N+1 redundancy with 2504-HA

Hello,
I have question regarding N+1 redundancy with 2504-HA WLC.
Can I use 2504-HA unit for H+1 redundancy? SSO is not needed
I have two wireless network:
1. With WLC 5508 with about 40 AP(1262), all them are A regulatory domain
2. With WLC 2504, with about 30 Mesh AP(1552), all of them are E regulatory domain
I plan to use two 2504-HA units for backups, one for network with WLC5508 and second for network with WLC2504.
In case N+1 redundancy is management with Prime mandatory ?

Hi,
Better to use same model and same software.
Case1: You have 5508WLC
Solution from my side: You must buy a another WLC with HA SKU license(Zero AP license). This wlc can work as N+1 and AP SSO as well as Client SSO but with higher version of code(7.5 or higher).
Case2: You have 2504 WLC
Solution: You must buy a another 2504 HA WLC: AIR-CT2504-HA-K9, that only supports N+1(No AP SSO and NO Client SSO)
http://www.cisco.com/c/en/us/td/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide/N1_HA_Overview.html
More info:
http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1130-ag-series/qa_c67-714540.pdf
Regards
Dont forget to rate helpful posts

Similar Messages

[svn:fx-trunk] 12883: Remove the skin classes from the halo theme project to avoid redundancy with the airframework /framework swcs.

Revision: 12883
Revision: 12883
Author:   [email protected]
Date:     2009-12-12 15:53:50 -0800 (Sat, 12 Dec 2009)
Log Message:
Remove the skin classes from the halo theme project to avoid redundancy with the airframework/framework swcs.
QE notes: No
Doc notes: No
Bugs: SDK-24293
Reviewer: Glenn
Tests run: Checkintests, smattering of Halo and AIR mustella tests
Is noteworthy for integration: Yes
Ticket Links:
    http://bugs.adobe.com/jira/browse/SDK-24293
Modified Paths:
    flex/sdk/trunk/frameworks/projects/framework/src/FrameworkClasses.as
    flex/sdk/trunk/frameworks/projects/halo/build.xml
Added Paths:
    flex/sdk/trunk/frameworks/projects/framework/src/mx/skins/halo/WindowBackground.as
Removed Paths:
    flex/sdk/trunk/frameworks/projects/halo/assets/
    flex/sdk/trunk/frameworks/projects/halo/src/HaloClasses.as
    flex/sdk/trunk/frameworks/projects/halo/src/mx/skins/

Issue with 2504 WLC and 2602 AP. need help please.

Somehow the AP does not associates with the 2504 controller.
What could possibily be the issue.
Thanks in advance.
Anyway, Here is the log from the AP.
AP log
===========================================================
*Mar 1 00:30:35.551: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.120.4 obtained through DHCP
*Mar 1 00:30:35.551: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'SNGNY-WLC1'running version 7.0.220.0 is rejected.
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 2 state 2.
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.120.4
===========================================================
show version output from the Access Point
=========================================================
AP0006.f6ec.be2a#show ver
Cisco IOS Software, C2600 Software (AP3G2-RCVK9W8-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 00:07 by prod_rel_team
ROM: Bootstrap program is C2600 boot loader
BOOTLDR: C2600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(25e)JA1, RELEASE SOFTWARE (fc1)
AP0006.f6ec.be2a uptime is 33 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
--More--
*Mar 1 00:33:46.071: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Mar 1 00:33:46.171: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.120.98, mask 255.255.255.0, hostname AP0006.f6ec.be2a
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP2602I-A-K9    (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.
Processor board ID FGL1704ZC0Q
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.4.1.37
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:06:F6:EC:BE:2A
Part Number                          : 73-14588-02
PCA Assembly Number                  : 800-37899-01
PCA Revision Number                  : A0
PCB Serial Number                    : FOC165188Y4
Top Assembly Part Number             : 800-38356-01
Top Assembly Serial Number           : FGL1704ZC0Q
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP2602I-A-K9
Configuration register is 0xF
========================================================

Blake's right. Your WLC is running 7.0.X code which does not support the AP2600. Check the Release Notes and look under Software Release Support for Access Points to determine what suitable firmware your WLC can support your AP.

Nexus 7000 Switch Fabric Redundancy with Fab-2 ?

Hi all,
I know that N7K did not have N+1 Switch Fabric redundancy. It is required to have all five SF modules to provide full throughput. Does this change with FAB-2 modules ? I mean with new modules, does N7K have N+1 SF redundancy ?
Thanks in advance.
Dumlu

The N+1 fabric redundancy will depend on the type of module.
If you are using M132 (80G) per slot and you have 3x FAB-1 (46G each), it will provide N+1.
The same story applies to FAB-2. If you are using the F1 series, and have 4x FAB-2, you have N+1. Of course, if you are using F2 series linecard and have all FAB-2 populated, you don't have N+1 because F2 is 480G and all 5 FAB-2 will give you 550G.
HTH,
jerry

Bandwidth limiting with 2504 WLR and 3602E AP

Hello,
My QA team needs to test number of special connectivity scenarios where their wireless connection has a limited bandwidth.
Ideally, I would like to provide them number of SSIDs each of which has different bandwidth limitation.
But so far I did not find a way to apply any bandwidth limitations to my 2504 Wireless controller and the 3602E AP.
QoS has only 4 pre-defined modes which can't be set to a specific limit...
Any help/advise would be highly appreciated!
Thank you,
Mark.

Didnt realize this was not on the 5508, +5 Scott.
I guess the next best option is to ACL/QOS on the wired side for that subnet in question.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

Redundancy with GWIA

We currently have the following environment:
1. Groupwise 2012 server #1 on one server, with GWIA, MTA, POA,
WebAccess on that server. Primary MX record points to this server. On
our dsl internet connection
2. Groupwise 2012 server #2, GWIA, MTA, on that server. Secondary MX
record points to this server. On our cable internet connection.
Currently, For incoming purposes, email normally comes in via the
primary MX record to server #1. If it is not responding, email incoming
traffic goes via the secondary MX record to server #2. m This is automatic.
However, I am not certain that the outgoing emails have automatic
redundancy. If the GWIA on server #1 cannot process outgoing mail
simply because the dsl internet connection it uses is down, does the
outgoing emails automatically get routed to server #2 to go out that
GWIA. Or does that automatic rerouting occur only if the GWIA on server
#1 is actually down.
I had read that the redundancy routing of the GWIA to server #2 did not
work on GW6, but did work on GW7. Is that the case and does it work
automatically for GW2012 in the instance where the GWIA on server #1 is
still up but is not able to connect to the internet because the internet
connection is down.
We want to have automatic outgoing GWIA redundancy in addition to the
incoming GWIA redundancy.
Cliff

On 1/7/2015 1:15 AM, Massimo Rosen wrote:
> Hi.
>
> Am 07.01.2015 um 05:18 schrieb Clifford Wiernik:
>>
>> However, I am not certain that the outgoing emails have automatic
>> redundancy. If the GWIA on server #1 cannot process outgoing mail
>> simply because the dsl internet connection it uses is down, does the
>> outgoing emails automatically get routed to server #2 to go out that
>> GWIA. Or does that automatic rerouting occur only if the GWIA on server
>> #1 is actually down.
>
> The latter, but even that only when correctly configured. By default,
> there is no outbound redundancy whatsoever.
>
>> I had read that the redundancy routing of the GWIA to server #2 did not
>> work on GW6, but did work on GW7.
>
> I don't think that's true either. I'm not even sure if it was available
> in GW8, or just came in 2012.
>
> Full outbound redeundancy, as in the GWIA is up but it's internet line
> down is out of the scope of groupwise. This would better be done at the
> router level.
>
> CU,
> The latter, but even that only when correctly configured. By default,
> there is no outbound redundancy whatsoever.
What would be the proper configuration to provide for this outbound
redundancy if the GWIA itself is actually down?

Redundancy with dual nic servers

Hi I have 2 11500's configured with box-to-box redundancy. I have a number of app servers each with dual nic's (which are Teamed) and which are connected directly to the CSS's. Nic 1 in each goes to the master CSS1 and is therefore live. Nic2 goes to standby CSS2.The CSS's are connected two 4500 switches to the public.I am monitoring the links to the 4500's,if i switch off the master CCS1,we fail over and the servers all connect via nic2 to the new master CCS2. But when the link to the 4500 from the CSS1 Master goes down the CSS'S failover but the nic2's do not connect to the CCS2 because Nic 1 in each server has not failed ie they still see CSS1 as up. Is there a workaround to this problem ?
Thanks
J

I know of no way to link CSS interfaces so that if the uplink goes down, the the other ports are shutdown. There may be another way to configure the adapter teaming or failover on the server side. I know some OS's send out test frames from one adapter to the other to verify network integrity.
What I'd recommend is that you setup a VLAN on your 4500's for the server's physical connections, and uplink that to a "backend" interface on the CSS. This can be done with the CSS in either a router or bridge configuration, but I'd recommend router mode.

How to implement redundancy with RT cFP?

Hi all!
I have a setup with a cFP-2020 controling a pump and multiple switch valves. The controller runs a PID that regulates the flow.
It also communicates with a pc through TCP/IP. A user can drive all the setup manualy ( opening/closing valves, change flow
setpoint, reading pressure sensors values,etc) and also launch an automatic mode that folows a recipe created by the user.
I would like to implement a redundancy at various levels:
1) Power : It is solved by the cFP itself since you can feed 2 power supplies.
2) Controller : I would like to add a second controller that would monitor the primary controller and takes over the control if
                       primary controller crashes. I know there is a hardware watchdog that would help a lot in the task.
                       I would know when the primary controller crashes through that watchdog. But how to know the final state where
                       the controller crashed so that the secondary controller would start from there? If it is in manual mode, it would be
                       easy, I could initiate the secondary controller with the last state on the host (pc). But what about automatic mode?
                       I could store the variables at any time but isn't it a bit too much? Is there a way to retrieve those data, other than
                       sending it to the host computer?
                       Does anybody has a good idea / structure in mind for this application?
3) Fieldpoint I/O: I would like the same as for the controller: have a second set of DI, DO, AI and AO that would secure the system.
                           There is also a watchdog there that could be used.
The main goal is, in fact: Let's say you remove physicaly the controller or any Fieldpoint I/O and the system would seemlessly go
                                         on his task.
Anybody already did that before?
Thanks for any help!
Dai
LV 7.1 - WIN XP - RT - FP

Hi and thanks for the reply!
In fact, for the moment, when the connection to the pc is lost, the controller goes into "safe mode". It is a state where I am sure
there is no security issue for the person running the process ( avoid over-pressure in different tanks, etc).
I did not described the current process using the cFP because this one is less critical in terms of redundancy. If the process
is stopped because the connection is lost for example, it is not so important. The process can still be restarted from the very start.
It is because the process (chemical) allows it. It is like filtering. If half the filtering is done, you can still filter again to get the proper
result.
I am thinking about another process much more critical. If the process is stopped, it is lost. And it means a lot of money tens of 1000 euros at once.
For the moment, those processes are regulated and operated from a DeltaV DCS system (Emmerson). It is reliable but expensive and the programming environment is poor. I really like Labview. It is really powerfull !!!
In the future, if possible, I would like to replace the old systems of our plant with NI ones. I think it is much better when you have
a homogenuous system. Having a network with pc's, mac's and linux's is much more difficult to set up and maintain. The same
for the field, it is much more complicated when you use at the same time: labview, deltaV, profibus, foundation fieldbus, CAN, etc.
Of course sometimes, you cannot avoid it. The systems are different and have their pro's and con's... Of course, it is just my opinion!
If it would be possible, I'd buy only NI stuff... Now, I just replace if possible.
About the the Outputs being redundant, I was thinking about a polling system: use 3 outs and poll. The majority wins. It think it is used on space applications.
So, I should have asked at the first time : Do you think it is possible to replace a DeltaV system with a NI one?
I think it is possible. But is the effort worth it? If I have to code all that? If there was something built in, it would be a dream
Okay, thanks anyway. Maybe I need to think about it a bit more.
Dai
LV 7.1 - WIN XP - RT - FP

How to implement redundant with 1 CE router to 2 MPLS service providers

Dear all,
Our head-office are currently have 1 Cisco CPE 3825 router with 2 WAN connections to our branches. We are now using static routing protocol in our network infrastructure, we consider how to implement the redundancy for networks by the redundant circuits connection to 2 MPLS providers, only when the primary connection to the primary MPLS L3 provider fail, the backup link to the second MPLS Layer 2 provider automatically active. Anybody knows where can I find information, tips or examples, how we'd handle the routing for that?
We are now have:
1 G0/1 interface connect to primary MPLS L3 Provider (the 2nd G0/2 interface is a leased-line connection to our partner, and we not consider here)
1 HWIC (layer 2) card, with 4 ports, which has interface F0/2/3 connected to the backup MPLS Layer 2 provider.
Thanks in advance.
PS: Current configuration : 3727 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Router
boot-start-marker
boot system flash c3825-entservicesk9-mz.123-11.T7.bin
boot-end-marker
logging buffered 4096 debugging
logging monitor xml
no aaa new-model
ip subnet-zero
ip cef
no ftp-server write-enable
no spanning-tree vlan 4
no spanning-tree vlan 5
interface GigabitEthernet0/1
description connect to VDC MPLS$ETH-WAN$
mtu 1480
ip address 222.x.x.66 255.255.255.252
ip flow ingress
ip flow egress
service-policy output SDM-QoS-Policy-1
ip route-cache flow
duplex auto
speed auto
media-type rj45
fair-queue 64 256 256
no cdp enable
interface FastEthernet0/2/0
switchport access vlan 2
no cdp enable
interface FastEthernet0/2/3
description ToTBToverFPT
switchport access vlan 5
no cdp enable
interface Vlan2
description CONNECT TO MPLS_VDC
ip address 192.168.201.9 255.255.248.0
interface Vlan5
description Connect to HoChiMinhCity
ip address 172.16.1.5 255.255.255.252
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.16.244.0 255.255.255.0 222.255.33.65
ip route 192.168.0.0 255.255.248.0 222.255.33.65
ip route 192.168.24.0 255.255.254.0 222.255.33.65
ip route 192.168.30.0 255.255.254.0 222.255.33.65
ip route 192.168.32.0 255.255.254.0 222.255.33.65
ip route 222.x.x.68 255.255.255.252 222.255.33.65
ip route 222.255.33.72 255.255.255.252 222.255.33.65
ip route 222.x.x.196 255.255.255.252 222.255.33.65
ip route 222.x.x.200 255.255.255.252 222.255.33.65
ip http server
ip http authentication local
no ip http secure-server
ip http max-connections 3
control-plane
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password
login
transport input telnet
line vty 5 14
privilege level 15
password
login
transport input telnet
line vty 15
privilege level 15
password
login
transport input telnet
parser view SDM_Monitor
scheduler allocate 20000 1000
end

Hi Mr jianqu,
Because of our customer now has 2 main central offices, and all other sub branches are now connected to each of these main central office via one primary full-meshed MPLS VPN of 1st Service Provider, so If I use the float static routes, and when there is a failure at one link at a CENTRAL CE Router to primary link to primary MPLS VPN Service Provider, but still there is no failure at the other site from a router CE sub branch with the the PE of the primary full-meshed MPLS VPN Layer 3 Service Provider,so It cannot cause a failover to a second redundant link of the 2nd Service Provider?
So with our system, do we only have one solution like this:
-Configure BGP as the routing protocol between the CE and the PE routers.
-Use local preference and Multi Exit Discriminator (MED) when running BGP inside a our customer VPN to select the primary and backup links.
-Use AS-override feature to support overlapping AS numbers between customer sites

Cant Connect Cisco AIR-CAP 3602 with 2504 controller

Im trying to have one of our APs join our controller. No matter what I do, i cant get it to join the controller.
The controller has the right OS, I had to upgraded it 7.4 to support the 3600...
Both the controller and the AP has the same time and date.
But Im getting this from my AP:
*Oct 30 14:49:26.043: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Oct 30 14:49:26.055: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Oct 30 14:49:26.055: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Oct 30 14:49:26.067: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 30 14:49:26.083: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Oct 30 14:49:27.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Oct 30 14:49:27.095: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Oct 30 14:49:27.103: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Oct 30 14:49:28.087: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Oct 30 14:49:28.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Oct 30 14:49:28.131: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Oct 30 14:49:28.139: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Oct 30 14:49:28.147: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Oct 30 14:49:29.131: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Oct 30 14:49:29.139: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Oct 30 14:49:29.167: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 30 14:49:30.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Oct 30 14:49:36.083: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 30 14:49:36.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.0.50 peer_port: 5246
*Oct 30 14:49:36.411: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.1.0.50 peer_port: 5246
*Oct 30 14:49:36.411: %CAPWAP-5-SENDJOIN: sending Join Request to 10.1.0.50
*Oct 30 14:49:36.411: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Oct 30 14:49:36.411: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Oct 30 14:49:36.411: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Oct 30 14:49:36.411: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.1.0.50
Anyone can help me please?
Thanks....

AP is connected directly to one of the ports on the 2504 controller.
I can move it to a POE switch, if needed.
Here is the output after I boot up the AP:
IOS Bootloader - Starting system.
flash is writable
FLASH CHIP: Macronix Mirrorbit (00C2)
Xmodem file system is available.
flashfs[0]: 43 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31997952
flashfs[0]: Bytes used: 16767488
flashfs[0]: Bytes available: 15230464
flashfs[0]: flashfs fsck took 16 seconds.
Reading cookie from SEEPROM
Base Ethernet MAC address: 4c:00:82:77:32:7b
Ethernet speed is 1000 Mb - FULL Duplex
Loading "flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-mx.152-4.JA1"...###########################
File "flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-mx.152-4.JA1" uncompressed and installed, entry point: 0x2003000
executing...
Secondary Bootloader - Starting system.
Xmodem file system is available.
flashfs[0]: 43 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31997952
flashfs[0]: Bytes used: 16767488
flashfs[0]: Bytes available: 15230464
flashfs[0]: flashfs fsck took 8 seconds.
Base Ethernet MAC address: 4c:00:82:77:32:7b
Boot CMD: 'boot flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-xx.152-4.JA1;flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-mx.152-4.JA1'
Loading "flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-xx.152-4.JA1"...###############################
File "flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-xx.152-4.JA1" uncompressed and installed, entry point: 0x2003000
executing...
              Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706
Cisco IOS Software, C3600 Software (AP3G2-K9W8-M), Version 15.2(4)JA1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 30-Jul-13 22:57 by prod_rel_team
Initializing flashfs...
flashfs[3]: 43 files, 9 directories
flashfs[3]: 0 orphaned files, 0 orphaned directories
flashfs[3]: Total bytes: 31739904
flashfs[3]: Bytes used: 16767488
flashfs[3]: Bytes available: 14972416
flashfs[3]: flashfs fsck took 8 seconds.
flashfs[3]: Initialization complete.
flashfs[4]: 0 files, 1 directories
flashfs[4]: 0 orphaned files, 0 orphaned directories
flashfs[4]: Total bytes: 11999232
flashfs[4]: Bytes used: 1024
flashfs[4]: Bytes available: 11998208
flashfs[4]: flashfs fsck took 1 seconds.
flashfs[4]: Initialization complete.
Copying radio files from flash: to ram:
Copy in progress...CCCCC
Copy in progress...CCC
Copy in progress...CCCC
Copy in progress...CCCC
Copy in progress...CC
Uncompressing radio files...
...done Initializing flashfs.
Radio0 present 8764 8000 0 A8000000 A8010000 0
Rate table has 244 entries (64 SGI/104 BF variants)
Radio1 present 8764 8000 0 88000000 88010000 4
Radio2 not present 0 0 0 0 0 8
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP3602I-A-K9 (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.
Processor board ID FTX1731GQYY
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.5.102.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 4C:00:82:77:32:7B
Part Number                          : 73-14521-02
PCA Assembly Number                  : 800-37501-02
PCA Revision Number                  : A0
PCB Serial Number                    : FOC17273HG4
Top Assembly Part Number             : 800-35852-02
Top Assembly Serial Number           : FTX1731GQYY
Top Revision Number                  : C0
Product/Model Number                 : AIR-CAP3602I-A-K9
% Please define a domain-name first.
Press RETURN to get started!
*Mar 1 00:00:11.355: FIPS IOS test Image Checksum successful
*Mar 1 00:00:11.355: FIPS IOS test Crypto RNG DEK Key Test successful
*Mar 1 00:00:11.355: FIPS IOS test SHA-1 successful
*Mar 1 00:00:11.355: FIPS IOS test HMAC-SHA1 successful
*Mar 1 00:00:11.355: FIPS IOS test AES CBC 128-bit Encrypt successful
*Mar 1 00:00:11.355: FIPS IOS test AES CBC 128-bit Decrypt successful
*Mar 1 00:00:11.355: FIPS IOS test IOS AES CMAC Encrypt successful
*Mar 1 00:00:11.355: FIPS IOS test IOS CCM Encrypt successful
*Mar 1 00:00:11.355: FIPS IOS test IOS CCM Decrypt successful
*Mar 1 00:00:11.387: FIPS IOS test RSA Signature Generation successful
*Mar 1 00:00:11.391: FIPS IOS test RSA Signature Verification successful
*Mar 1 00:00:11.391: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:11.391: %IFMGR-7-NO_IFINDEX_FILE: Unable to open nvram:/ifIndex-table No such file or directory
*Mar 1 00:00:11.847: Registering HW DTLS
*Mar 1 00:00:14.647: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:18.327: FIPS RADIO test AES 128-bit encrypt for TX on Dot11Radio 0 successful
*Mar 1 00:00:18.327: FIPS RADIO test AES 128-bit CCM encrypt on Dot11Radio 0 successful
*Mar 1 00:00:18.327: FIPS RADIO test AES 128-bit CCM decrypt on Dot11Radio 0 successful
*Mar 1 00:00:18.327: FIPS RADIO test AMAC AES 128-bit CMAC encrypt on Dot11Radio 0 successful
*Mar 1 00:00:18.327: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:24.451: FIPS RADIO test AES 128-bit encrypt for TX on Dot11Radio 1 successful
*Mar 1 00:00:24.451: FIPS RADIO test AES 128-bit CCM encrypt on Dot11Radio 1 successful
*Mar 1 00:00:24.451: FIPS RADIO test AES 128-bit CCM decrypt on Dot11Radio 1 successful
*Mar 1 00:00:24.451: FIPS RADIO test AMAC AES 128-bit CMAC encrypt on Dot11Radio 1 successful
*Mar 1 00:00:24.451: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar 1 00:00:26.811: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3600 Software (AP3G2-K9W8-M), Version 15.2(4)JA1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 30-Jul-13 22:57 by prod_rel_team
*Mar 1 00:00:26.811: %SNMP-5-COLDSTART: SNMP agent on host AP4c00.8277.327b is undergoing a cold start
*Jul 4 23:55:50.035: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jul 4 23:55:50.035: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jul 4 23:55:50.051: %PARSER-4-BADCFG: Unexpected end of configuration file.
lwapp_crypto_init: MIC Present and Parsed Successfully
*Jul 4 23:55:50.191: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Jul 4 23:55:50.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Jul 4 23:55:51.027: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Jul 4 23:55:51.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 4 23:55:51.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jul 4 23:55:53.319: FIPS HW test SHA-1 successful
*Jul 4 23:55:53.319: FIPS HW test HMAC-SHA1 successful
*Jul 4 23:55:53.319: FIPS HW test AES CBC 128-bit Encrypt successful
*Jul 4 23:55:53.319: FIPS HW test AES CBC 128-bit Decrypt successful
*Jul 4 23:55:53.819: FIPS HW test SHA-1 successful
*Jul 4 23:55:53.819: FIPS HW test HMAC-SHA1 successful
*Jul 4 23:55:53.819: FIPS HW test AES CBC 128-bit Encrypt successful
*Jul 4 23:55:53.819: FIPS HW test AES CBC 128-bit Decrypt successful
*Jul 4 23:55:53.819: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed
*Jul 4 23:55:53.819: DPAA Initialization Complete
*Jul 4 23:55:53.819: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
*Jul 4 23:55:54.819: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up%Default route without gateway, if not a point-to-point interface, may impact performance
*Jul 4 23:56:13.191: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Jul 4 23:56:14.279: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 4 23:56:15.279: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 4 23:56:15.371: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 4 23:56:16.371: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jul 4 23:56:18.895: Logging LWAPP message to 255.255.255.255.
*Jul 4 23:56:23.627: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.1.150, mask 255.255.240.0, hostname AP4c00.8277.327b
Translating "CISCO-CAPWAP-CONTROLLER.pti.local"...domain server (10.3.1.32)
*Jul 4 23:56:34.559: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Jul 4 23:56:34.567: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.pti.local
*Jul 4 23:56:44.567: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 30 15:05:13.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.0.50 peer_port: 5246
*Oct 30 15:05:13.411: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.1.0.50 peer_port: 5246
*Oct 30 15:05:13.411: %CAPWAP-5-SENDJOIN: sending Join Request to 10.1.0.50
*Oct 30 15:05:13.411: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Oct 30 15:05:13.411: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Oct 30 15:05:13.411: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Oct 30 15:05:13.411: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.1.0.50
*Oct 30 15:05:18.411: %CAPWAP-5-SENDJOIN: sending Join Request to 10.1.0.50

WLC redundancy with prime

Hi all,
We are going to implement high availabilty in 5508 WLC with version of 7.3.101 . We will be using Prime infrastructure 1.2 for monitoring purpose.
With Prime , whether we can monitor and manage redundant WLC also or only active WLC?...
Thanks for your help.......

I just know from experience. You can only GUI/ssh into the primary WLC when you enable AP-SSO. So once the pairs are in HA, that is it.... You have only the primary WLC IP address available. You learn things the hard way sometimes because there are things not documented.
Sent from Cisco Technical Support iPhone App

Local printers not working with 2504 WLC

                   I have a 2504 WLC with 3 1262 WAPs in lightweight mode.
     Clients connect using WPA2 PSK AES with no problem. Clients are Windows XP Home SP3. Test pages end up in print queue and eventually get a error printing status. Clients are not part of a domain and in a standalone workgroup - techstream.
Printer can be pinged from wireless client.
Another 1262N WAP in standalone mode connected to same lan from windows 7 sp1 clients have no problem printing to a local printer.
What does work on the Windows XP Home client is connecting to a network shared printer authenticating with domain admin id and password and it works. Reboot and the network shared printer can not connect multiple reasons are "access is denied" and message box says "only security tab will be displayed....."   Another Windows XP Home SP3 client on reboot can't open the network shared printer with message "Can't find printer"
The local printers do work on these pc's with an old colubris router that has an outside interface on our lan and internal network with clients getting dhcp address from colubris router of 192.168.3.XXX .
What is wrong with the wireless 2504 WLC?
Thanks
Broadcast forwarding was enabled.

Although a cisco tech support was helpful in making sure multicasting was enabled and a multicast server defined, the problem was at the CP2025DN printer. It had old network ip mask and gateway configured on the printer.
The new devices were part of the new network configuration (Mask and gateway had changed). I didn’t change that printer when I changed all the other printers at the facility because it was still active thru the old wireless network. I forgot to change the printer ip config when I brought the new wap on the new wireless network with the wlc 2504.
End result was the clients were part of a different subnet and gateway configuration then the printer and this disrupted the communication between clients and the printer. Once I corrected the mask and gateway on the printer to be the same as the dhcp scope of the wireless network, communication and printing worked.
Problem solved. User error

Redundancy with 2 vWLC

Hi Forum,
is it possible to operate 2 vWLC (with version 8.0) and configure them to work redundant (in any mode A/A, A/P or cold stand-by) as you could with a 5500 WLC?
TIA
Alexander

Hi Alexander,
Yes that is possible, but not in an hitless fashion like SSO with the 5500 controllers. The access-points need to determine that their primary controller is down which will take at least 10~15 seconds (if you are going to use fast AP heartbeats). And all the clients need to re-authenticate. To answer your question; just configure an primary and secondary WLC on the access-point.
With the virtual WLC your access-points have to run in FlexConnect mode which has some drawbacks (just like the virtual WLC itself, comparing it to an physical WLC). But depending on your deployment, the virtual controller can be much cheaper and lift on the HA infrastructure in the already existing hypervisor layer in your datacenter.
It is also possible to do "local authentication" on FlexConnect AP's when the connection to the controller has been lost, which can be handy when the WAN link is instable. Maybe this feature is an better solution that just add an second WLC in the datacenter far away.

Redundancy with dual WLC

Hi, I will implement a WLAN network with AP1130AG and WLC 2125. If I understand right the whole traffic to/from the APs (data + management) will be first encapsulated in a LWAPP tunnel to/from the WLC ? Then, the WLC will forward the different traffic VLANs via a 802.1Q trunk to the network. Is it correct ? If so, the WLC is a true single point of failure ! What will happen if the WLC get out-of-service ? What is the impact on existing client sessions and new ones ? How will a redundant WLC 2125 work with the primary (active/standby with HSRP, load balancing)? What are the best practices in such a network ?
Thanks

Hi Jean-Pascal,
In the WLC world this is how an AP is covered in case one WLC fails. It is not without some "downtime" in case of failure but both Controllers are active. You have to keep in mind that an AP can only be registered to one WLC at a time so this is the best that you can do :) When one WLC fails the AP then has to re-register with the backup, this is not a completly seemless process.
This has some really good info;
WLAN Controller Failover for Lightweight Access Points Configuration Example
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml#c4
Hope this helps!
Rob

Ace redundancy with different software licences

Hi,
We have 4710 with ACE-4710-1F-K9.
1G Bundle: Includes ACE 4710 Hardware, 1 Gbps Throughput, 5,000 SSL TPS, 500 Mbps Compression, 5 Virtual Devices, 50 Application Acceleration Connection License, Embedded Device Manager
We have another 4710 with ACE-4710-2F-K9.
2G Bundle: Includes ACE 4710 Hardware, 2 Gbps Throughput, 7,500 SSL TPS, 1Gbps Compression, 5 Virtual Devices, 50 Application Acceleration Connection License, Embedded Device Manager
Is that possible to make redundancy (FT GROUP) with 2 devices has different software bundles?

Hello-
When you initially setup the ACE's in an FT pair, they initially figure out who is master based on priority, then they check if the licenses that they each have installed are the same. If there is a mismatch, FT will continue to check the configuration and will eventually go into a "standby warm" state. It will not config-sync the startup or running configurations until you install the correct license and toggle config sync.
This is what yo uwould see:
ACE-A/Admin# show ft group 1 status
FT Group                     : 1
Configured Status            : in-service
Maintenance mode             : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_ACTIVE
Peer State                   : FSM_FT_STATE_STANDBY_WARM
Peer Id                      : 1
No. of Contexts              : 1
Running cfg sync status      : Detected license mismatch with peer, disabling running-config auto sync
Startup cfg sync status      : Detected license mismatch with peer, disabling running-config auto sync
If you disable config sync, it will still stay in a warm state and ignore the license mismatch:
ACE-A/Admin# show ft group 1 status
FT Group                     : 1
Configured Status            : in-service
Maintenance mode             : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_ACTIVE
Peer State                   : FSM_FT_STATE_STANDBY_WARM
Peer Id                      : 1
No. of Contexts              : 1
Running cfg sync status      : Sync disabled by CLI.
Startup cfg sync status      : Sync disabled by CLI.
It is not recommended to run with 2 different licenses because it is possible that you failover and don't have enough resources to carry the traffic that the active was running - however - if you disable configuration sync, it will allow you to do such.
Regards,
Chris Higgins

N+1 redundancy with 2504-HA

Similar Messages

Maybe you are looking for