Dedicated vlan for WLC

Similar Messages

• VLAN for WLC interface (ISE Policies Based on SSID)

  I have ISE 1.1 and WLC 2504
  I used this link http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bed902.shtml
  But I am confuse on the WLC configuration
  If I have only one ESSID for corporate user(and many DATA vlan because each AD group is assosiated to one specific  VLAN)
  I have already created Management interface associated with management Vlan
  Wich interface interface should I associate on the corparate WAN ( WLAN  -->General --->Interface/interface group)  ?
  Should I create another interface ? wich Vlan ID should I associate to this interface
  or should I use Management  interface
  Please advise

  check the following links , they are very helpful:
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808c9bd1.shtml
  http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bc8129.shtml
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
  Please make sure to rate correct answers

• Is it possible to use management Vlan as FT Vlan for ACE4710?

  Is it allowed to configure ACE4710 management vlan as a FT vlan between two appliances? If allowed, what's the consequence of not using a dedicated FT Vlan?
  Thanks a lot

  You should not have any other traffic on the dedicated FT vlan.
  This is from the docs.
  Note Do not use this dedicated VLAN for any other network traffic, including HSRP and data
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/administration/guide/redundcy.html#wp999787
  Having any other traffic on this vlan could cause a problem with FT heart beats being dropped, and both ACE could become active. Definitely use a dedicated FT Vlan.
  Regards
  Jim

• Different VLAN for AP and WLC

  I have a problem when I rebulid my client's wireless network
  My client's AP is using static IP address on AP1131AG in VLAN 50, but the controller is at VLAN 100
  A DHCP with option 43 and 60 is running on core switch, that's meaning if the AP is no IP setting that will work fine with on DHCP with option 43 and 60, this point I understood.
  But in the AP which using static IP address, there has no DNS / WLC IP address setting can be found on the it, why the AP can associate to the controller without DNS / WLC IP address? I checked the configuration many times but no luck, hope someone can explain this to me, thanks a lot!

  Thanks for your reply, i am asking why is it working......
  As all APs have associated to the controller at the moment, I don't know why it's work on day one, as no broadcast forwarding setting on the corss VLAN L3 switch, and the DNS is no CAPWAP / LWAPP entry for WLC, so it's a big question mark to me, how the AP which running static IP is work fine even I shut it down for 10 hours and bring it back.
  As you said, once the AP is joined the WLC, the AP won't to proceed the discovery, then....
  Where is the WLC IP address stored in the AP? I used show run command but cannot found any ascii or hex value for WLC IP address
  If I need to add a new AP in this enviroment, am i need to configura a static IP address and enable the boardcast forwarding on the L3 switch? But in case I enabled the boardcast forwarding, how's the AP in VLAN 50 can communicate with VLAN 100 through CAPWAP and join the WLC? and how is the AP can find the WLC IP address with no DNS IP configured in the APs.
  I think the guys who setup this enviroment was enabled the boardcast forwarding, but disabled it after all of the APs joined the WLC, is it possible? I am looking forward for your reply, thanks!

• Setting up a Test Voice VLAN for Lync 2013

  I want to set up a second voice vlan to be a test vlan.
  In the current situation the customer has voice and data running on  vlan1. The customer insist on taking incremental steps to improve QoS. I have advocated separated vlans for voice and data. They just want to move everything (phase 1) to a different
  vlan. They want to see how getting all traffic of vlan 1 will improve there performance. Again, I recommended the best practice, they want to try this approach first.
  I am conducting a pilot test with just one cx600 IP phone. and a single switchport. I created a new vlan99 using VTP.  I configured the switchports on the Cisco 2960-x switch as follows.
  #switchport mode access
  #switchport access vlan 99
  The phone gets its correct vlan id, and pulls its IP from the correct dhcp scope. However the phone displays "connecting with the lync server" for a long time, then "connecting to download its certificates". This takes a long time then fails.
  If I change the switchport back to vlan1 it works fine. What can be the problem? Does the vlan99 need to be defined on the lync server? How many vlans can be supported by Lync 2013?
  Thank you,
  gigiu

  Did you set the VLAN Configuration for Lync Phone Edition?
  You can check the following links:
  http://blog.schertz.name/2011/01/manual-vlan-configuration-for-lync-phone-edition/
  http://www.bricomp.com/blogs/post.cfm/dedicated-voice-vlan-for-lync-devices
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please
  make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Lisa Zheng
  TechNet Community Support

• Separate VLAN for CAPWAP

  Hello,
  I'm in the process of deploying a WLC2504 in an eviroment  which requires a private VLAN for access to file servers and other network resources, as well as a guest network for internet access. 
  As far as performance is concerned, will I get acceptable throughput on my WLANs with the CAPWAP tunnel flowing over the same subnet as the private network? I've seen some suggestions that recommend a separate VLAN dedicated to CAPWAP, but I don't know if this is just a suggestion for security. I understand that CAPWAP supports encryption of control messages, but not data transmissions without additional licensing. If this is just a suggestion for security, I don't think this is much of a concern. I don't see anyone on the private network intercepting guest transmissions. Could someone please advise me on this?

  Thanks for your clarification guys! I'm in the process of installing my fist CUWN. We are implementing 10 APs and have dealt with a few issues, namely throughput for laptops. I knew other factors could definitely come into play, but I wanted to rule topology out. Laptops are currently pulling very low internet speed tests results, whereas mobile devices seem to fare much better. I've tried testing with mostly 2.4 GHz connections from laptops, but even the 5GHz seem to struggle. I'm working with the Cisco TAC a bit on this one. Per their suggestion, I'm going to run Iperf to test internal performance before I involve network firewalls and Internet connectivity in the mix. 

• Dedicated VLAN ID's on trunk ports

  I was reading the SAFE:Security Blueprint for Enterprise Networks. This document addresses in its "Switches are targets" section on Page 6 that "Always use a dedicated VLAN ID for all trunk ports"...
  I am trying to understand this concept fully.
  If I consider my trunk ports, most are physical fiber "links" that interconnect the switches. Some trunk links connect Distribution L to Access L; some Distribution to Core.
  Where do I put the VLAN ID on thes?? Should I translate this to mean that on Gig0/0 on SW.1 i place this interface in VLAN 23 and on the switch on the other end of the link I also place the Gig0/0 in VLAN 23 as well??
  Also I am not sure why this helps secure the switch. Can someone pls assist. I am grateful.

  Hi,
  This is not actually the VLAN pruning.This is just specifically allowing some vlans on the trunk ports and removing other unwanted vlans.
  Prunning works in a diff way and it will save the bandwidth on the trunk links by prunning the unwanted broadcast on the trunks for a particular vlan if no host is active on that vlan on a particular switch. I.e If you dont have any active host on a vlan on a particular switch and if there is a broadcast on that vlan which will come over the trunk so if no host is active that broadcast is prunned on the trunk where no host is active on the switch.
  HTH,
  -amit singh

• Using MS SQL Server 2000 for WLCS 3.50 DB

  I'm using WebLogic 6.0sp1 with Commerce Server 3.5 and I've successfully
  installed the demo. I would like to create another commerce server
  installation, this time using Microsoft SQL Server 2000 as the database
  instead of Cloudscape. I've downloaded and installed the BEA jDriver
  for MS SQL 7/2000 and tested it using dbping. My question is: where are
  the db scripts for creating and populating the commerce database? I've
  found the WLCS_320_DB_DDL_1.1.zip file on the BEA downloads site, but
  I'm concerned that this schema is for Version 3.20 of Commerce Server.
  Is there a similar file for WLCS 3.50? If not, is it safe to use this
  one?
  If this is posted in the wrong place, please let me know and I'll repost
  to the appropriate newsgroup as required.
  Sincerely,
  Michael Schulz

  Hi Michael,
  At this time SQL Server 2000 is not certified for WLCS 3.5. Since the
  schema has changed between 3.2 and 3.5, running the 3.2 scripts is not a
  good idea.
  I can tell you that certification is in progress for SQL Server 2000. Your
  best bet is to contact your Sales Representative to get an idea of when
  certification might be coming.
  I hope this helps.
  - Ginny
  "Michael Schulz" <[email protected]> wrote in message
  news:[email protected]..
  I'm using WebLogic 6.0sp1 with Commerce Server 3.5 and I've successfully
  installed the demo. I would like to create another commerce server
  installation, this time using Microsoft SQL Server 2000 as the database
  instead of Cloudscape. I've downloaded and installed the BEA jDriver
  for MS SQL 7/2000 and tested it using dbping. My question is: where are
  the db scripts for creating and populating the commerce database? I've
  found the WLCS_320_DB_DDL_1.1.zip file on the BEA downloads site, but
  I'm concerned that this schema is for Version 3.20 of Commerce Server.
  Is there a similar file for WLCS 3.50? If not, is it safe to use this
  one?
  If this is posted in the wrong place, please let me know and I'll repost
  to the appropriate newsgroup as required.
  Sincerely,
  Michael Schulz

• Dedicated network for AlwaysON replication traffic when a replica is a Failover Cluster Instance

  Hi,
      We are planning to setup dedicated network for our Availability Group replication traffic. We have a Failover Cluster Instance as the primary replica and a standalone SQL server instance as the secondary. 
      I understand that we will need to manually configure the database mirroring endpoints on both the replicas to listen on the specific IP. 
     But how do I configure the database mirroring endpoint on the Failover Cluster Instance ?
  Please help.
  Thanks and Regards,
  Jisha

  If you have a dedicated network for your Availability Group replication traffic between the FCI and the standalone instance, you need to identify if there will be other network services included in the mix. For example, your public network is already using
  it's own DNS server by virtue of Active Directory integration. Your dedicated network for replication traffic may or may not have its own DNS server so configuring the endpoints would involve using either IP addresses like the one highlighted in the
  blog post or using hosts file with fully qualified domain names so you can use them when creating the endpoints
  Edwin Sarmiento SQL Server MVP | Microsoft Certified Master
  Blog |
  Twitter | LinkedIn
  SQL Server High Availability and Disaster Recover Deep Dive Course

• Dedicated Layers for each Page.

  I would like to see dedicated layers for each page. As it is right now the layers span across every page. If you make a layer on the home page as say "home header" it shows up as a layer on say the contact page, where it is completely useless and can cause confusion and clutter. This is a basic example but often I have multiple layers on one page and only need one or two on a different page and find I'm getting them confused from one page to the next and causing unnecessary clutter and confusion. If each page had dedicated layers for its content then it would be much easier to stay organized and provide a better user experience and more effectiant updating of info for each page.

  Daniel Flavin wrote:
  It's not, and each time (yesterday in fact) I've thought how nifty it would be to use layers in this fashion, I've killed time. Layers are document wide. You're choice is to create a pdf with layers enabled for client reviews, but than I realized they wouldn't understand how to mainipulate layers in Acrobat, and I couldn't formulate less than a one hundred word tutorial.
  It's possible to make buttons in InDesign that show/hide layers (and perform other actions like page navigation, etc.) in PDF documents. No user tutorials would be needed with informative text labels on the buttons.
  HTH
  Regards,
  Peter
  Peter Gold
  KnowHow ProServices

• Change IP address for WLC

  I want to change IP address for WLC in production, should I convert Access Point from LWAP to IOS then convert again to LWAP ?
  Regards,

  Hi Friend,
  The best way is configure your controlelr as primary controller for all APs. You can do so going to wireless tab and then click on each AP detail and configure this controller as primary controller.
  Also if you have WCS you can do the same in one go for all APs and after that even if controller ip address is changed they will stay join to this controller.
  HTH
  Ankur
  *Pls rate all helpfull post

• Generate Certificates for WLC and clients

  Hi Guys
  I've been working acording the following document to integrate my WLC 5508 with LDAP for internal users:
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html
  However when I try to generate the device certificate on Windows Server 2012, I see the steps are different, for example when I reach the step 4 (of Generate a Device Certificate for the WLC section), the CA ask me for a Certificate Signing Request instead of Create and submit request to this CA option, as appears in the document.
  How do I get this? 
  Thanks in advance for your support!
  Marcelo

  Hi,
  If you are trying to get a device certificate for WLC, then you may need to use 3rd party software like openSSL for this.
  Below post may help you to see how you can do this
  http://mrncciew.com/2013/04/22/configuring-eap-tls-on-wlc/
  HTH
  Rasika
  *** Pls rate all useful responses ****

• RV082 - Vlans for guest access

  Hello,
  I have an RV082 router which supports port based VLANs.  I have a WAP that I want to use to provide guest internet access which cannot see our production vlan.  I plugged the WAP into port 8 and set the vlan for port 8 to vlan 2.  Here's the part where I'm confused.  I am unable to get an IP address when connecting to the WAP because our DHCP server is a windows box on vlan 1.  So, I tried using the DHCP relay option and entering the ip address of the windows box DHCP server.  I am still not able to retrieve an IP address when connecting to the WAP.  Someone mentioned setting up an ip helper address.  I connected to the CLI of the RV082 but could not figure out the syntax of how to set up the ip helper address.  Any help with any of this would be much appreciated.  I only have about a week to set this up so I have to figure something out.

  Mr. MacKay,
  Since the RV082 don't support vlan tagging, you could get a layer 3 switch and create the vlans there and setup a dhcp relay to a server for the vlan ip addresses.
  Then it would be just setting up static routes in the switch pointing to the router as the default gateway and finally doing routes back from the rv082 for the vlan you created.
  A quick solution would be get a wireless router and set it up by plugging the wan into your network and setting the lan on a totally different ip address scheme.  Then only allow access to the rv082 on that network and deny the rest of the network access to the guest and vice versa.
  Kind of a work around.
  The quickest fix would be getting a vlan aware router like rvs4000 or the wireless version wrvs4400n and if you need dual wan with vlans and wireless you could go with the sa520w.

• Software version 7.4(100.1) for WLC

  Hi
  Anyone has idea that when Cisco will release software version 7.4(100.1)  for WLC.
  Regards,
  Nomi

  Hi Scott,
  We are hitting by bug CSCud97983 and Cisco says it has been fixed in 7.4(100.1)
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCud97983
  Thanks
  Nomi

• WLAN override option not available for WLC 4402 - 6.0.196.

  Hi All,
  Its kind of weird BUT it seems that the option for WLAN override is missing.u.
  I could find it on the lower version BUT not on the 6.0.196.
  Please help.
  Does this mean I could only set it up via the WCS and not the WLC directly.
  Thank you.
  Warmest Regards,
  Azzafir Ariff Patel.

  Hi Scott,
  Thank you so much for the clarification.
  Thanks again.
  Quoting fella5 :
  azzafir,
  >
  A new message was posted in the Discussion thread "WLAN override
  option not available for WLC 4402 - 6.0.196.":
  >
  https://supportforums.cisco.com/message/3042635#3042635
  >
  Author : Scott Fella
  Email : [email protected]
  Profile : https://supportforums.cisco.com/people/fella5
  >
  Message: