Cisco WLC not dispalying CDP info

Cisco WLAN controller model 4402-25 software version 4.2.130.0 has been configured with CDP enabled yet fails to display the CDP neighbor information of the Access Points that are joined to it. I have looked at each AP and CDP is enabled on each of them as well. I have also looked at the switch configuration that the APs are connected to and it is enabeled on them as well. I do see the CDP information in the switch just not in the controller.

I ran into this same issue with a select few access points, which I found out if the interface the access point is connected to is setup as a trunk port you wont be able to see the CDP neighbors on the controller. I changed the interface to a switchport then I could see the CDP neighbors on the controllers. Kind of weird.

Similar Messages

  • Cisco WLC 5508 with Nexus 5048 CDP error

    Hello,
    We got cisco WLC 5508 running 74.121.0
    The WLC is connected to Nexus 5548 with dual-homed.
    We receive CDP duplex mismatch from the Nexus switches.
    Any ideas?

    Can you check the duplex info. of the neighbor using
    router#show cdp neighbors detail

  • Cisco wlc ios 7.2 with clients windows 8 can not authenticate with 802.1x

    Hello my name is Ivan:
    I have a solution a unified solution wireless with a cisco wlc 7.2 and ap cisco. My issue is the follow:
    My users are using laptops with OS windows 8, and they can not access to the network wireless because they authenticate in to the network using 802.1x wpa/wpa2 with tkip or aes.
    I find a bug in the ios of the wlc. The number is CSCua29504. I would not to change the drivers in the laptop to join the users in to the solution.
    Please is possible to find any software to do the upgrade in the wlc? Or perhaps we need to do an upgrade in to cisco lightweight access point?
    Please help me in this issue.
    Regards
    Ivan

    Bug ID CSCua29504 has been fixed in WLC firmware 7.0.235.3, 7.3.101.X or 7.4.100.X.
    So if you are NOT running any one of these codes, then yes.  Upgrade your firmware is your solution.
    Fixed in:  (12)
    7.4(100.0),7.4(1.20),7.3(112.0),7.3(101.0),7.3(1.67)
    7.2(111.3),7.2(111.1),7.2(110.4),7.0(236.0),7.0(235.3)

  • Cisco WLC 5508 not sending SNMP Traps

    Hello Everyone.
    I'm having a weird error on our WLC environment. We have an HA with two cisco WLC 5508 and i cannot get SNMP Traps working on a Windows PC running Kiwi Syslog server (free ed.).
    I can receive correctly Syslog messages, but not traps.
    I Tried also to send SNMP Traps from WLC to a different PC using Linux with snmptrapd and it works fine.
    I tried then to send from my Linux box a snmp trap to my Windows PC, and it works fine, but i still cannot receive anything from WLC.
    Using Wireshark to detect traffic, i cannot see any packet on udp port 162.
    I cannot figure out any problem with my scenario, but i can see the following errors on syslog:
    *rmgrTrasport: Mar 30 16:08:22.602: #RMGR-3-INVALID_PING_RESPONSE: rmgr_utils.c:270 Ping response from <my_windows_PC> is invalid. Ip address do not match.
    My WLC Version is 7.6.130.0
    Thank you for your support.

    I have gone through your query and found the following fruitful links ,please let me know if it helps and mark it correct answer if it is.
    https://www.manageengine.com/network-monitoring/help/userguide/processing_traps.html
    https://rscciew.wordpress.com/2014/10/12/snmp-configuration-on-wlc/
    Thanks :)

  • Configuration of Cisco WLC 2504 with Local LAN static IP and DHCP

    I want to configure Cisco WLC 2504 with Local LAN static IP and WLC 2504 with DHCP so that APs can be connect with controller.
    Currently i am using WLC 2504 with DHCP so can anyone suggest how to do that..

    Hi Sandeep
    The info is correct, if we're using code below 7.3.101.0.
    This issue is fixed via the below bug id.
    CSCto01390 Unable to ping AP's directly connected to a 2500 controller
    check the fix that is updated on 7.4, 7.5 RNE.
    http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn75.html
    Note
    Directly connected APs are supported only in Local mode.
    http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html
    For quick and easy deployment Access Points can be connected directly to 2504 Wireless LAN Controller via two PoE (Power over Ethernet) ports
    Thanks
    Saravanan

  • No of SSID support on Cisco WLC

    Hi All,
    Can you please help me on providing below details on Cisco wireless controller?
    1. No of SSID support on Cisco WLC
    2. Is it possible to restrict SSID on AP's (e.g. I have 10 SSID's configured on controller, I want first 10 Access points use set of SSID (SSID 1-5), and rest of the AP use SSID 6-10.
    Thanks
    Jamal

    Hi Jamal,
    Just to add a touch to the great info from Robert (+5 points Robert)
    The feature you are looking for is called WLAN Override in WLC 4.x versions.
    Enabling WLAN Override
    By default, access points transmit all defined WLANs on the controller. However, you can use the WLAN Override option to select which WLANs are transmitted and which ones are not on a per access point basis. For example, you can use WLAN override to control where in the network the guest WLAN is transmitted or you can use it to disable a specific WLAN in a certain area of the network.
    From this doc;
    http://www.cisco.com/en/US/docs/wireless/controller/4.0/configuration/guide/c40wlan.html#wp1114777
    Once you create a new WLAN, the WLAN > Edit page for the new WLAN appears. In this page you can define various parameters specific to this WLAN including General Policies, RADIUS Servers, Security Policies, and 802.1x Parameters.
    **Check Admin Status under General Policies to enable the WLAN. If you want the AP to broadcast the SSID in its beacon frames, check Broadcast SSID.
    Note: You can configure up to sixteen WLANs on the controller. The Cisco WLAN Solution can control up to sixteen WLANs for Lightweight APs. Each WLAN has a separate WLAN ID (1 through 16), a separate WLAN SSID (WLAN name), and can be assigned unique security policies. Lightweight APs broadcast all active Cisco WLAN Solution WLAN SSIDs and enforce the policies that you define for each WLAN.
    From this good doc;
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml#c3
    In 5.x versions you will use AP Groups, because in WLC 5.x versions, WLAN Override has been replaced with the "AP Groups" feature;
    Creating Access Point Groups
    After all access points have joined the controller, you can create up to 150 access point groups and assign up to 16 WLANs to each group. Each access point advertises only the enabled WLANs that belong to its access point group. The access point does not advertise disabled WLANs in its access point group or WLANs that belong to another group.
    http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1128591
    To learn more about AP Groups check out George's excellent video
    http://www.my80211.com/cisco-labs/2009/3/22/cisco-ap-group-nugget.html
    Hope this helps!
    Rob

  • HA in Cisco WLC

    Hi friends,
    I am planning to have a wireless environment for a corporate company. I would like to have a Cisco wireless LAN controller 2100 series and 15 numbers of cisco aironet 1142 n access point. Since wireless is gonna be a very important medium for the premises, I am planning to have high availability for the 2100 series WLC.
    With this scenario I am having the following of queries?
    1. Does high availability is supported with WLC 2100 series or need to go for an hihger end WLC's? It would be great if I am guided with some documents on this?
    2. My wired switching infrastructure at the core is running with GLBP. Can I connect the both WLC in each switch in an dual home architecture?
    3. Is there any pre-requistes for doing the high availability for the WLc's?
    4. Yet another company that is close to me do have the same architecture for wireless infrastructure, except that they have cisco WLC as 5508 and Cisco aironet 1142n access point. All the end points NIC adapters that they have support a/b/g standard. But with an n series they continously report low signal strength, the reason for this still unknown?
         But the tech documents of 'n' series access point claims that they support, 300Mbps within 33 feet and 200 Mbps within 66 feet.
    They are having 2 nos of Cisco 1142n access point for every 30 feet but still they are facing low signal strength. Also there workspace are all cubicles and without any interference.
    It would be great if I am guided on this issue also?
    Regards,
    Karthik Anbumani

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin-top:0cm;
    mso-para-margin-right:0cm;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0cm;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Hi Karthik,
    You can build this HA solution based on the 2100 controllers. And if you want HA for 15 access points you need two 2125 controllers. But I will suggest that you consider the 5508 controller since that is a more future proof hardware and will give you more features that you might want to use such as Office Extend.
    Right now there is a bundle available for one 5508 with 10 x AIR-LAP1142 and the GPL price for that bundle is USD 31,424. And you should consider if you need the HA solution or if you are covered by the onsite support. In the product list below I have used the regulatory domain E and power cable for Europe. Make sure that you get this correct for your country. This is a limited offer ending August 1st 2010. You also need the additional 5 access points or more if you want Office Extend.
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin-top:0cm;
    mso-para-margin-right:0cm;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0cm;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Also consider that the 2100 series only have FastEthernet interfaces so you will not be able to utilize the full 11n throughput.
    1 x 5508 with 10 x 1142:
    Product
    Description
    Quantity
    Price
    Lead Time
    AIR-CT25-1140E10
    802.11a/g/n ESTI Cfg5508-25 10AP WCS Demo Promo ends 8/1/10
    1
    24,595.00
    14 Days
    AIR-CT5508-25-K9Z
    5508 Series Controller for up to 25 APs
    1
    0.00
    14 Days
    AIR-PWR-5500-AC
    Cisco 5500 Series Wireless Controller Redundant Power Supply
    1
    1,495.00
    14 Days
    SWC5500K9-70
    Cisco Unified Wireless Controller SW Release 7.0
    1
    0.00
    14 Days
    AIR-PWR-CORD-CE
    AIR Line Cord Central Europe
    1
    0.00
    14 Days
    AIR-LAP1142N-E-K9Z
    Manufacturing Level PID - AIR-LAP1142N-E-K9
    10
    0.00
    14 Days
    S114RK9W-12421JA
    Cisco 1140 Series IOS WIRELESS LAN LWAPP RECOVERY
    10
    0.00
    LIC-CT5508-25
    25 AP Base license
    1
    0.00
    14 Days
    LIC-CT5508-BASE
    Base Software License
    1
    0.00
    14 Days
    WCS-CD-K9Z
    CD With Windows And Linux. No License.
    1
    0.00
    14 Days
    CON-OSP-CT25E10
    ONSITE 24X7X4 802.11a/g/n ESTI Cfg: 5508-25; 10APs;
    1
    0.00
    CON-OSP-CT0825
    ONSITE 24X7X4 Cisco 5508 Series
    1
    2,944.00
    CON-OSP-1142EK9Z
    ONSITE 24X7X4 802.11a/g/n Fixed AP
    10
    2,390.00
    Total   LeadTime: 14 Days  Total Price: USD   31,424.00
    Total LeadTime: 14 Days  Total Price: USD 31,424.00
    2 x 2125 with 10 x 1142:
    Product
    Description
    Quantity
    Price
    Lead Time
    AIR-WLC2125-K9
    2100 Series WLAN Controller for up to 25 Lightweight APs
    1
    8,995.00
    21-35 Days
    CAB-AC-C5-EUR
    AC Power Cord, Type C5, Europe
    1
    0.00
    14 Days
    SWLC2100K9-70
    Cisco Unified Wireless Controller SW Release 7.0
    1
    0.00
    14 Days
    ASA5505-PWR-AC
    ASA 5505 AC Power Supply Adapter
    1
    0.00
    14 Days
    SSC-BLANK
    ASA 5505 SSC Blank Slot Cover
    1
    0.00
    14 Days
    CON-OSP-AC2125K9
    ONSITE 24X7X4 WLAN Controller for for Retail
    1
    1,656.00
    Total   LeadTime: 21 - 35 Days   Total Price:   USD 10,651.00
    Product
    Description
    Quantity
    Price
    Lead Time
    AIR-WLC2125-K9
    2100 Series WLAN Controller for up to 25 Lightweight APs
    1
    8,995.00
    21-35 Days
    CAB-AC-C5-EUR
    AC Power Cord, Type C5, Europe
    1
    0.00
    14 Days
    SWLC2100K9-70
    Cisco Unified Wireless Controller SW Release 7.0
    1
    0.00
    14 Days
    ASA5505-PWR-AC
    ASA 5505 AC Power Supply Adapter
    1
    0.00
    14 Days
    SSC-BLANK
    ASA 5505 SSC Blank Slot Cover
    1
    0.00
    14 Days
    CON-OSP-AC2125K9
    ONSITE 24X7X4 WLAN Controller for for Retail
    1
    1,656.00
    Total   LeadTime: 21 - 35 Days   Total Price:   USD 10,651.00
    Product
    Description
    Quantity
    Price
    Lead Time
    AIR-LAP1142-EK9-PR
    LAP1142 Controller Based E Reg Domain
    1
    9,950.00
    14 Days
    S114RK9W-12421JA
    Cisco 1140 Series IOS WIRELESS LAN LWAPP RECOVERY
    1
    0.00
    AIR-LAP1142-EBULK
    BOM LEVEL PID FOR BULK PACK
    10
    0.00
    14 Days
    CON-OSP-LAP1142E
    ONSITE 24X7X4 802.11a/g/n Fixed Unified AP; ETSI
    10
    2,390.00
    CON-OSP-L1142E0P
    ONSITE 24X7X4 802.11a/g/n LWAPP AP EU Cnfg-Promo Pk
    1
    0.00
    Total   LeadTime: 14 Days  Total Price: USD   12,340.00
    Total LeadTime: 21 - 35 Days   Total Price: USD 33,542.00
    Regards,
    André

  • Cisco WLC 2504 webportal for Server 2008 R2 DC LDAP or RADIUS

    HI,Friends.
    I want to get my mobile or Notebook clients connecting to wireless and use my Domain users ,Cisco WLC 2504 to authenticate via LDAP or  RADIUS to our Windows Server 2008 Domain Controllers
    question:
    one,i can use my domain one Organizational Unit ,such as cn=use01,ou=test,dc=lzh,dc=com. now, noly user01 can logon on web, But how I make all my domain users can use web log it ? 
    I was using radius authentication or ldap certification to do web authentication ?which is good. ???
    I specified child ou, ou its users superiors can not be landed on

    hi ,Scott Fella
    Thank you,I am very happy to receive your reply,  I finally binding domain user authentication LDAP authentication done successfully. but You say the combination of nps I did not do the radius authentication is successful, I do not know where the problems.
    the err:
    <Event><Timestamp data_type="4">07/27/2014 18:33:36.845</Timestamp><Computer-Name data_type="1">PDC-CQ</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name data_type="1">11</User-Name><Service-Type data_type="0">1</Service-Type><NAS-IP-Address data_type="3">10.10.10.253</NAS-IP-Address><NAS-Port data_type="0">1</NAS-Port><NAS-Identifier data_type="1">WLC-CNNEWCITY</NAS-Identifier><NAS-Port-Type data_type="0">19</NAS-Port-Type><Vendor-Specific data_type="2">00003763010600000001</Vendor-Specific><Calling-Station-Id data_type="1">10.12.0.11</Calling-Station-Id><Called-Station-Id data_type="1">10.10.10.253</Called-Station-Id><Client-IP-Address data_type="3">10.10.10.253</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">WLC</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CNNEWCITY\11</SAM-Account-Name><Class data_type="1">311 1 10.10.10.1 07/27/2014 09:41:28 5</Class><Authentication-Type data_type="0">1</Authentication-Type><NP-Policy-Name data_type="1">Connections to other access servers</NP-Policy-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Fully-Qualifed-User-Name data_type="1">cnnewcity.com/user/test/11</Fully-Qualifed-User-Name><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
    <Event><Timestamp data_type="4">07/27/2014 18:33:36.845</Timestamp><Computer-Name data_type="1">PDC-CQ</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 10.10.10.1 07/27/2014 09:41:28 5</Class><Fully-Qualifed-User-Name data_type="1">cnnewcity.com/user/test/11</Fully-Qualifed-User-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Client-IP-Address data_type="3">10.10.10.253</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">WLC</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CNNEWCITY\11</SAM-Account-Name><NP-Policy-Name data_type="1">Connections to other access servers</NP-Policy-Name><Authentication-Type data_type="0">1</Authentication-Type><Packet-Type data_type="0">3</Packet-Type><Reason-Code data_type="0">66</Reason-Code></Event>
    then,You gave two figures is that what you mean? what's the meaning it that services-type =login ?

  • Certificate based authentication with Cisco WLC and Juniper IC

    Hi
    I have a cisco WLC 4400 and Juniper IC which works as the external Radius server.
    I want the wireless clients to be authenticated using certificates. I know the Juniper IC can understand certificates.
    My question is can cisco WLC understand that the information being presented to it by the client is not username/pwd but a user certificate.
    i have also looked at this article :
    http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html
    What i don't understand here is the need of WLC authenticating the user with his credentials by LDAP when it has authenticated the user cert.
    All your help is appreciated.

    Hi,
    Since you use an external radius server you don't have to worry for this.
    The only config that you need to do on WLC is to define the radius server under Security-AAA-Radius-Authentication and on your WLAN-Security-AAA.
    The doc you refer is only for Local Radius on WLC.
    Hope this helps
    Regards,
    Christos

  • Generate one time authentication for Guest on Cisco WLC

    Hi All
    Sorry for my question, because I just started to work with Cisco WLC.
    I have created some WLAN for local users with authentication by 802.1x + Radius by certificate.
    For Guest I used PSK with MAC-filtering.
    But I see that is not comfortable for Guests, each time they come and want to access our wireless, we have to come and get their MAC.
    I checked on Internet and find that the wireless solution for Hotel, Resorts are very easy.
    I also googled and see that Cisco WLC support Lobby Ambassador to generate Guest username/password. But as I checked, this username/password might only use with Web-Auth, this method is not comfortable for Guest who don't know they have to go to Web-Auth to do authentication (e.g: when they only get pop3 email, or vpn, ... not use browsers)
    Could I use this method (or another method) for creating one time Guest wireless username/password or Guest PSK that can be used for authentication when Guests click to Wireless-SSID name only (no need to open web browser to do Web-Auth).
    Regards
    Hai

    Hi Choudhary
    Thank you much for your information
    Could I reconfirm about my concern.
    With Cisco WLC, I can use WebAuth with Guest user only
    If I want to use Guest user for authentication when guests connect to SSID (not by WebAuth, I means use Layer 2 security only, not Layer 3), I will have to use additional Radius Server.
    And if I understand right, could you please recommend me software based Radius Server with support generate one time username/password for Guest, because I checked IAS/NPS on windows server may not have this function (ISE is not appropriate for us at this time, due to high expense)
    Regards
    Hai

  • Cisco WLC 2500 - 802.1x with Vasco Radius SMS OTP

    Hello folks,
    I have what seems to be a complex implementation with many things that need to be done on a customers network and I wanted to be pointed in the right direction.
    The current scenario is such, the customer has a Cisco WLC 2500 device that has 3 access points(these are in the same AP group) connected to it. There is one SSID that I will call PRODUCTION here that some domain users use to connect to the local network. The customer has requested to have a GUEST SSID added to the WLC where guest users will connect to and recieve a SMS OTP for authentication.
    Correct me if I am wrong, but I will obviously need to segment the SSIDs to have them running on different subnets to ensure that guest users do not have access to the production network once they authenticate. In order to do this I will need to configure Dynamic VLAN assignment for the Cisco WLC and connect it to a 802.1x port on the switch.
    Now what is not clear is I am not interested in authenticating the users that connect via "Production SSID" and want to bypass authentication for those users and have them assigned to the default vlan (or maybe perhaps have them authenticate via LDAP on the AD), however I want to force the "GUEST" SSID users to authenticate so that they may recieve an SMS OTP (reason for this is to force guests to register their phone numbers to use the internet so that Illegal activity may be tracked).
    1)So would it be possible to bypass authentication(or authenticate them via LDAP) for the PRODUCTION SSID as only domain users would know the SSID password to log on and have them by default assigned to the production subnet (default vlan) but force the GUEST SSID users to another VLAN via 802.1x sms otp?
    2)*Important* Another issue that is not clear is will I be able to directly configure AAA Radius settings on the Cisco WLC to directly authenticate with the VASCO Radius OTP and recieve a challenge-response(required for OTP) during authentication? As I have seen from Ciscos Dynamic VLAN assignment docuementation (http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml) additional IETF Radius Perimeters are used such as Tunnel-Private-Group-ID etc are used which I can't seem to configure on the Vasco.
    I do beileve this is a great project in helping me understand the INs and OUTs of CISCO WLC as well as Wireless NAC, If anyone could enlighten me and point me in the right direction I would be forever in debt. Much appreciated.
    Best Regards
    Sinan Barghouthi - JNCIA-FWV , JNCIA-IDP , CCA-NS , TCSM-8.0

    On your WLAN you can enable AES and TKIP. Just know that some clients mau have issue when they see both TKIP and AES. Ive had pretty good success with this in the past. Dont forget, you also need to enable WMM allowed to get N rates.
    But you will need to configure AES on the client as well to support N rates.
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • Cisco WLC 5508 - NPS Radius

    Cisco WLC 5508
    Software Version: 7.4.100.0
    Windows Server 2008R2
    I've got everything setup on the Windows Server 2008 side of things (certificates, radius clients, etc)
    I added the radius server on the WLC, and configured a new WLAN to use it.
    Both are on the same subnet.
    When trying to conect to the WLAN it kept failing.  I installed wireshark on the server to monitor the radius traffic, and to my surprise there was no radius traffic showing up on the server.  The radius statistics on the WLC are at 0 as well, so it's like the WLC isn't even attempting Radius.
    I reverified that the server was enabled on both the security tab and the WLAN itself on the WLC.  Rebooted the controller and the server, all to no avail.  I used a radius test client, and can successfully send radius commands to the server using that utility.
    Frustrated, I just kept trying to reconnect on my wireless device, and after about the 15th try, finally I saw radius activity on wireshark.  It rejected my access, but at least I saw activity.  It also registerd radius statistcs on the WLC as well.
    So now if I keep trying to connect repeatedly, about every dozen or so times the WLC actually will send a radius request to the server.
    What in the world is going on here?

    I do have local management users on the controller.
    Some hours later I added the option of authenticating management users, for the NPS server. Then logged inn to the management GUI using NPS radius, worked just fine.
    However, these commands have been useful to me several times, to make sure unsuccessful requests appear in the Windows Event log:
    auditpol /get /subcategory:"Network Policy Server"
    If it shows ‘No auditing’ or just "Success", you can run this command to enable it:
    auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
    So now I know that the NPS radius server works, for management access. I will go to the customer's site some other day to test it for 802.1x authentication. If not, I'll do some debugging to decide wihich to blame - the WLC or NPS.

  • Cisco WLC 5508 and LACP

    Hi Fellows,
    I wanna know if 5508 Cisco WLC support LACP or not. Actually i work in a project where i must
    connect WLC 5508 in Enterasys Switches with Link Aggregation.
    Enterasys Switches support LACP 802.3ad but when i learn Cisco Books i see that WLC 5508
    doesn't support LACP.
    Can you help please ?
    Sincerely
    Joseph

    Hi,
    Please take a look into the config guide:
    http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mint.html#wp1277652.
    You can read there:
    Once the EtherChannel is configured as on at both  ends of the link, it does not matter if the Catalyst switch is  configured for either Link Aggregation Control Protocol (LACP) or Cisco  proprietary Port Aggregation Protocol (PAgP) because no channel  negotiation is done between the controller and the switch. Additionally,  LACP and PAgP are not supported on the controller.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Understanding statistics from a Cisco WLC?

    Hello,
    From the "Monitor" page on our Cisco WLC.  If you go to "Access Points" from the left side then choose one of the Radios like 802.11b/g/n.  That will list all the APs connected with your controller.
    1) First question, some of the APs listed show the "Interference Profile" as "Failed".  What does this mean?  It has connected clients and no one is reporting an issue.  So what does that really mean?
    2) Second question, if you go to the "Details" for one of the APs I can see the "802.11 MAC Counters" showing things like Tx Fragments, Tx Failed Count, FCS Error Count, etc.  Below is what I see.
    Can someone explain what these statistics are saying?  Again there are no issues reported by our users, but some of these values seem high and I don't understand what they are saying or if there is anything I should be considered with.
    Any help on this would be great!
    Thank you!
    -rya

    For your convenience:
    The details of the " 802.11 MAC Counters " :
    Counters
    Tx Fragment Count
    This counter is incremented for an acknowledged MPDU with an individual address in the address 1 field.
    Tx Failed Count
    This counter increments when an MSDU is successfully transmitted after one or more retransmissions.
    Multiple Retry Count (Graphics view only)
    This counter shall increment when an MSDU is successfully transmitted after more than one retransmission.
    RTS Success Count
    This counter increments when a CTS is received in response to an RTS.
    ACK Failure Count
    This counter increments when an ACK is not received when expected.
    Multicast Rx Frame Count
    This counter increments when a MSDU is received with the multicast bit set in the destination MAC address.
    Tx Frame Count
    This counter increments for each successfully transmitted MSDU.
    Multicast Tx Frame Count
    This  counter increments only when the multicast bit is set in the  destination MAC address of a successfully transmitted MSDU. When  operating as a STA in an ESS, where these frames are directed to the  access point, this implies having received an acknowledgment to all  associated MPDUs.
    Retry Count
    This counter increments when an MSDU is successfully transmitted after one or more retransmissions.
    Frame Duplicate Count
    This counter increments when a frame is received that the Sequence Control field indicates is a duplicate.
    RTS Failure Count
    This counter increments when a CTS is not received in response to an RTS.
    Rx Fragment Count
    This counter shall be incremented for each successfully received MPDU of type Data or Management.
    FCS Error Count
    This counter increments when an FCS error is detected in a received MPDU.
    WEP Undecryptable Count
    This  counter increments when a frame is received with the WEP subfield of  the Frame Control field set to one and the WEPOn value for the key  mapped to the TA's MAC address indicates that the frame should not have  been encrypted or that frame is discarded due to the receiving STA not  implementing the privacy option.
    Band Select statistics
    When  the feature is activated, the WLC doesn't immediately reply to probe  requests on 11b/g. If immediately a probe is also seen on 11a, then the  client is detected as dual band. Then WLC only replies on 11a. After  some time, this "categorization" expires and WLC will again try to see  if the client is present on both bands.

  • Cisco WLC 5508 in HA mode error

    Hai ,
    I am Getting the below Error in Cisco WLC 5508, Version 7.4.100.0 in HAmode. The WLC contains Access Points having in local and Flex Connect Mode.
    RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete,
    I sam a same bug in Cisco WLC 7.4.100.0 release notes similar to the error like
    RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbSpamSetRadSlotAntennaType.
    Any Ideas?

    HI Mohamed,
    its a open Caveats  in 7.4.100.0
    CSCud26632
    Symptom: The following SNMP trap appears on the controller when you change the channel width number to 40-MHz:
    RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbSpamSetRadSlotAntennaType.
    Conditions: Controller is in an HA pair. Join the 802.11n access point to the controller and change the channel width to 40-MHz and channel number to 157.
    Workaround: None
    http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
    Reagrds
    Please rate helpful posts

Maybe you are looking for

  • My iPad2 is frozen at slide to unlock and every few minutes te apple appears on the middle for a while and then back on freeze to the slide to unlock screen. Please I need your help please

    My iPad2 is frozen at slide to unlock screen, every few minutes the apple appears in the middle of the screen and couple of minutes later it will go back on freeze to the slide to unlock screen .  I have tried all tricks even the restoration through

  • JDBC insert with XMLTYPE data type

    Hi, SOAP to JDBC scenario. Oracle 11G as a receiver. Requirement is to  insert whole xml payload message in one of Oracle table fields as a xml string. Target oracle DB table column is defined with XMLTYPE data type, it has capacity to hold xml data

  • No reviews in App Store

    For a while the English App reviews have not been available in the Danish app store - which means there is barely any reviews (population 6 mill people). This is pretty annoying that it is not possible to see the reviews of app before you buy any mor

  • Install options for Leopard

    I have a Mac Mini (1.83 GHz Intel Core Duo with 512MB memory) and am running 10.4.11, I have just bought Leopard today to install. I've always backed up my Home Folder on an external hard drive and am ready (I think!) to install Leopard. The guy in t

  • Now this is interesting!........I think???!

    I have a class called Main.java. This class works perfect if i delete one line, which is: commandTokens = command.split("\\s+") ; i use the same code at uni and it works, but as usual it doesn't work on my home computer. I am using jcreator on jdk 1.