OEAP-600 AP backup connectivity to WLC

Similar Messages

• Oeap 600 - can't connect to corporate wlan

  Hello!
  I have some trouble with the setup of an oeap 600 ap.
  The ap has joined the controller as it should and the remote-lan connection to my corporate network works well, but i can't connect to the corporate wlan.
  When i check the event log on the ap it says:
  *Oct 02 07:36:56.662: (Re)Assoc-Req from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
  *Oct 02 07:36:56.665: received assoc-rsp for wireless client, status=0011
  *Oct 02 07:37:11.712: DisAssoc-Req/DeAUTH from 00:1a:73:d2:82:8c forwarded to WLC, wired: no
  *Oct 02 07:37:11.713: WTP Event: Delete Mobile sent to wlc00:1a:73:d2:82:8c"
  and a debug on the controller gives me:
  apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Adding mobile
  on LWAPP AP ec:c8:82:c2:3a:20(0)
  *apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Association received from mobile on AP ec:c8:82:c2:3a:20
  *apfMsConnTask_6: Oct 02 08:52:05.034: 00:1a:73:d2:82:7f Sending Assoc Response to station on BSSID ec:c8:82:c2:3a:20 (s
  tatus 17) ApVapId 1 Slot 0
  *spamApTask2: Oct 02 08:52:05.038: 00:1a:73:d2:82:7f Received Idle-Timeout from AP ec:c8:82:c2:3a:20, slot 0 for STA 00:
  1a:73:d2:82:7f
  *spamApTask2: Oct 02 08:52:05.038: 00:1a:73:d2:82:7f apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason
  4, reasonCode 4
  Does anyone have an idea?
  thanks

  Hello,
  For More information on OEAP-600, please watch the "Community Tech-Talk Series" Cisco Office Extend Access Point OEAP-600
  https://supportforums.cisco.com/community/netpro/wireless-mobility/begin-wireless/blog/2012/02/24/cisco-office-extend-access-point-oeap-600
  Thanks,
  Vinay Sharma
  Community Manager - Wireless

• OEAP 600 cannot join WLC with auth-list enable

  I've got a strange problem here. In the office, my OEAP 600 can join WLC if there is no MAC authentication. When i enable MAC authentication at WLC, AP will fail to register. However, I try it at home and it works with both MAC authentication enable or disable. I suspect it is because of firewall in my office, but there shouldn't have any different in discovery and joining procedure for AP with MAC authentication enable or disable. I'm confused here. Please help.

  Justin,
  Below is error summary from WLC:
  Last Error Summary
  Last AP Message Decryption Failure----
  Last AP Connection Failure     ---------      Timed out while waiting for ECHO repsonse from the AP
  Last Error Occurred                ---------      Lwapp join request rejected
  Last Error Occurred Reason    ---------      RADIUS authorization is pending for the AP
  The error reason is probaly because I haven't added AP MAC address to ACS. With the same AP, at home using ADSL link, i have no problem.
  Thanks.

• OEAP 600 Series - Maximum User Count

  Supported User Count
  Only fifteen users are allowed to connect on the WLAN Controller  WLANs provided on the 600 series at any one time. A sixteenth user  cannot authenticate until one of the first clients de-authenticates or a  timeout occurred on the controller.
  Note: This number is cumulative across the controller WLANs on the 600 series.
  For example, if two controller WLANs are configured and there are  fifteen users on one of the WLANs, no users will be able to join the  other WLAN on the 600 series at that time. This limit does not apply to  the local private WLANs that the end user configures on the 600 series  designed for personal use and clients connected on these private WLANs  or on the wired ports do not affect these limits.
  This is from the Configuration Guide for teh 600 series Office Extend AP. Is this count per AP or total per WLC? If I have 10 APs deployed to our remote users, can each AP support two simultaneous users? Would I need to use separate WLANs for each OEAP?

  Hello,
  For More information on OEAP-600, please watch the "Community Tech-Talk Series" Cisco Office Extend Access Point OEAP-600
  https://supportforums.cisco.com/community/netpro/wireless-mobility/begin-wireless/blog/2012/02/24/cisco-office-extend-access-point-oeap-600
  Thanks,
  Vinay Sharma
  Community Manager - Wireless

• OEAP 600 and AP policies

  I have two 5508 and a few hundred 1142 in our internal net. Now I bought some OEAP 600 to do tests in some small branch offices, but I would like to enable AP policies with MAC filtering to block that anyone else can connect an OEAP through our firewall. If I enable 'Accept Self Signed Certificates (SSC)' and 'Authorize MIC APs against auth-list or AAA' as suggested in Cisco document 'Aironet 600 Series OfficeExtend Access Point Configuration Guide', will that effect only my OEAP 600 or will I have to also include the MAc addresses of my internal 1142?

  Hello,
  For More information on OEAP-600, please watch the "Community Tech-Talk Series" Cisco Office Extend Access Point OEAP-600
  https://supportforums.cisco.com/community/netpro/wireless-mobility/begin-wireless/blog/2012/02/24/cisco-office-extend-access-point-oeap-600
  Thanks,
  Vinay Sharma
  Community Manager - Wireless

• OEAP 600 - Possible to disable local ports 1-3?

  I have a customer looking to deploy OEAP & wants to know if it possible to disable the local ports 1-3?  Reason being, they don't want the home user connecting devices & causing more support tickets to troubleshoot an Xbox or Google TV just b/c it's connected to a company provide AP/Switch.
  I have read all the docs & it makes no mention of this.... I can see in 7.2 the ability to disable the local SSID but no mention of the ability to shutdown ports 1-3.... 
  Also see support in 7.2 for Dual RLAN... but that still leaves 2 local ports.
  Thanks,
  Brandon

  We found a way to disable the local ports. 
  The command is
  config network oeap-600 local-network {enable | disable}
  Here is the link to the documentation
  http://www.cisco.com/en/US/docs/wireless/controller/7.2/command/reference/cli72commands.html#wp15794664
  We also found a link on how to configure two ports (4 and 3) as Remote LAN ports
  http://mrncciew.com/2013/03/11/oeap-with-multiple-remote-lans/

• TouchSmart 600 unable to connect to Internet & email accounts. Error Code 0x80070057

  TouchSmart 600 unable to connect to Internet & email accounts.  Receive Windows Network Diagnostics error message "An unexpected error has occurred.  The troubleshooting wizard can't continue"  Error Code: 0x80070057.  Using old laptop to send this message.  Tried to restore back to a certain date but was only able to restore back to latest Windows download which did not correct my problem.  Any help appreciated.  Thanks.

  I have the same problem connecting to the Internet that it is. It is more intermittent than permanent though. I have updated the driver from HP site, but no change.  From the searches on the web problem seems more widespread though. HP do something! Please!

• Connecting a WLC 4400 to a 2960 POE Catalyst

                     I need some help connecting my WLC 4400 to my 2960 catalyst switch. The gigabit port
  on the Catalyst switch I am using is connected to port 1 on WLC 4400. I have the port set to trunking
  mode but I cannot ping the management interface IP. I also noticed the activity lights on the two interfaces
  are not lit. 
  interface GigabitEthernet0/2
  switchport mode trunk
  Is there something else I need to attribute to this port?
  Thanks

  Sorry to get back to you so late. Here is what I got.
  Wireless#sh ip int brief gi0/2
  Interface IP-Address OK? Method Status Protocol
  GigabitEthernet0/2 unassigned YES unset down down
  Wireless#sh ip int gi0/2
  GigabitEthernet0/2 is down, line protocol is down
  Inbound access list is not set
  It is plugged in.

• AP periodically dropping his connection to WLC

  Hello ,
  I have problem with AP 1262 witch periodically lose his connection to the controller.
  I have this situatuion. One WLC 5508 and two 1242 dual band controller based APs.One AP 1242 is connected to the controller through fiber link.The other AP1242 is connected to WLC through first AP on 5GHz Wireless Backhaul.First one is RootAP and second one is MeshAP.WIreless link between two APs have SNR=40dB and distance is no more than 30 metres(100 feet).Antennas used in this case is directioanl 5GHz "AIR-ANT5160NP-R" with gain 6dBi.
  MeshAP have an IP and have alreaday downloaded IOS image and configuration from WLC. MeshAP is working fine when he si connected with WLC , and client can gain access two WLAN.
  However the MeshAP is periodically dropping his connection to WLC.(once every 4-5 hours).
  This is part of the log generated by the WLC before loosing connection with MeshAP:
  *apfReceiveTask: Dec 01 10:41:08.199: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  *spamApTask1: Dec 01 10:37:54.022: %CAPWAP-3-ECHO_ERR: capwap_ac_sm.c:5416 Did not receive heartbeat reply; AP: 00:08:30:70:97:70
  *apfReceiveTask: Dec 01 08:47:30.943: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  *spamApTask1: Dec 01 08:43:56.610: %CAPWAP-3-ECHO_ERR: capwap_ac_sm.c:5416 Did not receive heartbeat reply; AP: 00:08:30:70:97:70
  *apfReceiveTask: Dec 01 07:28:50.498: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  *spamApTask1: Dec 01 07:25:38.994: %CAPWAP-3-ECHO_ERR: capwap_ac_sm.c:5416 Did not receive heartbeat reply; AP: 00:08:30:70:97:70
  *apfReceiveTask: Dec 01 06:28:26.299: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  *spamApTask1: Dec 01 06:25:02.186: %CAPWAP-3-ECHO_ERR: capwap_ac_sm.c:5416 Did not receive heartbeat reply; AP: 00:08:30:70:97:70
  *apfReceiveTask: Dec 01 00:07:47.769: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  *spamApTask1: Dec 01 00:04:39.750: %CAPWAP-3-ECHO_ERR: capwap_ac_sm.c:5416 Did not receive heartbeat reply; AP: 00:08:30:70:97:70
  *apfReceiveTask: Nov 30 17:05:40.975: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  *spamApTask1: Nov 30 17:02:23.102: %CAPWAP-3-ECHO_ERR: capwap_ac_sm.c:5416 Did not receive heartbeat reply; AP: 00:08:30:70:97:70
  *apfReceiveTask: Nov 30 07:08:58.755: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  *spamApTask1: Nov 30 07:05:28.818: %CAPWAP-3-ECHO_ERR: capwap_ac_sm.c:5416 Did not receive heartbeat reply; AP: 00:08:30:70:97:70
  *apfReceiveTask: Nov 30 04:09:30.046: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  *spamApTask1: Nov 30 04:06:12.370: %CAPWAP-3-ECHO_ERR: capwap_ac_sm.c:5416 Did not receive heartbeat reply; AP: 00:08:30:70:97:70
  *apfReceiveTask: Nov 29 19:04:58.763: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  Any help would be appreciated.Thanks in advance.

  Why are you using 802.11a as a backhaul?  802.11a may have the speed but the range of the 802.11a is not good.  Now you said that you are using the 5060NP-R antenna on the 1260 side, now what antenna is being used by the RootAP?

• Backup Port of WLC 5508 MGMT interface

  Dear All,
  Since WLC5508 MGMT interface is configured a AP-Mgr at the same time, can I set a Backup Port to WLC5508 MGMT interface?
  Refer to WLC configuration Guide:
  In the Backup Port text box, enter the number of the backup port assigned to the management interface. If the primary port for the management interface fails, the interface automatically moves to the backup port.
  NoteDo not define a backup port for an AP-manager interface. Port redundancy is not supported for AP-manager interfaces. If the AP-manager interface fails, all of the access points connected to the controller through that interface are evenly distributed among the other configured AP-manager interfaces
  I am confuse on this. Thus, if I need to configure the backup port for MGMT interface, i need to remove the AP-manager on MGMT interface and create a network dynamic interface for AP-Manager ?
  Thanks all.
  Jeff Chiu

  Jeff:
  You are right. The config guide is confusing.
  The config guide is talking about AP-Manager interfaces you create other than the management one. For the management interface it is called "management" but it acts as an AP-Manager interface as well. When the config guide metnions "AP-Manager interface" it does not mean the management interface but it means AP-Manager interfaces that you create beside the management interface.
  So, for the management interface you can create a backup port and I think if you are not using LAG it is a best practice to define a backup port for management.
  For other AP-Manager interfaces that you create (other than the management interface) you don't need to define the backup port.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• OEAP 600 bridging dual-rlans?

  I have established dual-rlans on different segments.
  I have a 2960g switch.  I created vl2 (management) and vl3 (data).
  I connected rlan1 (port4) to vl2 and rlan2 (port3) to vl3.
  My laptop receives a dhcp address on vl3 and the switch (in dhcp mode) receives it's proper address on vl2.
  Unfortunately a MAC is assigned to each vl and to the management interface.  Thats 3 out of the 2 sets of 4.
  So a managed switch is NOT the desired device to have on the back side of an OEAP600.
  In any case doing a show mac address-table revealed that all the vl2 MAC addresses were duplicated on vl3.
  To the tune of 216 addresses.  108 in each vlan.  Which is a close match to the current host counts for each segment
  98 + 18.
  Obviously this application is not what was envisioned by the OEAP team during work-up.
  The goal of 4 host devices on the rlan is proving difficult to achieve.
  The client wants 2 pc's and 2 digi-port servers.

  OK switched to a 3560 and routed mode...
  and with just the link to the 600 the switch reports:
  "%ETHCNTR-3-LOOP_BACK_DETECTED..
  and err-disables the port.
  I set no keepalives and the problem is gone.  So the 600 is looping back..
  I wonder just what type of Switch or Hub the design team had in mind.

• Error while trying to restore ipad from icloud backup "Connection Error - server error apple id couldnt be created"

  after updating to ios 6.1.2 ipad2 ended up in restore mode, i have restored it and now i need this morning's the backup that's only on icloud
  but after i login (succesfully) and acept terms & condition popups an error "Connection Error - server error: apple id couldnt be created" or "impossible to login there has been a problem while connecting with server" when it should start setting up the ipad.
  any clues on whats going on? i really need this backup.  what can i do? there is any other way to restore using the icloud backup from somewhere else?
  thanks

  https://discussions.apple.com/message/19556552#19556552
  Level 1 (0 points)
  brandonfromhenderson 
  This solved my questionRe: Apple ID couldn't be created because of a server error when i try to restore from a backup 13-sep-2012 9:49 (in response to brandonfromhenderson)
  Found the solution! Go To Appleid.apple.com and set your birthday and other questons..

• How can I ensure only known AP's connect to WLC

  I have a Cisco 2112 WLC with 1131 LWAP's
  How can I ensure only known AP's connect to the WLC?
  Thanks in advance
  Richard

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  Hi Richard,
  You can prime the AP by prividing the Management ip to join and the other way is to maitain the APs by using the Rogue rules..
  Here is the link to do the same..
  Priming the AP
  ==========
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml
  Rogue Rules
  ===========
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70rrm.html#wp1180349
  lemme know if this answered your question..
  Regards
  Surendra
  ====
  Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

• Wireless Clients can't connect post WLC Upgrade to version 7.4.100.0

  Upgraded WLC Flex 7500 controller to: 7.4.100.0
  Previous WLC Controller version: 7.2.111.3
  After the upgrade, all AP's reported back to the controller and looked like working. We have 50+ branch sites that connect back via Layer 2 to the main office. The main office SSID's were broadcasting and users could connect and get the proper IP's. Users that connected back through FlexConnect AP's couldn't obtain an IP address. The client would authenticate to the WLC and accept the SSID key, but would not get an IP address. I see with the 7.4.100.0 upgrade there are more options for DHCP for each interface, which we don't use interfaces for all sites as we did in the early days, now we make sure the flex connect tab has the vlan identifier in the tab and the traffic goes out the local firewall etc. Each remote site has a Linux based firewall and DHCP server.
  Looking for any insight with the 7.4.100.0 upgrade that may cause clients to not connect and obtain an IP address.
  We have since back dated our WLC Software to: 7.2.111.3 to allow things to work pre upgrade which everything worked fine.
  Any suggestions would be great, we had to upgrade version 7.4.100.0 to support our AP 1602.
  Thanks in advance.
  Matt

  Verify that you have an upgraded FUS image. Second, make sure your WLAN to vlan mapping on the FlexConnect AP's have the correct vlan mapping. I have seen these change to the default vlan mapping.
  Sent from Cisco Technical Support iPhone App

• Connectivity to WLC failed

  We have a WLC connected to a 6500 Switch, when tried to enable LAG the connectivity goes down, the switch can't ping the controller nor the controller to the switch, we check tha cables, the minigybics, we changed them for new ones,the status of the interfaces is UP UP, we tried revert the config, using LAG disabled and no success, i can't reach the management interface. with the service port i can connect to the controller.
  Thanks, Regards

  Make sure you have the management and ap-manager interface set to "0" untagged and also make sure the trunk ports are set to native vlan . Also make sure that the trunk port is set to channel-group X mode on.