LAP local - frequently disassociated WLC
Hi,
I have a WLC 4402-40 with code 5.0.148.0 with 27 APs.
Two APs are often disassociated from the WLC.
Two APs are the same model of others and all APs are in local LAN.
This is the Time Statistics:
Time Statistics
UP Time
Controller Associated Time
Controller Association Latency
The others APs have the sam Controller Associations Latency.
Is there a log that can give a informations as to why the APs are disassociated?
These two APs I configured the name of the primary WLC.
Regards.
Mirko Severi.
Correct, if you are using a controller setup then H-REAP with local switching is the only way to dump traffic locally to the AP.
Similar Messages
-
Hi all
I'm having an issue with a 1252 LAP that is connected to the WLC over a WAN link.
Basically, it won't associate. The following is taken from a console into the LAP:
*Mar 1 00:00:07.799: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:08.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:26.851: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:27.003: Logging LWAPP message to 255.255.255.255.
%CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
%CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
%DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.148.x.x, mask 255.255.255.0, hostname AP002
2.90a3.533a
Translating "CISCO-LWAPP-CONTROLLER.nation.radix"...domain server (10.x.x.x)
%LWAPP-3-CLIENTEVENTLOG: Controller address 10.x.x.x obtained through DHCP
%LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
%LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.nation.radix
%LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.nation.radix
%LWAPP-5-CHANGED: LWAPP changed state to JOIN
%LWAPP-3-CLIENTERRORLOG: Join Timer: did not recieve join response (controller - Fxxxxxxx)
%LWAPP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain
%SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.
%LWAPP-5-CHANGED: LWAPP changed state to DOWN
IOS Bootloader - Starting system.
Xmodem file system is available.
The ap-manager interface is configured correctly and there isn't a duplicate IP address.
The LAP was initially stand alone and was converted to LWAPP.
The MTU over the WAN link is 1500 bytes.
All I'm getting from the WLC debugs is:
Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx Received LWAPP DISCOVERY REQUEST from AP 00:22:xx:xx:xx:xx to 00:19:xx:xx:xx:xx on port '29'
Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx LWAPP Discovery Request AP Software Version: 0x3003300
Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx Successful transmission of LWAPP Discovery Response to AP 00:22:xx:xx:xx:xx on port 29
So basically the join messages don't seem to reach the WLC. In fact they don't even seem to reach the local router on the remote subnet. The discovery packets are seen on the local router but the joins don't seem to appear at all.
I'm not sure if it's a latency issue. Average latency over the WAN link is under 70ms.
I'm assuming the certificate on the WAP is MIC and the MAC details have been entered into the WLC AP Security policies for authentication. I'm not seeing any debugging messages relating to bad authentication at all.
I can't debug from the LAP as it's LWAPP, obviously.
I've been through many Cisco documents trying to troubleshoot the problem, including this http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml, but can't find a solution.
We're running WLC version 4.2.130.0.
Can anyone help?
Thanks
BrodieI assume you have connected to router's AUX and doing reverse telnet. You should be getting Password: prompt on your LAP's console. Password and Enable are both Cisco. Below is console output from my lab's 1250 LAP after erasing configuration (which can only be initiated from controller). In my case, the vlan is not configured with Option 43 and no proper DNS, so LAP doesn't join the controller.
By the way, your best bet might be to convert this LAP back to IOS and then back to LAP again. Use this method:
http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918
Do you have "Authorize APs against AAA" checked under Security > AP Policies in any of your WLCs ?
Press RETURN to get started!
*Mar 1 00:00:07.099: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:07.619: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar 1 00:00:08.595: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*May 10 23:17:25.199: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*May 10 23:17:26.155: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1250 Software (C1250-K9W8-M), Version 12.4(10b)JDC, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 01-May-09 10:49 by prod_rel_team
*May 10 23:17:26.155: %SNMP-5-COLDSTART: SNMP agent on host ap is undergoing a cold start
*May 10 23:17:27.183: %SSH-5-ENABLED: SSH 2.0 has been enabled
*May 10 23:17:27.387: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*May 10 23:17:27.387: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 10 23:17:28.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*May 10 23:17:28.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*May 10 23:17:30.783: %LWAPP-3-CLIENTERRORLOG: ../lwapp/lwapp_l2.c:152 - discarding msg type 12 in state 0
*May 10 23:17:30.783: %CDP_PD-4-POWER_OK: Full power - AC_ADAPTOR inline power source
*May 10 23:17:30.795: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 16 seconds
*May 10 23:17:44.571: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*May 10 23:17:44.731: Logging LWAPP message to 255.255.255.255.
%LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
%LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
%LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
%LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
%LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
%LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
%LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
%LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
%DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 172.16.8.3, mask 255.255.255.0, hostname AP0022.558e.24bc
User Access Verification
Password:
AP0022.558e.24bc>en
Password:
AP0022.558e.24bc#show lwapp ?
client LWAPP Client Information
ids LWAPP IDS Information
ip LWAPP IP configuration
mcast LWAPP Mcast Information
reap LWAPP REAP Information
rm LWAPP RM Information
AP0022.558e.24bc#show lwapp client config
AP0022.558e.24bc#
AP0022.558e.24bc#ping 3.45.47.143
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.45.47.143, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
AP0022.558e.24bc# -
1310 LAP unable to join WLC 5508
Hi All,
Hope to you a very happy new year,
I have an (AIR-LAP1310G-E-K9R) and I tried to join it to WLC 5508 but I'm facing an error,
I get this error from the LAP 1310 console as below:
Compiled Mon 17-Jul-06 11:45 by alnguyen
*Mar 1 00:00:05.289: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:00:06.289: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar 1 00:00:23.337: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:33.477: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.114.36.25, mask 255.255.255.0, hostname APe4d3.f1c2.8882
examining image...
*Mar 1 00:00:44.781: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
*Jan 11 15:21:37.178: %LWAPP-5-CHANGED: LWAPP changed state to IMAGE
%Error opening (Protocol error)archive download: takes 6 seconds
*Jan 11 15:21:43.178: LWAPP_CLIENT_ERROR_DEBUG: Retransmission count for packet exceeded more than max(IMAGE_DATA
, 1)
*Jan 11 15:21:43.178: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Jan 11 15:21:43.179: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Jan 11 15:21:43.181: LWAPP_CLIENT_ERROR: not receive read response(3)
*Jan 11 15:21:43.185: lwapp_image_proc: unable to open tar file
*Jan 11 15:21:43.200: %SYS-5-RELOAD: Reload requested by lwapp image download proc. Reload Reason: Reason unspecified.
*Jan 11 15:21:43.201: %LWAPP-5-CHANGED: LWAPP changed state to DOWN
*Jan 11 15:21:43.207: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERYXmodem file system is available.
flashfs[0]: 3 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 1861632
flashfs[0]: Bytes available: 5879808
flashfs[0]: flashfs fsck took 14 seconds.
Base ethernet MAC Address: e4:d3:f1:c2:88:82
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
Loading "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx"...#######################################################################################################################################################################
File "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx" uncompressed and installed, entry point: 0x3000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.3(11)JX1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 17-Jul-06 11:45 by alnguyen
Image text-base: 0x00003000, data-base: 0x00359EA0
Initializing flashfs...
flashfs[1]: 3 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 7741440
flashfs[1]: Bytes used: 1861632
flashfs[1]: Bytes available: 5879808
flashfs[1]: flashfs fsck took 2 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
cisco AIR-LAP1310G-E-K9R (PowerPCElvis) processor (revision B0) with 24566K/8192K bytes of memory.
Processor board ID FGL1649T00U
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from reload
LWAPP image version 3.0.51.0
1 FastEthernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: E4:D3:F1:C2:88:82
Part Number : 73-8960-09
PCA Assembly Number : 800-24963-06
PCA Revision Number : B0
PCB Serial Number : FOC16447J1K
Top Assembly Part Number : 800-28479-05
Top Assembly Serial Number : FGL1649T00U
Top Revision Number : D0
Product/Model Number : AIR-LAP1310G-E-K9R
Press RETURN to get started!
*Mar 1 00:00:04.329: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.3(11)JX1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 17-Jul-06 11:45 by alnguyen
*Mar 1 00:00:05.289: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:00:06.289: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar 1 00:00:23.337: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:33.352: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.114.36.28, mask 255.255.255.0, hostname APe4d3.f1c2.8882
examining image...
*Mar 1 00:00:44.783: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
*Jan 11 15:21:37.189: %LWAPP-5-CHANGED: LWAPP changed state to IMAGE
%Error opening (Protocol error)archive download: takes 6 seconds
*Jan 11 15:21:43.189: LWAPP_CLIENT_ERROR_DEBUG: Retransmission count for packet exceeded more than max(IMAGE_DATA
, 1)
*Jan 11 15:21:43.189: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Jan 11 15:21:43.189: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Jan 11 15:21:43.192: LWAPP_CLIENT_ERROR: not receive read response(3)
*Jan 11 15:21:43.195: lwapp_image_proc: unable to open tar file
*Jan 11 15:21:43.210: %SYS-5-RELOAD: Reload requested by lwapp image download proc. Reload Reason: Reason unspecified.
*Jan 11 15:21:43.210: %LWAPP-5-CHANGED: LWAPP changed state to DOWN
*Jan 11 15:21:43.216: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERYXmodem file system is available.
flashfs[0]: 3 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 1861632
flashfs[0]: Bytes available: 5879808
flashfs[0]: flashfs fsck took 14 seconds.
Base ethernet MAC Address: e4:d3:f1:c2:88:82
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
Please Advise,
Thanks in advanced,
Ahmed,Dear Stefan,
Many thanks for your kind reply,
Please find the information below:
Controller Summary
Management IP Address
10.114.44.131
Service Port IP Address
10.114.23.20
Software Version
7.2.111.3
Field Recovery Image Version
6.0.182.0
System Name
CIR906.WLC.5508
Please Advise,
Thanks,
Ahmed, -
Having trouble connecting 1141N LAP's to 2504 WLC
I am using the WLC as a standalone device so I have set up an internal DHCP server so as to have the AP's connect to the WLC and obtain an IP address using that internal DHCP server. When I connect the AP's to the WLC through the POE they light flashes green and eventually goes solid green while loading up but then fails somehow and the light cycles blue, green, and red. Here is the Console output of the AP while booting up and trying to connect to the WLC:
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x87000800, 0x40000000
RQDC, RFDC : 0x80000035, 0x00000208
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is NOT up.
PCIE1 port 1 not initialized
PCIEx: initialization done
flashfs[0]: 5 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 6676992
flashfs[0]: Bytes available: 25708032
flashfs[0]: flashfs fsck took 19 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 6c:20:56:8c:e1:fb
Ethernet speed is 1000 Mb - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
File "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" uncompressed and installed, entry point: 0x4000
executing...
enet halted
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1140 Software (C1140-RCVK9W8-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 04:16 by prod_rel_team
Initializing flashfs...
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
flashfs[2]: 5 files, 2 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 32126976
flashfs[2]: Bytes used: 6676992
flashfs[2]: Bytes available: 25449984
flashfs[2]: flashfs fsck took 6 seconds.
flashfs[2]: Initialization complete.
flashfs[3]: 0 files, 1 directories
flashfs[3]: 0 orphaned files, 0 orphaned directories
flashfs[3]: Total bytes: 11999232
flashfs[3]: Bytes used: 1024
flashfs[3]: Bytes available: 11998208
flashfs[3]: flashfs fsck took 1 seconds.
flashfs[3]: Initialization complete....done Initializing flashfs.
Ethernet speed is 1000 Mb - FULL duplex
This product contains cryptographic features and is subject to United
memory validate-checksum 30
^
% Invalid input detected at '^' marker.
no ip http server
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
^
% Invalid input detected at '^' marker.
login authentication default
^
% Invalid input detected at '^' marker.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1141N-A-K9 (PowerPC405ex) processor (revision A0) with 81910K/49152K bytes of memory.
Processor board ID FTX1714E0RY
PowerPC405ex CPU at 586Mhz, revision number 0x147E
Last reset from power-on
LWAPP image version 7.4.1.37
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 6C:20:56:8C:E1:FB
Part Number : 73-12836-05
PCA Assembly Number : 800-33767-05
PCA Revision Number : A0
PCB Serial Number : FOC16345U29
Top Assembly Part Number : 800-33776-04
Top Assembly Serial Number : FTX1714E0RY
Top Revision Number : A0
Product/Model Number : AIR-LAP1141N-A-K9
% Please define a domain-name first.
logging facility kern
^
% Invalid input detected at '^' marker.
logging trap emergencies
^
% Invalid input detected at '^' marker.
Press RETURN to get started!
*Mar 1 00:00:08.799: *** CRASH_LOG = YES
Base Ethernet MAC address: 6C:20:56:8C:E1:FB
*Mar 1 00:00:09.220: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Mar 1 00:00:10.915: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:12.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:12.522: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1140 Software (C1140-RCVK9W8-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 04:16 by prod_rel_team
*Mar 1 00:00:12.564: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Mar 1 00:00:12.564: %CAPWAP-3-ERRORLOG: Failed to load configuration from flash. Resetting to default configlwapp_crypto_init: MIC Present and Parsed Successfully
*Mar 1 00:00:13.534: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
no bridge-group 1 source-learning
^
% Invalid input detected at '^' marker.
%Default route without gateway, if not a point-to-point interface, may impact performance
*Mar 1 00:00:45.650: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED AIR-CT2504-K9 (f029.2988.2fa6)
*Mar 1 00:00:51.014: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
*Mar 1 00:01:01.014: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
Then the console output just cycles continuously saying that last line over and over again.Well... its not really supported connecting the AP to the WLC. If you want to get it working, the AP has to be on the same subnet as the management ip of the WLC. So your dhcp scope should be that of your management.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Local policies in WLC 7.5.x code
Hi Experts,
We have created a local policy to block andriod devices in our network. Wheras our windows 7 and 8 clients are also matching the profile under android and it is getting blocked.
Is WLC not doing the profiling properly or any bugs?First off, v7.5 is deferred and you should move up to v7.6.130.0. I have no issues profiling devices on v7.6.130.0 and or v8.0.x, but wouldn't go with v8.0.x as of right now. I have used local policies to place Windows 7 & 8 on a certain vlan and place devices like Android, iPhone, etc on a bogus vlan for a given WLAN. Profiling isn't as feature rich as what you will get in ISE, but use it if it can work for you now. With new devices coming our, profiling might not work so well unless you upgrade the WLC code and upload newer list for the manufacture oui or uploading the profiling_policies.xml from ISE,which you only can get from someone who deos have ISE up and can export the list.
Scott -
VLAN configuration of LAP in H-REAP WLC Setup
Hello,
I have a setup configured fairly simple, I think. We have a 4402 WLC at our corporate office. We also have 6 1131's split into two deployments at different offices. We have a common SSID structure across all of them (corporate and guest). Corporate works properly authenticating against Active Directory, and guest authenticates properly via the guest database. The thing I cannot get my mind around is the proper method for configuring these two SSID's to be on separate VLAN's. If it were all local, I think I'd have no problems. Do I need to configure a virtual interface on the controller? Do I need a separate one for each office? The VLAN won't exist in the corporate office (unless it needs to). My goal is to isolate guest access into it's own subnet and run it straight out to the Internet without touching the local satellite network. Thanks!
SeanOk, think I figured it out. I changed the VLAN mappings via each AP edit page and all seems well. Originally I was going to try and push the VLAN configurations for both offices via the "guest" WLAN policy, which is where I think my confusion arose. By doing that, I needed to assign the configuration through an Interface (I'm guessing). If anyone has a better suggestion, please let me know. Thanks!
-
Difference between bridge and local mode with wlc 5508
Hello,
Now i have wlc5508 with few ap 11xx 12xx in local mode. All work correct. I will have to add few ap1552 in bridge mode ( i have to wait for wlc upgrade to change ap1552 to local mode). My question is that all ( local and bridge mode) will work correct together for my clients: rfid readers, laptop, computer in a,b,g,n mode ? What about roaming and other feature ?
thanks for help
PeterIf you plan on not doing MESH, then you set these 1552's in local mode and they will perform the same tasks as any other AP's in local mode. When you want to do MESH, then that is when bridge mode comes into play and you have to define your RAP's and MAP's.
Roaming, clients devices, doesn't matter if your using local or bridge. roaming depends on your device and coverage and rfid, also depends on triangulation with the coverage you have now.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
WLC Local EAP-TLS auth, certificate ACL feature?
Hi All,
I implemented local EAP-TLS authentication according to http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080851b42.shtml. All is working fine, clients - Wi-Fi bar code scanners, WLC -2x4402, SV - 7.0.116.0 Certificates generated by Enterprise CA.
Afterwards, I discovered that certificates cannot be filtered by cname, or user name on WLC. It means that ANY certificate issued by CA will be authenticated against my WLAN. CA issues a whole lot of certificates (RRAS VPNs, WEB clients, etc. ) I want to filter access for my wireless clients using local EAP solution (WLC are at remote location). Can I accomplish it without external RADIUS server? Something like IOS certificate ACL?
Thanks in advance.Thanks Nicolas, sad but true, I failed to find any possibilites at WLC.
It seems I need to configure external RADIUS and use local EAP only in case of WAN failure. -
Encrypted L3 Communications Between LAP and WLC?
Hi All,
I am working with a client that wants to put LAPs remote to their WLC (a 4402). The rub is that the communications between the LAP and WLC must be secure even across their private WAN! I have a couple of resulting questions if anyone is able to help;
I can't find out if and what encryption method is (is it AES etc.?) used on the backhaul between LAPs and the WLC and what's involved?
Terminology may be wrong here, this is not a wireless mesh, just conventional LAP to WLC
The client's WAN is already encrypted (IPSec VPN over VPLS) in parts - what's the consequence of running AP<-->WLC with end-to-end encryption (if possible) over a WAN with IPSec, i.e. double encryption?
Strange but true - any pointers will be much appreciated.... Phil.CWith a 4400 series controller the control traffic between the AP and controller is already AES encrypted. The user traffic is not encrypted. If you use a 5508 controller all traffic between the AP and controller is AES encrypted.
As for running the traffic through a VPN, that should work. The issue I typically see with this is with the MTU. The controller will drop any packets with a data payload less than 32bytes. Depending on the MTU over the VPN I have seen packets get fragmented and this to be an issue. If you are using one of the CAPWAP versions (5.2 or newer) dynamic MTU discovery is part of the protocol and this MTU issue really doesn't exist. -
Hello everybody,
I have an issue with my LAP and my two WLC. I have one WLC in production and another one in test, and I want to associate the LAP with the one in test but I can't, and my LAP join the WLC in production with this messages on the LAP :
*May 13 13:17:07.999: %CAPWAP-3-ERRORLOG: Selected MWAR 'TESTWLC'(index 0).
*May 13 13:17:07.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*May 13 13:16:03.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.30.117.10 peer_port: 5246
*May 13 13:16:03.036: %CAPWAP-3-ERRORLOG: Failed to authorize controller using trust config.
*May 13 13:16:03.036: %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF
*May 13 13:16:03.040: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*May 13 13:16:03.040: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!
*May 13 13:16:03.040: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 172.30.117.10:5246
*May 13 13:16:03.041: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.30.117.10:5246
*May 13 13:16:03.042: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
I have disabled certificate checking, regulatory domain are the same between WLC and LAP, my LAP(1041), my WLC are updated with the good software version and the both WLC are "Virtual" WLC.
If you have any idea to resolve this problem, I will be happy to know it :)
Thanks(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.110.0
RTOS Version..................................... 7.6.110.0
Bootloader Version............................... 7.6.110.0
Emergency Image Version.......................... 7.6.110.0
Build Type....................................... DATA + WPS
System Name...................................... TESTWLC
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 172.30.117.10
System Up Time................................... 1 days 15 hrs 40 mins 5 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin, Rome, Vienna
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... LU - Luxembourg
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0
Burned-in MAC Address............................ 00:50:56:94:0E:12
Maximum number of APs supported.................. 200
TESTLAP#sh version
Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 04:45 by prod_rel_team
ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)
TESTLAP uptime is 15 hours, 36 minutes
System returned to ROM by power-on
System image file is "flash:/ap1g2-k9w8-mx.152-2.JB/ap1g2-k9w8-mx.152-2.JB"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP1602I-E-K9 (PowerPC) processor (revision B0) with 98294K/32768K bytes of memory.
Processor board ID FGL1807S09R
PowerPC CPU at 533Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.4.100.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 18:E7:28:1A:3B:1B
Part Number : 73-14671-04
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number : FOC18045ZD1
Top Assembly Part Number : 800-38552-01
Top Assembly Serial Number : FGL1807S09R
Top Revision Number : A0
Product/Model Number : AIR-CAP1602I-E-K9
Configuration register is 0xF
As you can see, I use the LU country code, maybe it can be a mismatch between the WLC version and the LAP version?
Thanks. -
Hi,
I have a 1142N which does not join the WLC when connected via a 2960 switch. When I connect a different lap 1142N to the same port on the same switch using the same cables, it does join the lap to the WLC. And when I connect the first lap directly to the WLC it also works fine.
Resetting the failing lap does not fix the problem. All software levels on the lap are the same.
Anyone an idea what could be wrong?
Thanks in advance.
Regards
Jeroenthnx for your support so far.
All the AP's are the same, AIR-LAP1142N-E-K9 v05. I have two AP's which work fine when connected via the 2960 therefore I assume that the switch, wlc, vlan and dhcp configuration is fine.The thirth one is giving me some challenges ;-)
Note: the non working AP is only not working when connected via de 2960, it is working fine when directly connected to the WLC2106.
@David, where can i find the regulatory domain setting?
working AP
NAME: "AP1140", DESCR: "Cisco Aironet 1140 Series (IEEE 802.11n) Access Point"
PID: AIR-LAP1142N-E-K9
failing AP
NAME: "AP1140", DESCR: "Cisco Aironet 1140 Series (IEEE 802.11n) Access Point"
PID: AIR-LAP1142N-E-K9
AP manager subnet
192.168.1.0/24
Management subnet
192.168.2.0/24
WLC2106 sysinfo
==================================================================================
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.220.0
RTOS Version..................................... 7.0.220.0
Bootloader Version............................... 4.0.191.0
Emergency Image Version.......................... 6.0.199.4
Build Type....................................... DATA + WPS
System Name...................................... CiscoWLC1
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.828
IP Address....................................... 192.168.2.2
System Up Time................................... 10 days 0 hrs 31 mins 36 secs
System Timezone Location.........................
Configured Country............................... NL - Netherlands
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +48 C
--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 0
Burned-in MAC Address............................ 70:81:05:AE:F9:C0
Maximum number of APs supported.................. 6
DHCP pool configured on core switch
==================================================================================
ip dhcp pool AP-Pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.1.1
Boot info failing WAP
==================================================================================
using eeprom values
WRDTR,CLKTR: 0x85000800 0x40000000
RQDC ,RFDC : 0x80000037 0x0000020f
using ÿÿÿÿ ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x85000800, 0x40000000
RQDC, RFDC : 0x80000037, 0x0000020f
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is up.
PCIE1: VC0 is active
PCIEx: initialization done
flashfs[0]: 28 files, 8 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
% Please define a domain-name first.
Press RETURN to get started!
*Mar 1 00:00:08.197: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:08.208: *** CRASH_LOG = YES
Security Core found.
Base Ethernet MAC address: 64:9E:F3:B3:5F:88
*Mar 1 00:00:09.787: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:10.359: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar 1 00:00:10.393: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 215 messages)
*Mar 1 00:00:10.416: status of voice_diag_test from WLC is false
*Mar 1 00:00:11.459: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:12.536: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:12.573: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1140 Software (C1140-K9W8-M), Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 18-Oct-11 14:52 by prod_rel_team
*Mar 1 00:00:12.573: %SNMP-5-COLDSTART: SNMP agent on host AP649e.f3b3.5f88 is undergoing a cold start
*Mar 1 00:11:43.044: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:11:43.105: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:11:43.105: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:11:44.106: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:11:44.106: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:11:44.297: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:11:52.102: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 192.168.1.44, mask 255.255.255.0, hostname AP649e.f3b3.5f88
*Mar 1 00:12:01.917: status of voice_diag_test from WLC is false
*Mar 1 00:12:01.972: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:12:04.769: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:12:04.792: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:12:04.816: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:12:05.776: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 1 00:12:05.776: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
*Mar 1 00:12:05.802: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (192.168.1.1)
*Mar 1 00:13:13.006: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
Not in Bound state.
*Mar 1 00:13:23.524: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Mar 1 00:13:23.637: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 192.168.1.45, mask 255.255.255.0, hostname AP649e.f3b3.5f88
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (192.168.1.1)
*Mar 1 00:14:19.511: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
Not in Bound state.
*Mar 1 00:14:30.030: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Mar 1 00:14:30.139: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 192.168.1.46, mask 255.255.255.0, hostname AP649e.f3b3.5f88
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (192.168.1.1)
*Mar 1 00:15:26.013: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
Not in Bound state.
*Mar 1 00:15:36.532: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Mar 1 00:15:36.640: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 192.168.1.47, mask 255.255.255.0, hostname AP649e.f3b3.5f88
Show version failing wap
==================================================================================
Cisco IOS Software, C1140 Software (C1140-K9W8-M), Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 18-Oct-11 14:52 by prod_rel_team
ROM: Bootstrap program is C1140 boot loader
BOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)
uptime is 6 minutes
System returned to ROM by power-on
System image file is "flash:/c1140-k9w8-mx.124-23c.JA3/c1140-k9w8-mx.124-23c.JA3"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1142N-E-K9 (PowerPC405ex) processor (revision A0) with 98294K/32768K bytes of memory.
Processor board ID FCZ1548W0GJ
PowerPC405ex CPU at 586Mhz, revision number 0x147E
Last reset from power-on
LWAPP image version 7.0.220.0
1 Gigabit Ethernet interface
2 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 64:9E:F3:B3:5F:88
Part Number : 73-12836-03
PCA Assembly Number : 800-33767-03
PCA Revision Number : A0
PCB Serial Number : FOC15443W5A
Top Assembly Part Number : 800-33775-02
Top Assembly Serial Number : FCZ1548W0GJ
Top Revision Number : A0
Product/Model Number : AIR-LAP1142N-E-K9
Configuration register is 0xF
show inventory failing wap
==================================================================================
NAME: "AP1140", DESCR: "Cisco Aironet 1140 Series (IEEE 802.11n) Access Point"
PID: AIR-LAP1142N-E-K9
Message was edited by: Jeroen -
ISE and WLC for posture remediation
Please can anybody clarify a few things in relation to ISE and wireless posture.
1) Is the ACL-POSTURE-REDIRECT used for remediation, or is it just an ACL to redirect only some traffic to kickoff posture checking?
2) Can/Should a dACL/wACL be specified as a remediation ACL?
3) Do the WLC ACLs have to be written in long format (manually specifying source and dest ports/doesny direction any work?)
4) Does anybody have working example ACLs for posture redirect (cpp) and remediation (dACL)?
5) Any other advice or pointers would be helpful too as no docs i have found so far, be it TrustSec2, CiscoLive or anything else, dont seem to help me understand WLC posture and remediation
thanks
NickNick,
Answers are inline:
1) Is the ACL-POSTURE-REDIRECT used for remediation, or is it just an ACL to redirect only some traffic to kickoff posture checking? This is for both (if ports 8905..are included) then this is for initial redirection, and remediation
2) Can/Should a dACL/wACL be specified as a remediation ACL? Wireless does not support DACL, you will have to reference another ACL in the the authorization policy, the new versions have the Airespace ACL field, where you will have the ACL defined locally on the wlc.
3) Do the WLC ACLs have to be written in long format (manually specifying source and dest ports/doesny direction any work?) Yes you have to add two entries, for example for all traffic redirection to ise...source = any, destination=iseipadd, source port=any, destination port=any direction=any action=permit
source=iseipaddr, destination ip = any, source port=any, destination port=any, direction=any action permit. Its not the easiest but I will attach a screenshot that will show you my example.
4) Does anybody have working example ACLs for posture redirect (cpp) and remediation (dACL)? ISE doesnt support DACLs so when you build your authorization profile in ISE you select the web authentication type (Posture Discovery) after that the ACL field will come up, there you will "call" the posture ACL which is defined on your controller.
5) Any other advice or pointers would be helpful too as no docs i have found so far, be it TrustSec2, CiscoLive or anything else, dont seem to help me understand WLC posture and remediation Keep in mind that you have to have radius NAC and AAA override enabled under the advanced settings for COA to work.
You have to turn on COA under the global settings in ISE (Administration > Profiling > Coa Type > Reauth)
Then you have to build your policies so that when a user connects to the network they are redirected to the download the nac agent (this is where the Posture Discovery and redirect ACL work in tandem).
Once the client download the nac agent and is compliant the report is forwarded to ISE where a COA event is triggered.
Then the client will reauthenticate and will hit another policy that will give them access once their machine is compliant, you can set the ACLs for restricted access, use dynamic vlan assignment, or just send the access-accept.
Thanks,
Tarik Admani
*Please rate helpful posts* -
Certificate based authentication with Cisco WLC and Juniper IC
Hi
I have a cisco WLC 4400 and Juniper IC which works as the external Radius server.
I want the wireless clients to be authenticated using certificates. I know the Juniper IC can understand certificates.
My question is can cisco WLC understand that the information being presented to it by the client is not username/pwd but a user certificate.
i have also looked at this article :
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html
What i don't understand here is the need of WLC authenticating the user with his credentials by LDAP when it has authenticated the user cert.
All your help is appreciated.Hi,
Since you use an external radius server you don't have to worry for this.
The only config that you need to do on WLC is to define the radius server under Security-AAA-Radius-Authentication and on your WLAN-Security-AAA.
The doc you refer is only for Local Radius on WLC.
Hope this helps
Regards,
Christos -
Hi,
I have a WLC (4404), and it is configured for authentication in ACS.
When I conect in WLC whit browser (HTTPS), I put my username and password from ACS, and it works.
However, if I put the local username in WLC it works.
I would like to disable the username local when ACS works, as I do that?
But when ACS go down a need of the local username...You will not be able to do this like how you can with a router or switch. Locally is checked first prior to tacacs and can't be changed. Maybe speak with you local Cisco wireless SE to see if he can put that as a feature enhancement.
-
AIR-LAP-1142N-E-K9 unexpected power offs
Hi we have two seperate Cisco wireless networks both based around the same infrastructure.
Cisco 5508 WLC/s running 7.4.100 Firmware in our datacentre, with AIR-LAP-1142N-E-K9 LAPS distributed at site offices.
This infrastructure has been running well until recently when we have had a spate of the LAPS appearing to power off.
The LAP appears to be off with no LED status light as if it has been powered off, but the power supplies are still connected and the LAPS are often warm to the touch as if drawing power even when they have been "off" for a couple of days.
Unplugging the power supply (at the LAP) and re-applying brings the LAP back on.
The LAPS involved all used the recommended Cisco manufactured power supplies as there was no POE/power injector infrastructure.
The LAPS vanish from the WLC as if disconnected, without any apparent errors in the WLC logs.
There are no crash logs for the LAPS which have powered off.
Console output from a LAP which has powered off on startup just shows the AP coming back from a "cold start".
LAPS operate normally after restart, but after avariable period, typically 2-7 days will power off again.
This is happening across multiple sites, to LAPS connected to different WLCs.
Has anyone seen this issue before?The LAP appears to be off with no LED status light as if it has been powered off, but the power supplies are still connected and the LAPS are often warm to the touch as if drawing power even when they have been "off" for a couple of days.
Gareth,
Just want to make sure you are using a power brick/power injector. Can you please confirm?
Had issues with 7.4 when I noticed that some of my APs, running in PoE, would suddenly get "lost". They would suddenly reboot and they wouldn't negotiate PoE properly. I had to manually shut down the ports for at least 5 seconds. If I don't leave it off for that long the APs simply won't boot up.
Ever since I've moved to 7.5, I haven't seen this happen.
There is a well-known bug, can't seem to find it, about 1140 and WLC firmware 7.4. If I remembered correctly, the bug describes what you are seeing.
You may want investigate in using 7.5.
Maybe you are looking for
-
Turned on my W540 running Win 8.1 and it has started going straight to a blue screen that says the Boot Configuration Data File doesn't contain valid information for an operating system. No logical explaination as to why this has happened. So first I
-
Upgrading from HTC Incredible (3G version) to HTC Rezound, need to transfer ALL data
Well, what the title says. Can someone please tell me ( in clear, intelligent, unbroken ENGLISH!) how to transfer EVERYTHING from my old phone to the new? Neither phone is <Deleted> or in any way modified, and I don't plan on changing that. So far, I
-
I downloaded the free trial of iWork when I bought my MBP in Dec, then purchased separate Pages in January through the App Store. Pages loads documents fine, but won't save anything as it tells me my trial has expired, even thought I have now paid fo
-
Managed Metadata error - There was an error processing the request
Hello there, I can edit terms in managed metadata service from Central Admin > Service Applications > Managed Metadata > Manage. BUT When I go to my Site Collection > Site Settings > Term Store Management - I get this error "There was an error proces
-
JAXB 2.1 API loaded from the bootstrap classloader, but it needs 2.2 API
I am trying to deploy a Java web service into a Tomcat 5.5.20 server. I have the web service packaged in a .war file in Tomcat's webapps directory, and I can see that the .war file gets extracted when I start Tomcat. However, I get the following erro