LWAPP with WLC across VPN

Similar Messages

• LWAPP assocoation with WLC

  hi,
  m lwapp cisco 1242ag is not getting associted with wlc.
  it is giving following logs in console of AP -
  %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
  %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLL
  ER
  pls help on this.

  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml
  Check that link
  What you should try
  clear lwapp or capwap private config
  clear nvram
  If still no go,
  MAke sure that DHCP is proving domain name and DNS ip address
  If it still does not join, convert it to aIOS and then clear nvram and then convert back again to lightweight using the latest RCVK image or lightweight ios and see if it works
  if not try this:
  debug lwapp console cli
  debug capwap console cli
  AP(config)# ip domain name company.com
  AP(config)# ip name-server
  Let us know how did you go

• Connecting Cisco AIR-CAP2602E over WAN with WLC - Procedural Details

  Hi,
  I have a Wireless LAN Controller Installed in one of the subnets where some AIR-CAP2602E's are connected with the WLC. WLC acts as DHCP for the AIR-CAP2602E Devices.
  I have additional AIR-CAP2602E access-points at other location (Subnet) and Need to connect them with WLC. 
  Challange faced by me is creating DHCP on Cisco 2950 (L2) or 3750 (L3) with DHCP option 43. Can any one has detailed configuration of enabling DHCP for specific VLAN on Cisco L2 and L3 Devices. 

  If you have control of the DNS environment for these network segments, just make an entry for :
  cisco-lwapp-controller aliases cisco-capwap-controller (IP list) as the CAP will hunt for those two name sets.
  My WLC provides DHCP support only to the wlans supported by the AP but not the AP it self..
  hope this helps

• Troubleshoot Cisco Airlap 1242 with WLC 4400 Series LWAPP_CLIENT_ERROR_DEBUG: spamHandleCfgReqTimer: Did not recieve the Config response

  I have a Problem with my new AIRLAP 1242 to connect with WLC 4400
  after debug in my airlap it shows :
  Reset done!
  ethernet link up, 100 mbps, full-duplex
  Ethernet port 0 initialized: link is up
  Loading "flash:/c1240-k9w8-mx.123-7.JX8/c1240-k9w8-mx.123-7.JX8"...######################################################################################################################################################################################################################################
  File "flash:/c1240-k9w8-mx.123-7.JX8/c1240-k9w8-mx.123-7.JX8" uncompressed and installed, entry point: 0x3000
  executing...
                Restricted Rights Legend
  Use, duplication, or disclosure by the Government is
  subject to restrictions as set forth in subparagraph
  (c) of the Commercial Computer Software - Restricted
  Rights clause at FAR sec. 52.227-19 and subparagraph
  (c) (1) (ii) of the Rights in Technical Data and Computer
  Software clause at DFARS sec. 252.227-7013.
             cisco Systems, Inc.
             170 West Tasman Drive
             San Jose, California 95134-1706
  Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.3(7)JX8, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2007 by Cisco Systems, Inc.
  Compiled Mon 19-Mar-07 01:42 by hqluong
  Image text-base: 0x00003000, data-base: 0x004051E0
  Initializing flashfs...
  flashfs[1]: 9 files, 3 directories
  flashfs[1]: 0 orphaned files, 0 orphaned directories
  flashfs[1]: Total bytes: 15998976
  flashfs[1]: Bytes used: 5062144
  flashfs[1]: Bytes available: 10936832
  flashfs[1]: flashfs fsck took 4 seconds.
  flashfs[1]: Initialization complete....done Initializing flashfs.
  cisco AIR-LAP1242AG-E-K9   (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
  Processor board ID FCW1411U0FZ
  PowerPCElvis CPU at 266Mhz, revision number 0x0950
  Last reset from power-on
  1 FastEthernet interface
  2 802.11 Radio(s)
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 68:EF:BD:5F:9A:18
  Part Number                          : 73-10256-07
  PCA Assembly Number                  : 800-26918-06
  PCA Revision Number                  : A0
  PCB Serial Number                    : FOC14093XU3
  Top Assembly Part Number             : 800-29152-03
  Top Assembly Serial Number           : FCW1411U0FZ
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-LAP1242AG-E-K9
  Press RETURN to get started!
  *Mar  1 00:00:05.608: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
  *Mar  1 00:00:06.858: %DOT11-2-VERSION_INVALID: Interface Dot11Radio0, unable to find required radio version 581.18
  *Mar  1 00:00:06.858: Interface Dot11Radio0, Accepting as a test version of radio firmware
  *Mar  1 00:00:06.878: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
  *Mar  1 00:00:07.234: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Mar  1 00:00:08.212: %DOT11-2-VERSION_INVALID: Interface Dot11Radio1, unable to find required radio version 581.18
  *Mar  1 00:00:08.212: Interface Dot11Radio1, Accepting as a test version of radio firmware
  *Mar  1 00:00:08.232: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
  *Mar  1 00:00:09.278: %SYS-6-LOGGERSTART: Logger process started
  *Mar  1 00:00:09.326: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.3(7)JX8, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2007 by Cisco Systems, Inc.
  Compiled Mon 19-Mar-07 01:42 by hqluong
  *Mar  1 00:00:09.332: %CDP_PD-4-POWER_OK: Full power - AC_ADAPTOR inline power source
  *Mar  1 00:00:09.388: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 32 seconds
  *Mar  1 00:00:10.271: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
  *Mar  1 00:00:10.332: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Mar  1 00:00:10.332: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar  1 00:00:11.271: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
  *Mar  1 00:00:28.331: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
  *Mar  1 00:00:28.361: %DOT11-6-FREQ_USED: Interface Dot11Radio0, frequency 2462 selected
  *Mar  1 00:00:28.362: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
  *Mar  1 00:00:28.363: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar  1 00:00:28.369: %DOT11-6-FREQ_USED: Interface Dot11Radio1, frequency 5260 selected
  *Mar  1 00:00:28.372: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar  1 00:00:28.398: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar  1 00:00:28.399: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Mar  1 00:00:28.465: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar  1 00:00:29.398: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Mar  1 00:00:29.465: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  Translating "CISCO-LWAPP-CONTROLLER.ekahospital.com"...domain server (202.134.0.155)
  *Mar  1 00:00:38.351: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 172.31.xxx.xxx, mask 255.255.255.0, hostname AP68ef.bd5f.9a18
  *Mar  1 00:00:38.820: %DOT11-6-FREQ_USED: Interface Dot11Radio0, frequency 2417 selected
  *Mar  1 00:00:38.827: %DOT11-6-FREQ_USED: Interface Dot11Radio1, frequency 5200 selected (203.130.196.5)
  *Mar  1 00:00:49.835: %DOT11-6-FREQ_USED: Interface Dot11Radio0, frequency 2422 selected
  *Mar  1 00:00:49.842: %DOT11-6-FREQ_USED: Interface Dot11Radio1, frequency 5220 selected
  *Mar  1 00:00:49.851: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
  *Mar  1 00:00:49.852: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
  *Mar  1 00:00:49.852: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
  *Mar  1 00:00:50.852: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar  1 00:00:50.852: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Sep 18 07:02:25.504: %LWAPP-5-CHANGED: LWAPP changed state to CFG
  *Sep 18 07:02:29.288: LWAPP_CLIENT_ERROR: lwapp_name_lookup - Could Not resolve CISCO-LWAPP-CONTROLLER.MYDOMAIN.com
  *Sep 18 07:02:30.504: LWAPP_CLIENT_ERROR_DEBUG: spamHandleCfgReqTimer: Did not recieve the Config response
  *Sep 18 07:02:30.551: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET CONFIG RESPONSE.
  *Sep 18 07:02:30.551: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.
  flashfs[0]: 9 files, 3 directories
  flashfs[0]: 0 orphaned files, 0 orphaned directories
  flashfs[0]: Total bytes: 15998976
  flashfs[0]: Bytes used: 5062144
  flashfs[0]: Bytes available: 10936832
  flashfs[0]: flashfs fsck took 26 seconds.
  Base ethernet MAC Address: 68:ef:bd:5f:9a:18
  Initializing ethernet port 0...
  Reset ethernet port 0...
  Reset done!
  and after that i check in my WLC that shows
  AP with Base Radio MAC xx:xx:xx:xx:xx:xx (APxxxx.xxxx.xxxx) is unable to associate.
  The reulatory domain configured on it '-e' does not match the controller's country
  code: USA
  i found that the problem about the region.
  question :
  1. is it possible to change the region in AIRLAP 1242 or in WLC?
  2. if possible how to change it?
  INFO :
  my first AIRLAP Product/Model Number : AIR-LAP1242AG-A-K9 and my new AIRLAP Product/Model Number : AIR-LAP1242AG-E-K9

  WLC GUI >> Wireless >> Country >> Select the country.
  Regards
  Surendra

• Register APs at remote site with WLCs at the core via Metro E.

  All,
  I have problem with register APs at the remote site with WLCs at the core.
  All of my WLCs are on main site; and the majority of APs are on same subnet and same site with the WLCs. This works just fine.
  However I have a remote site with connected to the core via metro E. And I am unable to make the APs at this site register to the controllers at the core.
  On remote site APs and PCs are on subnet. And PCs are work just fine. I have the DHCP scope options 43 set for the ip address of the WLCs.
  Metro E interfaces are on 192.168.0.0 /24.
  Clients (PCs and APs) at remote are on 192.168.56.0 /24
  I have the configuration on the Metro E and and remote site on the attachment.
  Thank in advantage.

  To get APs registered, make sure AP is getting an ip address and can ping WLC
  Once this is verified, run the following debugs on WLC CLI and attach it to the thread:
  - debug mac addr
  - debug capwap OR lwapp events enable
  - debug capwap OR lwapp errors enable
  - debug pm pki enable
  To stop debug
  - debug  disable-all
  In case you have 'console' access to remote site AP, capture AP boot up and then run "debug ip udp" on AP CLI
  To stop this debug
  AP# undebug all

• Trunk with WLC and 1400BR problem

  hi everybody,
  i have the next proble, i hope someone can help me
  Actually I wrok with a 1522 Mesh Network,1130 LWAPP and Bridge 1400 point to point. 1522 and 1130 are asociated with WLC.
  I have a WLC4402 (4.1.192.22M (Mesh)image) this wlc is conected via trunk to Sw3750 ex:
  interface GigabitEthernet1/0/1
  switchport trunk encapsulation dot1q
  switchport mode trunk
  RAP1 is connected to the sameSw3750 ex:
  interface FastEthernet1/0/23
  description RAP1
  switchport access vlan 10
  **(VLAN 10 is Mgmt)**
  AP1(1130) is connected to the same Sw3750 ex:
  interface FastEthernet1/0/1
  description AP1
  switchport access vlan 10
  The 1410BR Root is connected via trunk to same Sw3750 ex:
  interface FastEthernet1/0/19
  description BR-1400R
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 10
  switchport mode trunk
  In the other point is the Non-Root connected to a Sw2960 ex:
  interface GigabitEthernet1/0/1
  switchport trunk native vlan 10
  switchport mode trunk
  AP2(1130) connected to the same Sw2960 ex:
  interface fa0/23
  descriptipon AP2
  switchport access vlan 10
  The network is work fine, Mesh UP (RAP and MAPs), and 1130 too.I connected the 1400 Bridge point after the Mesh is up, and the link between Root and Non Root is UP
  Now, when the Sw3750 goes down or reboot,the RAP and AP1(1130) can't associated to WLC. The ports of RAP and 1130 are down and up many times, so can't associated to a WLC. Only the Bridge point 1400 Root and Non-root are UP, and the AP2(1130) in the other side can associated to the WLC.
  When shutdown the port of the Root Bridge, Now the RAP1 and AP1(1130) can associated to the WLC and the Mesh Net is UP. Then no shutdown the Root Bridge port and the link between Bridges are UP, AP2(1130) up to the controller too.
  But after several minutes the Bridge down, and the event log in the Root is:Interface Dot11Radio0 Radio transmit power out of range.
  So i have this problems
  1) Trunks between WLC and 1400 BR
  2) Bridge conectivity range.
  Regards
  Antonio

  The Outdoor Bridge Range Calculation Utility uses parameters that include regulatory domain, device type, data rate, antenna gain, and a few others as inputs.
  You can avoid connectivity problems with the Outdoor Bridge Calculation Utility, as this tool helps you to predict the distance between devices. In a wireless environment without a tool like this, you cannot predict the distance between the bridges, the height at which you must place the antennas for maximum throughput, and other variables. This utility also helps you decide on the type of antenna that you must use in order to cover the distance between the bridges.

• VM with remote access VPN without split tunneling

  Hello experts,
  I have customers who require to use VM in their laptop. These users also require to VPN to Corporate network  to do their job. However when they do remote VPN to corporate Network (ASA VPN concentrator) from their VM host machine, they loose their access to their VM guest machines. This problem was not happening when they used cisco VPN client which has gone end of life and support as of end of July 31, 2012. In Cisco VPN client (IKEV1) if we set the protocol to udp they had no problem to keep their connectivity to VM machines while connected to corporate with remote access VPN. However this feature does not work in new Cisco VPN client which is called AnyConnect. ( NOTE: I am using IPSEC IKEV2. NO SSL at this time).
  My Question to Experts:
  1. Was the ability to maintain connection to VM guest machines, while connected to VPN without enabling split tunneling a security flaw in the old cisco VPN client?
  2. Is there a way to maintain connectivy to VM machines installed in a computer and still connect to remote access VPN concentrator through host machine? (My question is about AnyConnect client only using IPSEC IKEV2 and I do not want to enable split tunneling)
  Thanks for your help,
  Razi                

  Did you figure this out?

• Issues with lines across the screen, as well as freezing

  Issues with lines across the screen, as well as freezing
  Hello all
  Got an iMac since January 2008 and I do like it a lot, even though it has some issues:
  -- It displays (quite often) lines partially across the screen
  -- Lines appear as well when opening applications or when menus come up
  -- The system freezes more than I like to admit (more than my Windows/Ubuntu box)
  I don't know if the freezing has to do with the lines that are shown on my screen. But I assume that both issues relate to some video card problem. I can't be sure - but that's what I assume from living with this issue day to day.
  The line on the desktop (most of the time it is there before login) I can always get rid of by changing the display resolution to something else and then changing it back. Normally the line is gone, or, reappears on a different spot on the desktop. But repeating the procedure removes the line.
  However, this does not mean that the lines are not showing up again when launching apps or displaying menus!
  And since those lines appear to happen randomly, I think it's safe to assume that we're not talking dead pixels here, either...
  About the freezing:
  My iMac freezes sometimes when I move the mouse around, when switching desktops using "spaces" or when the zoom function of the Dock kicks in. Sometimes the screen goes completely black, sometimes completely white. The mouse, however, always works. But the system requires a reboot.
  Again, this happens too often to feel comfy about it.
  With my little knowledge of Mac troubleshooting I assume that there's something wrong with the ATI card that's built into my Mac. On the other hand, some people say that they started getting similar issues after updating their OS to Leopard. Again other people say that such issues stem from an ATI revision that is too old and the Mac should get a new ATI card. And how would that work? Isn't that an "all-in-one" machine with everything soldered onto the mainboard?
  So, any help in this matter is greatly appreciated...
  Cheers,
  Rainer

  Here are a few screen photos I've taken (not screenshots, as the lines are not visible when taking screenshots. I used my digicam to snap those...).
  Here's the link to those screen photos displaying some of the many lines I keep having:
  http://picasaweb.google.com/rainer.rohde/NewAlbum62508115AM
  Needless to say, as I typed this message here, I had a nice line going across my Safari window..
  Cheers,
  Rainer

• What organizer app has a really good WEEK VIEW like my Palm Pilot - it's a grid with days across the top.  Below each day- the day is divided into hourly grids.  When events are schdeuled across  week - you get a mosaic of time blocks.  Analogue - great

  What organizer app has a really good WEEK VIEW like my Palm Pilot - it's a grid with days across the top.  Below each day- the day
  is divided into hourly grids.  When events are schdeuled across  week - you get a mosaic of time blocks.  Analogue view is  great way
  to comprehend the time obligations as a molar pattern.
  thx,
  Fritz

  I use Week Cal on the iPod.  I think it was only $1.99.  It is a lot better and does a lot more than the one that came with the Palm Pilot.
  As you know, unlike the Palm Pilot, the iPod does not come with a desktop application that you can sync your iPod calendar to.  Since I don't use Outlook, I have to use a Cloud based calendar to sync with my PC.  I use Hotmail's calendar for that.  (If your computer is a MAC, you can use iCal)

• Problem With PXE Across Subnets

  I'm having a problem with PXE across subnets. The workstation boots,
  finds the dhcp server, finds the tftp server, downloads linux.1 and
  linux.2 with no problem. It is unable to download linux3.tgz, however.
  I've tried two different zen servers. I can tftp the file from either
  zen server in windows with no problem. I can tftp it from maintenance
  mode if I use a workstation as a tftp server. I can tftp it in PXE on
  the same subnet with no problems.
  A packet trace on the workstation shows that it gets so far into the
  download and then begins getting ICMP 'destination unreacable' packets
  from the server with the 'port unreachable' flag set.
  It sounds as if the server is closing the conversation on that port.
  Can anyone shed any light on this for me?
  Dave Thomas
  Rivercrest Technologies, Inc.

  Could you send me that trace? I would like to have a quick look
  Ron
  [email protected]
  <[email protected]> wrote in message
  news:iNOie.234$[email protected]..
  > The source address is the zen server. I'm relatively certain there is
  > not routing issue because I can tftp the file from windows with no issues
  > etc. Also there are a lot of other services crossing the subnets that
  > would fail if there is a routing issue.
  >
  > The 'port unreachable' flag seems to indicate that the zen server has
  > stopped listening on the port that is being used for the transfer.
  >
  > Dave Thomas
  >
  > > Where do these ICMP "destination unreacable" come from? could there be a
  > > routing issue to get to the imaging server?
  > >
  > > Ron
  > >
  > > <[email protected]> wrote in message
  > > news:[email protected] oups.com...
  > > > I'm having a problem with PXE across subnets. The workstation boots,
  > > > finds the dhcp server, finds the tftp server, downloads linux.1 and
  > > > linux.2 with no problem. It is unable to download linux3.tgz,
  > however.
  > > >
  > > >
  > > > I've tried two different zen servers. I can tftp the file from either
  > > > zen server in windows with no problem. I can tftp it from maintenance
  > > > mode if I use a workstation as a tftp server. I can tftp it in PXE on
  > > > the same subnet with no problems.
  > > >
  > > > A packet trace on the workstation shows that it gets so far into the
  > > > download and then begins getting ICMP 'destination unreacable' packets
  > > > from the server with the 'port unreachable' flag set.
  > > >
  > > > It sounds as if the server is closing the conversation on that port.
  > > >
  > > > Can anyone shed any light on this for me?
  > > >
  > > > Dave Thomas
  > > > Rivercrest Technologies, Inc.
  > > >
  > >
  > >
  >

• Is it possible to use ICS with a Cisco VPN client to allow pass through access for Domain login for a second machine.

  I have a current machine Windows 7 Pro with a Cisco VPN 3.5v client that currently connects with access to a customers network.
  They shipped a second machine Windows 8.1 Pro without adding local accounts, that is pre-joined to a sub-domain the first system has access to.
  Would it be possible to use the first machine as a ICS or Router to allow the second machine to see or access for log in, without returning to the customer site and plugging in for a log in point?
  Trying to save a 3 to 4 hr trip and lugging a system back for myself and the rest of the team.
  Thanks

  Hi,
  Please refer to this part
  http://windows.microsoft.com/en-hk/windows/using-internet-connection-sharing#1TC=windows-7
  ICS and VPN connections
  If you create a virtual private network (VPN) connection on your  host computer to a corporate network and then enable  ICS on that connection, all Internet traffic is routed to the corporate network and all of the computers on your home network
  can access the corporate network. If you don't enable ICS on the VPN connection, other computers won't have access to the Internet or corporate network while the VPN connection is active on the host computer
  Yolanda Zhu
  TechNet Community Support

• ISE device registration webauth with wlc 7.0 lwa

  Is it possible to use the DRW feature with WLCs running 7.0 code?  All configuration examples refer to 7.2 code.  Its only for guest user device registration.  No profiling / provisioning.
  Compatibility matrix says that "Wireless Controllers support MAC filtering with RADIUS lookup. For WLCs that support version 7.2.103.0, there is support for session ID and COA with MAC filtering so it is more MAB-like."
  Thanks.

  Hi,
  The reason you need to run the upgraded code is that the radius NAC feature coupled with a mac-filtering enabled SSID will work together. On the release prior you were unable to get both features to work with one another.
  For your reference here is the item in the New Features section of the 7.2 WLC release notes:
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_2.html#wp855314
  thanks,
  Tarik Admani
  *Please rate helpful posts*

• What is the lowest ISE version supported with WLC 7.3.112.0

  Dears
  Kindly i want to know what is the lowest version of ISE supported with WLC 7.3.112.0 or WLC 7.3.101.0
  Please need your feedback.
  Regards,

  the lowest version of ise supported wlc 7.3 is ISE 1.2 as per document :
  Wireless LAN Controller (WLC) 2500 8
  7.3.112.0.(ED), 7.4.x, 7.5
  Yes 9
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  Wireless LAN Controller (WLC) 5500 8
  7.3.112.0.(ED), 7.4.x, 7.5
  Yes 9
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  Wireless LAN Controller (WLC) 7500 8
  7.3.112.0.(ED), 7.4.x, 7.5
  Yes 9
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  No
  Yes
  Wireless LAN Controller (WLC) 8500 8
  7.3.112.0.(ED), 7.4.x, 7.5
  Yes 9
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  No
  Yes
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/compatibility/ise_sdt.html
  ISE 1.1 won't support wlc 7.3 :
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-1/compatibility/ise_sdt.html
  Wireless LAN Controller (WLC) 2100, 4400
   7.0.116.0
   No6
   Yes
   No
   Yes
   Yes
   Yes
   Yes
   No
   No
   Wireless LAN Controller (WLC) 2500, 5500
   7.2.103.0
   No6
   Yes
   Yes
   Yes
   Yes
   Yes
   Yes
   Yes
   No
   WLC 7500 Series
   7.2.103.0 (basic RADIUS auth supported in 7.0.116.0)
   Yes6
   Yes
   No
   Yes (local only)
   No
   Yes
   No
   No
   No

• Client get connected occationally with WLC 5508

  Hi ,
  I have one strange problem on wireless connection.
  I just upgraded several 1131 APs to LAP with 2 new Cisco 5508 controller deployed, and we found the clients sometime can get conneted to the 1131 AP, and connection well, sometimes cannot. during our test, one conecion is ok, next one cannot, the third one seems ok again and again.
  And we also have 2 new 1140 APs, seems no such problem,
  The version for controller is  6.0.196.0, and Client is Lenevo PC with XP.
  Any suggestion? or some troubleshooting procedure I can follow?
  Thanks!
  Roy

  Thanks!
  Seems some problem with open authentication.
  On the Client, it reported cannot get associated.
  on the WLC, while I am debug client it reports:
  *Jul 14 10:18:51.844: 00:1f:3c:c2:e9:71 Sending Assoc Response to station on BSSID c4:7d:4f:47:a5:c0 (status 12)
  *Jul 14 10:18:51.889: 00:1f:3c:c2:e9:71 Ignoring 802.11 assoc request from mobile pending deletion
  *Jul 14 10:18:51.889: 00:1f:3c:c2:e9:71 Sending Assoc Response to station on BSSID c4:7d:4f:47:a5:c0 (status 12)
  *Jul 14 10:18:51.928: 00:1f:3c:c2:e9:71 Ignoring 802.11 assoc request from mobile pending deletion
  *Jul 14 10:18:51.928: 00:1f:3c:c2:e9:71 Sending Assoc Response to station on BSSID c4:7d:4f:47:ae:b0 (status 12)
  *Jul 14 10:18:52.446: 00:1f:3c:c2:e9:71 apfMsExpireCallback (apf_ms.c:418) Expiring Mobile!
  *Jul 14 10:18:52.446: 00:1f:3c:c2:e9:71 apfMsExpireMobileStation (apf_ms.c:4427) Changing state for mobile 00:1f:3c:c2:e9:71 on AP c4:7d:4f:47:ae:b0 from Associated to Disassociated
  I am using remote radius with WLC only.
  The strange thing is, when get connected, it looks fine, but I tried disconnect manually, then connect again, it reported cannot get associated, then I try again, it can get connect again,....

• An issue with WLC 5508 and 7921 phone

  Hello all!
  I have a system with WLC 5508 and some 1242 APs. And I use a lot of 7921 phones.
  One of 7921 phones was in trouble. It loses registration, disconnect conversations...
  I installed the trial WLC and run voice diagnostics.
  I  saw some of "Potentially degraded QoS in downlink direction because of  incorrect packet classification" messages and one "Fair upstream packet  loss ratio: 1,2%, which is less than threshold 2.5%"
  As I understand all of 7921 phones in these area are affected.
  what  does it mean? I set up Platinum QoS for voice WLAN. I don't have any qos  configuration string for AP and WLC ports on switches...
  any ideas?
  thanx in advance

  Sergey:
  There is one application called "WLC Config analyzer". You save your "show run-config" from your WLC in a text file and import it by this application. it will analyze the file for you and tell you what recommendations for voice are missing so you improve them.
  When importing a config file you choose what voice clinets you are using, so you need to choose cisco 7921 to it tells you what config improvemetns is needed based on 7921 needs.
  Here is the link to download the application:
  https://supportforums.cisco.com/docs/DOC-1373
  download the latest versoin.
  BTW, how many voice/data clients are connected to one AP in that area? if I remember correctly if you are utilizing voice then the max number of clients connected to one AP should not exceed 17. If you have more than this number per AP try to minimize the number of users concurrently connected to the AP then try again.
  Hope you'll find the config analyzer useful.
  If useful please don't forget to rate.
  Amjad