Configuring 2504 WLC for LanSchool/AppleTV

Similar Messages

• Please help me to configure 2504 WLC as secondary in N+1 HA mode. My primary WLC is 5508 and both have 50 AP license.

  Please help me to configure 2504 WLC as secondary in N+1 HA mode. My primary WLC is 5508 and both have 50 AP license. I want to deploy the AP in the same location.

  Go HERE:  https://supportforums.cisco.com/discussion/12219106/high-availibility-2500

• Configure cisco wlc for rsa authentication

                     Hi,
  I wanted to find out if it is possible to authenticate wireless networks using rsa. Currently we have a cisco wlc 2504, rsa authentication manager 7.1
  Do we require a cisco ACS device to make this work. Please advise.
  Thanks

  Yes it is possible.  The below is the list of items which you require to configure RSA authentication on WLC
  •1.       RSA Authentication Manager 6.1
  •2.       RSA Authentication Agent 6.1 for Microsoft Windows
  •3.       Cisco Secure ACS 4.0(1) Build 27
      Note: The RADIUS server that is included can be used in place of the Cisco ACS. See the RADIUS documentation that was included with the RSA Authentication Manager on how to configure the server.
  •4.       Cisco WLCs and Lightweight Access Points for Release 4.0 (version 4.0.155.0)
  For more information you can go through this link:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a008090399a.shtml

• Syslogging on WLC for custom webauth bundle

  Hi,
  I recently created a WLAN for guest users. They would have to "register" themselves by entering an emailadress. After this they get access to guest WLAN for a number of hours. My question: In the logs of our syslog server I don't see any of these registrations. How can I enable this or what is needed to do this?
  kind regards,
  tverscheure

  Hello Tim,
  As per your query i can suggest you the following solution-
  In order to configure the WLC for syslog servers with the GUI, complete these steps from the Wireless LAN Controller GUI.
  1.Choose MANAGEMENT > Logs > Config to navigate to this page.
  2.Enter the syslog server IP address and click Add.
  3.Under Syslog Level, set the severity level to filter syslog messages to the syslog servers.
  4.Under Syslog Facility, set the facility for outbound syslog messages to the syslog servers.
  5.Click Apply.
  For more information refer to the link-
  http://www.cisco.com/en/US/products/ps6307/products_configuration_example09186a00809a2d76.shtml
  Hope this will help you.

• How-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device

  Dear All
  I have a 2504 Wireless Controller with multiple radios attached. I currently have a "private" WLAN configured (taking ip from windows server based DHCP of Range 192.1681.0/24 ) and working, but I need to add a Guest/Public WLAN which should take the IP from Other DHCP Configured on Fortigate UTM of range 172.16.0.0/24.
  We have one SG300 switch in the office and the rest are basic switches.
  Our firewall/router is a Fortigate UTM 240D
  Find the attached network diagram for the issue.
  Is there a SIMPLE way to enabling guest access that doesn't require VLANS (or are VLANS easier than I'm making them)? 
  Thanks.
  - See more at: https://supportforums.cisco.com/discussion/12473186/how-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device#sthash.aj1XcWI0.dpuf

  Complete these steps in order to configure the devices for this network setup:
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html
  Configure Dynamic Interfaces on the WLC for the Guest and Internal Users
  Create WLANs for the Guest and Internal Users
  Configure the Layer 2 Switch Port that Connects to the WLC as Trunk Port

• Configuring Guest Access using 2 LWAPs and 2504 WLC

  Please advise,
  I have 2 APs, Cisco Aironet 1040, and 2504 WLC.
  Is it possible to configure guest access (Guest SSID/VLAN and Corporative SSID/VLAN) without dedicated guest WLC in DMZ?

  Yes you can. You can have up to 16 SSIDs per AP, but not suggested to have all 16. You can either use one port on the 2504 for both SSID/vlan or specify which port is for corporate and which one is for guest.
  Thanks,
  Scott Fella
  Sent from my iPhone

• Port Configuration on new 2504 WLC

  I've read some conflicting things on the new 2504 WLC's.  Some things indicate all 4 ports are fully useable, while
  others indicate perhaps only 1 or 2.  I think I've read in product documentation that it support a max of two ap-manager interfaces.  Does anyone know for sure if all 4 ports are useable?  I'm thinking of the following configuration:
  Port 1:  management interface and first ap-manager interface
  Port 2:  second ap-manager interface
  Port 3:  first dynamic/client interface
  Port 4:  second dynamic/client interface
  I'm planning on deploying my ap's in h-reap mode with a max of 25 ap's per 2504.  Since I'm using h-reap, bandwidth shouldn't be much of an issue so I'm also considering trimming it down to using just two physical ports as follows so I can take up fewer gig switchports which are scarce at many of my locations:
  Port 1:  management interface and first ap-manager interface
  Port 2:  first and second dynamic/client interface
  Opinions?  I've always deployed 4400's and 5508's with LAG so I haven't had to think about this much until now.

  Hi Evan,
  For sure! There is a really good example on the configuration guide, and assciated caveats.
  http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_0100011.html
  Benefits for using LAG is increased bandwidth, and redundancy - especially if you have the two (or more in the case of a 5508 WLC) ports connected to different physical switches, eg a 3750 stack.
  Best,
  Evan

• 2504 WLC on edge network for guest wifi

  I have a 2504 WLC with a 1042 AP and I have it placed on my edge Cisco 3750 switch.
  I have the management interface of the WLC set on my WAN IP 71.x.x.x subnet range, and I have the WLC doing DHCP duties with a DHCP scope of 192.168.X.0. I have my DNS servers set on external DNS servers out on the Internet.
  I have two Cisco 3845 Routers on my edge network - one for each ISP with BGP protocol.
  Since my native VLAN is 71.x.x.x, I added a sub interface on my main core router and gave it a 192.168.x.1 255.255.255.0 address for the gateway. Also, I added ip prefix-list iBGP seq 10 permit 192.168.x.0/24 le 32 to my main core router. On my secondary ISP router I added
  ip prefix-list iBGP seq 10 permit 192.168.X.0/24 le 32, and ip prefix-list OUT seq 10 permit 192.168.x.0/24 statements.
  I added VLAN 10 to my edge switch and gave it IP 192.168.x.2 255.255.255.0, and the switchports that my core router and my WLC are connected to the edge switch, are in trunk mode with encapsulation dot1q 10. The switchport on my edge switch that the AP is connected to is in switchport access mode.
  I can connect to the wifi with a 192.168.x.x IP address on my laptop, but I cannot get any Internet access.
  Is it possible to have the DHCP scope be in a different subnet than my WAN IP subnet, and allow guests to get to the external Internet only? Do I need to put the WLC somewhere internal on my network i.e. the DMZ and then tunnel the traffic out to the Internet with no Internal network access?
  Thanks for any help you can provide.

  right, and how does a 'normal/current' user access the internet?  Somwhere going to your ISP there should be some sort of NAT statement when you send interwebs traffic.
  if your ISP is taking care of all of that for you, you probably need to let them know you added the subnet so they can do the NAT.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Power adapter for cisco 2504 WLC

  Hi all ,
  Is there any other part numbers for cisco 2504 WLC power adpater other than
  PWR-2504-AC= ?
  Thanks,
  Regards,
  Vijay.

  No "PWR-2504-AC=" is the only power adapter option for 2504.
  Please check the datasheet:-
  http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html

• WLC: Configuring Global Credentials for Access Points

  Hi,
  I have an WLC 4404 running Software Version 5.0.148.0 with 40 LWAPPs (1242AG, some 1231G). I want to configure global credentials for the LWAPPs. The configuration guide did not mention, if I have to reboot the LWAPPs after setting the credentials.
  So, could I set this option during operation time? Thanks a lot for your help.
  Regards
  Simon

  Hi,
  Configuring the "Override global credentials" option in the GUI does not reboot the AP. It can be done in a production environment, just did it on one of my 1252s to test.
  Hope it helps.
  Jerome

• Help required to implement Cisco 2504 WLC and 1042 Access Points

  Hi,
  My name is Vidya Sagar. I am new to Wireless technology. We are planning to implement Wireless in our office. I have given the requirements below. Kindly go through the details and let me know how to start.
  We have purchased Cisco 2504 Wireless Controller (One) and Ciscon 1042 Access Points (Five). At present I am going to use 3 access points only.
  I have attached a simple diagram of our office network. We have more than 30 VLANs configured in Core Switch, we are planning to give wifi access to only 3 VLANs.
  1. VLAN 121 ( IP Segment - 10.52.121.0 /24)
  2. VLAN 116 ( IP Segment - 10.52.116.0 /24)
  3. VLAN 100 ( IP Segment - 192.168.100.0 /24) (Guest)
  Please give me a implementation plan to do this. I would like to use LDAP or ACS for authentication purpose.
  Regards,
  Vidya Sagar

  Lets just do this simple first before you start using ACS as that will require a certificate installed on the ACS for using PEAP.
  So first off, the WLC we will say is in vlan 10. When you are going through the startup wizard, make sure you define the vlan tag to 10 on the management interface. Make sure your virtual interface is an IP address that is not routed in your network, like an out of band IP.
  Make sure the WLC time is correct or use NTP!!!!
  Now you should be able to http or https to the WLC. I would upgrade the code to v7.4 and install the FUS image. Please reference this link for the upgrade procedure. You don't have to upgrade now... I would wait till you get everything working first.
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
  Now I would connect the APs on the same vlan as the WLC for now. Make sure there is dhcp on that subnet. Once the APs have joined, then you can move them to any subnet you want. Since you don't have many APs it would be okay to leave them in the same vlan as the WLC management or out them on any other vlan you choose. The APs will be connected to an access port NOT a trunk port!!!!
  The WLC will need to be connected on a dot1q trunk port only allowing vlans 10,100,116,121. The 2504 running v7.4 will support LAG (etherchannel). Any ways, your switch port should look like this for example only
  Interface gigabit1/0/1
  description WLC2504
  switch port trunk encapsulation dot1q
  switchoort mode trunk
  switch trunk allowed vlans 10,100,116,121
  spanning-tree portfast trunk
  channel-mode group 10 mode on << only for v7.4 if you use lag
  Don't connect all four ports right now, just port one!!!!
  Your Guest vlan, you will need to create an ACL to block traffic from accessing the internal network. You might want to allow dhcp and DNS bit I would leave it open first until you can verify everything is working.
  Now on the WLC you need to create a dynamic interface for vlan 100, 116, and 121. If you click on the Controller tab in the GUI and click on interfaces on the left hand side, that will take you to where you can add/delete/modify your interfaces. When creating these interfaces, make sure you add the dhcp server IP address for the primary and or backup.
  Now that you have your dynamic interfaces created, its time I create your SSID. Now click on the WLAN tab on the GUI and click on WLAN and then on the too right select Create New and then click go. Select WLAN on the drop down menu and then for the profile name I would use the SSID name also for simplicity.lean e the WLAN id to 1 for this and 2 for the next and so on. After defining these and clicking Apply you can now define your SSID. On the General tab, enable the status and leave the radio policy to all for now, you can decide later what you want to use. Choose your interface you wan to place this SSID on and enable Broadcast SSID for now and leave everything else alone. Now click on the Security tab and on the layer 2 Security, leave it at WPA + WPA2, only check WPA2 Policy and for WPA2 encryption choose AES only. Now go to the bottom of that screen and choose PSk. We will do pre shared key for now so you get to understand the setup and make sure everything is working first. Now on the PSK format, choose ASCII and put your pre shared key in the input box. Make this simple to for testing. You don't want to put in symbols or anything like that. When you are don with that, check apply on the top right and test.
  Now you can repeat this with your other SSIDs just to test. Your guest network you can leave open for now to test open authentication.
  Here are some links for the WebAuth feature:
  https://supportforums.cisco.com/docs/DOC-13954
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b1a506.shtml
  Now if you want to use ACS with PEAP, here is some links for that:
  https://supportforums.cisco.com/videos/2499
  http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bd1100.shtml
  https://www.google.com/url?sa=t&source=web&cd=8&ved=0CFQQtwIwBw&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWk_bRdmsQlA&ei=_BEyUeCYM8TdqAHHsICAAw&usg=AFQjCNF8PiVBQK1Kipb4j8AzD153bKtmgA&sig2=smHhNVmCr2of2NzbnDhGmw
  Well that is it, hopefully you can get the wireless up for testing and verifying everything works!
  Sent from Cisco Technical Support iPhone App

• Unable to setup WLC for LDAP

  Hi,
  I'm trying to setup WLC for LDAP to authenticate the users. I have all the components required according to cisco's document. WLC4402, LAP1142N, 2008 AD serving as LDAP.
  I'm configuring according to the document and also trying same settings from other users on this forum who (seems to) have got the WLC-LDAP up and working. My problem is that I'm receiving the below debug message on the controller and there is nothing on the internet on this error:
  *LDAP DB Task 1: Apr 28 10:05:35.903: LDAP server 1 changed state to IDLE
  *emWeb: Apr 28 10:09:21.046: aaaLdapServerStateSet [1] changed state to 'DISABLED'.
  *emWeb: Apr 28 10:09:21.046: aaaLdapServerStateSet [1] changed state to 'ENABLED'.
  *LDAP DB Task 1: Apr 28 10:09:21.052: ldapTask [1] received msg 'CLOSE' (4) in state 'IDLE' (1)
  *LDAP DB Task 1: Apr 28 10:09:21.055: ldapClose [1] called lcapi_close (rc = 1008 - Invalid client handle)
  *LDAP DB Task 1: Apr 28 10:09:21.055: LDAP server 1 changed state to IDLE
  I'm getting this error regardless of the authentication type, any username and attributes. So it makes me think WLC is not even trying to bind to LDAP. If the error was invalid credentials or something mismatch or something, it gives me some information to base my troubelshooting but I just can't find information on this (rc = 1008 - Invalid client handle) message.
  I appreciate any input you guys have. Also if you need me to post my config screenshots or anything else, then please let me know
  Thanks,
  Delgee

  Hi Nicolas,
  Thanks for the reply.
  I've tried with Softterra LDAP browser and it is working fine. I can browse everything with the account I'm using for binding.
  The funny thing I found out is that the LDAP authentication is actually working, when I try to connect via wireless and enter my AD account the on web auth page, it logs me in. So it is authenticating agains LDAP but why I'm getting this error, I don't know.
  Any idea?
  Regards,
  Delgee

• 2504 WLC future LAG support?

  We just bought a 2504 WLC with 15 AP licenses for our new eight 1141N AP installation.  Some confusion about LAG support for these now confirmed by TAC that LAG NOT supported for the time being.  Has anyone heard about whether this feature will be added to the 2504 in the future?  Seems a waste of those four ports toherwise.  Just wondering....

  You can still utilize multiple links on the 2500 platform. If you create multiple interfaces with AP management enabled, you can load balance APs across the port(s).
  Likewise, you can put your various wireless client vlans on different physical ports to avoid having ALL traffic on a specific port.
  http://www.cisco.com/en/US/products/ps11630/products_tech_note09186a0080b8450c.shtml#scenarios
  -Pat

• Will the 2504 WLC internal DHCP give IP addresses to clients?

  Is there a way to configure the 2504 WLC so that its internal DHCP only services the LAPs?
  I don't want the controller to give out IP addressed to wireless clients.
  Thanks

  No. 
  DHCP on the WLC is never intended to offer DHCP services to any "wired" side devices, which includes your APs.  These DHCP pools are specifically to hand addresses out to wireless clients attached to WLANs of the specific WLC it is configured on.  Even then, unless you absolutely cannot offer DHCP somewhere else, DHCP on the WLC is not a suggested practice.
  DHCP Pool Configuration and Restrictions.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_01000110.html

• Local printers not working with 2504 WLC

                     I have a 2504  WLC with 3 1262 WAPs in lightweight mode.
       Clients connect using WPA2 PSK AES with no problem.  Clients are Windows XP Home SP3.  Test pages end up in print queue and eventually get a error printing status.  Clients are not part of a domain and in a standalone workgroup - techstream.
  Printer can be pinged from wireless client.
  Another 1262N WAP in standalone mode connected to same lan from windows 7 sp1 clients have no problem printing to a local printer.
  What does work on the Windows XP Home client is connecting to a network shared printer authenticating with domain admin id and password and it works.  Reboot and the network shared printer can not connect multiple reasons are "access is denied" and message box says "only security tab will be displayed....."   Another Windows XP Home SP3 client on reboot can't open the network shared printer with message "Can't find printer"
  The local printers do work on these pc's with an old colubris router that has an outside interface on our lan and internal network with clients getting dhcp address from colubris router of 192.168.3.XXX  . 
  What is wrong with the wireless 2504 WLC?
  Thanks
  Broadcast forwarding was enabled.

  Although a cisco tech support was helpful in making sure multicasting was enabled and a multicast server defined, the problem was at the CP2025DN printer. It had old network ip mask and gateway configured on the printer.
  The new devices were part of the new network configuration (Mask and gateway had changed). I didn’t change that printer when I changed all the other printers at the facility because it was still active thru the old wireless network. I forgot to change the printer ip config when I brought the new wap on the new wireless network with the wlc 2504.
  End result was the clients were part of a different subnet and gateway configuration then the printer and this disrupted the communication between clients and the printer. Once I corrected the mask and gateway on the printer to be the same as the dhcp scope of the wireless network, communication and printing worked.
  Problem solved.  User error