Multiple WLC LobbyAdmins

Similar Messages

• WLC Lobbyadmin Guest Process

  Hi all, I have recently setup a WLC 4402 with LWAPP 1242AG's. I have a guest SSID setup that gets fired straight out to the internet. I enabled the Lobbyadmin feature but would like to know how other people have handled getting reception to distribute the ID's.
  When they log in to create the ID and click generate password, the password pops up in a browser window that cannot be copied and pasted. This then relies on the receptionist typing this correctly on a form to hand over to the guest with their details.
  I have read elsewhere on this forum that a guy got a perl API to create guest accounts but I do not have the software development skills to make use of this. How do other people provide their guests with userid's and passwords?
  It would be nice to have a form that could be exported telling the user their userid, password and when it will expire.
  Cheers
  Brian

  Hi Brian.
  From what I've read on this forum, most people seem to do it via WCS. WCS adds cool features to the guest provisioning process such as being able to schedule the start and end dates of the guest's lifetime, perform some basic group management operations, add customer banners and, most importantly, being able to print or email the guest's logon details.
  On a grander scale than WCS, Cisco offers the NAC Guest appliance, which is probably the right way to go if you're going to offer guest access commercially or on a large scale (e.g. every employee being a guest administrator, such as happens at Cisco).
  Hope this helps.
  Regards,
  Justin

• Upgrade procedure for multiple WLCs without N+1

  Hello, I would like to discuss another method of a bulk controller upgrade and see what other engineers take on this upgrade path would be.
  Say I have an instance of 8 4404s with 50 APs each, In this case I have N+1 redundancy where I can follow the normal proceedure
  Normal Proceedure
  Move all APs to controllers 1-4
  Preload all APs with the new code version
  Upgrade and reboot empty controllers 5-8  to new code version
  Move all APs to 5-8 with new code versoin
  Upgrade empty 1-4
  Move all APs back home
  Now take the same scenario only chage it to 80 APs per controller. I've now lost my N+1 and cannot do it quite as smoothly.
  As opposed to trying to follow the normal proceedure and have an extended window of "brown outs" How about doing it all at once.
  Black-out accelerated proceedure:
  Preload new code on all controllers
  Preload new image on all APs on all controllers
  Reboot all 8 controllers at the same time.
  Allow time for APs to connect back and load the new image
  I assume with this proceedure that I might see around 15-30 minutes of actual downtime to the site but it seems like that could be preferable to two-three hours of brown outs.
  What are your thoughts, and do you feel that 15-30 minutes is

  Michael,
  Welcome to CSC!
  I have 40+ WLCs and like you looked at this very closely. In my environment I do a predowload and reboot them all. Ive tried the surgical approach and in my case if you get aps bouncing back and forth on WLCs they will upgrade then downgrade etc.
  Also note -- If you are on 7.0.98.0 code, predownload "may" have a bug. I noticed an issue during a recent upgrade in mu network and later someone commented about the same issue here on CSC.

• Mobility group same ssid multiple WLC

  I have a 4400 and a 5508 WLC in the same location
  We want to be able to roam between ap joined to both the 4400 and the 5508 using only one ssid
  Do I only need to create a mobility group and add both WLC
  then create only one WLAN on one of the controllers and it will be shared across bot WLC.
  Or something else?

  Resolution :
  Yes you are correct. Please follow this link for Mobility groups and Roaming :
  http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_mobility.html

• Multiple WLC and AP secondary config

  Hi all, we have 2 WLC, each licensed for 12 AP's. Here is the issue, we will have up to 20 Ap in our enviroment. No problem getting each AP assigned to a primary controller. My question is assinging an AP to a secondary. If I assign 10 AP's to each as a primary, and then have each assigned to the other controller as a secondary, in the event we lose 1 controller the other will now have 20 AP's associating with it. How does the WLC handle this situation? Just accept the first 2 requests then ignore all the other 8 request?

  Hi Jeffrey,
  Just to add a note to the great tips from Dan and Leo (+5 points each guys!)
  One of the recommended designs for WLC/AP failover and redundancy is referred to as the "n+1" rule. So in your design you would add a third WLC that had no AP's associated to it. It would be licensed for either 12 or 25 AP's. 12 in case one of your WLC's fails or 25 in case both active WLC's fail :)
  WLAN Controller Failover for Lightweight Access Points Configuration Example
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml#c4
  Hope this helps!
  Rob

• Multiple WLC redundancy using flexconnect across multiple branches.

  Hi
  I'm wondering if someone could give me a hint please.
  I have two WLC 5508s in two different branches/countries. 
  They have APs configured as Flexconnect with local routing.
  However all the APs are only on the first controller as the controller IP was manually entered before deployment.
  (I'm guessing this will need to be changed to DNS resolution?)
  1. I would like to load balance  APs that are in more contries/branches across Europe between the two WLCs
  2. and/or if one of the controllers go down, the APs would automatically move onto the other one.
  I'm just not sure if both can be done if the APs are on flexconnect.
  Thanks in advance for any replies.

  Hi,
  1. I would like to load balance  APs that are in more contries/branches across Europe between the two WLCs
  It can work, If you have configured the both WLC with excatly same way(same wlan id, same wlan name.....etc)
  2. and/or if one of the controllers go down, the APs would automatically move onto the other one.
  If the configuration for both wlc is same then primary fails then secondary will take place. Make sure WLAN ID order has to be consistent.
  Regards

• One Lobby Ambassador on multiple WLCs

  Hello,
  I have wireless network with 2 WLCs and I configured a guest access WLAN with web autentication.
  I would like to use a LOCAL authentications with lobby ambassador for guest users.
  Is there a way to create a user only once in one WLC?
  At the moment I have to connect to each wlc with lobby ambassador privilege and create the same user/pwd on each.
  Thanks
  Johnny

  Hi Johnny,
  I reckon you only have to create the guest user on the Anchor Controller (that's assuming you have your wireless infrastructure configured that way) as that is the WLC that is doing the authentication.
  Hope this helps
  Scott

• WLC 5508 * 2 & Mobility Group

  What I am trying to configure is Mobility Groups.
  My understanding is that this will allow AP to successfully register and fail over over seamlessly if any of the WLC had to fail ?
  It could be I am confusing two things into one :( & I am totally confused and not understanding the benefits of mobility group mentioned above.
  Also when a AP starts up and registers with the WLC ......I click on a registered AP > High Availability ( Primary / Sec / Tertiary ) all fields are blank...
  Initially I also thought that once my SSO is all setup and working than those options "AP > High Availability" will get populated automatically but clearly not unless something is not working.
  My current config is as follows:-
  WLC 5508 * 2
  WLC 1 - Primary
  WLC 2 - HA SKU (Secondary )
  Redundancy = SSO (Both AP and Client SSO)
  =============
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.6.130.0
  Bootloader Version............................... 1.0.20
  Field Recovery Image Version..................... 7.6.101.1
  Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
  Build Type....................................... DATA + WPS
  System Name...................................... WLC5508
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  Redundancy Mode.................................. SSO (Both AP and Client SSO)
  IP Address....................................... 10.31.66.21
  Last Reset....................................... Software reset
  System Up Time................................... 0 days 22 hrs 39 mins 57 secs
  System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  Configured Country............................... GB  - United Kingdom
  Operating Environment............................ Commercial (0 to 40 C)
  --More-- or (q)uit
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +38 C
  External Temperature............................. +21 C
  Fan Status....................................... OK
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 1
  Number of Active Clients......................... 0
  Burned-in MAC Address............................ F8:72:EA:EE:5B:B2
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Absent
  Maximum number of APs supported.................. 500
  ============================================
  TA

  TA,
  Mobility and mobility groups are used for the wireless users roaming. What we know that a wireless users can roam between different APs within the same WLC, but when the SSID is used within multiple WLCs, and the client wanted to roam to an AP joined to another WLC, you would need to configure WLC mobility to maintain seamless roaming. For more info:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001101.html
  Now, I understand that your purpose is to have high availability for your APs. No this is done traditionally from the AP page, under HA tab, where you configure the WLCs names and IPs there. This can be done manually on each AP (you can use CLI to make it easier) or you can push a configuration template using a management server (WCS/NCS/CPI).
  Configuring HA on the AP:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110000.html
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110001.html
  Using CPI to push AP configuration templates:
  http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-0/configuration/guide/pi_20_cg/temp.html
  Now mobility may play a role in this, as if you have already configured mobility for your WLCs, then you won't need to configure a "name" for the WLCs when you add them under the HA tab in AP configuration page. That's it.
  BR, Ala

• WLC 5508 7.4.X - N+1

  Hi,
  I don't undestand this document
  http://www.cisco.com/c/en/us/td/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide/N1_HA_Overview.html
  How can the third 5508 (suport max 500 AP) backup all other WLC ? n+1 how ?
  With secondary wlc configured in HA-SKU (without AP SSO) the 500 licenze are permanent ?
  who can explain me.. this is a document bug ??

  What they're describing is HA N+1, not HA 1:1 AP SSO.  This option, which is "NON-AP-SSO", allows you to use an HA-SKU or > -50-k9 SKU coverted, to operate as a dedicated +1 WLC in HA.  When using this configuration, this WLC allows the use of the "hardware maximum" of the device: Thus 500 APs for WLC 5508, or 1000APs for a WISM2 (as an example).  Since this WLC can wait as a backup to multiple WLCs, that's why it's not capable of the AP SSO, which requires a 1:1 pairing of the HA WLC with an Active HA WLC.
  When using the HA N+1 the WLC acts the same as the pre AP-SSO "HA" concept; where you had Primary, Secondary Tertiary configs on your APs (which you may still have).  All it is saying is that the N+1 HA WLC can act as one of these Secondary/Tertiary WLCs, much like a WLC you had licenesed for 250 or 500 APs could do previously.
  In the past you would use, lets say a 250 WLC AP as this backup WLC.  Many people were frustrated that they had to have a $60,000 WLC just sitting there "waiting for something to fail".  But that's what it did.  If a WLC failed, lets say one with 100 APs, this backup WLC would take on the APs and use 100 of it's 250 AP license count.  If additional WLCs failed, the process continued until this backup WLC was filled.
  The idea of using the HA-SKU in an N+1 is that while yes, you don't get the 1:1 AP SSO configuration, you are getting more bang for your buck in that this WLC can sit as a backup (as it did in the past) but it can accept up to the maximum it's hardware can handle in terms of AP count, not only what it was permanently licensed for.  Rather than spending $100,00 on a 500 AP count WLC to backup your 2x250 AP count WLCs, why not look at a $50,000 HA-SKU that can "handle" up to 500 APs.
  So given this scenario, this WLC is "backuping up all other WLCs" for whom it is a Secondary/Tertiary WLC backup.
  As far as the HA-SKU "licenese", it's not "permanent" per se.  With an HA SKU in N+1 you have a 90 day timer which will then "nag you" (via console) that this HA WLC is not truly intended to permanently house these APs.  The idea is that if the Primary WLC failed, you would get it back online and then move your APs back to where they belong and return the HA N+1 WLC back to 0 APs.

• Cisco Prime and WLC audit

  Hello,
  Is there an automated way to perform audit of Wlc from the Cisco Prime Infrastructure GUI? I use to go to Monitor->Controller, then check the box near one of the managed wlc, finally choosing 'Audit Now' on the top menu. It works fine, but when you have multiple wlcs, such operation takes a long time. I would like to retain the configuration which is on the wlc instead of the one on the PI database too.
  Do you know if there is a better way to perform the audit?
  Thanks
  Théophile

  Have you looked at the background task to see if there is an audit there? Are you really wanting to audit or just refresh the config from the WLC? If you do hate getting the mismatch and dine have all the templates for each of the WLC's, the audit only reviews what's in the templates. Refresh the config from the WLC is the easiest way as you can select all of your WLC and perform this task.
  Sent from Cisco Technical Support iPhone App

• Multiple Controllers across sites - Active/Active

  Hi Guys,
  Hoping I will get a few things clear in my mind regarding multiple WLC's in an Active/Active state.
  At the minute we are running 1 WLC 5508 at one site - all of our APs are centrally switches. I have a number of WLANs that map to different interfaces on different VLANs - everything is working great.
  We are about to take control of another business in another location and I am looking to put a wireless controller at that new site so that each controller controls a site but acts as a backup for the other site.
  In case of a failure I'd like traffic to be locally switched, so first question:
  1. Is there a way to centrally switch traffic whilst on the primary controller and then locally switch the traffic if a failover occurs?
  2. Assuming I have to enable HREAP on all APs permenantly to get this to work, would I have to keep all the VLANs across the sites the same to make this 100% automated?
  3. Do all WLANs need to be configured with the same WLAN ID in order to failover without a reboot?
  Basically, my knowledge of having a dual controller is fairly limited and i'm looking at expanding that quite quickly (due to time constraints). If anyone can chime in on the above questions or even point me in the direction of any good articles regarding active/active controller setups I would be more than appreciative.
  Thanks
  Tim

  1. Is there a way to centrally switch traffic whilst on the primary controller and then locally switch the traffic if a failover occurs?
  - No... That will break. The problem with WLC's at different locations is the subnets the WLC has available to it. If your using the same SSID you really want to have two WLC at each site.
  2. Assuming I have to enable HREAP on all APs permenantly to get this to work, would I have to keep all the VLANs across the sites the same to make this 100% automated?
  - You can get this to work if your bridging between sites, but do you really want to.
  3. Do all WLANs need to be configured with the same WLAN ID in order to failover without a reboot?
  - It's best practice to try to keep them the same. If you can't it still would work.
  If your really looking for redundancy then having two WLC at each site is what you want. You can user h-reap and put everything in local switching and have redundancy but understand h-reap and the limitations which might or might not be a problem for you.
  Sent from Cisco Technical Support iPhone App

• WLC/WCS vs WLSE

  ok..
  I'm looking at these solutions and I'm very puzzled why I would purchase a WLC/WCS/AP vs a WLSE/AP solution.
  First with WLC, i have to deploy multiple WLC's to get global redundancy. Don't need that with AP/WLSE combo. WLSE isn't a global failure point that takes down all my AP's.
  Second, While deploying a WLC is easier as WLSE takes an ACS server and ability to read and deploy WDS services, I can buy a WLSE and ACS server/hardware for less than the cost of one 4400 controller.
  Third - WLSE handles 2500 access points, does heat maps, something I would have to spend extra money and buy WCS for with the WLC. WLSE does the auto-reconfiguration and site survey.
  Seems to me WLC is similar to cars where they took the gauges out and just give you warning lights way of deploying wireless. Don't worry about what it does, just put it in and only pay attention if a red light appears while WLSE takes more knowledge of ACS and WDS, shows you more details, gives you greater control, autonomy and failure redundancy.
  Did I miss something??? It seems like WLC is 3 times as expensive yet doesn't provide anything other than easier deployment.

  Hi,
  Thank you Rpaquin, I also need answer which is better and which one is more sutabile for small wlan ?
  Regards
  Saher

• OEAP-600 AP backup connectivity to WLC

  Hi all,
  Here's the list of equipments:
  Pool of oeap 600 aps
  1x 2504WLC as OEAP WLC (@DMZ)
  1x ASA 5515
  Scenario:
  My OEAP WLC located at ASA - DMZ is NATted to a public ip (primary internet ISP), then my pool of OEAP-600 were configured to communicate with this OEAP WLC.
  My question is:
  I want to automate the failover of OEAP-600 (I don't know if this is possible) to the secondary internet ISP whenever the primary internet ISP fails. The secondary ISP is terminated on the same ASA 5515-X doing PBR and IP SLA stuff.
  I know that OEAP 600 can only be pointed to one WLC ip address
  I know that the WLC can only be NATted to one public IP address.
  Anyone?
  What would be the best solution to perform the OEAP backup connectivity? Or just buy another set of WLC/ASA then just manually configure the OEAP-600 APs to point to the secondary ISP.
  Dave

  You are limited to one public IP address on the WLC. You can have multiple WLC IP address set on the OEAP, but that will not help with one WLC and one public IP. So you would need another WLC and ASA since you would have two ISP connections with different public facing IP.
  Sent from Cisco Technical Support iPhone App

• WLC is rebooting whenver WAN goes down

  Hi,
  I came across with one issue repetitively. Whenever we have issue with WAN disconnection issue, after some time our LAN WLC gets rebooted .
  As I gone through the logs, found that we will have disconnection with Mobility group member <ip address> . Based on that , suspecting we have some policies or some parameter configured therefore whenever we have issue with mobility controller member ( such as disconnection ) .
  We have mobility group configured whereas one of our mobility member is on WAN ( other location ).
  so whenever we have disconnection issue with mobility member which is there in head-office location , our local LAN WLC gets rebooted.
  can anybody look into this? It would be great to know , if we have enabled any feature unknowingly.

  Is the reason you require the same mobility group name for a remote site is because you are doing failover between the two? Usually you don't require the same mobility group name unless you want the AP's to be able to failover between multiple WLC's.
  I don't think that would fix your issue though. Maybe setup syslog so you can see if the wlc reboots due to another issue or error.
  Sent from Cisco Technical Support iPhone App

• Wlc remote fallback

  Hi,
  I have multiple WLC installations on different sites with Local APs. Is there a methodology or plan to solve fallback situation by installing a central WLC in the DataCenter (e.g.) What should I follow to create a solution to this problem? Licensing, choosing wlc controller model, limitations, etc.
  Do I have to create a local redundancy first and then at the data center as I saw on a web page? Is it possible to make fallback solution to this type of infrastructure?

  You have to look to see what happens if a WLC fails at a site.  The issue I have if your in local mode, is that if you have a wlc at a central location as a backup, then all traffic will be tunneled to that WLC and users will have to get a new ip address since you centralized wlc will have interfaces that is local to that site.  Typically its best to have a redundant WLC at each location, but you really need to figure out the what if and how does the traffic flow now.
  Licensing depends on how many AP's you want to be able to support... maybe you want to have license for one of the largest sites or maybe enough license for two large sites to failover.  This will also tell you what controller model you have to go with since there is a max number of AP's depending on WLC.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"