Controller losing APs

Hi All,
This is a bit odd but it has been happening ever since we have been using the Cisco wireless APs and the 2106 Controllers.
When ever the controller goes down, either through power outage or planned outage the APs lose connection and never reconnect until I go to the AP and physically unplug it and plug it back in.
Initially I ran everything through a trunked port and that seemed to work fine but after reading a news posting here I changed the ap-management, and management interfaces to separate non-trunked ports but it seems to still happen.
The APs plug into a switch that has 802.1x authentication enabled but the APs are using mac based authentication so the controller going down should not knock them off the correct vlan.
Any ideas here?

To disable or enable the 802.1X authentication, use this command:
config wlan security 802.1X {enable | disable} wlan-id

Similar Messages

  • How do i sync apps to my iPhone 4S using itunes without losing aps already installed on the phone but with a different apple ID, and i dont have the apple ID??

    how do i sync apps to my iPhone 4S using itunes without losing aps already installed on the phone but with a different apple ID, and i dont have the apple ID??

    How have you managed to get apps on your phone that are tied to a different and unknown AppleID?
    If these apps were not purchased by you, having them is effectively software piracy and you should purchase them using your own AppleID if you want to keep hem.

  • 2504 controller + 2602 APs = wireless clients connectivity problems

    Hello, everybody!
    I have a connectivity problems of wireless clients. The symptoms are:
    1) Some clients receive 169.254.x.x., instead a correct DHCP addresses, less in a minute connection drops, and in controller's "Monitor" > "Clients" tab these clients are marked as "Excluded".
    2) Most of the clients receive the correct addresses from DHCP (192.168.2.x), but also loose connection soon.
    3) Wireless clients with correct addresses can't ping each other, gateway and an address of the controller's dynamic interface (all of them are in same subnet).
    4) And the most suspicious problem is that some machines are unable to connect to APs after several attemps to do that. I mean, I configure controller and change some options, trying to understand, whether they were applied or not and constantly connect and disconnet certain PC to the SSID. After five or ten attempts I can't connect to the SSID. During these attempts, the others PCs stay connected, without interruptions, and they could be reconnected again. It's like some kind of port security works, but I'm not sure...
    Do you have any ideas which options should I configure?
    My configuration:
    I have three interfaces on the controller: virtual, management (default) and dynamic (it is set to the WLAN)
    I have one SSID, WPA/WPA2, AES/TKIP, authentication PSK.
    My clients are a/b/g/n, all are permitted on the controller. No custom security policies were applied.
    All the devices are in a single room: controller, one AP and different clients: desktop, notebooks, iPad, Nokia Lumia, etc.
    I have an internal DHCP Server on the controller and it works perfectly well.
    I can provide all the screenshots required from web-interface of the controller...
    Many thanks in advance for all ideas that you have about these problems...

    Hi, there!
    The problem was solved.
    1) APIPA address receives only single machine with Win8 - I think there are some firewall issues
    2) Other devices have been loosing connection because they were mobile devices, like iPad and Lumia. If you keep working with it, it doesn't drop the connection
    3) The dynamic interface address and gateway address were inaccessible because i had not used an appropriate port on the controller. =)))) Firstly, it was just a guess, but it proved.
    Now, everything works with WPA2, AES, PSK...
    It is a very good day!)
    The only question remains: why I can't connect machines, which have a static IP? During the controller initialization, I said "yes" for permitting static IPs...
    Guys, many thanks for your help!

  • Controller failure - APs still online?

    If I have one controller and it fails, will the lightweight APs still be online? Or will my wireless network be down?
    I searched and cannot find an answer to this question.
    Thanks for your help.

    To disable or enable the 802.1X authentication, use this command:
    config wlan security 802.1X {enable | disable} wlan-id

  • Controller and APs upgrade??

    Hi
    I have a set of APs and I need to buy a controller for them. please see the specification below:
    Product/Model Number: AIR-AP1232AG-E-K9
    Top Assembly Serial Number: FCZ1032Z022
    System Software Filename: c1200-k9w7-tar.123-8.JA2
    System Software Version: 12.3(8)JA2
    Bootloader Version: 12.3(2)JA4
    I am planning to install the 4404 WLAN controller.
    do I need to make any upgrade to the software used by the APs?
    thank you.
    hassine laribi

    You need two things:
    1.  You need to prepare the LWAP image to convert your autonomous AP (aAP) to light-weight AP (LWAP); and
    2.  You need to use the Cisco Upgrade Tool to convert your aAP to LWAP.
    Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode
    http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html
    LWAPP Upgrade Tool Troubleshoot Tips
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008072d9a1.shtml
    Hope this helps.  May I request if you can rate my post if this is helpful?  Thank you very much.

  • Cisco APs not updating after WLC-update

    Hello everyone,
    I need to update my 5508 WLCs to a newer software, to support new AP-models.
    Started with AIR-CT5500-K9-1-7-0-0-FUS.aes and AIR-CT5500-K9-7-0-240-0.aes, everything worked fine. Pre-Downloaded the newer Image to the APs, restarted the WLCs and everything was ok.
    Now I tried to update to 7.6.100.0 as well as 7.4.121.0. Both Versions should support my APs, but it doesn't work at all.
    Any ideas are highly appreciated.
    If you need further output, just let me know.
    Regards,
    Manuel
    These are some informations about the environment, AP-info and logging after "upgrade" to 7.4.121.0, controller-information after downgrading again...
    AP#  sh ver
    Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(23c)JA7, RELEASE SOFTWARE (fc1)
    ROM: Bootstrap program is C1240 boot loader BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.4(13d)JA, RELEASE SOFTWARE (fc2)
    AP uptime is 1 minute System returned to ROM by power-on System image file is "flash:/c1240-k9w8-mx.124-23c.JA7/c1240-k9w8-mx.124-23c.JA7"
    cisco AIR-LAP1242AG-E-K9  (PowerPCElvis) processor (revision A0) with 27638K/5120K bytes of memory.
    Processor board ID FCZ1545812F
    PowerPCElvis CPU at 262Mhz, revision number 0x0950
    Last reset from power-on LWAPP image version 7.0.240.0
    1 FastEthernet interface
    2 802.11 Radio(s)
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 70:CA:9B:07:86:B8
    Part Number                          : 73-10256-07
    PCA Assembly Number                  : 800-26918-06
    PCA Revision Number                  : A0
    PCB Serial Number                    : FOC15402NP4
    Top Assembly Part Number            : 800-29152-03
    Top Assembly Serial Number          : FCZ1545812F
    Top Revision Number                  : A0
    Product/Model Number                : AIR-LAP1242AG-E-K9
    Configuration register is 0xF
    AP#dir
    Directory of flash:/
    2  -rwx      89311  Jan 18 2014 20:41:00 +00:00  event.log
    3  drwx          64  Jan 18 2014 20:43:21 +00:00  update
    5  drwx        256  Jan 18 2014 20:40:55 +00:00  c1240-k9w8-mx.124-23c.JA7
    4  -rwx        6168  Nov 2 2011 23:32:18 +00:00  private-multiple-fs
    7  -rwx        395  Mar 1 2002 00:00:05 +00:00  env_vars
    15740928 bytes total (8772096 bytes free)
    AP#dir
    Directory of flash:/c1240-k9w8-mx.124-23c.JA7/
    9  -rwx      131328  Jan 18 2014 20:39:46 +00:00  7101.img
    10  -rwx        292  Jan 18 2014 20:39:46 +00:00  info
    11  -rwx    4642714  Jan 18 2014 20:40:55 +00:00  c1240-k9w8-mx.124-23c.JA7
    15  -rwx      131328  Jan 18 2014 20:40:56 +00:00  6701.img
    #sh logging --> see attached file
    CONTROLLER (unfortunately after downgrading it again):
    (Cisco Controller) >show sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.0.240.0
    Bootloader Version............................... 1.0.16
    Field Recovery Image Version..................... 7.0.112.21
    Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
    Build Type....................................... DATA + WPS
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
    IP Address....................................... WLC-IP
    Last Reset....................................... Software reset
    System Up Time................................... 0 days 0 hrs 26 mins 3 secs
    System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin, Rome, Vienna Current Boot
    License Level....................... base
    Current Boot License Type........................ Permanent
    Next Boot License Level.......................... base
    Next Boot License Type........................... Permanent
    Configured Country............................... DE  - Germany
    State of 802.11b Network......................... Enabled
    State of 802.11a Network......................... Enabled
    Number of WLANs.................................. 2
    Number of Active Clients......................... 5
    Burned-in MAC Address............................ 1C:DF:0F:C6:D8:80
    Power Supply 1................................... Present, OK
    Power Supply 2................................... Absent
    Maximum number of APs supported.................. 150
    (Cisco Controller) >show boot
    Primary Boot Image............................... 7.4.121.0
    Backup Boot Image................................ 7.0.240.0 (default) (active)
    (Cisco Controller) >show ap bundle primary
    Primary AP Image        Size
    ap1g2                  9576
    ap3g1                  6684
    ap3g2                  11208
    ap801                  5192
    ap802                  5232
    c1100                  3096
    c1130                  4972
    c1140                  4992
    c1200                  3364
    c1240                  4812
    c1250                  5512
    c1310                  3136
    c1520                  6412
    c3201                  4324
    c602i                  3716
    (Cisco Controller) >show ap bundle secondary
    Secondary AP Image      Size
    ap3g1                  6684
    ap801                  5192
    ap802                  5232
    c1100                  3096
    c1130                  4972
    c1140                  4992
    c1200                  3364
    c1240                  4812
    c1250                  5512
    c1310                  3136
    c1520                  6412
    c3201                  4324
    c602i                  3716
    Nachricht geändert durch Manuel Sporleder

    Hi Scott,
    I am not trying to pre-download it anymore, since this doesn't work at all.
    If I just restart the controller, the APs are downloading the image telling me "everything is fine", are rebooted and that stated with the old image again.
    This is what you can see in the attached log-file:
    *Mar  1 00:00:05.873: soap_prepare_new_image_crash: mini ios flash:/c1240-rcvk9w8-mx/c1240-rcvk9w8-mx
    *Mar  1 00:00:06.242: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
    *Mar  1 00:00:07.662: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
    *Mar  1 00:00:09.054: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
    *Mar  1 00:00:09.152: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1024 messages)
    *Mar  1 00:00:09.181:  status of voice_diag_test from WLC is false
    *Mar  1 00:00:11.381: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
    *Mar  1 00:00:11.440: %SYS-5-RESTART: System restarted
    *Mar  1 00:00:11.441: %SNMP-5-COLDSTART: SNMP agent on host AP is undergoing a cold start
    *Nov  2 23:31:59.107: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Nov  2 23:31:59.108: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Nov  2 23:31:59.929: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
    *Nov  2 23:32:00.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Nov  2 23:32:00.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Nov  2 23:32:18.102: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Nov  2 23:32:18.163: bsnUnlockDevice: not bring radio up: radio 1 is in admin disable state
    *Nov  2 23:32:18.345: %SSH-5-ENABLED: SSH 2.0 has been enabled
    *Nov  2 23:32:18.759:  status of voice_diag_test from WLC is false
    *Nov  2 23:32:18.847: Logging LWAPP message to 255.255.255.255.
    *Nov  2 23:32:33.181: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
    *Nov  2 23:32:33.247: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Nov  2 23:32:34.212: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Nov  2 23:32:34.213: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
    *Jan 20 20:32:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: WLC-1-IP peer_port: 5246
    *Jan 20 20:32:44.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
    *Jan 20 20:32:45.479: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: WLC-1-IP peer_port: 5246
    *Jan 20 20:32:45.480: %CAPWAP-5-SENDJOIN: sending Join Request to WLC-1-IP
    *Jan 20 20:32:45.481: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *Jan 20 20:32:45.483: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Jan 20 20:32:45.483: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Jan 20 20:32:45.483: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Jan 20 20:32:45.484: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from WLC-1-IPperform archive download capwap:/c1240 tar file
    *Jan 20 20:32:45.494: %CAPWAP-5-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
    *Jan 20 20:32:45.499: %CAPWAP-5-CHANGED: CAPWAP changed state to IMAGE
    *Jan 20 20:33:58.755: %DTLS-3-BAD_RECORD: Erroneous record received from WLC-1-IP: Duplicate (replayed) record
    *Jan 20 20:33:59.315: image upgrade successfully, system is now reloading
    This happens again and again and again...
    Regards, Manuel

  • Time mismatch between controller and AP, why?

    Hello all,
    I have a lab setup with a Cisco vWLC deployed in VMWare ESXI and 2x 1131 APs, 
    The APs are failing to join the controller due to a certificate error. I have noticed that the time that APs are using is an hour out from the controller.
    The controller time and timezone are set correctly (London timezone, it's currently summer time here so its GMT+1), but the APs are being set to an hour early (GMT+0) and are failing to join.
    I tried setting the time manually on the APs, but as soon as they talk to the controller it sets itself wrong again!
    How can I resolve this?
    Thanks
    Ben

    How can I resolve this?
    You can't.  
    LWAPP/CAPWAP standards do not include the APs to inherit timezones of the controller.  So the controller can have different timezones but the controller-based APs are always in UTC/GMT/Zulu timezones.

  • 5508 upgrade/backup controller

    If I am concerned about minimizing downtime I would use AP image pre- download option.
    >> I will download 7.6 image on old WLC and push this image to the APs connected to them. When Pre download is completed APs will have primary and secondary image as 7.0 and 7.6 . At this time both my APs and WLC are working with 7.0 image.
    >> Swap the image on APs.
    >> Check if we have right image on APs( show ap image all).
    >> Now in downtime reboot the controller. APs will right away join with 7.6 image(this will save time what APs take to search for new WLC, download the code and then reboot and join the WLC).
    >> Once the APs have joined the old WLC on 7.6 then we can move the APs to new WLC using HA tab.
    Link : http://www.my80211.com/cisco-wlc-cli-commands/2011/2/20/wlc-predownload-the-image-to-the-access-points-from-the-cont.html
    I hope that helps.
    Thanks,
    Ishant
    *** Please rate if you find it useful ***

    Old WLC = WLC1
    New WLC = WLC2
    Here's a proven process: 
    1.  Configure WLC2:  Make sure WLC2 has the same firmware as WLC1.  Copy the config of WLC1 to a notepad.  Change the IP addresses.  Copy the new config to WLC2. 
    2.  Upgrade the firmware of WLC2 (including the FUS/bootstrap).  
    3.  Make sure you configure DNS for WLC2.  
    4.  Connect WLC2 to the network and make sure you can remotely access WLC2.  
    5.  Upgrade the firmware of WLC1 but DO NOT reboot. 
    6.  Pre-download the AP images.  
    7.  Move the APs from WLC1 to WLC2. 
    8.  Once the APs have moved to WLC2, reboot WLC1.

  • MSE added to WCS, cannot assign services to controller

    I have a 30 day trial license of WCS and have added my WLC controller and APs.
    I installed the new MSE virtual appliance and added it to the WCS, it shows up fine however I see no services.
    When I SSH to the MSE and do a /etc/init.d/msed status I see that the CAS is up and running!
    However when I try to synchronize services and add mobility services to a controller CAS is greyed out and won't let me check it
    Where should I go from here?

    Hello Pavel,
    I can provide some background for what you've faced - it's on my blog to-do list, but hasn't come out yet to have helped you.
    There was a change in the internals of User-UserGroup relationship handling between XI Release 2 and XI 3.x.
    Previously, the relationship was exposed via the SI_GROUP_MEMBERS property for the UserGroup InfoObject, tied to the Users property in BIPlatform Web Services.
    Now, the SI_GROUP_MEMBERS is read-only, listing all the members, but trying to change the value using getUsers() is ignored.
    New properties (all properties named SI_ENT_* for both User and UserGroup, check the Query Builder for their names) have been defined for User and UserGroup InfoObjects, specifically for Enterprise authentication UserGroups.  This is to separate the handling of Enterprise UserGroups from those created for third-party authentication UserGroups (such as Windows AD user groups), such that you can add/remove memberships only for Enterprise UserGroups.
    The Enterprise SDKs have been modified internally to make this change invisible when migrating from XI Release 2 -> XI 3.x.
    However, since the BIPlatform Web Services work more directly with the InfoObject properties (via the BIAR API), it exposes the SI_ENT_* properties explicitly.
    The gist is that, to affect User-UserGroup memberships, you have to use the getEnt*() methods for either User or UserGroup.
    Sincerely,
    Ted Ueda

  • Cisco controller

    i want to ask about wireless controller 5500  if :
    1- It support roaming between APs ?
    2- It support traffic load balance between APs  ?
     Ex :   two AP   AP1, AP2 with the same SSID and Password connected to wireless controller . the two AP lie at the same area only 10 meter between them so , any users can see both of them  . there are many user connected to the two AP but AP1 handle traffic more than AP2 . if new user come and his location near to AP1 , can controller make him connect to AP2 because it handle less traffic even if power of AP1 more than AP2 .
    Note : i know that controller can force AP to refuse new user depand on Max user i configure but in my case i want controller force APs to refuse user depand on comparison between APs traffic they handle .

    5508 supports client roaming between APs (assuing roaming requirements are met: i.e. same ssid, same security, proper overlapping...etc).
    I think you ask about load balancing feature.
    check this: http://goo.gl/QO9R0L
    HTH
    Amjad

  • WCS vs Controller License Question - 5500 series.

    In the WCS License Center, there are two sets of license options: WCS and Controller. Am I to understand correctly that:
    - WCS License count is how many APs can be monitored by WCS?
    - Controller License count is how many APs can be connected to a WLC?
    Thanks!
    -Robert

    Think of each controller license as independent license. Although you have 2 AP licenses at 25 each you can aggregate 50 access points to the controllers (25 each). This would of course negate full redundancy.
    But you can steer access points incase of failure in the above example.
    Suppose you have 30 access points ( 15ap location 1 and 15ap location 2). You are over 5 access points over for full redundancy.
    Suppose location 1 is a higher priority then location 2 and you want to make sure you have all the aps up at location 1. You can add a priority to the access points at location 1 so they connect to the controller before aps at location 2.
    Just an fyi

  • APs and Controllers clock synchronization

    I have telneted to 2 APs joined to the same controller.
    sh logging command shows each AP has a differente time which is different from controller time.
    The difference is about 2 hours.
    controller is syncronized with system's ntp.
    date is correct for controller and APs.
    How can I set AP clock?

    Hi,
    AP always in UTC time zone & you cannot set it any further.
    Leave it as it is.
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Still having issues with AP primary/secondary controller option

    Customer has two primary controllers each in HA SSO, each using v7.6.130.0, FUS 1.9.0.0; the AP population is a mixture of mostly 3502, 3602 and 1142.   Both WLC's management interfaces are in the same vlan and the mobility communication is up.  AP fallback is enabled on both WLC.
    Over the weekend the upgrade to 7.6.130.0 was completed and the first AP tested with primary controller defined worked on the first attempt.  Every successive reboot of the AP always worked. This did not work previously when the WLC was on v7.6.100.0.
    L2 client roaming between APs joined to different controllers also worked great.
    While the roaming test was being carried out, a few APs not involved with the testing migrated over to the new controller.  This wouldn't be a problem but there are about 15 APs that must reside only one controller.  As luck would have it, 5 of the APs which migrated to the new controller are APs which must stay on the other controller.  Setting their primary controller had no affect.  Each time these 5 APs were reset they ignored the primary controller setting and joined the new controller.  These were 4 1142 and 1 3502.
    What am I missing?  I have checked and double checked the configuration, read and reread the documentation.  I am working as a contractor and this is starting to look very bad for me if this problem can not be solved.
    Thank you for your assistance.

    I would like to follow up and share the resolution to this problem.
    After upgrading to 7.6.130.0 and finally determining that one of the test APs was actually bad, we were able to move forward.  Since removing the bad AP from the test, we now have the ability to direct APs to a specific controller at will.
    In the testing, we found that using just the system name worked in all test cases. This was confusing since using the FQDN worked for some APs but not all.  This issue is why I started this discussion.  Nobody homed in on that detail, so I hope this will help someone in the future.
    Both the primary controllers are in the same management vlan, we only used the system name.
    Good luck to all!

  • Upgrade WLC and APs

    Hi,
    We have 3 WLCs (AIR-WLC4402-50-K9) running 6.0.196.0 code.
    There are ~55 APs shared among WLC1 and WLC2. WLC3 act as global backup for WLC1 and WLC2.
    APs on WLC1 are configured WLC1 as primary and WLC3 as secondary controller.
    APs on WLC2 are configured WLC2 as primary and WLC3 as secondary controller.
    Since we are planning to deploy few 3502 APs therefore we need to upgrade the WLCs to code 7.x
    I was planning the following:
    1. upgrade WLC3 first and use the new code as backup image first and the existing one as primary
    2. upgrade WLC2 in the same way as WLC3
    3. predownload the new code to the APs associated with WLC2 and swap the image to use the existing one as primary and the new one as backup
    4. upgrade WLC1 in the same way as WLC3
    5. predownload the new code to the APs associated with WLC1 and swap the image to use the existing one as primary and the new one as backup
    So far if either the WLC or AP restart for some reason come back with the original image.
    6. Change primary image to 7.x on WLC3 and reboot > WLC3 comes up with new image
    7. swap image for APs registered with WLC2 and Change primary image on WLC2 to 7.x
    8. Reboot APs with WLC2 and WLC2 as well > APs boot up with new image and go to WLC3 if WLC2 is not up yet or back to WLC2 itself
    9. Check if APs are on WLC3 if so reboot APs again to go back to WLC2
    9. Repeat step 7 for WLC1 >  APs boot up with new image and go to WLC3 if WLC1 is not up yet
    10. Check if APs are on WLC3 if so reboot APs again to go back to WLC1
    Is the above mentioned process sufficient or do somebody know a better/shorter one?
    Do anyone have some experience with such excercise?
    Thanks,
    Krisztian

    Hi Ven,
    OK thanks for the answer.
    However I would need sort of confirmation on the entire process .
    Suppose WLC1 and WLC2 are the primary and WLC3 is the backup controller for both WLC1 and WLC2. WLC3 has no APs associted with it.
    What I was planning:
    1. Load the new code to the backup WLC3 and swap image to use the existing image (6.x) as primary and the new code (7.x) as failover. Reload controller?
    2. Move the APs to backup controller WLC3 (in such a way you mentioned) and predownload backup image (7.x) (which is in fact going to be the new code eventually)
    3. Upgrade the primary controller WLC1 and use the new code (7.x) as primary image. Reboot controller. WLC1 comes up with new code (7.x).
    4. Swap the image on APs to use the new code (7.x) as primary and change the primary controller to the original one WLC1. Reboot APs.
    5. Move APs from WLC2 to WLC3 like did for WLC1. APs and WLC3 still runs old code (6.x).
    6. Predownload backup code to APs.
    7. Do step 3. for WLC2.
    8. Do step 4. for WLC2.
    9. Swap image on WLC3 to use 7.x as primary and 6.x as failover. Reboot WLC3. WLC3 comes up with new code.
    10. Relax have some beer and enjoy
    Is the above described the correct way?
    Thanks,
    Krisztian

  • Drawbacks of using 4 APs to contain a rogue AP

    What are the benefits/drawbacks of using 4 controller-based APs to contain a rogue AP vs using just one. If I understand it correctly a single AP can never be set to contain more than 3 rogues, and will never use more than 30% of its resources to do so. Also, you can set a maximum of 4 APs on "containment duty" against one rogue. I also believe that containment involves sending spoofed messages to the wireless clients which requires your APs to be within range of all the rogue clients.
    So.. what do you guys think? Let me know if my conclusions regarding the process are incorrect!
    Thanks!

    If you actually try this in the lab with a client set to do a continuous ping, you will see that containing with only one AP will still allow clients to connect. The plan here, as it was designed by Airespace, was to only contain radios that you KNOW are a threat. APs on your own wired network were detected by RF and then verified to be on the wired network with a protocol called RLDP. Once an AP was discovered via RLDP, the rogue was automatically contained by a 4 AP containment if 4 APs heard the rogue. An alert was then sent to the administrator and the rogue was mapped for location so that it could be collected. Containing APs that were neighboring was disuaded because of the FCC "Good Neighbor" policy. You needed to make sure the AP was an actual threat to the security of your network before taking action. This became Cisco's policy on all rogue devices and they disabled RLDP from the system. Now if you do a contain you see the Legal Disclaimer that Cisco has put into place. A 4 AP containment will use some resources of your APs but it should not be a long term fix. You should go and deal with the rogue device personally once it is contained and mapped. After dealing with it, set the appropriate rogue state and remove containment.

Maybe you are looking for

  • In which case we use FBRA (Reset Cleared Item)

    Hi, Hello experts i am very confused about this transaction can any budy please make me cleare that In which case we use FBRA (Reset Cleared Item). Quick reply will be really very helpfull . Thanks In advance.

  • Converting Catalog from Photoshop Album 2 to P. Elements 4 or 9

    When converting the catalog from Photoshop Album 2.0  PE Versions 4.0 or 9.0, I get 43% through the conversion and then an error message pops up saying the file is corrupt and to repir first in the original version. I have looked up other forums whic

  • A sales document type to all sales areas

    Is there a short cut to assign a sales document type to all sales areas (not to assign a sales document with a process of assignment one by one - I need to find out a solution for a single assignment for all sales areas)? Thanks in advance.

  • Design Crystal Report in VS2012

    Hello Everybody..!!! I need your help.. i want to provide resume printing facility in my web application using crystal report.. so how can i design crystal report in resume format??? I saw many example but it only shows output in table format but i w

  • OC4J and J2EE

    What is the difference between "Sun J2EE" and OC4J ? In my knowledge both "Sun J2EE" and OC4J provides environment for Java Applications then why we need OC4J.