Lost L3 to 5508 mgt interface ???

Similar Messages

• Mgt interface stuck in init state

  I can not connect to my mgt minterface on my mds 9509.
  The only thing that looks odd is the mgt interface status. Is this normal?
  Interface Status IP Address Speed MTU
  mgmt0 init 10.1.1.24/24 100 Mbps 1500
  MDS-switch-A# sh int mgmt 0
  mgmt0 is down (Initializing)
  Hardware is GigabitEthernet
  Address is 001a.e203.8af8
  Internet address is 10.1.1.26/24
  MTU 1500 bytes
  0 packets input, 0 bytes
  0 multicast frames, 0 compressed
  0 input errors, 0 frame, 0 overrun 0 fifo
  0 packets output, 0 bytes, 0 underruns
  0 output errors, 0 collisions, 0 fifo
  0 carrier errors

  hmm not sure where they 4 came from..but here is the status now..still in init..and here is the config..etc..
  Interface Status IP Address Speed MTU
  mgmt0 init 10.1.1.26/24 100 Mbps 1500
  XP-24000-MDS-switch-A# sh run int mgmt 0
  version 3.2(2c)
  interface mgmt0
  ip address 10.1.1.26 255.255.255.0
  XP-24000-MDS-switch-A# sh int mgmt 0
  mgmt0 is down (Initializing)
  Hardware is GigabitEthernet
  Address is 001a.e203.8af8
  Internet address is 10.1.1.26/24
  MTU 1500 bytes
  0 packets input, 0 bytes
  0 multicast frames, 0 compressed
  0 input errors, 0 frame, 0 overrun 0 fifo
  0 packets output, 0 bytes, 0 underruns
  0 output errors, 0 collisions, 0 fifo
  0 carrier errors

• WLC 5508 Multiple Interfaces for Multiple SSIDs

  Hello guys,
  I am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
  I have 2 questions:
  1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
  Port 1: Controller management only=> 192.168.x.x /24
  Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing)
  Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing)
  Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth)
  Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
  2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?

  Yes you can... but you have to disable LAG.  Each post will need to be connected to a dot1q trunk and you will only allow the vlan that is required for that port.  Also on the interface, you will define what port is primary and what is backup.  I'm guessing you will not be using the backup port.  For example... port 1 that connects to a trunk port will only allow the management vlan.  Here is a link to setup dhcp on the WLC
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Anchor mobility configuration getting lost in wlc 5508 ios code 7.4.100.0

  It is observed that in WLC 5508 , ios 7.4.100.0 ,  mobility anchor configuration on wlan  is getting lost .  we configure anchor ip address on  guest wlan > mobility anchor >  Switch IP Address (Anchor).
  We have configured the template on NCS 2.0 to push the anchor mobility ip address on all WLC
  Has anyone oberved this behavoiur. We have more than 100 WLC  , and  everyweek  mobility anchor configuration is lost on some WLC having code  7.4.100.0.

  I am having this exact same problem.  I am running 7.3 on 5508 WLC.   My remote site LAP's are using Flex (HREAP).  The initial access point that my laptop associates to connects with no problem, as soon as I wander out of range of the initial LAP and into the area of another access point, I lose data connectivity.   The was validated like the original post as I start a constant ping on the LAN and watch as the ping latency increases and then ping replies stop.  The only way to correct the problem is resetting of the wireless adapter on the laptop.  Side note my DroidX has no problem wandering from AP to AP.
  Laptop: Windows 7 32bit
  I then returned to my home site and test where I have a secondary controller and the LAP's are configured for local mode, no problems roaming from access point to access point.   Validated with constant ping test.  The pings drop for a second and re-
  continues as the laptop reconnects.
  **Edit: I am going to try the removing the DHCP Addr. Assignment required option, and report that back to the TAC engineer.
  Message was edited by: Michael Dunki-Jacobs
  **Edit Solved:***
  The problem is in deed solved by turning the "DHCP Address Required" but why?

• Help with Cisco 5508 management interface

  Hello,
  I'm trying to verify some behaviors I'm seeing with my 5508 controller setup and forgive me for missing anything obvious, I've zero experience with this hardware and clueless on the best practices. With that said... out of the box I ran through the AutoInstall process.
  I gave my service port an IP address on my subnet, 10.10.8.0/24 vlan 100 and gave the management interface the ip address 10.10.30.5/24 vlan 130
  From my host I can ping the management interace 10.10.30.5 and the interface gateway 10.10.30.1
  I cannot connect to the controller via 10.10.30.5 either through the web GUI or telnet
  I can connect to the controller via 10.10.8.200 both through the web interface and telnet
  while connected to the service port, I can ping the management port IP but I cannot ping the 10.10.30.1 gateway.
  We have attached two test 3502I AP's and they found the controller and pulled correct ip addresses, clients can authenticate and access network resources as well as the Internet so for the most part, things are working but it concerns me that the management interface can't ping its own gateway.
  Keep in mind, I did no other configurations besides what got configured in the AutoInstall process. What should I look at to resolve?
  Thanks!
  Mike

  The service port is for out of band management and should not be connected to the network.  If connected tot he network, it should not have connectivity to the management interface of the wlc. 
  You can create an ACL to block the service port ip to the managment vlan if you want.  I normally do not connect the service port to the network.

• WLC 5508 Management Interface Connection

  I'm setting up a new 5508.  I've used the config from a 4402, have successfully connected to the Service port to manage the device, but for some reason cannot connect to the Management interface.  In this case, port 1.
  The service port is connected to a Catalyst switch and grabbed an ip address (10.2.x.x subnet) no problem.  I can access the 5508 via https using the SP.  However, port 1 is connected to the same Catalyst switch, but on a different vlan (subnet 10.20.x.x).  Both ends show that the interfaces are up, I can ping the interface from any other host on the network, but when I try to manage the device via https I cannot connect.  We are using WCS and I cannot add the device from the WCS.  About all I can do is ping that interface.
  I've probably overlooked something very basic, but I'm baffled.

  Thanks for the reply.
  No, definitely not that.  I have all of those enabled.  I have the SP connected to another vlan on the same switch and can manage through that port(https, telnet).  I've tried about every combination of trunk port, access port, etc.  I'm beginning to suspect the GBICs (10baseT), but both ends show that I am connected at 1000 and I can ping the ip address of the management interface.

• WLC 5508 management interface

  Hi, I have a particular wireless design that requires one WLC 5508 to be connected to two seperate swithces. Port 1 of WLC is connected trunk to Switch A and Port 2 of WLC is connected to Switch B. Each switch has its own local VLANS. When I connect 1130s LAPs they need to find the management interface initially and then use only AP management interfaces. since there is only one management interface, if I assign management interface on a vlan that is configured on switch A then APs on switch A join fine but those on switch B keep asking for management interface and from capwap debug on WLC it says that join request was received on wrong ineterface ....
  the only work around to this was to make routing between switch A and switch B for the two vlans on which APs reside... but for security purposes - client would like to avoid this
  any help much appreciated ..

  Hi thanks for your reply,
  Yes I agree perfectly with your explanation - On both switches I have UDP forward for 5246 and 5247 and everything works fine.
  You understood exactly what's happening for initial discovery the Guest AP asks for managemnt interface through WLC port 2 but managerment IP is on admin side WLC port 1 and then it drops packet saying that it was received on the wrong port. In fact that is why I put an ACL between the Admin switch and guest switch taht allows only 5426 capwap control - just to allow that initial discovery from guest AP to contact Management interface which can only be assigned to one port and in my case it is on the admin switch side. And that is why I had to make a route between the two independent switches.
  My question is to know if there is any other way with my given design to eliminate this initial discovery to the management inetrface, as my client would like the admin and guest switches to be completely seperated i.e. without the routing. Is there any way that the guest APs can make contact with the AP management interface on their side only skipping the discovery of the management interface ? the guest APs were primed on the admin side so they know the IP. After the initial discovery, if I remove the routing between admin and guest switch, guest APs keep their connectivity without any problems.

• Wlc 5508 management interface vlan - access point vlan

  Is it required that the access points are in the same vlan as the management interface on a wlc 5508?

  There is a story behind this .. Just yesterday my guy was like "aps wont join" .. I let him hammer away at it .. It was the check box
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Need Information of cisco WLC 5508 LAG Interface

  HI
  We have cisco WLC 5508 in our network and right now ,this WLC is connected to two ports of each core switches.Both CORP and GUEST SSID are configured on this WLC.
  Now we want to segregate the trafffic og GUEST to on core switches from WLC. SO my question is ,how can we achieve this without using guest anchor controller ?
  Can i use one interfcae cisco WLC 5508 and connect it to the firewall or any device ?
  Thanks
  Puneet

  Hi
  Thanks ...I am using WLC as a DHCP server for Guest.
  So  i want to know ,is there any requirement that GUEST subnet should be pingable from WLC management IP address.
  my topology is here...
  Corp network and management network are reachable however management metwork is not pinagble from guest netowrk.

• Backup Port of WLC 5508 MGMT interface

  Dear All,
  Since WLC5508 MGMT interface is configured a AP-Mgr at the same time, can I set a Backup Port to WLC5508 MGMT interface?
  Refer to WLC configuration Guide:
  In the Backup Port text box, enter the number of the backup port assigned to the management interface. If the primary port for the management interface fails, the interface automatically moves to the backup port.
  NoteDo not define a backup port for an AP-manager interface. Port redundancy is not supported for AP-manager interfaces. If the AP-manager interface fails, all of the access points connected to the controller through that interface are evenly distributed among the other configured AP-manager interfaces
  I am confuse on this. Thus, if I need to configure the backup port for MGMT interface, i need to remove the AP-manager on MGMT interface and create a network dynamic interface for AP-Manager ?
  Thanks all.
  Jeff Chiu

  Jeff:
  You are right. The config guide is confusing.
  The config guide is talking about AP-Manager interfaces you create other than the management one. For the management interface it is called "management" but it acts as an AP-Manager interface as well. When the config guide metnions "AP-Manager interface" it does not mean the management interface but it means AP-Manager interfaces that you create beside the management interface.
  So, for the management interface you can create a backup port and I think if you are not using LAG it is a best practice to define a backup port for management.
  For other AP-Manager interfaces that you create (other than the management interface) you don't need to define the backup port.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• 5508 WLC Interface Groups

  We have not configured or used interface groups in our wireless deployments, and I am just curious if there are any issues or caveats experienced with using these?  We have a few instances where we have setup a /23 network for a specific wlan.  I  undertsand this increases broadcasts.  Would interface groups be preferred over using a /23 or even maybe a /22 to accomodate addressing?

  By default, the WLC will not forward broadcast.  There are pro's an con's to interface groups... if your doing multicast, that can be an issue unless you specify an multicast vlan.  I have used interface groups because customer standardize on /24, so I would combine a bunch of /24's to create an interface group.  I have customers with /23 and /23 and others with no issues... but I look at it as on the wired side.  You okay with /23 and or /22 on the wired side?
  Thanks,
  Scott
  *****Help out other by using the rating system and marking answered questions as "Answered"*****

• Swtichs lost connection in trunk interface but still turn on

  Dear Friends,
  Since a week ago i have problems withs 4 or 5 access switchs that randomly lost the connection in trunk interface. The led in trunk interface turns off and i have to go to the site and turn off manually the switchs an then turn on to stablish again the connection. Before to turn off the switchs the logs shows:
  Jan 11 09:23:55.155: %SW_MATM-4-MACFLAP_NOTIF: Host fc99.471f.23bf in vlan 174 i
  s flapping between port Gi1/0/4 and port Gi1/0/11
  Jan 11 09:23:55.255: %SW_MATM-4-MACFLAP_NOTIF: Host e490.699f.86fe in vlan 117 i
  s flapping between port Gi1/0/4 and port Gi1/0/11
  Jan 11 09:23:55.591: %SW_MATM-4-MACFLAP_NOTIF: Host e41f.1377.3d65 in vlan 413 i
  s flapping between port Gi1/0/4 and port Gi1/0/11
  Jan 11 09:23:55.625: %SW_MATM-4-MACFLAP_NOTIF: Host f0f7.55b6.3f68 in vlan 413 i
  s flapping between port Gi1/0/4 and port Gi1/0/11
  Jan 11 09:23:55.759: %SW_MATM-4-MACFLAP_NOTIF: Host 0040.8cf5.5eb0 in vlan 113 i
  s flapping between port Gi1/0/4 and port Gi1/0/11
  Jan 11 09:23:56.589: %SW_MATM-4-MACFLAP_NOTIF: Host 0016.6c78.c1f4 in vlan 170 i
  s flapping between port Gi1/0/4 and port Gi1/0/11
  Jan 11 09:23:56.589: %SW_MATM-4-MACFLAP_NOTIF: Host 0016.6c76.a951 in vlan 170 i
  s flapping between port Gi1/0/4 and port Gi1/0/11
  Jan 11 09:23:57.806: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthe
  rnet1/0/1, changed state to down
  This is common in all the switches that lost connection. The MACs are different in all switches so i cannot know if there are an specific host that causes the problem. Please your support.

  Hi Reza,
  Both ports are trunk.
  interface GigabitEthernet1/0/4
   switchport trunk encapsulation dot1q
   switchport mode trunk
  interface GigabitEthernet1/0/11
   switchport trunk encapsulation dot1q
   switchport mode trunk
  Any idea?

• AP's will not join new 5508's

  We just completed deployment of (4) 5508-250's in a large enviroment. We are now trying to get some test AP's to join the new WLC's. At one point it appeared that one of the 5 joined but the other 4 did not. We rebboted everything including resetting the AP's to factory and upon doing that all 5 ap's came up and joined the legacy WISM's blades sitting in the core.
  The new 5508's are sitting on a new stack of switches running 12.2.58(SE2) ip base.  We have all new subnets for the new ap's as well as all vlan interfaces on the controllers themselves. IE: vlan 499 and vlan 500. Vlan 500 is Management and 499 is the ap-manager interfaces (32 of them).
  1. Why would the new AP's prefer the old WISM to the 5508's?
  2. What do we need to do to fix that until the we can do a migration?
  3. The WLC's and the cores are not in the same stack. The WLC's are on the customers 6509 and the (4) 5508's are on a new 3750x stack with a port channel to the core 6509.
  4. Does the new stack have to be running the L-3 IOS with a routing protocol running. The customers current enviroment is EIGRP.
  5. I have looked at the new WLC configuration and compared it to other similar sites and they are the same with the exception of the L3 on the new 3750x stack.
  Thanks,
  Evan Kalbach

  Here is my response to your queries.
  1.  Unless you configure primary,secondary (HA parameters) on your AP, it does not prefer 5508 as long as it can reach both controllers
  2. You can configure the 5508 as primary controller ( & WiSM as secondary) to inluence AP to go to 5508 as first preference. You can try below CLI command on your WiSM for the APs you want to register to 5508 as primary & keep WiSM as secondary.
  config ap secondary-base
  config ap primary-base <5508 WLC name> <5508 Mgt IP>
  3. WLC does not need to connect Core
  4. As long as WLC have rachability to rest of networks, that's fine. No L3 routing required on the swich you connect the WLC.L3 gateway can be defined another L3 switch. Then you should have extend L2 from the WLC connect switch upto L3 defined switch.
  5. Doesn't matter this.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Alert Parameters to Get Interface Description (i.e. Something Meaningful to Network Admins)

  Hi All,
  We have recently deployed OpsMgr 2012 R2 inparallel to our legacy 2007 environment.
  For network device monitoring in the 2007 environment we used the xSNMP Management Pack on top-of the native capabilities.
  On of the positive aspects of the 2007 set-up was that we were able to leverage the xSNMP Management Packs ability to expose the interface alias/description which our Network admins populate to identify the connection/purpose of an interface within the SMS
  Channel format.
  Basically, the Network Admins would give me a list of critical interfaces and using the combination of Path and Alias/Description I would be able to confidently enable interface monitoring and alerting for those interfaces.
  In 2012, however, all that has been changed.  Now, interfaces are identified by an Interface Name value that is not really meaningful or relevant to the way our Network Admins work.  Wjat I also find problematic is the way that interfaces seem
  to have been divorced from the the source device in such a way that the default email alert format doesn't even include the Path (source device) on which the interface generating the alert is associated with.  This is even the case when trying to create
  a custom monitored interfaces State view in that the Path column is populated by the MAC address rather than with the host device that the interface is on which is what really matters.  Who deals in MAC addresses?
  What we require is a way to expose the host device and Interface Description and Alias  values as part of an SMS/email alert as that is crucial information that an on-call engineer being woken-up at 2:00 AM needs to know rather than scratching
  their head with some guff about IF-20 without even the parent device of that interface given so that they can at least know what device to log-on to manually try and identify which interface connection/service  is down even though they should not have
  to do that.
  I have already tried to customize the SMS Channel format from its default format to the following:
  State: $Data[Default='Not Present']/Context/DataItem/ResolutionStateName$ $Data/Context/DataItem/ManagedEntityFullName$ $Data/Context/DataItem/AlertName$
  using the list of alert parameters from Kevin Holman's blog but even with the $Data/Context/DataItem/ManagedEntityFullName parameter the information is not satisfactory.
  For all the improvement in SNMP and network monitoring it seems that something that was actually good and useful in 2007 has now been lost because of the way interfaces/ports  have been divorced from the parent Managed Network Node device.
  Can anyone advise how I might be able to get sensible interface alerts in my email and SMS notifications that provide the host router/switch Display Name, and the Interface Description and Alias of the Interface?
  Points given to all considered replies.
  Kind Regards,
  Michael

  Yeah, that's kind of a mess...
  You can create a workaround to change the name similar like that:
  http://www.vroege.biz/?p=746
  But it needs some authoring knowledge and must run every time after a network discovery. Since this means a class property change it is a performance consuming workflow and should not run top often.
  HTH, Patrick
  Please remember to click “Mark as Answer” on the post that helped you.
  Patrick Seidl (System Center and Private Cloud)
  Website: http://www.syliance.com
  Blog: http://www.systemcenterrocks.com

• Lost ethernet connectivity

  Fisrt of all, thanks everybody.
  I'have been facing a problem of lost of connectivit at ethernet interface.
  I'm using 2 Aironet 1310 as bridge between 2 buildings. The wireless configuration is OK.
  It is an intermmitent problem. Sometimes all computers at the remote building lost the connectivit with the main building (DHCP, Internet) and we can't ping the remote Radio. Neither of the remote building where it are fixed.
  But at the main building when I open the Radio web page, the event log show me that the radio interface is up and associated with other radio.
  I'don know if is a hardware problem, when I do "sh interfaces" it's seens that all is ok.
  Anyone could help me.
  Thanks Carlos

  Carlos,
  FYI, the connections where the coax is attached to the radio can give you a lot of problems if it is not sealed perfectly. The radio installation kit comes with sealant tape, I assume your coax was sealed. If not, you may have some water in the connection or in the coax end. I have had to replace both coax and radio once that happens; however, my environment was worse than most. You may end up having to replace the radio. That is what I had to do more than once when this starts happening.
  Randy