MDNS cannot be configured when FlexConnect Local Switching is enabled
I am running Cisco Prime Infrastructu tore 1.3 and I am trying to push a template to allow flexconect local switching on a wlan. However, when I attempt this, I get the message "mDNS cannot be configured when FlexConnect Local Switching is enabled" and I cannot save the template or apply it to controllers. My controllers are WISM 2s running 7.0.235.3.
Make sure you uncheck the mDNS option on the advanced tab of the WLAN template. You cannot use mDNS in conjunction with Flexconnect locally switched WLANs.
Sent from Cisco Technical Support iPhone App
Similar Messages
-
Flexconnect Local Switching Hosts Do Not Receive IP Addresses
Hello,
My WLC software version is 7.4.110.0. I have a branch office in my lab. The AP in my branch is configured as flexconnect with native VLAN of 700. The SSID that I have in the branch office is configured to do local switching. The show wlan is added below.
My tunneled SSID still working and I can still receive IP addresses from it. My issue is last week I have the Flexconnect working with no problem, then this morning I can connect to the SSID, but I'm not receiving IP addresses for my test wireless clients.
Thanks
[code]
WLAN Identifier.................................. 2
Profile Name..................................... ACS Guest
Network Name (SSID).............................. RMTGuest
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... RK2WLC5508-01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... 172.28.27.130
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
--More-- or (q)uit
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
[/code]is the VLAN still mapped on the AP, and allowed across the trunk?
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
WebAuth on FlexConnect Local Switched SSID
Hi All
I'm working on getting internal WebAuth to work on a FlexConnect local switched SSID. From what I've been reading, it's possible but apparently not very straight forward.
FlexConnect AP - if the SSID isn't local switch, WebAuth of course works fine.
Once I set it to local switching, WebAuth breaks. Any way around that in 7.6?
ThanksFigured it out just now. When using the WLC as a DHCP server(this is just a lab), selecting the Central DHCP Processing for use when in Local Switching also selects a box for NAT-PAT. Unselecting the NAT-PAT box fixed the broken WebAuth.
Going to have to figure out what that does. -
Flexconnect - local-switching - Interface Groups - multiple subnets/vlans
So I'm trying to setup an "interface-group-like" configuration on some Flexconnect APs with local switching enabled in order to support multiple subnets/VLANs linked to a single SSID.
Does anyone know if this is possible or have any suggestions?
I've tried:
AP Groups - One SSID which would require central switching for it to be of use (I think).
AP Groups - Creating an additional SSID and then placing the APs in a group per site. This works but is going to be difficult to manage if I have 400+ sites running this sort of setup.
For reference, my end goal is to have multiple (400+) branch sites with the same WLAN mapped to 3 or 4 different VLANs in order to split the subnets up into smaller chunks (/23s or /24s). These VLANs are all switched locally and are uniform in numbering across all the sites from a layer 2 perspective.
Thanks,
RicInterface groups is not an available feature on FlexConnect. FlexConnect doesn't support layer 3 roaming if devices roam from one FlexConnect ap to another and the wlan to vlan mappings are different. This is a limitation to FlexConnect along with a few others listed in the FlexConnect deployment guide.
-Scott -
Flexconnect - Local Switching and DHCP Server Location
Hello Friends, It is again a conceptual question.
In Flex-connect Local Switching mode if the Client has to be get the IP address using DHCP, the DHCP server has to be local to the remote site and not centralized location. Though i know, Local switching means that the client traffic is bridged to the local network directly by the AP on the locally connected switch and does not pass through the controller, what does it mean to DHCP server location.
For example, If I have 2 different WLANs (VLAN 2 and VLAN 3) configured Local Switching and its corresponding VLAN SVIs are configured in the Local L3 Switch and if the DHCP server is centrally located with the scopes for VLAN 2 and VLAN 3, will it have troubles?
I see in my infrastructure we are working in that way [Local switching with centralized server]
Thanks in advance
SAIRAMIt would be good to have DHCP server at local site.
-
Multicast and Flexconnect Local Switching
Hi All,
Hope you can help with this -
I have the following:
A 5508 in a remote datacentre and several sites with AP's running in flexconnect mode, connected to cisco switches.
I have an ssid on which I want to run some push to talk "phones" which I believe use multicast.
What do I need to do to enable multicast for this, I have read many documents but I'm a little confused !
I need to enable multicast on the controller globally ?
Enable igmp snooping ?
Does multicast mode need to be multicast or unicast ?
Do I need a multicast address in this case ?
Do i need to configure the switches (2960) for any multicast configuration, there is none at present ?
The phones that do PTT will only need to talk to other phones locally at each site, but each site will have some phones, does this make any difference to anything ?
hope someone can help, thanks !The guidelines for Flexconnect and Multicast are as follows:
1. Set the AP Multicate mode on the controller to Unicast (Multicast-Unicast Mode) : The wireless controller replicates the multicast packet and sends it to each Access Point in a Unicast CAPWAP Tunnel
2. L3 routing isn't required on the wired network
3. There will be high controller and wired network loading
4. No multicast address is required in multicast-unicast mode
5. No multicast configuration required on Layer 2 switches as CGMP is enabled by default -
Flexconnect AP(Local Switching) Wireless clients are not able communicate eachother
Hi,
Scenario : We are deployed the WLC in Corparate Office and Access Points are placed in Branch Office with FlexConnect Local Switching mode.
In this case, I am not able to Ping the Wireless clients eachother . Peer to Peer Block Option also Disabled.
Some time Wireless clients Ping eachother & some times not. Both Wireless clients are associated with Same AP & Same WLAN SSID.
Please help me urgent ..
Devices :
1)WLC 2500 series , Software 7.2
2)Cisco 1400 series APs
3)CISCO ACS server for AAA authentication
Regards,
Shanmugam NachimuthuHi Shanmugam,
Please apply following steps to configure P2P setting for WLAN:
Step 1 Choose WLANs to open the WLANs page.
Step 2 Click the ID number of the WLAN for which you want to configure peer-to-peer blocking.
Step 3 Choose the Advanced tab to open the WLANs > Edit (Advanced) page.
Step 4 Choose one of the following options from the P2P Blocking drop-down list:
• Disabled — Disables peer-to-peer blocking and bridges traffic locally within the controller whenever possible. This is the default value.
NOTE: Traffic is never bridged across VLANs in the controller.
• Drop—Causes the controller to discard the packets.
• Forward - Upstream — causes the packets to be forwarded on the upstream VLAN. The device above the controller decides what action to take regarding the packets.
NOTE: To enable peer-to-peer blocking on a WLAN configured for FlexConnect local switching, select Drop from the P2P Blocking drop-down list and select the FlexConnect Local Switching check box.
Step 5 Click Apply to commit your changes.
Step 6 Click Save Configuration to save your changes.
Thanks,
Prashant Gondaliya -
Local Switching, mDNS Snooping and Chromecast
Hello everyone,
we have a Cisco WiFi setup at our company constisting of one WLC (2504) and 5 access points, 4 of which are in the main office and one at a remote location (connected via an IPsec tunnel). The remote AP is configured to FlexConnect mode, and we have set up a staff WLAN using 802.1X auth and local switching. So far, everything works perfect.
However, we now want to support Chromecast devices in our wireless network. I have setup a new WLAN with WPA2-PSK authentication for those devices, added the "Googlecast" entries to the mDNS profile and activated mDNS Snooping on this WLAN. This appears to be working as well, at least I can see the corresponding entries in the mDNS -> Domain Names tab (Chromecast switched from multicast/SSDP to mDNS recently).
However, clients in the staff WLAN are not able to see the devices. My guess is that I would need to also activate mDNS snooping on the staff WLAN, but of course this is not possible because of local switching being enabled.
I tried to create two different AP groups, one for the local APs and another for the remote one. Then I duplicated the staff WLAN, with the idea of deploying one copy on the local AP group with local switching disabled and mDNS snooping enabled and the other copy on the remote AP group, enabling local switching and disabling mDNS snooping. My idea was that this would allow the employees at the local office to use the Chromecast devices, but unfortunately it's not possible to configure two WLANs with the same SSID and L2 security, even if they're not on the same AP / AP group.
Another solution would just be to create a separate WLAN for the remote AP, but that would require to push another profile and inevitably result in confused employees when they first visit the remote branch.
Is there any way to make our Chromecasts work while still using the same WLAN for both locations? Any pointers are greatly appreciated.I'm not 100%sure about the details and why that works this way. But u can create two SSID as long as u use an ID higher than 16. So start at 17 and it works, maybe that has something to do with the default group they will not belong to..
comming back to your 2504...I see no way to use an ID above 16 because that's the max it supports.
So, please have a look at that Guide for Chromcast, as I run through i see that it hase maybe nothing to do with mDNS..
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-6/chromecastDG76/ChromecastDG76.html
Br,
Sebastian
pls. rate if helpful -
Hi All,
I am currently using as 4402 with 6.0.196 image. The APs that i am using is the 1130.
I have configure HREAP for Local switching, it works very well. I am even able to do 802.1x
Authentication after registering with ACS. Currently I am usng only 1 SSID. That SSID is mapped
to vlan 10 and my AP is on native Vlan 1.All the proper trunks and routing has been enabled.
The issue i have is that when I am trying to create a central switched WLAN that fallbacks to local
switching once the controller is down. The only diffrerence I made was to remove the "tick"/checkbox option
for "local Switching" on the WLAN page.
It is able to work if the controller is up, I am even able to get the IP network where the controller resides. However when
i tested by disconnecting the controller, The client is unable to authenticate or send traffic anymore. I've tried using WPA-PSK
and also WPA-PEAP-MSChapv2. Both fails miserably.
Does this mean that I need to create 2 WLANs? One for Local Switching and the other for Central Switching on the HREAP mode
APs.Cant i do it with just a single WLAN?
Thank you.
Warmest regards,
Azzafir Ariff Patel.For h-reap, if your doing centrally switch due to using EAP for authentication and the ap looses connectivity to the WLC, then those users should be able to stay associated, but new users will not authenticate. WPA/WPA2-psk local switching should work even if the ap looses connectivity to the WLC since the h-reap ap will do the authentication. Here is a link you probobly already seen:
http://www.cisco.mn/en/US/products/ps6087/products_tech_note09186a0080736123.shtml#topic2 -
Hi All,
I have a working WLC with several HREAP AP's all Woking as they should, my question is what happens to dhcp requests when an AP is configured for HREAP local switching with no VLan support enabled ( connected to an access port not a trunk)? The local VLan has a dhcp helper address configured for an external DHCP server When a wireless client connects does all the traffic get dropped directly onto the local VLAN (in my case VLAN 10) or does any traffic transverse through the controller? I ask this because on the advanced setting page of the WLAN I have ticked DHCP REQ, how does the controller determine if the wireless client has a valid IP if the DHCP request is being supplied by the local VLAN.
I was under the impression that the control and data planes are separated?
Thanks in advance for any replies.
Sent from Cisco Technical Support iPhone AppYou are correct, it gets dumpped on your vlan 10. As for your very specific question, thats a great question and I dont know that I have the anwser. Perhaps someone else like Steve, Leo or Scott can reply if they tested it.
Im going to take a stab in the dark and say perhaps the ap makes sure it sees a dhcp req packet come in before it allows the client to get into the run state.
OR, its doesnt work.
OR, if that check box is marked, perhaps the ap relays some type of response back to the WCL ...
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin -
Same wlan both locally switched and centrally switched
Scenario:
1 virtual wireless controller
50 access points, some of them some local to the controller (same site), other on remote sites, all in flexconnect mode.
Is there a way for a wlan to be locally switched for a group of ap's, essentialy those local to the controller, and centrally switched for other groups of ap's, in fact those placed on remote sites?
I've tried configuring flexconnect groups, and ap groups, but no luck, I've found no way to override the globally configured flag "flexconnec local switching".
I've also tried to create two identical wlans, one locally switched and the second globally switched, but the wlc refuses to activate the second one since it has the same ssid of the first one.
Regards,
Massimo.Since you have vWLC all AP needs to be in FlexConnect mode (If you got a normal WLC you can keep HQ AP in local mode & Remote AP in Flex mode to achieve this)
I think in your case you have to either choose "Central Switching" or "local switching" for your APs.
Regards
Rasika
**** Pls rate all useful responses **** -
FlexConnect Central Switching for GuestWLAN
Hi All,
I plan on setting up a new WLAN network.
5 office locations, a single WLC in the primary DC at the moment. Each 5 office location is routed over a L3 link
If I have a guest WLAN (vlan 30) that it available at each site and want to centrally switch it, do I set the WLC DHCP server on the WLC 'vlan30 interface' to that of the 'management' interface if I have the DHCP setup locally on the WLC? I assume because this guest network is centrally switched, the actual assigned IP of the guest network does not matter if it not in the same supernet of the remote site?
For regular business WLANs (data/voice) that are set for local switching, is there any DHCP settings that need to be setup on the WLC, or does the client automatically get a IP based on the local subnet (using the ip-helper on that L3 interface?) assuming the AP is setup as trunk at the remote (with native vlan set as management vlan).do I set the WLC DHCP server on the WLC 'vlan30 interface' to that of the 'management' interface if I have the DHCP setup locally on the WLC?
Yes, if you use WLC as your DHCP server for guest users, you have to use WLC management IP as DHCP server address on vlan 30 (assuming it is for guest)
For regular business WLANs (data/voice) that are set for local switching, is there any DHCP settings that need to be setup on the WLC, or does the client automatically get a IP based on the local subnet (using the ip-helper on that L3 interface?) assuming the AP is setup as trunk at the remote (with native vlan set as management vlan).
As long as you do FlexConnect local switching with required vlan mapping in each WLAN, you do not required DHCP server setting on WLC interface where that WLAN assign to. All traffic locally switched & use helper address configured under SVI of that locally switched vlan.
Refer this configuration guide for more details
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001000.html
HTH
Rasika
**** Pls rate all useful responses **** -
Hello Experts
We have one WLC 5508 in Building1, few 2700 Series AP in Building1, and one 1252AG in Building2. The LAN subnet is same for both Buildings connected via a dark fiber.
My requirement is to have Central Switching in Building1 since WLC is located locally, and Local Switching in Building2 to avoid inter-building traffic, for both Buildings we already one VLAN/IP Subnet. (Both Buildings access resources from a central Datacenter which hosts all the servers.)
Questions:
1. Is the above scenario possible using single SSID ? My understanding is that one WLAN+SSID can't have both Local and Central switching enabled.
2. In Flexconnect Central Switching mode, during WLC failure, does the switching change to Local switching automatically ?
3. When I choose Local Switching for a specific WLAN, does it Locally switch always , or does it Locally switch only when WLC is down ?
4. We want to use Microsoft PEAP using AD User Authentication. When Local Authentication is enabled on WLC, I understand that when WLC fails (and RADIUS Server is still reachable), can we still have the AP directly contact RADIUS server as a direct client and provide 802.1X Microsoft PEAP authentication. Guess this is Primary Backup Radius Server configuration. Is this understanding correct ?
Thanks.Hi
The LAN subnet is same for both Buildings connected via a dark fiber.
If this is the case there is no need of FlexConnet, as you have enough bandwidth & same L2 extended in those two buildings. Typically FlexConnect is for branch deployment where WAN link bandwidth is a concern.
Anyway if you want to do this & here is the answer for your specific queries.
1. Is the above scenario possible using single SSID ? My understanding is that one WLAN+SSID can't have both Local and Central switching enabled.
You can have both local switching & central switching available for a given SSID. Only FlexConnect mode AP will do Local switching & all Local mode AP will do central switching, though both using the same SSID.
2. In Flexconnect Central Switching mode, during WLC failure, does the switching change to Local switching automatically ?
No, if it is central switching SSID, when WLC is not available client won't able to join this SSID. It is not fall back to Local switching.
3. When I choose Local Switching for a specific WLAN, does it Locally switch always , or does it Locally switch only when WLC is down ?
This is applicable only to FlexConnect mode APs & it always do local switching if that configured. If WLC is not reachable AP will go on "standalone mode" & still do local switching.
4. We want to use Microsoft PEAP using AD User Authentication. When Local Authentication is enabled on WLC, I understand that when WLC fails (and RADIUS Server is still reachable), can we still have the AP directly contact RADIUS server as a direct client and provide 802.1X Microsoft PEAP authentication. Guess this is Primary Backup Radius Server configuration. Is this understanding correct ?
Yes, when this option configured & WLC is not reachable (but RADIUS is reachable) then AP will act as Authenticator & pass radius messages to Auth Server directly.
This is a very good Ciscolive presentation you should see as it describe lots of these features & which WLC codes they introduced.
BRKEWN-2016 - Architecting Network for Branch Offices with Cisco Unified Wireless
HTH
Rasika
**** Pls rate all useful responses **** -
FlexConnect local/central switched and Access-Accept Packets
For our branch offices’s wireless access, we would like to use FlexConnect with one SSID and two distinct user profiles:
• Full network access, local switched.
• Limited network access, central switched:
◦ To isolate traffic from the branch’s LAN.
◦ To force traffic through a firewall at the central site.
▪ To ease access rules management.
◦ Internet access only by default.
▪ Internet access is located at the central site.
▪ We expect to manage some exceptions to the rule.
We know that it’s not possible to switch from local to central switched using the same SSID with FlexConnect and AAA Override.
However, we found an interesting bit in the documentation pages regarding RADIUS attributes:
Authentication Attributes Honored in Access-Accept Packets (Airespace)
VAP ID
This attribute indicates the WLAN ID of the WLAN to which the client should belong. When the WLAN-ID attribute is present in the RADIUS Access Accept, the system applies the WLAN-ID (SSID) to the client station after it authenticates. [...]
Source:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration/guide/b_cg76/b_cg76_chapter_0101000.html#reference_327F94A40AAE46E48153B265E521DDCF
We then made an assumption that the following was possible:
• Create a second SSID
◦ Broadcast not enabled
◦ Central Switched
• Users would authenticate using the first SSID
• In it’s access-accept packet, the RADIUS server would return an
Airespace-WLAN-Id attribute with the value of the second SSID.
• The WLC would then assign the second SSID to the users so they’re central switched and forwarded through the firewall at the main site.
So far, our tests showed no results.
• Is that solution achievable at all? It seemed so from the documentation, but we haven’t found any documented evidence that someone actually tried it.
• If not, what would you recommend?
For RADIUS, we are using Microsoft 2012r2 NPS servers. Everything’s been working fine with them so far. We can do AAA vlan override for our main site and with FlexConnect also, without any problems. What’s not working is the local/central switched scenario we’re trying to pull off. The RADIUS server sends the Airespace-WLAN-Id attribute from what I see with Wireshark, but the WLC does not seem to react to it like I thought it would. I couldn’t find a debug command that would tell me what the WLC does with the attributes from the access-accept packet. Maybe the behaviour I’m experiencing is to be expected, that’s what I would like to know.
Thank you very much,Your WLAN is defined with as centrally switched or locally switched, AAA override will not chage that value. AAA attributes can change a users vlan, acl and QoS. The other attributes are intended to use for rules... example:
Is the user part of this AD group and is this user on WLAN ID=1.
You will not be able to go from centrally switched to locally swithed and vice versa. I don't know how you would be able to achieve what your trying to acomplish with one SSID to be honest. -
High CAPWAP traffic when locally switched
Hello all,
We're seeing an ongoing issue where several APs accross multiple sites log the error, "%CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST., 12)", then disassociates from the controller, and reassociates almost immediately. The issue is the users get disassociated from the AP and call the helpdesk.
A counter measure at one site was to add the CAPWAP traffic (udp ports 5246 & 5247) to the controller in our QOS Platinum policy (setting the DSCP bit to 'ef'), but that doesn't seem to help.
We're using Flexconnect with central authentication, local switching.
A couple of questions:
1) The Platinum queue on the QOS is showing over 500 kbps when the only thing put in that queue is the CAPWAP traffic - there aren't any phones. Why so much bandwidth for authentication and control traffic?
2) What is happening with the APs that they can't talk to the controller that causes the issue in the first place? Bandwidth doesn't seem to be an issue.
Below are some config and outputs:
AP-1242#show capwap reap status
AP Mode: REAP, Connected
Radar detected on:
AP-1242#show capwap reap association
REAP Data Switching: Local
2960#show int fa0/22
Hardware is Fast Ethernet
Full-duplex, 100Mb/s, media type is 10/100BaseTX
Last input 00:00:22, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 23000 bits/sec, 13 packets/sec
5 minute output rate 208000 bits/sec, 48 packets/sec
37478173 packets input, 13839718021 bytes, 0 no buffer
Received 2818773 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 502342 multicast, 0 pause input
0 input packets with dribble condition detected
118634332 packets output, 36491262361 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
2811#show policy-map interface multilink 1
Service-policy output: MPLS-QOS
queue stats for all priority classes:
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 300637/46124112
Class-map: PLATINUM (match-any)
300637 packets, 46124112 bytes
30 second offered rate 28000 bps, drop rate 0 bps
Match: ip dscp ef (46)
300637 packets, 46124112 bytes
30 second rate 28000 bps
Priority: 18% (552 kbps), burst bytes 13800, b/w exceed drops: -16
Any help is appreciated.Hi Jeff,
I think you are hitting a bug (CSCse92856) specific to 1242 AP. Solution given is "Enable Proxy ARP on the default-gateway device of your AP". You can try that & see.
Even I cannot view detail of this bug as of insufficient access permission.Therefore I do not know more details about this bug fix & which software version affected,etc. Better you contact Cisco TAC & get more information.
I found this infomration here
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008081103d.shtml
One other reason that H-REAP APs do not join WLCs is if the Proxy ARP is disabled on the gateway for the H-REAP APs. From the AP console, this message is logged:
*Jul 29 14:04:10.897: LWAPP_CLIENT_ERROR_DEBUG:
Retransmission count for packet exceeded more than max(CHANGE_STATE_EVENT , 1)
This can be caused by Cisco bug ID CSCse92856. This problem applies only to AP1130 and AP1240. This problem does not apply to AP1000s, AP1100, or AP1200.
This problem occurs when these conditions are met:
HREAP mode is used in the WLAN. Local mode is not affected by this issue. Native VLAN mapping is required.
The APs have to be on a different IP subnet than the AP Manager of the WLCs.
Proxy ARP is disabled on the default gateway for the AP.
The H-REAP AP gets the default gateway from a DHCP server.
In order to resolve this issue, enable Proxy ARP on the default gateway router of the AP
HTH
Rasika
*** Pls rate all useful responses ****
Maybe you are looking for
-
WWC-00000 error while creating the user
Any one can help me on the WWC-00000 error while creating the user from the Admin tab of Oralce Portal. In fact I can't use the Login server administration. same problem exists. I granted DBA privileges to the PORTAL30, just to verify and NO use. I a
-
Maintain default revenue element in controlling area 1000
Hi Experts, I am doing Customer Down Payment T Code:F-29 We had PS Module implemented. So at the time of DP i put the network and Operation/Activity Number and also put the Work Breakdown Structure Element (WBS Element) At the Customer line item. tha
-
Question about BlazeDS on a remote machine
So, i am running BlazeDS on my windows machine because that is where i have my Java stuff all setup and entrenched. However, i develop Flex on my mac because i like how it works, and i have Flash Builder on Mac. I want to set up a BlazeDS project, bu
-
In EBAN Table custom fields to be updated by BAPI_PR_CREATE
Hello all, My requirement is PR creation by BAPI_PR_CREATE Function Module . for pr item level customer added 10 fields in the EBAN table append structure CI_EBANDB. . i am creating PR by using Funcation module BAPI_PR_CREATE. In this Function Module
-
I am attempting to combine files and it just sits, "waiing". I have done this procedure many times before so unclear what is the deal. Does it if I am combining pdf files or other format as well.