In WLC 5508 HA Issue with Russia IOS Image

Hi,
I have two 5508 WLC IOS code 7.6.120.0 in the both wlc I am having the same code. But in the one wlc i am having Russia image as below mention...
Cisco Unified Wireless Network Software Release 7.6 for Cisco 5500 Series Wireless LAN Controllers with Licensed Payload Encryption.Only Recommended for Russia Where Data DTLS Payload Encryption is Regulated by the Government. AIR-CT5500-LDPE-K9-7-6-120-0.aes & in the 2nd wlc Cisco Unified Wireless Network Software Release 7.6 for Cisco 5500 Series Wireless LAN Controllers. 
AIR-CT5500-K9-7-6-120-0.aes. In this case can I configure HA one like as primary & 2nd wlc as standby mode use the same license in the both wlc. I bye it two separately box before 2 years.
IOS code will be the same but image is change. It's possible for HA. When I buy it that time both wlc ios code is 7.0.X.X & 7.5.X.X.
If possible then how can do for the same. or it's not possible. I am try to convert as normal ios code but it's not accepted. Only upgrade with Russia ios code. 
Help me out please.....
Thanks & Regards,
Rahul Wankhade 

HI Rahul,
Yes you can configure WLC as HA.
*** Diff of images:
–Licensed DTLS— AS_5500_LDPE_x_x_x_x.aes
–Non licensed DTLS— AS_5500_x_x_x_x.aes
HA Config:
1. Either you must have enough AP licencse on both.
http://rscciew.wordpress.com/2014/01/22/ap-failover/
2. Or you must have 2nd wlc with minimium 50AP licence to convert it to HA SKU.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html
Regards
Dont forget to rate helpful posts

Similar Messages

  • WLC 5508 series issues with APs

    Hi  All,
    we recently upgrade our WLC to a new hardware 5508 running 7.6.120.0 and we seem to notice 
    now and then users ring up and complain that they can not connect to the APs most are AIR-CAP3502I-N-K9 or AIR-LAP1242AG-N-K9
    We can see the APs in the controller and can not see anything wrong.
    We reboot the APs and it fix the problems.
    Just wondering if anybody experience the same issues with this IOS & hardware ???
    Any feedback is much appreciated
    Thanks
    qle

    Cisco has issued a "deferred notice" for 7.6.120.X.  Cisco openly recommends everyone to use the newer code, 7.6.130.X.  
    If you "read between the lines", Cisco is saying everyone needs to AVOID 7.6.120.X.

  • System Image Utility - Issues with making bootable images

    During the image creation process for a Netboot, the System Image Utility reports an error. I've included the log file (everything before the removal of the bad image below).
    ------------Begin Log File --------------
    2006-06-02 13:19:25 -0400 Initiating user authentication
    2006-06-02 13:19:28 -0400 Image creation in progress
    2006-06-02 13:19:28 -0400 Starting image creation
    newfs_hfs:
    2006-06-02 14:10:30 -0400 b=400: bitmap clump size is too small
    --------------End Log File--------------------
    I have no issue creating images from restore disk sets (that shipped with machines) or retail masters of various OS's. This issue seems to be related to the particular drives I am trying to create images from.
    The drives that give me this error are hardwarily OK and the software works great. I can boot from these drives and have no issues with the machines imaged from them after the fact. I just want to Netboot off of these so I don't have to lug a million drives around...
    Any clue?

    i know that was the case in Leopard and Snow Leopard but i just mounted a leopard image to create a new netrestore on my lion server.  i was not able to boot any of my images created on Leopard or SL when running Lion Server.  I assume i need to recreate the images on Lion.  Right now my Lion server is using a leopard image as the source to create a netrestore i can push on the Lion server.

  • WLC 5508 authorization issue

    Hello,
    I have an issue with two wlc 5508 in the same mobility group. We use TACACS to authenticate admins, with maximum privileges.
    When I want to configure cleanair, or some security functions (such as ACL, or password policies), I have an error message saying that my privileges are not enough.
    When I use local account, it works well.
    At the begining, I thought it was a TACACS issue, but I have the same problem with WCS and SNMP. Cleanair doesn't appears in config menu, and I have an error message for security function.
    Do you have any idea ?
    Thanks for your help.
    FW : 7.0.116.0

    Show sysinfo results :
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.0.116.0
    Bootloader Version............................... 1.0.1
    Field Recovery Image Version..................... 6.0.182.0
    Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
    Build Type....................................... DATA + WPS

  • WLC 5508 tunneling issue

    Hi,
    I have a WLC 5508 connected in a hub and spoke topology. The WLC is located at the hub which is the main office. In one of the remote spoke locations I have five Access Points that are connected to the local LAN and the model for the APs is AIR-CAP3602I-E-K9. The APs are all connected to access ports on the switch in vlan 1. I have two WLAN configured on the controller. I have two interfaces configured on the controller. The management and the guest interface. WLAN 1 is associated with the management interface. In the WLAN 1 advanced setting the flex local switching option is enabled. WLAN 2 is associated with the guest interface and this interface is tunneling vlan 248 the guest vlan. The problem I am having is that the devices can not communicate with each other if they are connected to the wireless connection WLAN 2 which is the tunneled vlan.
    Example: The client would like to be able to connect his ipad to the apple tv for presentation. If I connect both devices to the WLAN 1 which is using flex local switching option they can communicate with no problem, but if the devices are connected to WLAN 2 the guest vlan they can't communicate with each other. Is it possible to get this to also work on WLAN 2 ?
    Note: Both WLAN types are WLAN and P2P Blocking Action is set to default (disabled).
    Does any one have any ideas what could be causing my issue?
    Thanks in advance for your help,

    Well since your talking about Apple TV, you need to look at this reference guide for Apple's bonjour. This will explain how to get it to work and the limitation when an AP is in local or FlexConnect mode. The bonjour just doesn't work as people think it should because they can get it to work with a linksys AP.
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml
    Sent from Cisco Technical Support iPhone App

  • WLC 5508 802.1x with AES

    Hi,
    We have a staff WLAN on Cisco WLC 5508. We use 802.1x with TKIP with authentication from RADIUS server. We deployed new 802.11n APs but on staff WLAN we cannot enable 802.11n because of the TKIP encryption. Can we just simply change the encryption without changing any other configuration to support 802.11n data rates?

    On your WLAN you can enable AES and TKIP. Just know that some clients mau have issue when they see both TKIP and AES. Ive had pretty good success with this in the past. Dont forget, you also need to enable WMM allowed to get N rates.
    But you will need to configure AES on the client as well to support N rates.
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • WLC 5508 Switchover Issue

    Hi There,
       Our issue is about a WLC 5508 conected to a HP Switch L3 model HP7500 using link-aggregation. Sometimes the controller change to the secondary box and log the error message: Switchover Reason = Default gateway is not reachable, Switchover Time 
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.6.120.0
    Bootloader Version............................... 1.0.1
    Field Recovery Image Version..................... 6.0.182.0
    Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
    Build Type....................................... DATA + WPS
    management                       LAG  untagged x.y.z.a    Static  Yes    No
    redundancy-management            LAG  untagged x,y.z.b     Static  No     No
    redundancy-port                  -    untagged 169.254.0.12    Static  No     No
    (Cisco Controller) >show redundancy summary
                Redundancy Mode = SSO ENABLED
                    Local State = ACTIVE
                     Peer State = STANDBY HOT
                           Unit = Primary
                        Unit ID = 6C:41:6A:5F:75:00
               Redundancy State = SSO (Both AP and Client SSO)
                   Mobility MAC = 6C:41:6A:5F:75:00
    Average Redundancy Peer Reachability Latency = 488 usecs
    Average Management Gateway Reachability Latency = 748 usecs
    Redundancy Management IP Address................. x.y.z.a
    Peer Redundancy Management IP Address............ x.y.z.b
    Redundancy Port IP Address....................... 169.254.0.12
    Peer Redundancy Port IP Address.................. 169.254.0.13
    Peer Service Port IP Address..................... 0.0.0.0
    Switchover History[1]:
    Previous Active = 10.140.0.13, Current Active = x.y.z.a
    Switchover Reason = Default gateway is not reachable, Switchover Time = Tue Aug 19 05:32:44 2014
    Any idea what´s the problem could be?  We check alllan environment spanning-tree, vlan, routing, no physical issues.
    My best regards
    Adriano Porcaro

    Show sysinfo results :
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.0.116.0
    Bootloader Version............................... 1.0.1
    Field Recovery Image Version..................... 6.0.182.0
    Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
    Build Type....................................... DATA + WPS

  • Having issues with upgrade ios 7

    Having issues with ios 7 upgrade.  It started the upgarde then gave me an error message halfway through the upgrade process.  Is this a service provider issue or an apple issue?

    Categories on this community
    Mac OS8 (602)Mac OS9 (6,432)System 7 (579)
    You will do better on the iPhone one.
    https://discussions.apple.com/community/iphone

  • WLC 5508 not communicating with ACS 4.2

    Hi,
    Strange one here, I have setup a WLAN with PEAP user authentication through ACS to the Windows database. My clients cannot connect to the WLAN.
    From the logs, I can see no activity on the Radius server stats (as seen from the controller) and no failed login attempts on the ACS itself. The ACS/Radius is setup correctly on the controller and the controller can ping the ACS, but they just don't seem to be talking???
    I have used this setup before, but the only difference is that the controller is a 5508 (done this with 4400's in the past) and the ACS is running on VMWare (Never done this before).
    If I change the security to WPA2 PSK it works fine.
    I want to use PEAP for user authentication. NOT Machine auth. I have a certificate installed on the ACS and it is in the trust list of the client PC.
    Any help appreciated!
    Dan

    Noble,
    Here are a few links...
    http://www.cisco.com/en/US/docs/wireless/controller/6.0/configuration/guide/c60sol.html
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml
    If you find this helpful, please rate the post!
    Thanks

  • HTML issue with Safari iOS

    I have a personal web page that works great with Mac OS X Safari or Firefox but work correct with the iOS version of Safari. In the regular version when I click on a link to a picture, the picture displays until closed then goes back to the listing on the web page.  The iOS version of Safari opens the picture but never goes back the web page to get the next picture.  I use html statements like
    You know your getting old when you get this <A HREF="xxx.jpeg"target="_blank">Bumper Sticker</a> from the insurance company.</a>
    How can I get the iOS version of Safari to understand this statement?

    > Shouldn't you have a space between the href and target attributes?
    I just did a double check and  the only space I see is between the "A" and  the "HREF=...."

  • Issue with color profile image processing

    Their seems to an issue with the iPhone displaying an image which has a Color profile of: Generic HDR Profile. The image appears very dark and nearly unviewable. This has been frustrating to trouble shoot becasue the image will display correctly on the computer, but when it is viewed on the iPhone it looks completely different. When images have other color profiles such as sRGB the images will look the same on both platforms. When an image has a Generic HDR color profile it will not display correctly on the iPhone. 
    Anyone else come across this problem?

    When PSE gets weird, the first thing to do is to reset the preferences. Go to the editor preferences>general, click this button and restart the editor:

  • Hello Experts, i have issue with mime repository image with different languages ?

    Good day !
    I was facing the issue with images : we  are creating the images by using CSS tool  to generate a button. that image type is .png , this images we are importing into webdyunpro component as a mime object.
    These images are binided into button image source property. And i am writing the code for calling this button (this is uniq code for all languages).
    But all langaues are working fine for spanish(ES) langage only it was not displaying the image. it is displyind cross mark.
    Naming standard i ma mainintg for mime object name : Export_ES.png.(spanish).
    Please can any one help me on this .
    Regards,
    Venu

    Hi Kiran,
    Thanks for your Promt reply.
    1. i am creating different images for different languages.
      ex : english : Export_EN.png
             Spanish : Export_ES.png
    Code will be : here i am creating attribute and bing that attribute to button image source.
    me ->get_button_img
        EXPORTING
          im_button_id    = 'Export'
          im_button_value = 'IMG_EXPORT'
          im_type         = '.png'
        CHANGING
          ch_context_ele  = lo_el_images.
    'IMG_EXPORT' : attribute name
    method : get_button_img
       DATA: lv_img_name TYPE string,
            lv_lang     TYPE string.
    *        lv_jpg(4)   TYPE c VALUE '.jpg'.
      lv_lang  =  sy-langu .
      CALL FUNCTION 'CONVERSION_EXIT_ISOLA_OUTPUT'
        EXPORTING
          input  = lv_lang
        IMPORTING
          output = lv_lang.
      CONCATENATE im_button_id  '_' lv_lang IM_TYPE INTO lv_img_name.
      CALL METHOD CH_CONTEXT_ELE->set_attribute
        EXPORTING
          value = lv_img_name
          name  = im_button_value.
    here lv_img_name : Export_ES.png.
    But its not working.
    thank you

  • Issues with regard to images in mailforms the interaction center

    Hi experts,
    I'm having issues with the mailforms created in the manager IC role in CRM. When creating mailforms I want to add the logo of our company to the message. Therefore we use the 'insert image' icon. Till that point everything seems fine. However, when this mailform is used receivers receive a red cross where the picture was placed instead of the attached picture.
    Thanks in advance,
    Paul

    Hi Sigrid, thanks for your respons!
    In my situation the problem is more related to outbound mails. Creating a mailform in the IC manager part of the IC (including an image) goes well, the picture I add in the bottom part (by clicking the insert image icon) of the mail is viewed correctly. When IC email agents open the mailform to use it as a standard reply, they also see the view including the picture. However, the receipants of our mails get a red cross instead of the picture that was added. Do you have an idea how this can be solved?
    Best regards,
    Paul

  • IOS Calendar Synch Issue with Google - iOS 8.1.3

    I upgraded to iOS 8.1.3 a few days ago, and since then, am finding that my iPhone is not synching properly with changes to my Google calendar made on other devices. Opening iOS calendar presents me with the spinning wheel for several minutes. To rectify the problem, I have to reboot or shut down the device entirely. When it comes back on, everything works fine.
    If this happened just once, I would have chocked it up to an anomaly. However, the behavior I described just happened for the second time in three days. First time was on LTE and this morning while my device was on my home FiOS WiFi.
    Nothing else appears awry, and upon reboot via a "soft" shut-down or hard reboot, calendar functions return to normal.
    Appreciate some input ....
    Many thanks.
    - David

    I Found if I do a soft reset it triggers my phone to start working though it lasts for 20-30 minutes and resorts back to issue again. I've also noticed AirPlay no longer functions properly which I realized after I updated my iPad to 8.1.3 which I regularly used for AirPlay so I tried it on my iPhone and it didn't work as well I tried it on my wife's iPhone and hers no longer works either. Wow! Disappointed to say the least. I know I can't be the only one frustrated with these 8+ updates as I've read it seems to be ongoing with thousands of others reporting online. It's not just the hard earned money spent on Apple products though when life becomes dependent upon using the products it seriously interfere with use

  • Config RADIUS on WLC 5508 - Problems comunication with NPS Server

    Hi,
    I'm facing some problems when configuring RADIUS auth with a NPS Windows Server.
    My WLAN interface is in a different vlan than the management interface, is that a problem?
    I want this wlan to be on a different vlan from the management. When i use wlan interface in the same vlan the RADIUS works without problems. But in different vlans is not working.
    The NPS server as 2 NICs, 1 for the wireless vlan, and another for the management vlan.
    the logs from the WLC shows this, but i have difficulties interpreting all this data:
    *apfMsConnTask_0: Dec 29 12:49:14.636: Association request from the P2P Client Process P2P Ie and Upadte CB
    *apfMsConnTask_5: Dec 29 12:49:36.607: 3c:c2:43:94:3e:bc Adding mobile on LWAPP AP d4:d7:48:45:fb:20(0)
    *apfMsConnTask_5: Dec 29 12:49:36.607: 3c:c2:43:94:3e:bc Association received from mobile on AP d4:d7:48:45:fb:20
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Applying site-specific Local Bridging override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Applying Local Bridging Interface Policy for station 3c:c2:43:94:3e:bc - vlan 900, interface id 16, interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Applying site-specific override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc processSsidIE  statusCode is 0 and status is 0
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc processSsidIE  ssid_done_flag is 0 finish_flag is 0
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc STA - rates (8): 130 132 139 12 18 150 24 36 0 0 0 0 0 0 0 0
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc suppRates  statusCode is 0 and gotSuppRatesElement is 1
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Processing RSN IE type 48, length 20 for mobile 3c:c2:43:94:3e:bc
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Received RSN IE with 0 PMKIDs from mobile 3c:c2:43:94:3e:bc
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Setting active key cache index 8 ---> 8
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc unsetting PmkIdValidatedByAp
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Initializing policy
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) DHCP required on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8for this client
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8 flex-acl-name:
    *apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc apfMsAssoStateInc
    *apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc apfPemAddUser2 (apf_policy.c:270) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Idle to Associated
    *apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc Stopping deletion of Mobile Station: (callerId: 48)
    *apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc Sending Assoc Response to station on BSSID d4:d7:48:45:fb:20 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc apfProcessAssocReq (apf_80211.c:6309) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Associated to Associated
    *dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc Station 3c:c2:43:94:3e:bc setting dot1x reauth timeout = 0
    *dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc Stopping reauth timeout for 3c:c2:43:94:3e:bc
    *dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
    *dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 1)
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.684: 3c:c2:43:94:3e:bc Received EAPOL START from mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.684: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.684: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 2)
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc Received EAPOL EAPPKT from mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc Received Identity Response (count=2) from mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc EAP State update from Connecting to Authenticating for mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Authenticating state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc Entering Backend Auth Response state for mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.794: 3c:c2:43:94:3e:bc Received EAPOL START from mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.794: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Aborting state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 4)
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Reached Max EAP-Identity Request retries (3) for STA 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Sent Deauthenticate to mobile on BSSID d4:d7:48:45:fb:20 slot 0(caller 1x_auth_pae.c:3165)
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Scheduling deletion of Mobile Station:  (callerId: 6) in 10 seconds
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Disconnected state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Not sending EAP-Failure for STA 3c:c2:43:94:3e:bc
    *apfMsConnTask_5: Dec 29 12:49:55.518: 3c:c2:43:94:3e:bc Association received from mobile on AP d4:d7:48:45:fb:20
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Applying site-specific Local Bridging override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Applying Local Bridging Interface Policy for station 3c:c2:43:94:3e:bc - vlan 900, interface id 16, interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Applying site-specific override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc processSsidIE  statusCode is 0 and status is 0
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc processSsidIE  ssid_done_flag is 0 finish_flag is 0
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc STA - rates (8): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc suppRates  statusCode is 0 and gotSuppRatesElement is 1
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Processing RSN IE type 48, length 20 for mobile 3c:c2:43:94:3e:bc
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Received RSN IE with 0 PMKIDs from mobile 3c:c2:43:94:3e:bc
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Setting active key cache index 8 ---> 8
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc unsetting PmkIdValidatedByAp
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) DHCP required on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8for this client
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8 flex-acl-name:
    *apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc apfPemAddUser2 (apf_policy.c:270) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Associated to Associated
    *apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc Stopping deletion of Mobile Station: (callerId: 48)
    *apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc Sending Assoc Response to station on BSSID d4:d7:48:45:fb:20 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc apfProcessAssocReq (apf_80211.c:6309) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Associated to Associated
    *dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc Station 3c:c2:43:94:3e:bc setting dot1x reauth timeout = 0
    *dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc Stopping reauth timeout for 3c:c2:43:94:3e:bc
    *dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
    *dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 1)
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:55.592: 3c:c2:43:94:3e:bc Received EAPOL START from mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:55.592: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:55.592: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 2)

    yes, I thought of that. But if i use a simple password authentication on the wireless, i can reach the server with the same subnet interface. But i don't want to allow this subnet to acess the management subnet of the wireless controller.
    One question i have is: The WLC uses whitch subnet on radius? Uses the subnet of the wireless interface or uses always the management interface?
    Could you help me understand how the radius auth works with this wireless controller? Did you see anything strange in the logs that I posted above? It seems to run ok until:
    dot1x - moving mobile 3c:c2:43:94:3e:bc into Authenticating state
    Entering Backend Auth Response state for mobile 3c:c2:43:94:3e:bc
    Received EAPOL START from mobile 3c:c2:43:94:3e:bc
    dot1x - moving mobile 3c:c2:43:94:3e:bc into Aborting state
    I also note this: "Applying Local Bridging Interface Policy for station "
    What does this means?

Maybe you are looking for