Limiting access points joining a specific WLC
Hello Cisco Forum Team!
I am currently installing a new WLC in a VLAN/IP segment that already has WLCs configured and access points registered. I do not want existing ap's on this VLAN to join this new WLC. Which is the best way to limit ap's joining this new WLC?
I am thinking of some sort of AP authorization list but by IP address instead of MAC address due to the high amount of ap's currently registred on the existing WLCs (approx. 300 ap's).
Thanks in advanced for your support!
AP authorization list would work but you have to use MAC address & cannot use IP address for that. Once you enable AP authorization you can add AP mac to the list like below using CLI.
(5508-1) >config auth-list add mic <AP1 mac>
(5508-1) >config auth-list add mic <AP2 mac>
(5508-1) >config auth-list add mic <APn mac>
HTH
Rasika
**** Pls rate all useful responses ****
Similar Messages
-
Access points joining different WLC
hi
i have a wireless controller module( NME-AIR-WLC25-K9) installed in a Cisco 2851 ISR, this setup is in my remote site, we are connected through MAN network. In our main office i have a cisco 4402 wireless controller. so whenever i install a AP in my remote site instead of joiining the remote site WLC, the access point joins my main office 4402 controller, i dont why it is happening, the AP is not even trying to join the remote site WLC.. i have not configured high availability and both these controller are in separate RF network.
the firmware version in NME-AIR-WLC25-K9 is 7.0.98.0 ...
the version in the other controller is 6.0.196.0
Please let me know what is else i need to check asap
Thanks
karthikHi,
Did you even see the AP trying to join the local controller? If the controller are in different domains, the AP will prefer the remote controller since it join that one first. Since you are running 5.2, try configure on the AP the primary controller with the name, and local IP address of the local controller, and then reboot the AP. See if after that the AP join. run debug capwap events enable to see if you see the AP event trying to join the controller.
Regards,
Manuel -
Access Points Joining Random WLC
My environment contains 4 seperate controllers. 1 controller in the datacenter which remote offices use with HREAP and discover this WLC using DNS We will call this Controller WLC1. 2 more controllers (WLC 2 and WLC 3) in the corporate headquarters to support >40 access points in a N+1 configuration and finally an anchor controller which doesnt matter in this post.
What I am experiencing is Access points in the Corporate office are using DHCP option 43 to discover the WLC2. every night or after long periods of time a random number of my access points are either rebooting or most likely sleeping. Then are attaching them selves to WLC 1 which is in the datacenter and is not supporting DHCP from that location which to clients make the wireless network seem to be down.
I think that with using a hybrid of DHCP and DNS is partly my issue but it shouldnt be. I have primed all the Access point to look at primary controller WLC1 and secondary controller WLC2 both by name and using the IP address of the respective management ports.
Can there be any explaination for this and why this seems to be so random?
WLCs are 5508
Corporate Access points are 1142
***EDIT
After some more investigation this isnt completely random rebooting the access points in question are connected to a new 4506-E chassis with the Sup 6-E while the other access points are connected to a 6509-E.. not sure how much this matters but I am seeing in the access point logs that about every 2-3 hours they are accessing DHCP again and sometime not successfully. Is there some EnergyWise or power savings happening on the 4500 possibly??I understand that all and here is a screen shot (see attached) of an ap that was on WLC 2 last night at midnight when i wrote this orginally and now how jumped to WLC 2.. The major issue here is that WLC 1 does not give out DHCP because it is used for HREAP and remote office that have other local DHCP servers.
I am running code 6.0.199.4
Now yes all controllers WLC1,2,and3 are in the same mobilty group. Maybe I should move the WLC1 out of the mobility group and that might solve the issue. Here is a log too. See timing is 3 hours and then its trying to find another controller. I see a retransmission count exceeded here. What can cause that? I have 4 port LAG configured on both WLC2 and WLC3 and they are both on seperate 6500 switches. This access point is on a seperate floor connected to a 4500 with uplink to each of the 6500's
**********LOG from Access Point***********
*Oct 14 02:41:21.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.104.210.21 peer_port: 5246 This Is correct
*Oct 14 02:41:21.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Oct 14 02:41:21.826: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.104.210.21 peer_port: 5246
*Oct 14 02:41:21.827: %CAPWAP-5-SENDJOIN: sending Join Request to 10.104.210.21
*Oct 14 02:41:21.827: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Oct 14 02:41:21.911: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Oct 14 02:41:22.047: %CAPWAP-5-CHANGED: CAPWAP changed state to UP
*Oct 14 02:41:22.052: %LWAPP-3-CLIENTEVENTLOG: Received AP Syslog IP Address(255.255.255.255) configuration.
*Oct 14 02:41:22.173: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller nwcp01-1211-02b
*Oct 14 02:41:22.254: %LWAPP-3-CLIENTEVENTLOG: SSID Roswifi added to the slot[0]
*Oct 14 02:41:22.255: %DOT11-4-NO_HT: Interface Dot11Radio0, Mcs rates disabled on vlan 1 due to WMM is not enabled
*Oct 14 02:41:22.257: %LWAPP-3-CLIENTEVENTLOG: SSID RosGuest added to the slot[0]
*Oct 14 02:41:22.259: %LWAPP-3-CLIENTEVENTLOG: SSID Roswifi added to the slot[1]
*Oct 14 02:41:22.261: %LWAPP-3-CLIENTEVENTLOG: SSID RosGuest added to the slot[1]
*Oct 14 02:41:22.263: %DOT11-4-NO_HT: Interface Dot11Radio1, Mcs rates disabled on vlan 1 due to WMM is not enabled
*Oct 14 02:41:22.263: %DOT11-4-NO_HT: Interface Dot11Radio1, Mcs rates disabled on vlan 2 due to WMM is not enabled
*Oct 14 02:41:22.264: %DOT11-4-NO_HT: Interface Dot11Radio0, Mcs rates disabled on vlan 2 due to WMM is not enabled
*Oct 14 02:41:22.274: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Oct 14 05:57:40.164: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_ECHO_REQUEST
., 3)
*Oct 14 05:57:40.164: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Oct 14 05:57:40.164: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.104.210.21:5246 *** This is correct
*Oct 14 05:57:40.206: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Oct 14 05:57:40.207: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Oct 14 05:57:40.207: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Oct 14 05:57:50.229: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 14 05:57:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.98.10.20 peer_port: 5246 **This is the controller it should never get on.
*Oct 14 05:57:49.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Oct 14 05:57:49.844: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.98.10.20 peer_port: 5246
*Oct 14 05:57:49.845: %CAPWAP-5-SENDJOIN: sending Join Request to 10.98.10.20
*Oct 14 05:57:49.845: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Oct 14 05:57:49.930: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Oct 14 05:57:50.078: %CAPWAP-5-CHANGED: CAPWAP changed state to UP
*Oct 14 05:57:50.078: %LWAPP-3-CLIENTEVENTLOG: Received AP Syslog IP Address(255.255.255.255) configuration.
*Oct 14 05:57:50.206: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller nep00WLC00e
*Oct 14 05:57:50.293: %LWAPP-3-CLIENTEVENTLOG: SSID Roswifi added to the slot[0]
*Oct 14 05:57:50.298: %LWAPP-3-CLIENTEVENTLOG: SSID RosGuest added to the slot[0]
*Oct 14 05:57:50.303: %LWAPP-3-CLIENTEVENTLOG: SSID Roswifi added to the slot[1]
*Oct 14 05:57:50.309: %LWAPP-3-CLIENTEVENTLOG: SSID RosGuest added to the slot[1]
*Oct 14 05:57:50.414: %WIDS-6-ENABLED: IDS Signature is loaded and enabled -
Access points connect to wrong WLC
Hello everybody,
I have a problem with some access point.
We have two WLC's one AIR-CT5508-K9 and one AIR-WLC4404-100-K9.
now i have 6 access points that don't register anymore to the right controller.
in high availability i have set the right name of primary controller and also the correct ip address, but somehow they keep registering to the other controller.
Does someone know how i can fix this problem.
info:
AIR-CT5508:SEDA-PM_Line_1
WLC4404: SEDA-PM_Office_1
6 accesspoints are connected to SEDA-PM_Line_1 but they should be connected to SEDA-PM_Office_1
settings in AP are correct in my opinionhere is the information,
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
RTOS Version..................................... 7.0.116.0
Bootloader Version............................... 3.2.195.10
Emergency Image Version.......................... N/A
Build Type....................................... DATA + WPS
System Name...................................... SEDA-PM_Office_1
System Location.................................. Mao, Brazil
System Contact................................... Network_Admin
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 105.103.112.5
System Up Time................................... 8 days 15 hrs 9 mins 55 secs
System Timezone Location.........................
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +38 C
--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 13
Number of Active Clients......................... 132
Burned-in MAC Address............................ 00:22:55:91:2B:C0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 100
(Cisco Controller) >show time
Time............................................. Thu Jan 9 07:58:29 2014
Timezone delta................................... -4:0
Timezone location................................
NTP Servers
NTP Polling Interval......................... 86400
Index NTP Key Index NTP Server NTP Msg Auth Status
1 0 211.189.10.2 AUTH DISABLED
AP information
Warehouse_AP-3#sh version
Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(23c)JA2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 13-Apr-11 12:58 by prod_rel_team
ROM: Bootstrap program is C1240 boot loader
BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.4(13d)JA, RELEASE SOFTWARE (fc2)
Warehouse_AP-3 uptime is 18 hours, 16 minutes
System returned to ROM by power-on
System image file is "flash:/c1240-k9w8-mx.124-23c.JA2/c1240-k9w8-mx.124-23c.JA2"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1242AG-A-K9 (PowerPCElvis) processor (revision A0) with 27638K/5120K bytes of memory.
Processor board ID FTX1233B943
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 7.0.116.0
1 FastEthernet interface
2 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:1D:70:96:64:A0
Part Number : 73-9925-07
PCA Assembly Number : 800-26579-06
PCA Revision Number : A0
PCB Serial Number : FOC12320AKT
Top Assembly Part Number : 800-29151-03
Top Assembly Serial Number : FTX1233B943
Top Revision Number : A0
Product/Model Number : AIR-LAP1242AG-A-K9
Configuration register is 0xF
Warehouse_AP-3#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
Dot11Radio0 unassigned NO unset up up
Dot11Radio1 unassigned NO unset administratively down down
FastEthernet0 105.103.27.19 YES other up up
Warehouse_AP-3#sh inventory
NAME: "AP1240", DESCR: "Cisco Aironet 1240 Series (IEEE 802.11a/g) Access Point"
PID: AIR-LAP1242AG-A-K9, VID: V03, SN: FTX1233B943
there are 7 AP's that not register to the right controller some are different models:
Warehouse_AP-1 - AIR-LAP1242G-A-K9
Warehouse_AP-3 - AIR-LAP1242AG-A-K9
Warehouse_AP-5 - AIR-LAP1242G-A-K9
Warehouse_AP-6 - AIR-LAP1242G-A-K9
Warehouse_AP-7 - AIR-CAP3502I-T-K9
Warehouse_AP-9 - AIR-LAP1242AG-A-K9
Warehouse_AP-10 - AIR-LAP1242G-A-K9
Thank you for your help!! -
Access Point Secured Registration to WLC
Hello
Which option on WLC ensure that any AP registering to WLC should be first authenticated with a password and then register to a WLC
cheers
CPHell there ...
Take a peek at the below link.. I think this is what you are asking ?
Lightweight Access Point (LAP) Authorization in a Cisco Unified Wireless Network Configuration Example
http://www.cisco.com/en/US/customer/products/ps6366/products_configuration_example09186a00808c7234.shtml -
Access Points Joining 3850 next generation switches
It's my understanding that APs can join 3850s if and only if the APs are directly connected to ports on the 3850 next generation device.
Can someone point me to where this is explained?CB90021204 - APs indirectly connected to a 3850 (connected to a downstream switch) will not join the 3850
Q. Does the Cisco Catalyst 3850 support indirectly connected access points?
A. No. The Cisco Catalyst 3850 switch will always terminate the CAPWAP tunnel locally. Pass-through mode or indirectly connected access point is not supported at this time.
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps12686/qa_c67-722110.html -
WCS displays Access Point as disassociated but WLC shows as associated
Hi all,
I have a WCS ver 7.0.172, a 5508 WLAN Controller with ver 7.0.116.0. At this WLC 21 Access Points (AIR-LAP1131AG-E-K9 ) were associated. As well I have one CleanAir Access Point (AIR-CAP3502E-E-K9) is associated.
And now ... my problem:
every time the WCS got a critical error and reports that the AP is disassociated from Controller. But if I take a look to the WLC the AP is associated and works at local mode and have two clients associated.
I cleared the alarm - a few minutes later the alarm will be reported again. Same result if I delete the alarm.
Could anybody give support for that issue.
Thanks and regards
HolgerHi Holgerseiler,
Have you got any information/solution on this issue?
I also have same kind of issue. I have a WCS with version 7.0.172.0, and around 25 WLCs (version7.0.116.0, in which i checked) and totally around 1000 APs are assiociated in wireless network.
Some error messages are coming on my WCS device like
"AP disassociated from Controller [ip]"
Here AP name and WLC ip address will change randomly, but there is no impact on my network.
Thanks in advance
Sangeeth BS -
Dear sir/ma,
I have bought a wireless LAN controller and access points of 10 qty
Item Name
Quantity
AIR-CT5508-12-K9
1
CON-SNT-CT0812
1
LIC-CT5508-12
1
LIC-CT5508-BASE
1
PI-MSE-PRMO-INSRT
1
AIR-PWR-5500-AC
1
SWC5500K9-72
1
AIR-PWR-CORD-UK
2
AIR-CAP2602I-E-K9
10
CON-SNT-C262IE
10
SWLAP2600-MESH-K9
10
AIR-AP-BRACKET-1
10
AIR-AP-T-RAIL-R
10
but the access points are not joining the controller. please what could be the cause of this?
please find the attached file for the configuration output.
br
kukuHi,
For the Mesh APs, you must enter the MAC address in the MAC filter which is found in
Security > AAA > MAC Filtering. Note that Outdoor Mesh APs, the MAC address is the BVI mac address, for Indoor Mesh, it is the Ethernet MAC address.
Also, if you're using DNS for controller discovery, create a pointer record in your DNS with the following:
CISCO-CAPWAP-CONTROLLER.domainname - IP address of WLC -
Trying to get home sharing working on a corporate wireless network. Cisco wireless.
WLC5508 controller
Cisco 3502 access points
All apple devices on same WLAN - security WPA2-PSK
ITunes account up to date
All devices laterst software.
Can ping apll tv from laptop
can ping apple tv from ipad
Can ping ipad from laptop
can ping laptop from ipad.
Apple tv never sees any other device.
Any ideas?Fascinating just reading about your setup. I have a WRT350N and have noticed that it will drop its speed, sometimes down to 1Mbps. It seems to do so at about the same time every day, but usually comes back to speed in about 5 minutes. In my experience, the Apple TV will disconnect if the speed falls this low. Try monitoring the Linksys with Netstumbler, Vistumbler, or just in the Windows Network utility.
Check the "lease obtained" and "lease expired" times for your router to see if that is when the network fails. I've just finished reading an angry thread over at the Linksys forum about the WRT330N where someone mentioned that the router wasn't renewing its lease.
"I cannot set it run off automatic DHCP from the WRT330N, the router will not assign it an IP every time the lease expires, causing me to have to manually set an IP on the Print server. That's annoying. Having the router drop IP's to individual machines after 12-48 hours...very annoying."
http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&thread .id=67412
If that is the problem, then I would consider setting up a Static IP address for your Apple TV. You can do that through the user interface -> Settings -> Network -> Configure ... (Quite intuitive as you only have change IP address and the subsequent details remain the same.)
My router assigns IP Addresses in the ranges of 192.168.1.100 ->149. The idea here is to choose an address outside of that range but is not greater than 192.168.1.253 (and should not end in the number 1). You shouldn't have to change the linksys router as long as 50 clients are assigned in that range. You'll have to figure that out by accessing your router webpage at browser address 192.168.1.1 -> the default password is "admin" (without the quotes).
Good luck. -
Lightweight access-point joined the wireless controller but no radio channels
a customer wireless controller 2106 he use access-point AIR-LAP1252G-E-K9 the access point the leds indicate
etherner and radio is blinking green and status is green.
please help i am in the customer company nowThe AP1252 has higher power requirements than some of the Cisco PoE switches provide. Depending on the switch you are plugging them into you will get enough power to power up the device and connect to a controller but not enough to power up the antennas. Options that can work include:
1) Removing one of the antennas if you are not gonig to use it (or as a temporary workaround to get some wireless)
2) Using an external power supply
3) Using an external inline power appliance system that supplies enough power (http://www.microsemi.com/powerdsine/ is one example).
4) Depending on the type of switch you are connecting to you may be able to upgrade code to provide a higher amount of power to the port. For instance, a Catalyst 6500 by default supplies 15.8 watts of power to a port. But if you upgrade the code to 12.2(33)SXH2? I believe you can get 16.8 watts of power and this is enough to bring up both antennas on the AP. But even then you don't have enuf power to run the upper N speeds - I think anything above 72 Mbps is unattainable.
Other AP models such as the 1140 have lower power requirements and may work better for you. -
Access points not registering with WLC
Hi all,
I have a 5508 WLC in LAG mode and have 14 1231G WAPs connected to it already. However I still have to migrate 9 more WAPs from my old 4404 controller to the new 5508 controller. I cannot get remaining 9 WAPs to register with new WLC. I found following debug message from the WLC. My WLC license is valid for 50 APs. Have any of you guys seen this? What am I doing wrong here? Any lead is much appriciated.
I have LAG setup with 2 ports out of 8 ports. Don't understand why it's giving error of not having enough capacity.
Any advice is much appriciated. Thanks in advance.
*spamApTask4: May 21 18:58:29.468: 00:23:04:c9:72:00 Echo Timer Expiry: Did not receive heartbeat reply from AP 00:23:04:c9:72:00 (10:4:12:26/36602)
*spamApTask0: May 21 18:58:50.588: 00:13:60:7e:28:30 Join Priority Processing status = 0, Incoming Ap's Priority 0, MaxLrads = 50,joined Aps =14
*spamApTask0: May 21 18:58:50.588: 00:13:60:7e:28:30 Refusing Discovery Request from AP 00:13:60:7e:28:30 - no AP manager with available capacity
*spamApTask0: May 21 18:58:50.588: 00:13:60:7e:28:30 Join Priority Processing status = 0, Incoming Ap's Priority 0, MaxLrads = 50,joined Aps =14
*spamApTask0: May 21 18:58:50.588: 00:13:60:7e:28:30 Refusing Discovery Request from AP 00:13:60:7e:28:30 - no AP manager with available capacity
*spamApTask0: May 21 18:59:00.589: Could not find BoardDataPayload
*spamApTask0: May 21 18:59:00.636:
*spamApTask0: May 21 18:59:05.593: Could not find BoardDataPayload
*spamApTask0: May 21 18:59:05.639:
*spamApTask0: May 21 18:59:53.564: 00:13:60:7e:28:30 Join Priority Processing status = 0, Incoming Ap's Priority 0, MaxLrads = 50,joined Aps =14
*spamApTask0: May 21 18:59:53.565: 00:13:60:7e:28:30 Refusing Discovery Request from AP 00:13:60:7e:28:30 - no AP manager with available capacity
*spamApTask0: May 21 18:59:53.565: 00:13:60:7e:28:30 Join Priority Processing status = 0, Incoming Ap's Priority 0, MaxLrads = 50,joined Aps =14
*spamApTask0: May 21 18:59:53.565: 00:13:60:7e:28:30 Refusing Discovery Request from AP 00:13:60:7e:28:30 - no AP manager with available capacityGuess the SSC got corrupted..
Run the command "debug pm pki enable" on the WLC, copy the SSC and paste it on the WLC and see if that helps.. here is the link to do the same!!
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00806a426c.shtml
Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
Regards
Surendra -
Access Points at branch and WLC located at Head Quarters
Guys,
Please excuse these entry-level questions, but we are just starting here with Cisco wireless technologies.... Can we deploy, let's say 8 3600 APs in one branch and have the WLC deployed at another branch? Could this be possible?
thank you in advanceGuys, thank you very much for the input so far.
You are always not one, but many steps ahead from a novice
George Stefanick, yes, we have IPSec site-to-site tunnels with all the branches from the main site. Is via the vpn tunnels where FlexConnect limitations come to play? What exactly are the limitations of FlexConnect that I need to be aware of??/
As you can see, we have many branches all over the states and also overseas. The initial thought was only to deploy APs where we have warehouses (we really have over 20 branches - and growing - but only 5 of them have warehouses...) So, as I look deeper into cisco WiFi technologies, I can really see all these good features that we can certainly use. So with these features, I think it might make more sense, like rasikanayanajith advised, to really keep the WLC at the main site and deploy the APs at the warehouse with the FlexConnect feature.
This way, all the executives, as they travel to all the 5 warehouses, will only need to be concerned with one single set of credentials (their AD credentials), is this correct???? as I assume we can setup Radius Authentication for the clients to login via the WiFi.
please advise and thank you again -
Access point register on anchor wlc in DMZ
Hello,
I have an environment in which two WLC 4400 are connected to an anchor WLC 4400 in DMZ, This WLC in DMZ pass the Guest Wlan to other two WLC and terminate tunnel CAPWAP. The Ap in the remote sites, that are configure to register to WLCs in the remote sites, usually are registered on the two WLCs but sometimes they register to WLC in DMZ, how is possible if between WLC in DMZ and other WLC there is a firewall that block all the traffic except CAPWAP traffic?
If I reboot the APs they register on the two correct WLCs in remote sites.
ThanksAP also uses CAPWAP. you should only allow capwap connection from internal controllers only on the fw.
-
Limiting access to internet for specific time period every day
I was able to limit particular computers via static ip using acl, but not working now. Any clues? (mac address hasn't changed). This is the code I'm using:
access-list 102 deny ip host 192.168.0.35 any log time-range work-morning
access-list 102 deny ip host 192.168.0.35 any log time-range work-afternoon
access-list 102 deny ip host 192.168.0.142 any log time-range work-morning
access-list 102 deny ip host 192.168.0.142 any log time-range work-afternoon
Many thanks!Hi Leo,
Here is the output to the command: sh time:
time-range entry: no-heavy-traffic (active)
periodic daily 5:00 to 22:00
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
used in: IP ACL entry
time-range entry: work-afternoon (inactive)
periodic daily 13:30 to 17:30
used in: IP ACL entry
used in: IP ACL entry
time-range entry: work-morning (inactive)
periodic daily 8:00 to 12:30
used in: IP ACL entry
used in: IP ACL entry
Thanks! -
L3 connections between Access points and WLC
hi,
we have a customer asking us to configure wireless system as per attached drawing.
WLC is in Data Center which is connected to Data Center Switch ( Cisco 3850), then this DC-Switch is connected to DC-Core ( Cisco Nexus-7K).
this Nexus-7K is connected to many campus Networks. in all campuses there is Cisco 4507 Campus Core which is connected to Nexus-7K.
then from Campus core many distribution switches are connected.
all Vlans for data and wifi is created in Distribution Switches. Distribution Switches are VTP Servers and many access switches with connected APs are connected back to this Distribution Switch.
All Access Points are registered at WLC in Data Center, but wifi clients are not getting ip address from DHCP Server, as well as even if we configured static ip address at wifi clients they are not able to communicate correctly.
please correct me if there is a mistake in this design , or we have a solution to solve this problem please let me know.
attached topology diagram
thanks,
anvarHey Anvar,
Too much details about network, to make it simple:
1- APs and WLC can be in separate VLANs (Not a problem)
2- As APs have joined, these two VLANs look fine for me
If your clients can't communicate probably with static IP address
1- From the WLC, ping default gateway for that VLAN
2- If the WLC can reach the gateway, its wired VLAN issue that you need to investigate in the path (maybe using wired device in the same VLAN as the clients in the switch where the APs are connected)
Now, about why the clients are not taking IP:
1- What is your DHCP, where its located? Is it the same one for all clients?
2- Do you have local APs or FlexConnect ?
3- When you run the debugs for DHCP where the process breaks?
Cheers,
Nour
Maybe you are looking for
-
Dear all Please solve following error . while i posting asset aquisition F-90 (You cannot post to this asset (Fiscal year already closed) error coming . i checked year this is closed ( 2016) when i try changing it can`t change. How i o
-
Error 2203 installing Adobe Reader. How do I fix?
Error 2203.Database: C:\Windows\Installer\61cd5.ipi. Cannot open database file. System error -2147287035. I am running Windows 7 and continue to get this error when attempting to install Adobe Reader. I have run the CleanUp tool and removed all previ
-
My Apple TV is not streaming proper
Jeg har lige købt apple tv 3. generation. Jeg bruger den til at streame TV fra min Macbook pro, men Apple TV gør det ikke ordentlig. Den hopper i streamingen, som om internethastigheden ikke er høj nok. Men min internethastighed er målt til at være 1
-
Compilation error in a function due to simple IF-ELSEIF condition
DB version:10gR2 I have created the below mentioned function to activate or deactivate a custom functionality in a package. The functionlity should be activated only if the second byte of sys_config.flag_a ='Y' with CODE_ID='103'. If flag_a is null o
-
Download of adobe acrobat XI Pro
the product I just downloaded isn't coming up and so my computer isn't recognizing my serial #