   reset. Status:NA
Thu Oct 28 11:50:46 2010
AP's Interface:1(802.11a) Operation   State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio reset due to Init.   Status:NA
Thu Oct 28 11:50:46 2010
AP's Interface:0(802.11b)   Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio reset due to   Init. Status:NA
Thu Oct 28 11:50:46 2010
AP 'AP3', MAC:   e8:04:62:23:ac:e0 disassociated previously due to AP Reset. Uptime: 1 days,   10 h 24 m 23 s . Last reset reason: operator changed 11g mode.
Thu Oct 28 11:50:35 2010
AP Disassociated. Base Radio   MAC:e8:04:62:23:ac:e0
Thu Oct 28 11:50:35 2010
AP's Interface:1(802.11a)   Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=New Discovery Status:NA
Thu Oct 28 11:50:35 2010
AP's Interface:0(802.11b) Operation   State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=New Discovery Status:NA
I had some search, and the new discovery cause, might be that the AP didnt know what WLC do associate, in a multi-controller environment. This is not the case. I only have one WLC in the same management vlan.
2st-The Radius server is beeing related in the logs as been deactivated. I raise the server time-out on Radius configuration option, but it still continues to do it.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Thu Oct 28 10:24:41 2010
RADIUS server 10.67.128.36:1812 deactivated in global list
Thu Oct 28 10:24:41 2010
RADIUS server 10.67.128.36:1812 failed to respond to request (ID 172)   for client e8:06:88:51:c0:2b / user 'unknown'
Is this meaning the WLC stop sending request to the Radius Server ? We dont have BackUp Radius.
As far as i know, its always the same mac-address client that is associated to that error, maybe a iphone.
I had so many clients in that SSID and they are all working good.
The Radius server is a NPS from windows Server 2008
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
, and the client says that the medium response time is 0,02 sec, so im wondering why the controller is not getting response from Radius for a particular client?! My client also says, that didnt found any log related to that mac-address client ... what is weird...
WLC with last software available 7.0.164
Hope some one help me here.
Best Regards,
Bruno Petrónio

Thanks Scott,
I understand what you are mentioning, and i really didnt do it yet.
I realize that the primary controller was not configured on the
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Wireless –> All APs –> High Availability tab, and did it only to the AP that is taking this beahviour.
Is this mandatory for a 1 controller only ?
No mather what the manual say, after that the AP is rebooting 2 mins in 2 mins... with the same kind of messages.
The interface on the switch is getting a few input errors and the same numbers of crc... but are so few...
Next step ... i will change it to another one's place/pathing cable.
Regarding the Radius messages... any ideas ?
I'm already on 30 sec's of server timeout.
Best Regards,
Bruno Petrónio

Cisco WLC 5508 - NPS Radius

Cisco WLC 5508
Software Version: 7.4.100.0
Windows Server 2008R2
I've got everything setup on the Windows Server 2008 side of things (certificates, radius clients, etc)
I added the radius server on the WLC, and configured a new WLAN to use it.
Both are on the same subnet.
When trying to conect to the WLAN it kept failing. I installed wireshark on the server to monitor the radius traffic, and to my surprise there was no radius traffic showing up on the server. The radius statistics on the WLC are at 0 as well, so it's like the WLC isn't even attempting Radius.
I reverified that the server was enabled on both the security tab and the WLAN itself on the WLC. Rebooted the controller and the server, all to no avail. I used a radius test client, and can successfully send radius commands to the server using that utility.
Frustrated, I just kept trying to reconnect on my wireless device, and after about the 15th try, finally I saw radius activity on wireshark. It rejected my access, but at least I saw activity. It also registerd radius statistcs on the WLC as well.
So now if I keep trying to connect repeatedly, about every dozen or so times the WLC actually will send a radius request to the server.
What in the world is going on here?

I do have local management users on the controller.
Some hours later I added the option of authenticating management users, for the NPS server. Then logged inn to the management GUI using NPS radius, worked just fine.
However, these commands have been useful to me several times, to make sure unsuccessful requests appear in the Windows Event log:
auditpol /get /subcategory:"Network Policy Server"
If it shows ‘No auditing’ or just "Success", you can run this command to enable it:
auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
So now I know that the NPS radius server works, for management access. I will go to the customer's site some other day to test it for 802.1x authentication. If not, I'll do some debugging to decide wihich to blame - the WLC or NPS.

Cisco WLC 5508 in HA mode error

Hai ,
I am Getting the below Error in Cisco WLC 5508, Version 7.4.100.0 in HAmode. The WLC contains Access Points having in local and Flex Connect Mode.
RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete,
I sam a same bug in Cisco WLC 7.4.100.0 release notes similar to the error like
RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbSpamSetRadSlotAntennaType.
Any Ideas?

HI Mohamed,
its a open Caveats in 7.4.100.0
CSCud26632
Symptom: The following SNMP trap appears on the controller when you change the channel width number to 40-MHz:
RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbSpamSetRadSlotAntennaType.
Conditions: Controller is in an HA pair. Join the 802.11n access point to the controller and change the channel width to 40-MHz and channel number to 157.
Workaround: None
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
Reagrds
Please rate helpful posts

Need Information of cisco WLC 5508 LAG Interface

HI
We have cisco WLC 5508 in our network and right now ,this WLC is connected to two ports of each core switches.Both CORP and GUEST SSID are configured on this WLC.
Now we want to segregate the trafffic og GUEST to on core switches from WLC. SO my question is ,how can we achieve this without using guest anchor controller ?
Can i use one interfcae cisco WLC 5508 and connect it to the firewall or any device ?
Thanks
Puneet

Hi
Thanks ...I am using WLC as a DHCP server for Guest.
So i want to know ,is there any requirement that GUEST subnet should be pingable from WLC management IP address.
my topology is here...
Corp network and management network are reachable however management metwork is not pinagble from guest netowrk.

Error APF_HA-3-SYNC_RETRANSMIT_FAIL - Controller Cisco WLC 5508

hello,
I have two controllers on Cisco WLC 5508 HA version 7.5.
I'm having several sync error logs:
*haSSOServiceTask3: Jan 22 09:22:51.637: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (00:0b:6b:b3:d4:6b )data sync. Retry after 300 secs.
*haSSOServiceTask4: Jan 22 09:22:51.037: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (60:67:20:fa:19:04 )data sync. Retry after 300 secs.
*haSSOServiceTask2: Jan 22 09:22:50.838: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (04:fe:31:3b:7d:ca )data sync. Retry after 300 secs.
*haSSOServiceTask2: Jan 22 09:22:50.838: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (88:9b:39:c3:cf:42 )data sync. Retry after 270 secs.
*haSSOServiceTask3: Jan 22 09:22:50.838: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (18:e2:c2:c0:9b:5b )data sync. Retry after 300 secs.
*haSSOServiceTask0: Jan 22 09:22:50.837: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (08:70:45:77:36:60 )data sync. Retry after 240 secs.
*haSSOServiceTask0: Jan 22 09:22:50.837: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (20:64:32:cb:13:a8 )data sync. Retry after 180 secs.
*haSSOServiceTask0: Jan 22 09:22:50.837: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (8c:70:5a:2e:36:e0 )data sync. Retry after 300 secs.
*haSSOServiceTask4: Jan 22 09:22:50.837: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (58:94:6b:65:ad:0c )data sync. Retry after 300 secs.
*haSSOServiceTask1: Jan 22 09:22:50.836: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (40:2b:a1:53:8d:a9 )data sync. Retry after 300 secs.
*haSSOServiceTask4: Jan 22 09:22:50.836: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (a4:17:31:16:19:2c )data sync. Retry after 300 secs.
*haSSOServiceTask1: Jan 22 09:22:50.836: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (04:1e:64:7e:19:31 )data sync. Retry after 300 secs.
*haSSOServiceTask4: Jan 22 09:22:50.639: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (60:67:20:33:7c:74 )data sync. Retry after 300 secs.
*haSSOServiceTask4: Jan 22 09:22:50.639: #APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2939 Maximum retransmission exceeded for client (00:26:c6:57:61:34 )data sync. Retry after 300 secs.
Has anyone had something similar?

Hi Valerio, did you ever find out what this error was. I am seeing the same error but on 7.6
#APF_HA-3-SYNC_RETRANSMIT_FAIL: apf_ha.c:2966 Maximum retransmission exceeded for client (8c:00:6d:16:7b:3d )data sync

Configuration of Cisco WLC 2504 with Local LAN static IP and DHCP

I want to configure Cisco WLC 2504 with Local LAN static IP and WLC 2504 with DHCP so that APs can be connect with controller.
Currently i am using WLC 2504 with DHCP so can anyone suggest how to do that..

Hi Sandeep
The info is correct, if we're using code below 7.3.101.0.
This issue is fixed via the below bug id.
CSCto01390 Unable to ping AP's directly connected to a 2500 controller
check the fix that is updated on 7.4, 7.5 RNE.
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn75.html
Note
Directly connected APs are supported only in Local mode.
http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html
For quick and easy deployment Access Points can be connected directly to 2504 Wireless LAN Controller via two PoE (Power over Ethernet) ports
Thanks
Saravanan

Cisco WLC 5508 and AP 2702i

Hello,
i'm tryin to install a WLC 5508 with version 7.6.120 and with AP 2702i with the follwing firmware ap3g2-rcvk9w8-xx ( 15.2(4)JB5), i've configured saticly the capwapp with the follwwing configuration:
IP Address         172.17.255.234
IP netmask         255.255.0.0
Default Gateway    172.17.255.254
Primary Controller 172.17.255.239
The controller iw the IP 172.17.255.239 and i've connectivity between the both equipments, there's no firewalls between them, however i can't register the AP with the controller, anyone have some idea?

Hi,
May be AP comes with mesh image: You cans ee in logs
If it is with mesh image then use this:
1. Log into your Wireless LAN Controller.
Select the Security tab.
Expand AAA and select AP Policies.
Click the Add button in the far right.
Under Add AP to Authorization List, enter the MAC Address of the Access Point in the MAC Address text box.
Click the Add button.
Click the Apply button
Now your AP must be in downloding state.
2. When the AP finally show up under the Wireless tab, check the AP Mode . It may operating in ‘Bridge’ mode. This is incorrect. It should be in ‘Local’ mode.
If your AP is in ‘Bridge’click the name of the AP under the AP Name column. Under the General tab, click the AP Mode drop down box and select ‘Local’. Click the Apply button in the top right.
Now AP should now be working fine.
Hope it helps.
Regards
Dont forget to rate helpful posts

Can you make a mobile hotspot for iPod touch 5

Make a mobile hotspot for iPod touch and iPad

iOS: System requirements for Personal Hotspot
iOS: Understanding Personal Hotspot
iOS: Troubleshooting Personal Hotspot

Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users

Similar Messages

Maybe you are looking for