Locking down WCS and WLC

Similar Messages

• Rogue AP - Not in sync with WCS and WLC

  WCS - 7.0.164.0 and WLC - 7.0.98.0.
  For some reason, I am seeing rogue ap alert on WLC and am not seeing on WCS.   How do I clean up database and sync with WCS and WLC.
  I am seeing same thing with coverage holes.
  - Allen -

  Allen,
       On the WLC go to Management > SNMP > Trap Controls, make sure that you have the traps checked.
  HTH,
  Steve
  *Please remember to rate helpful posts*

• WCS and WLC AP values not fully in sync.

  I have recently added several new aps on my network,after they connect to the controller, I set a hostname, and change the ip address to a static. However, WCS still sees the aps by the old ip and host name despite going into each one, hitting audit, and then save, any way to fix this? Thanks.

  You may want to also consider the following:
  1) Both the WCS and the WLC need to be at the same major revs (i.e.: The if the WCS is at v4.2, then the WLC should also be at 4.2). Failure to do so results in some significantly bizarre behavior such as errors after an audit - at least that was my experience.
  2) You may have better success if you make the change from the WCS which pushes the change to the WLC and that way the WCS is already aware of the change. (Normally, this should work - I know of one instance where it does not: changing Master Controller Mode from the WCS).
  3) If you feel strongly about making the change in the WLC (and are running a newer version of code in the WCS/WLC - i.e.: 4.x), there is a setting that forces the WLC to send configuration changes to the WCS once APPLY and "Save Configuration" are clicked:
  From the *WCS*, click on Configure->Controllers and click on the controller you wish to change, and check the "Refresh on Save Config Trap" check box and click OK.
  This will cause the controller to push any configuration changes up to the WCS after an APPLY and "Save Configuration" are clicked.
  4) In terms of getting the WCS to actually synch up with the controller (assuming the WCS and WLC are at the same rev. levels), you may need to do what I did (this was subsequent to upgrading to v4.2 in both the WLC and WCS and having chronic "mismatch" status between the WCS and WLC):
  From the WCS:
  Configure->Controllers, check the controllers you wish to synch up. From the dropdown, select "refresh config from controller"
  Next, select the DELETE option (instead of the RETAIN option). I believe that there are bugs in the software that upgrades earlier revisions to 4.2. I know that it might seem undesirable to DELETE information in the WCS, however, if you choose "DELETE", it seems to get rid of the residual information from the previous revisions that did not upgrade properly and the WCS will now be in synch with the controllers. DELETING the other settings makes the audit errors go away.
  Subsequent audits may go better for you after performing the step shown above. However, you may need to repeat this process in item 4 above once or twice more until the database gets cleaned up, but after that my own experience has been that the WCS and WLC will eventually stay in synch.
  It is unfortunate that we are forced to come up with workarounds like these when the software should clearly be able to handle this on its own, but we do what we must to get the job done.
  Hope this helps,
  - John
  (Please rate helpful posts)

• WCS and WLC WLAN Config not fully in sync

  Hi,
  We're facing the issue WCS and WLC WLAN Config is not fully in sync. WLC  showing server 1 is IP:10.160.22.151, Port:1812 but WCS server showing none even  after click on “Audit” button. Any idea how to resolve this issue? Is this causing any wireless problem? Attached is screen captured. Thanks for your help.

  You mentioned "audit". Have you done a WCS audit so the WLC and WCS are in SYNC?
  If you make a change on the WLC you will not see it in WCS UNLESS they are SYNC. You will see the term "mismatch".
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Location Appliance 2700 - is it supported with v7 WCS and WLC?

  The compatibility matrix shows no support for a Location Appliance 2700 for any version 7.0.x.x for WCS and WLC. However, I did see a thread here where a v6.0.x.0 had compatibility. v6.0.202.0 is MD. Is it compatible with v7 WCS and WLC?
  Can any of the experts please comment? Thank you.

  Hi,
  here is the link that will answer ur question!!
  http://www.cisco.com/en/US/docs/wireless/controller/4400/tech_notes/Wireless_Software_Compatibility_Matrix.html#wp78062
  Please dont forget to rate the usefull posts!!
  Regards
  Surendra

• WCS and WLC syncing

  Gday again,
  I am converting standalone cisco1231AP to LWAPP. In the process, the conversion is always successfull. Run the audit on WCS, refresh values from Controller and restore values from Controller... The process after that involves us running few lightweight templates. Now, with the newly converted AP, I used to be able to see thm on both WCS and WLC. However, I dont see the new APs in WLC anymore. Besides checking the SNMP settings for sync, what else should I check?
  Regards,

  are the APs registered to the WLC? whats the software running on the WLC and WCS??

• WCS and WLC versions for Cisco 3600 WAP

  Hi,
  I got a few Cisco Aironet 3602i. The minimum WLC version to support these is 7.1.91.0. I am planning to upgrade to 7.2.103.0. The minimum WCS version to support these WAP is 7.0.220.0 and the next available 7.0.230.0. Checking the release notes for both of these WCS versions, there is no mention of support for WLC versions listed above.
  http://www.cisco.com/en/US/docs/wireless/wcs/release/notes/WCS_RN7_0_230.html#wp152663
  Am I missing something here ? What versions would be required on WCS and WLC to make all the three entities (WLC, WCS, WAP) inter-operable ?
  Thanks,
  Regards, Rashid.

  Thanks Scott.
  Table-5 from your link indicates WCS 7.0.230.0 support for WLC 7.1.91.0, although release notes for WCS fails to mention this. I think thats the only option in the our existing WCS based network then. Other option being to upgrade to NCS.
  The NCS page http://www.cisco.com/en/US/products/ps6305/index.html indicates it will be offered to existing WCS customers when releases. Would we be required to pay for the product or both product and licenses or none ?

• WCS and WLC, On the same VLAN ?

  Whats best practice ? Is it better to have the WCS on the same vlan as the controller(s)
  Johann Folkestad

  Given the fact that it is snmp traffic, the WCS to WLC snmp read/writes should be confined to a subnet(s) that are secured by ACLs/firewalls/rfc1918 address space, yada yada....
  One way to do it is to place the WCS behind a firewall on the same or reachable subnet as the WLC service or management ports. I prefer using the service port on the WLC for the WCS snmp traffic, this way I can prune that vlan off the switch trunk ports that the WLC connect to as well as put it in a subnet that is away from prying eyes. I have had it working just fine since 3.0.2x all the way up to the latest rev this way.
  the controller will touch an additional vlan for each dynamic interface you create for wlans
  You can also dual home the WCS server, but the default option on WCS install/upgrade is to bind to one interface (it will detect & prompt in regards to multiple interfaces - at least on the Linux version).
  Also don't forget to lock down https access to WCS web frontend as well

• Locked down security and running captivate clips

  I am relatively new to Captivate. And in trying to publish I
  have run accross a roadblock. We have locked down security so much
  that most of my audience cannot open the files. When trying to
  Publish as an SWF they are seeing Active X messages and then when
  they agree, the window stays blank or they get a message that
  windows blocked the software because it can’t determine the
  publisher. If they try to run it as an executable they do not have
  rights either. Can you give me ideas on how to make this available
  with very limited rights?

  Hi TC64
  I believe what may be happening here is that the messages are
  appearing because of the external JavaScript reference. (Captivate
  versions 2 & 3 normally reference a JavaScript file called
  "standard.js") Oddly enough, this is done in an effort to bypass
  the "Click to activate and use this control" message that only IE
  presents.
  One way to work past the need for the standard.js file is
  described in a section of fellow Adobe Certified Captivate
  Instructor John Daigle's article about working with Captivate and
  RoboHelp. You may view it by
  clicking
  here. Pay close attention to how he is describing the
  JavaScript modifications.
  This may or may not totally resolve your issue, but it's
  certainly worth a try!
  Cheers... Rick

• WCS and WLC Reporting

  Hello All,
  Does anyone know if there is a way to get the WCS or WLC to report if a change had been made via syslog or snmp?
  Also, is there anything specific that has to be configured in the WCS to send emails of traps or alarms? I see where there are places you can enter emails but I am not sure if that is all that is required for the WCS to send the report to that particular email address.
  Any configuration examples or details would be great.
  Thanks

  On the controller, the WLC can be setup to send messages to a syslog server you may need to specify on the GUI, the level of the messages you want sent for rogue detection, you may need to specify software errors. Also, via WCS, you can have it send emails on the rogue traps / messages. A 3rd method is to setup snmp if you have something like hp open view. the mibs are at the link below, depending upon which image you have.

• License problem with WCS and WLC

  Hi All,
  I have planned to implement three WLCs and one WCS to manage them.
  AP count is as below :-
       WLC #1     -     10 AP
       WLC #2     -     10 AP
       WLC #3     -     20 AP
  When WLC #1 is down that connected 10 APs should failover to the WLC #3.
  So at normal scenarion, WLC #3 should need 30 AP license; to failover WLC#1 APs properly to the WLC #3
  My problem is, Can I load total AP license (40 license) to WCS without installing them to individual WLCs ?
  If it is possible i can cut off the additional 10 AP license, required to the HA and failover.
  or if I use a WCS may i need to buy additional 40 license to WCS seperately from 40 WLC license ?
  Thanks,
  Charith

  Yes, you required to have seperate licences for WLC & WCS.
  You cannot add WLC licence to WCS & vice versa.
  HTH
  Rasika

• User admin authentication to WCS and WLC

  Hi Experts,
  Do you know is it possible to configure WLC and WCS management user access to authenticate to TACACs like IOS routers does.
  If its possible do you know where I can find a doco as a guide. Tried to find but to no avail.
  WLC
  Model No. AIR-WLC2106-K9
  Software Version 5.2.178.0
  WCS
  version 6.0.181.0
  ACS
  Cisco ACS 4.2
  Thanks
  Rgds
  Kumar Ramalingam

  I think you are looking for this for WCS
  http://www.cisco.com/en/US/docs/wireless/wcs/5.2/configuration/guide/5_2admin.html#wp1059589
  and the WLC guide is here.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080851f7c.shtml#topic6

• WCS and WLC checklist

  I have a customer that ordered the WCS application, a 5508 WLC and (38) 1142 APs. Does anyone have a form that I can give to the customer to fill out as a guide to help with the installation and configuration which he can fill in the information needed for authenication method, SSID information, Radius, ACS, WLC options, port requirements for WCS behind firewall, etc...  

  Use the GUI Configuration Wizard.
  http://www.cisco.com/en/US/customer/docs/wireless/controller/7.0/configuration/guide/c70intf.html#wp1142477

• Wcs and wlc snmp

  if you configure a wireless controller to not send any client traps, does that affect client information and stats in wcs?  wcs is managing controllers, and the controllers are also configured to send traps to another third party trap receiver for ticketting.  since the 3rd party trap receiver is not using these client traps for anything, and there are thousands being sent, its putting unnecessary load in the trap receiver.  If I configure the controller to stop sending client traps (like associate/disassociate, etc..) will that affect the client information that wcs reports?              

  Hello,
  Good question. The answer is No.
  WCS would still poll the controller(s) through SNMP to get that information. From WCS, if you navigate under the Administration --> Background tasks page you would see the list of polling tasks there. The snmp traps help in getting the information quicker to the management application rather than waiting for the polling to happen (which could happen only for every 15 to 60 minutes depending on the task). So your Client reporting in WCS should have the data regardless of the TRAP configuration on the WLC's.
  Ram

• Lock downs, freezes and MADNESS!

  I am having a problem with frequent freezing on my iBook. By frequent I mean this thing freezes everytime I use it. Sometimes I'm OK for 30 minutes, sometimes for 5 minutes, but no matter how my computer sessions begin, I unfortunately know how they will end. There doesn't seem to be a pattern.
  When the freeze occurs, I am not able to remedy the problem by forcing whatever application I'm using to quit. As a result, I have to do a hard shutdown by pressing the power key (don't know what it is called).
  Restarting the machine usually takes several tries. Many attempts end with a blank blue screen. Or, I get a blank blue screen and quick flashes of black horizontal lines.
  I have run the disk utility on the startup and tried several other things (different kinds of resets), but nothing seems to work. I try to run Norton but the iBook typically freezes about 10 minutes into the process.
  I feel it's also important to note that I am having problems with my battery. It's only at 28 percent of capacity and won't seem to take more than an hour's charge. With that in mind, I've tried testing the iBook with the battery in and out, but nothing seems to make a difference. However, I have noticed that I seem to have better luck restarting when the iBook is not plugged into the powercord. Maybe that's my imagination, though.
  I am using an iBook G4 purchased in mid-2004. My stats: OS X v. 10.4.3; 1.07 GHz processor; 256 MB memory; and I have about 1 GB left on a 38 GB HD.
  Any help would be appreciated.
    Mac OS X (10.4.3)  

  I try to run Norton but the iBook typically freezes about 10 minutes into the process.
  If you did this before you started having trouble, this very well could be the cause. Norton Utilities for the Mac has been discontinued for about two years now and they never supported Mac OS X 10.3 (Panther), let alone the current Mac OS X 10.4.
  My first advice, put in your install disk that has the Apple Hardware Test on it (It should be listed somewhere on the label as "AHT version X.X".) and restart the iBook. Hold down on the "option" key. This will bring up a "Startup Manager" that will allow you to select the disk to startup from. Choose the Hardware Test by clicking on it and then click on the right arrow to continue. I would run the extended test to see if any errors appear. This may take a few minutes. If everything comes out okay, then we can be reasonably sure that you have a software problem, not a hardware problem (but the Apple Hardware Test is not always 100% accurate in reporting hardware failures). Let us know what you find out about this troubleshooting step and we'll try to help you from there. Depending on what you find out, we may recommend different steps...
  -Doug