Migrating Cisco WLAN Controller 2106 to 2504

Hello everybody,
i made a backup of the configuration of the 2106 and uploaded it into the 2504.
It loaded the configuration successfully.
But now there is a problem:
I can't login anymore.
In another thread someone had the same problem and solved it by reconfiguring the passwords.
https://supportforums.cisco.com/thread/2151881
So i investigated how to reconfigure the passwords without resetting the configuration to factory defaults.
Among others, i came to the following page:
http://www.cerritos.edu/glazor/CIS%2070/Cisco/CLI%20Password%20Recovery.htm
So i have to access rommon to reconfigure the passwords.
But there's the next problem:
I can't access rommon.
When i press ctrl + break while the WLC is loading the primary image, it keeps on booting until the login prompt.
I tried it with Hyperterminal and Tera Term. Both Terminals recognize the ^C command, but the WLC remains unimpressed.
I also tried "How to simulate a Break Key sequence" from this site unsuccessfully:
http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080174a34.shtml
What do i do wrong?
Best regards

You have the config, so it's easier to just hit esc when prompted during boot at to erase the configuration. When you take your config from the 2106, make sure you open the file in a text editor and change the password command. When you make a backup, it's hashed, change it so its in plain text when you upload it and it should work. That us one thing I make sure I do when transferring configs between different models of WLC's.
Sent from Cisco Technical Support iPhone App

Similar Messages

Migrating WLAN Controller 2125 to 2504

Hello everybody,
I will migrate a Cisco WLAN Controller 2125 to 2504,
So I have one question?
I need to make all configuration into the new Wlan Controller or I can migrate with one tool or something else?
Best Regards

Thanks Scott for your valuable information.
But there are still commands that are available on one platform and not on the other. How will those commands will be migrated of the command itself is not available on the new platform?
For example, if you are using external web authentication, you need to configure this command on 4400 platform:
config custom-web ext-webserver add index IP-address
if you have 5508 platform however, this command is not exist and you need to configure pre-authentication ACL (which is not needed in the first platform if the above command applied).
In such cases if you are migrating from 4400 to 5508 then your external web-auth will not by default work because you need to configure preauth ACL which was not needed in the old platform.
I am not aware about any other thing but there could probably be some other cases like the one I just mentioned.
I think this is why Cisco does not support backup/restore config among different platforms; to avoid such cases.
Amjad

Can Wlan Controller work with Third party Aps

Can Cisco Wlan Controller work for 3rd party Aps which does not have LWAPP running. If yes How.If no then how we can manage existing Ap's of say 3com in the network...

Hi Friend,
No, Cisco WLC will not support any third party APs. Even if Cisco APs are not lwapp AP then WLC will not be able to manage them.
We need to have Cisco Lwapp APs only for wireless lan controller to manage them.
For 3com Aps you need to talk to 3com guys or any third party tool if available to manage these APs.
HTH
Ankur

Data flow using a WLAN controller

Can someone explain the flow of data from wireless client to some destination in the internal network (or the Internet) using a WLAN Controller? Use a 4402 as an example.
Specifically, I am wondering if client traffic actually passes thru the WLAN Controller (4402). I am reading the configuration guide and it doesn't seem to be explicitly stated one way or the other.

Hi Ken,
This is a very common question these days.
Here is a recent thread as well as an excerpt from a good doc:
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddaca5d
In the Cisco Centralized WLAN architecture, LWAPP-enabled access points operate in the lightweight mode (as opposed to the autonomous mode). The access points associate to a Cisco WLAN controller. The controller manages the configuration, firmware, and control transactions such as 802.1x authentication. In addition, all wireless traffic is tunneled through the controller.
LWAPP is an IETF draft protocol that defines the control messaging for setup and path authentication and run-time operations. LWAPP also defines the tunneling mechanism for data traffic.
In an LWAPP environment, a Cisco Aironet LWAPP-enabled access point discovers a controller by using LWAPP discovery mechanisms and then sends it an LWAPP join request. The controller sends the access point an LWAPP join response allowing the access point to join the controller. When the access point is joined, the controller downloads its software if the versions on the access point and controller do not match.
LWAPP secures the control communication between the access point and controller by means of a secure key distribution, utilizing X.509 certificates on both the access point and controller.
From this doc:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_quick_start09186a00805100f5.html#wp47092
Hope this helps!
Rob
Please remember to rate helpful posts.........

VoWLAN Roaming without WLAN Controller (WLC)

Hi,
Need some advice here. I am trying to implement VoWLAN in a company using Cisco WAP4410n Access Point. The problem is, I've downloaded all Cisco WLAN Controller (WLC) data sheets and can't find any compatible WLAN Controller for this type of Access Point.
Can I still implement VoWLAN without WLAN Controller? Is there any way to provide smooth intercell roaming without WLAN Controller?
Thanks
Regards

I have designed the cells so they have 20% cells overlap. I've also designed the channels so they won't interfere with each other (I use 2 GHz channel here)
But what could be used to replace WLC's role to manage these Access Points? maybe some kind of server?

WLAN controller 4400 series, use service-port for initial configuration, IP address?

Hi, Everyone,
I just got a new Cisco Wlan controller 4402 from somebody else but I can't find a suitable console cable( DB-9 console on the controller) , I googled everywhere and I read I could use service port to do the initial configuration, the CISCO FAQ says initial IP for service port is 192.168.1.1, I tried use Cross-over cable to connect a PC to the service port directly and use a normal cable with a switch to connect the service port and a PC, both of the connections do not work out: from the PC, I can't ping 192.168.1.1 ( PC IP changed to 192.168.1.20) , nor can I go http://192.168.1.1 . The service port Link is solid GREEN and ACT is solid GREEN, the PC NIC says Connected with 100 Mbps , so I'm wondering the IP address of service port is not 192.168.1.1? Please help.
Any sussgestions and advices are greatly appreciated.

Hi,
plz connect service port to the switch port that should be configured as access.
connect a pc (ip address - as u mentioned) to the other port of the switch. both wlc and pc should be in same vlan (create a temperary vlan).
try https to access the wlc.
Thanks

WLAN Controller Compatibility

Hi all,
i want to know if CISCO Wlan Controller can support third party Access Point (SENAO ENgenious EAP3660).
thanks in advance

No, only Cisco AP's are supported.

WLAN controller Software Download

Hi There
I purchased a brand new Cisco wlan controller (2500 model) and one access point from a Cisco authorised supplier. Can I register the controller on the
Cisco website to enable access to download software related to this controller? I want to download the latest "AIR-CTVM-K9-8-0-100-0.aes" software
but I am not allowed according to my profile.
So how do I get access to the latest software for my 2500 WLAN controller ?
Regards
Gideon

Can I register the controller on the Cisco website to enable access to download software related to this controller?
Yes and no.
The quick answer is NO. Your authorized Cisco reseller should be able to "attach" the serial number of your WLC to your Service Contract and your Service Contract is attached to your CCO login.
If you go direct to Cisco, it'll take time to get to the bottom of the details plus you need to furnish so many information it's better to get your Cisco reseller to contact them.

Wlan Controller Hotspot Solution

Hi,
We are using cisco wlan controller for our wireless network. By the way we need guest internet access for our guests. Can we make a hotspot solution with only our controller? I mean the user will join the guest network and then a web page opens then user enters the credentials. Then he can use the internet.
Thanks.

Its better to use different Vlans:
The LAP is registered to the WLC. The WLC is connected to the Layer 2 switch. The router that connects the users to the WAN also connects to the Layer 2 switch. You need to create two WLANs, one for the guest users and the other for the internal LAN users. You also need a DHCP server to provide IP addresses for the guest and internal wireless clients. The guest users use web authentication in order to access the network. The internal users use EAP authentication. The 2811 router also acts as the DHCP server for the wireless clients.
Note: This document assumes that the WLC is configured with the basic parameters and the LAP is registered to the WLC. Refer to Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC) for information on how to configure the basic parameters on a WLC and how to register the LAP to WLC.
When configured as a DHCP server, some of the firewalls do not support DHCP requests from a relay agent. The WLC is a relay agent for the client. The firewall configured as a DHCP server ignores these requests. Clients must be directly connected to the firewall and cannot send requests through another relay agent or router. The firewall can work as a simple DHCP server for internal hosts that are directly connected to it. This allows the firewall to maintain its table based on the MAC addresses that are directly connected and that it can see. This is why an attempt to assign addresses from a DHCP relay are not available and the packets are discarded. PIX Firewall has this limitation.

Cisco LWAP & WLAN Controller Flexconnect Across HP Switches

Hello All, I'm looking for a little guidance in making the needed routing and switching configuration changes on our Corporate Network to accomadate flex connect functionality for Cisco Lightweight Access Points (LWAPs). The LWAPs that are currently configured on our network only work when our WLAN Controller is up and running and I need for them to be disconnectable so that we can move the WLAN Controller to our virtual co-lo. It should be known that I inhereted this network from the previous admin and have been working hard to map everything out to the best of my ability. Also, the WLAN controller is already operating in our production network so it limits my ability to do much testing.
Just FYI, I'm a new Systems Admin promoted from a Desktop Support role and have my CCENT (Currently working on CCNA & MCITP Server Admin) so I have some knowledge but it is limited on the networking and switching side of things. Unfortunately, the Senior Systems Admin has even less knowledge of networking than me and I don't really have anyone to turn to which is why I'm posting here. I would have utilized GNS to help me simulate the configuration however there are HP switches in the mix and no means of emulating them.
-Relevant Device List-
(CONSA251) Sonicwall NSA 240 - 10.1.1.251
Interface Information
Interface    IP Address    Description
X0 -> LAN
10.1.1.251   LAN Interface
X1 -> WAN
*************   Time Warner WAN
X2 -> DMZ
*************   DMZ Interface
X3 -> WAN
*************   Sprint WAN
X0-V20 -> LAN
10.1.101.1   Corporate WLAN
X0-V30 -> LAN
192.168.1.1   Guest WLAN
(CORT250) Cisco 3845 - 10.1.1.250
(CO-WLAN-CTRLER) Cisco 5508 Wireless Controller - 10.1.1.2
(COSW240) HP Procurve 4108GL - 10.1.1.240
(COSW238) HP Procurve 2510B-24 - 10.1.20.238
(CORP-AP-MIS) AIR-LAP1131AG-A-K9 - 10.1.1.79
(COSW239) HP1810G-24 - No IP (Inaccesible but being replaced)
I will now go on to explain our network topology as it pertains to the WAPs and WLAN Controller and how I believe it needs to be configured in order to operate from my perspective.
Our Corporate and Guest Wireless Access is provided via the Sonicwall CONSA251 through a connection from the X0 interface to HP Switch COSW239 which is then connected to WLAN Controller CO-WLAN-CTRLER as detailed below:
Device - Interface Name/Port
CONSA251 - X0
COSW239 - 2
COSW239 - 18,19
CO-WLAN-CTRLER - 2,3
The WLAN Controller currently communicates with all the LWAPs via Layer 3 TCP\IP as I understand it and then routes all DHCP requests and traffic destine for the 10.1.101.1 (corporate WLAN) and 192.168.1.1 (Guest WLAN) to the Sonicwall and vice versa.
Now what I am trying to do is VLAN the LWAP CORP-AP-MIS across the HP Switches to the X0 interface on the Sonicwall NSA240 where it will be able to route traffic via VLAN 20 & 30. The problem lies in my inexperience with HP VLAN configurations and how the ports need to be configured on each device so it can route traffic to the Sonicwall when the WLAN Controller is shutdown.
The LWAP CORP-AP-MIS layer 2 trace to the WLAN Controller is as shown below:
Device - Interface Name/Port
CORP-AP-MIS - FA/0
COSW238     - 16
COSW238     - 25
COSW240     - B4
COSW240     - H6
CORT250     - GigabitEthernet0/0
CORT250     - Se1/0
CONSA251    - X0
Now for all intesive purposes the Corporate Router CORT250 should probably be handling the routing for our Corporate and Guest Wireless network however that was not the way it was originally setup and I have to work with what was inhereted. The Corporate Router CORT250 has a default route to the Sonicwall and the Sonicwall CONSA251 has all the routing already in place for the Corporate & Guest WLANs.
What I would like to do is VLAN off the X0-V20&V30 accross multiple switches and switchports to each LWAP in our building. I do have the LWAP I'm testing on configured with Flex Connect which I understand is required for it to be disconnectable.
Any guidance on how I would go about configuring this accross devices would be appreciated. I know there are some difference between HP and Cisco Switching terms and how tagging, untagging, and trunking works however I lack the experience to apply this in practice especially in a production environment.
I will be happy to provide any additional information or clarification that is needed. Thank you in advance for the help.

Just to add about the ISE... you can profile, but having only one ssid might or might not work in your situation. Also if you end up with remote sites or ap's in h-reap mode, currently ISE cant do any profiling. If you go with the 7500 or 5508/WiSM2, they don't really do an active-active or active backup. They are both up and you can split the load or put all ap's on one, its up to you. I usually split the load just to make sure both are working. I don't want to all of a sudden loose the primary and then find out my secondary/backup is not working.

Cisco 1010AP Can't find 4402 WLAN controller

Hi folks,
I'm running a 4402 WLAN controller running 5.2 code. I've got some 1010APs that don't associate with the WLC. I'm trying to keep the setup basic. The access points are plugged into the same VLAN as the native vlan for port1 on the controller. I've setup a DHCP server in the manner documented. The WLAN controller is configured as a master server. This is the message that I get in the web interface for WLC:
AP with MAC 00:0b:85:6e:4a:90 (AP 1010 #1) is unknown.
Any clues as to what I'm doing wrong?

Hi Daniel,
You won't like this I'm sure, but this is why the 1010 is not working;
**Note: Controller software release 5.0.148.0 or later is not compatible with Cisco Aironet 1000 series access points.
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn52.html
Hope this helps!
Rob

Cant Connect Cisco AIR-CAP 3602 with 2504 controller

Im trying to have one of our APs join our controller. No matter what I do, i cant get it to join the controller.
The controller has the right OS, I had to upgraded it 7.4 to support the 3600...
Both the controller and the AP has the same time and date.
But Im getting this from my AP:
*Oct 30 14:49:26.043: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Oct 30 14:49:26.055: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Oct 30 14:49:26.055: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Oct 30 14:49:26.067: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 30 14:49:26.083: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Oct 30 14:49:27.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Oct 30 14:49:27.095: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Oct 30 14:49:27.103: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Oct 30 14:49:28.087: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Oct 30 14:49:28.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Oct 30 14:49:28.131: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Oct 30 14:49:28.139: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Oct 30 14:49:28.147: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Oct 30 14:49:29.131: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Oct 30 14:49:29.139: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Oct 30 14:49:29.167: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 30 14:49:30.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Oct 30 14:49:36.083: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 30 14:49:36.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.0.50 peer_port: 5246
*Oct 30 14:49:36.411: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.1.0.50 peer_port: 5246
*Oct 30 14:49:36.411: %CAPWAP-5-SENDJOIN: sending Join Request to 10.1.0.50
*Oct 30 14:49:36.411: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Oct 30 14:49:36.411: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Oct 30 14:49:36.411: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Oct 30 14:49:36.411: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.1.0.50
Anyone can help me please?
Thanks....

AP is connected directly to one of the ports on the 2504 controller.
I can move it to a POE switch, if needed.
Here is the output after I boot up the AP:
IOS Bootloader - Starting system.
flash is writable
FLASH CHIP: Macronix Mirrorbit (00C2)
Xmodem file system is available.
flashfs[0]: 43 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31997952
flashfs[0]: Bytes used: 16767488
flashfs[0]: Bytes available: 15230464
flashfs[0]: flashfs fsck took 16 seconds.
Reading cookie from SEEPROM
Base Ethernet MAC address: 4c:00:82:77:32:7b
Ethernet speed is 1000 Mb - FULL Duplex
Loading "flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-mx.152-4.JA1"...###########################
File "flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-mx.152-4.JA1" uncompressed and installed, entry point: 0x2003000
executing...
Secondary Bootloader - Starting system.
Xmodem file system is available.
flashfs[0]: 43 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31997952
flashfs[0]: Bytes used: 16767488
flashfs[0]: Bytes available: 15230464
flashfs[0]: flashfs fsck took 8 seconds.
Base Ethernet MAC address: 4c:00:82:77:32:7b
Boot CMD: 'boot flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-xx.152-4.JA1;flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-mx.152-4.JA1'
Loading "flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-xx.152-4.JA1"...###############################
File "flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-xx.152-4.JA1" uncompressed and installed, entry point: 0x2003000
executing...
              Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706
Cisco IOS Software, C3600 Software (AP3G2-K9W8-M), Version 15.2(4)JA1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 30-Jul-13 22:57 by prod_rel_team
Initializing flashfs...
flashfs[3]: 43 files, 9 directories
flashfs[3]: 0 orphaned files, 0 orphaned directories
flashfs[3]: Total bytes: 31739904
flashfs[3]: Bytes used: 16767488
flashfs[3]: Bytes available: 14972416
flashfs[3]: flashfs fsck took 8 seconds.
flashfs[3]: Initialization complete.
flashfs[4]: 0 files, 1 directories
flashfs[4]: 0 orphaned files, 0 orphaned directories
flashfs[4]: Total bytes: 11999232
flashfs[4]: Bytes used: 1024
flashfs[4]: Bytes available: 11998208
flashfs[4]: flashfs fsck took 1 seconds.
flashfs[4]: Initialization complete.
Copying radio files from flash: to ram:
Copy in progress...CCCCC
Copy in progress...CCC
Copy in progress...CCCC
Copy in progress...CCCC
Copy in progress...CC
Uncompressing radio files...
...done Initializing flashfs.
Radio0 present 8764 8000 0 A8000000 A8010000 0
Rate table has 244 entries (64 SGI/104 BF variants)
Radio1 present 8764 8000 0 88000000 88010000 4
Radio2 not present 0 0 0 0 0 8
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP3602I-A-K9 (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.
Processor board ID FTX1731GQYY
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.5.102.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 4C:00:82:77:32:7B
Part Number                          : 73-14521-02
PCA Assembly Number                  : 800-37501-02
PCA Revision Number                  : A0
PCB Serial Number                    : FOC17273HG4
Top Assembly Part Number             : 800-35852-02
Top Assembly Serial Number           : FTX1731GQYY
Top Revision Number                  : C0
Product/Model Number                 : AIR-CAP3602I-A-K9
% Please define a domain-name first.
Press RETURN to get started!
*Mar 1 00:00:11.355: FIPS IOS test Image Checksum successful
*Mar 1 00:00:11.355: FIPS IOS test Crypto RNG DEK Key Test successful
*Mar 1 00:00:11.355: FIPS IOS test SHA-1 successful
*Mar 1 00:00:11.355: FIPS IOS test HMAC-SHA1 successful
*Mar 1 00:00:11.355: FIPS IOS test AES CBC 128-bit Encrypt successful
*Mar 1 00:00:11.355: FIPS IOS test AES CBC 128-bit Decrypt successful
*Mar 1 00:00:11.355: FIPS IOS test IOS AES CMAC Encrypt successful
*Mar 1 00:00:11.355: FIPS IOS test IOS CCM Encrypt successful
*Mar 1 00:00:11.355: FIPS IOS test IOS CCM Decrypt successful
*Mar 1 00:00:11.387: FIPS IOS test RSA Signature Generation successful
*Mar 1 00:00:11.391: FIPS IOS test RSA Signature Verification successful
*Mar 1 00:00:11.391: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:11.391: %IFMGR-7-NO_IFINDEX_FILE: Unable to open nvram:/ifIndex-table No such file or directory
*Mar 1 00:00:11.847: Registering HW DTLS
*Mar 1 00:00:14.647: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:18.327: FIPS RADIO test AES 128-bit encrypt for TX on Dot11Radio 0 successful
*Mar 1 00:00:18.327: FIPS RADIO test AES 128-bit CCM encrypt on Dot11Radio 0 successful
*Mar 1 00:00:18.327: FIPS RADIO test AES 128-bit CCM decrypt on Dot11Radio 0 successful
*Mar 1 00:00:18.327: FIPS RADIO test AMAC AES 128-bit CMAC encrypt on Dot11Radio 0 successful
*Mar 1 00:00:18.327: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:24.451: FIPS RADIO test AES 128-bit encrypt for TX on Dot11Radio 1 successful
*Mar 1 00:00:24.451: FIPS RADIO test AES 128-bit CCM encrypt on Dot11Radio 1 successful
*Mar 1 00:00:24.451: FIPS RADIO test AES 128-bit CCM decrypt on Dot11Radio 1 successful
*Mar 1 00:00:24.451: FIPS RADIO test AMAC AES 128-bit CMAC encrypt on Dot11Radio 1 successful
*Mar 1 00:00:24.451: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar 1 00:00:26.811: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3600 Software (AP3G2-K9W8-M), Version 15.2(4)JA1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 30-Jul-13 22:57 by prod_rel_team
*Mar 1 00:00:26.811: %SNMP-5-COLDSTART: SNMP agent on host AP4c00.8277.327b is undergoing a cold start
*Jul 4 23:55:50.035: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jul 4 23:55:50.035: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jul 4 23:55:50.051: %PARSER-4-BADCFG: Unexpected end of configuration file.
lwapp_crypto_init: MIC Present and Parsed Successfully
*Jul 4 23:55:50.191: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Jul 4 23:55:50.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Jul 4 23:55:51.027: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Jul 4 23:55:51.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 4 23:55:51.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jul 4 23:55:53.319: FIPS HW test SHA-1 successful
*Jul 4 23:55:53.319: FIPS HW test HMAC-SHA1 successful
*Jul 4 23:55:53.319: FIPS HW test AES CBC 128-bit Encrypt successful
*Jul 4 23:55:53.319: FIPS HW test AES CBC 128-bit Decrypt successful
*Jul 4 23:55:53.819: FIPS HW test SHA-1 successful
*Jul 4 23:55:53.819: FIPS HW test HMAC-SHA1 successful
*Jul 4 23:55:53.819: FIPS HW test AES CBC 128-bit Encrypt successful
*Jul 4 23:55:53.819: FIPS HW test AES CBC 128-bit Decrypt successful
*Jul 4 23:55:53.819: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed
*Jul 4 23:55:53.819: DPAA Initialization Complete
*Jul 4 23:55:53.819: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
*Jul 4 23:55:54.819: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up%Default route without gateway, if not a point-to-point interface, may impact performance
*Jul 4 23:56:13.191: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Jul 4 23:56:14.279: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 4 23:56:15.279: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 4 23:56:15.371: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 4 23:56:16.371: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jul 4 23:56:18.895: Logging LWAPP message to 255.255.255.255.
*Jul 4 23:56:23.627: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.1.150, mask 255.255.240.0, hostname AP4c00.8277.327b
Translating "CISCO-CAPWAP-CONTROLLER.pti.local"...domain server (10.3.1.32)
*Jul 4 23:56:34.559: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Jul 4 23:56:34.567: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.pti.local
*Jul 4 23:56:44.567: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 30 15:05:13.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.0.50 peer_port: 5246
*Oct 30 15:05:13.411: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.1.0.50 peer_port: 5246
*Oct 30 15:05:13.411: %CAPWAP-5-SENDJOIN: sending Join Request to 10.1.0.50
*Oct 30 15:05:13.411: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Oct 30 15:05:13.411: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Oct 30 15:05:13.411: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Oct 30 15:05:13.411: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.1.0.50
*Oct 30 15:05:18.411: %CAPWAP-5-SENDJOIN: sending Join Request to 10.1.0.50

Wlan Controller 2504

Hi friends:
I had configured in my wlan controller, 02 radius server for 802.1x authenticaction. I want to kown wich radius server will use my user to connect.
I want that firt use the IP:10.240.4.7 and second the IP 10.240.134.7, but allway use the IP 10.240.134.7
Best Regard,
Marco

Hi Marco,
Are you saying that even though 10.240.4.7 is selected as the first server the authetication request are not at all going to that server? Are you able to see any passed or failed authetication logs on this ACS?
Also im not sure which version of code you are running on WLC. You may have to look at below document to understand more about RADIUS fallback feature.
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008098987e.shtml#passive
Hope that helps
Regards
Najaf
Please rate when applicable or helpful !

WLAN Controller Displays Interface IP in Web Authentication URL Instead of FQDN

Hi,
Can someone offer any help with the issue below please?
I have a guest wlan configured on a Cisco 2106 WLAN controller. Guest users are redirected to a Web Authenticaion page when they try to access the internet through a web browser, and can only proceed by succesfully authenticating with the controller.
The problem I have is that the guest users are presented with an SSL certficate error before they hit the web authentication page. I have installed an SSL certificate from Verisign on the controller, and have configured an FQDN for the interface that is used for the guest wlan. However, the certificate error still persists because when the user is re-redirected to the web auth page, the URL in the address bar is presented as the IP address of the interface instead of the FQDN, For example, when a user is redirected, the address bar in their web browser displays; https://1.1.1.5/ instead of https://guestwifi.domain.com/ The SSL certificate that is installed on the controller is securing the FQDN of the interface.
I'm not sure if i'm missing something here, but i'm struggling to find how to get the FQDN to display instead of the IP.
Thanks,
Paul

I'm not following what you mean when you sayd "FQDN for the interface that is used for the guest wlan"......
I assume you configured the Virtual Interface to have the dns entry as guestwifi.domain.com but clients are still being redirected to the virtual IP itself and not the dns name?
The only reason I can think of for that happening was if the WLC had not been rebooted since applying the DNS name to the Virtual Interface (it takes a reboot to modify client redirect stuff, the same goes for http vs https).
so guestwifi.domain.com should have a DNS entry resolving to 1.1.1.5, that entry should be on your virtual interface, and upon reboot you should always redirect to guestwifi.domain.com unless you manually type https://1.1.1.5 in the browser.

Wlan Controller 2500

Hi my friends:
Its posible to implement feature H-reap in wlan controller 2504 with iso version7.2.103.0, because i dont have this option in my wlan controller.
thank.
Marco

Hello,
As per your query i can suggest you the following solution-
Yes it is possible to implement feature H-reap in wlan controller 2504 with iso version7.2.103.0.This is known as flex-connect.
For more details on how to configure flex-connect please refer to the link-
http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html
Hope this will help you.

Migrating Cisco WLAN Controller 2106 to 2504

Similar Messages

Maybe you are looking for