One WLC 5508, Multiple Sites/Networks

So I'm trying to think this design out in my head.  Here is what I have:
Corp Office with a WLC 5508 configured with a management port and a guest WLAN port for guest wireless etc to the corp Layer 3 switch in a wireless VLAN, using 802.1q trunk of course.  The WLC is configured to be a DHCP server for the Guest WLAN.
(Side note:  the sites are connected using WAN routers at each location configured with bundled T3's and all routes are setup and each network successfully traverses to the other)
First phase will be to install 30 APs.  5 at the corporate office and 25 and two other sites.  I'm using a class A network but have subnetted the networks so to speak to make each site have multiple VLANs using class C networks.  I want to be able to implement the WLC 5508 at the corporate office and manage the APs centrally at all locations.  The APs are already configured for lightweight mode and I have successfully configured 5 of them and connected. 
My question is if I install the other 25 APs at the other 2 offsite locations and connect them to the network, will it automatically contact the WLC and get a DHCP address from the Corporate WLAN DHCP even though it is at another site?  Am I overlooking a step or configuration method for this type of implementation?
Thanks for all contributions!

Ok so I have configured my environment as suggested.  I can see the new IP Address lease to the AP at my remote site on
the DHCP Server (Windows Server DHCP at the remote site).  I can ping that IP from the Central office to the remote site however the WIreless Controller is not associating the AP at all.  Although I can ping the AP from the WLC.  I checked the logs and I dont see any association attempt from that IP or MACt.  So here is what I have:
Central Site-
     WLC 5508 With Internal DHCP for local APs
     APs associating successfully
Remote Site
     Windows DHCP with Option 43 Configured per Cisco AP Option 43 Whitepaper
     AP 1142-Light-Weight attached to switchport (Wireless Vlan configured) and reachable via ping through all of network.
     AP obtained IP from Windows DHCP from Wireless Scope I configured successfully.
So it doesn't seem the CAPWAP tunnel was built successfully.  I do have an ASA 5520 in the environment but all traffic to remote sites is wide open as I do not block any ports so CAPWAP traffic should flow well.
Mission a step?
Dee

Similar Messages

  • WLC 5508 Multiple Interfaces for Multiple SSIDs

    Hello guys,
    I am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
    I have 2 questions:
    1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
    Port 1: Controller management only=> 192.168.x.x /24
    Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing)
    Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing)
    Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth)
    Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
    2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?

    Yes you can... but you have to disable LAG.  Each post will need to be connected to a dot1q trunk and you will only allow the vlan that is required for that port.  Also on the interface, you will define what port is primary and what is backup.  I'm guessing you will not be using the backup port.  For example... port 1 that connects to a trunk port will only allow the management vlan.  Here is a link to setup dhcp on the WLC
    http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • WLC 5508 multiple country codes, limitations

    Hi CSC,
    Currently we are running 2x 5508 (7.2.111.3) in our Regional DC and all AP's from APAC are connected in H-REAP mode.
    On each WLC the following country codes are configured:
    Configured Country Code(s):
    CN, ID, IN, J2, J3, J4, JP, KE, KR, PH, PH2, TH, TW
    Regulatory Domain:
    802.11a:      -ACEJKNPTU
    802.11bg:    -ACEJP
    We have some sites (mainly China), which facing issues on WLAN recently (slow performance, weak signal..etc.
    RF & power level are 'managed' by WLC.
    After reviewieing some sites with our vendor, the feedback to improve stability/perfromace, was to either run just 1 country code/WLC..or set RF/power level manually for each AP. (which of course would be an admin nightmare!!)
    I havent found the same information on cisco.com & thought connecting AP's from different country's to the same WLC works well (incl. having the WLC manage power/rf)?
    Are there any limitations, when having multiple country codes on same WLC?
    Appreciate your feedback.
    Thanks,
    Stefan

    As far as I remember, every AP with a different country code have different permissible level of power and a regulatory authority board monitors these. So in case you wanna mix the AP with different codes, it will choose the ones with lower power level and operate which might not be to your advantage since the users might want to operate at higher power level. So, you can find out the permissible level of Transmission power and group AP with same level together and get another WLC. Also, run a site survey to check for interference. Might help
    Posted by WebUser Shalini Menon from Cisco Support Community App

  • Wlc 5508 multiple country codes + mesh ap

    Hello,
    Currently my solution consist of two 5508 controllers and several non-mesh and few mesh AP (2600) running in flexconnect mode in one single site in europe.
    Everything is going fine.
    However there is going to be a new site in Canada.
    I found some documentation saying that multiple country code is not available for mesh ap. Mesh ap are not going to join controller if multiple country code configured . but all this documentation is regarding version 7.2 and older.
    Im running version 7.4.100.0 and on configuration guide I don't find anything related to that.
    Am I going to have problems with this as well?
    If yes, what is the recommendation solution for this situation?
    Thanks in advance,
    Chris

    They do support multiple country code, but with regulations, the WLC will use the common channels and power for each of the countries you have defined. Now this will never change so its still best to have separate WLC per country if possible. Especially with mesh since the backhaul is on the 5ghz, this is really your limitation is you have AP's in a country where there is no allowed 5ghz or a minimum number of allowed channels.
    Sent from Cisco Technical Support iPhone App

  • WLC serving multiple sites

    Is there a way to stop the broadcasting of certain SSID's on certain access points? The customer has a WLC deployed at their main location, with a few APs hanging off of it at a remote. It would be nice if the remote location only broadcasted the networks it can support locally. Thanks!

    You need to use ap groups.
    Here is a config example: www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml
    HTH
    Amjad
    Sent from Cisco Technical Support iPad App

  • WLC 5508 configuraton

    We are planning to add a WLC 5508 to our network to support about 100 APs with two interfaces one for internal users and the other for guest users. This later will be integrated with WLC 4402 which will be installed in the remote site.
    Is there any documents that can help me to do so..
    Appricate your support 

    Here is the link which gives u all the info that u need!!
    http://www.cisco.com/en/US/tech/tk722/tk809/tech_configuration_examples_list.html
    Please dont forget to rate the usefull posts!!
    Regards
    Surendra

  • Remote WLC 5508

    Did any one setup an across WAN WLC as a secondary/failover one for wireless AP?  Comapny has one WLC 5508 for each branch office.  Management want to cost saving centralize wireless backup solution in a data center.  That means if the local WLC fail, then all AP will connect/register to a WLC in data center.
    Our wireless environment is a flat network with private class B network.

    Hi Amjad,
    I understood what Eric was trying to do, i.  e., the primary controller is located locally at the site and the secondary controller is located in the DC. 
    I've seen this being deployed here where the site's WAN link doesn't justify the WLC to be in the DC.  So that agency resorted in putting a WLC at the site.   Aside from that, the client DID NOT configure a secondary controller because the WAPs are in H-REAP.  If the primary controller at the site fails AND as long as the WAP doesn't reboot then there's nothing to worry about.
    That's the beauty of H-REAP/Flexconnect. 

  • Need Information of cisco WLC 5508 LAG Interface

    HI
    We have cisco WLC 5508 in our network and right now ,this WLC is connected to two ports of each core switches.Both CORP and GUEST SSID are configured on this WLC.
    Now we want to segregate the trafffic og GUEST to on core switches from WLC. SO my question is ,how can we achieve this without using guest anchor controller ?
    Can i use one interfcae cisco WLC 5508 and connect it to the firewall or any device ?
    Thanks
    Puneet

    Hi
    Thanks ...I am using WLC as a DHCP server for Guest.
    So  i want to know ,is there any requirement that GUEST subnet should be pingable from WLC management IP address.
    my topology is here...
    Corp network and management network are reachable however management metwork is not pinagble from guest netowrk.

  • WLC 5508 in HA

    Hi everyone,
    I have a doubt with a scheme of WLC in HA, I hope someone can help me.  
    I have 6 remote sites and 2 main sites, in coming year at least 3 remote sites will be opened.  Each remote site has one WLC 5508, I want to deploy HA for these ones, however I want to know if only I must put other WLC at each remote site?  or exists other way in order to deploy a  Cisco WLC in Main Site for working like WLC HA for every one at remote sites?
    Thanks

    1. That is up to you and what you need for redundancy. With that low of licensing and the cost you may just want to buy a 50 count controller and not bother with an HA SKU. (2 could fail)
    2. I believe this was back when they were selling HA only SKUs, you couldn't upgrade an HA to a permanent license. 
    3.  Yes, I mentioned that the APs will lose CAPWAP connections. There will be an outage during fail over
    4. It will not, N+1 is for redundancy on one. 
    Some designs with smaller sites use FlexConnect with AP SSO on redundant controllers in a data center, minimizing downtime.There are some caveats though.
    http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-product-00.html

  • WLC 5508 issue with 4 ports in portchannel

    Hi,
    We have one WLC 5508 and LAG is enabled on it but when we connect 4 cables to a distribution switch only 3 links are sending and receiving traffic and the 4th one is up with outgoing traffic from the distribution switch to WLC but nothing incoming.
    Some APs went down and refuse to be registered back to the WLC. when we shut down the 4th port everything is back to normal.
    the etherchannel config is identical and I can see all ports are active and not suspended :
    interface GigabitEthernet2/2/1
    description PortChannel-WLC1-Port1
     switchport
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 60-67,2808,2922,2923,2932
     switchport mode trunk
     channel-group 99 mode on
    interface GigabitEthernet2/2/2
    description PortChannel-WLC1-Port2
     switchport
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 60-67,2808,2922,2923,2932
     switchport mode trunk
     channel-group 99 mode on
    interface GigabitEthernet2/2/3
    description PortChannel-WLC1-Port3
     switchport
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 60-67,2808,2922,2923,2932
     switchport mode trunk
     channel-group 99 mode on
    interface GigabitEthernet2/2/4
    description PortChannel-WLC1-Port4
     switchport
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 60-67,2808,2922,2923,2932
     switchport mode trunk
     channel-group 99 mode on

    sh etherchannel 99 sum
    Flags:  D - down        P - bundled in port-channel
            I - stand-alone s - suspended
            H - Hot-standby (LACP only)
            R - Layer3      S - Layer2
            U - in use      N - not in use, no aggregation
            f - failed to allocate aggregator
            M - not in use, no aggregation due to minimum links not met
            m - not in use, port not aggregated due to minimum links not met
            u - unsuitable for bundling
            d - default port
            w - waiting to be aggregated
    Number of channel-groups in use: 38
    Number of aggregators:           38
    Group  Port-channel  Protocol    Ports
    ------+-------------+-----------+-----------------------------------------------
    99     Po99(SU)         -        Gi2/2/1(P)     Gi2/2/2(P)     Gi2/2/3(D)     
                                     Gi2/2/4(P)     
    Last applied Hash Distribution Algorithm: Fixed
    Gi2/2/3 is down becasue we had to shut down the interface because when it is up many APs refuse to register.

  • WLC 5508 disable wlan client still connected

    I have one wlc 5508 running on latest IOS 7.116, there is one wlan abc which i have disable status and disable broadcast, but randomly still i can see from wlc dashboard there is one client connected to this wlan abc. The moment i check on the client details, there is no client connected to that wlan and when return to dashboard, no more client connected to that wlan abc. This happened in randomly, it is bug or something else?

    I would guess that the client entry also indicates "probing" as status. It means that the client is not connected. It is actually probing, so it"s looking for that SSID that it probably associated to in the past (so it remembers about it)

  • Cisco CAP 3702I not registered with WLC 5508.

    I Have  WLC 5508 in my network. Now i need to add another 2 no of cisco CAP 3702I in to my network. But we got the following errors
    *Mar  1 01:27:06.359: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
    ing version 7.3.101.0 is rejected.
    *Mar  1 01:27:06.359: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
    *Mar  1 01:27:06.359: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
    essage type 2 state 2.
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 01:27:25.359: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
    LER
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
    ing version 7.3.101.0 is rejected.
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
    essage type 2 state 2.
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
    e from controller
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap p
    acket from 10.56.200.201
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
    ing version 7.3.101.0 is rejected.
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
    essage type 2 state 2.
    *Mar  1 01:27:06.359: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
    ing version 7.3.101.0 is rejected.
    *Mar  1 01:27:06.359: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
    *Mar  1 01:27:06.359: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
    essage type 2 state 2.
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 01:27:25.359: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
    LER
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
    ing version 7.3.101.0 is rejected.
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
    essage type 2 state 2.
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
    e from controller
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap p
    acket from 10.56.200.201
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
    ing version 7.3.101.0 is rejected.
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
    *Mar  1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
    essage type 2 state 2.

    Your WLC seems to be running version 7.3 which is not supported with 37xx AP platform.
    You need to run WLC with version 7.6.100.0 onwards to support these new AP's.
    For more details check the Wireless Software Compatibility Matrix.
    -Thanks
    Vinod
    **Encourage Contributors. RATE Them.**

  • WLC 5508 management interface

    Hi, I have a particular wireless design that requires one WLC 5508 to be connected to two seperate swithces. Port 1 of WLC is connected trunk to Switch A and Port 2 of WLC is connected to Switch B. Each switch has its own local VLANS. When I connect 1130s LAPs they need to find the management interface initially and then use only AP management interfaces. since there is only one management interface, if I assign management interface on a vlan that is configured on switch A then APs on switch A join fine but those on switch B keep asking for management interface and from capwap debug on WLC it says that join request was received on wrong ineterface ....
    the only work around to this was to make routing between switch A and switch B for the two vlans on which APs reside... but for security purposes - client would like to avoid this
    any help much appreciated ..

    Hi thanks for your reply,
    Yes I agree perfectly with your explanation - On both switches I have UDP forward for 5246 and 5247 and everything works fine.
    You understood exactly what's happening for initial discovery the Guest AP asks for managemnt interface through WLC port 2 but managerment IP is on admin side WLC port 1 and then it drops packet saying that it was received on the wrong port. In fact that is why I put an ACL between the Admin switch and guest switch taht allows only 5426 capwap control - just to allow that initial discovery from guest AP to contact Management interface which can only be assigned to one port and in my case it is on the admin switch side. And that is why I had to make a route between the two independent switches.
    My question is to know if there is any other way with my given design to eliminate this initial discovery to the management inetrface, as my client would like the admin and guest switches to be completely seperated i.e. without the routing. Is there any way that the guest APs can make contact with the AP management interface on their side only skipping the discovery of the management interface ? the guest APs were primed on the admin side so they know the IP. After the initial discovery, if I remove the routing between admin and guest switch, guest APs keep their connectivity without any problems.

  • Two WLC 5508 Anchor High Availability

    Hello.
    It's possible use 2 WLC 5508 en ANCHOR MODE in a Active-Active scenario?.
    For example, if one WLC get down of service, the other one keep provide service to the anchor clients?.
    In this moment we have just one WLC 5508 in Anchor Mode. What i need to configure a ANCHOR high Availability.
    Thanks A lot!!!

    This is confusing to me:
    If we install a second Anchor WLC, what you recommend about the DHCP server in a failover event, because this second ANCHOR WLC will have the same configuration of the firts anchor wlc.
    What do you mean the two will have the same configuration?  The hostname and ip should be different.... or are you just stating that the WLAN and DHCP will be the same?  I don't want to tell you something and break your environment, so just trying to clear things up.
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Can anybody tell me how to connect aironet 1400 to wlc 5508 ??

    I try to deploy cisco wlc 5508 to wireless network that based on cisco aironet bridge 1400 seirese , but it dose not work !
    when i read the data sheet of the wlc 5508 i found that it is not support that type of bridges , is there anyway to connect aironet 1400 to wlc 5505 ?
    thanx 

    Duplicate posts. :P
    Go here: https://supportforums.cisco.com/discussion/12136581/can-anybody-tell-me-how-connect-aironet-1400-wlc-5508

Maybe you are looking for

  • Linux memory usage

    Hey all, I have a 1.6 GHz desktop running w/ 128mb of memory and a Core2Dou laptop w/ 1gb of memory.  Both machines are running Archlinux and Fluxbox.  At boot, both machine are using roughly the same amount of memory, around 26-30 mb but as soon as

  • String representation for a JCO.Structure

    Hello, I need to convert a JCO.Structure into a "SAP-understandable" String because the RFC-Function used for communication accepts only Strings as values. Is there a way to achieve this in a generic way? Thx. Torsten

  • Windows7 Office 2007 and Acrobar 10 is supported in what version?

    Hi,     The company that I work want to know if our SAP installation environment ERP and BW release and support packages support the following apps: Windows 7 Office 2007 Acrobat 10 This are our release and SP versions: ERP -> 5.0 SP: Component     S

  • Invoking secure proxy from service callout or route actions in OSB

    Secure proxy is the one which uses WS-Security Username token for authentication before request is processed. Is there any way we can call secure proxy from non-secure proxy. While calling secure-proxy (during service callout or route), I assume head

  • JAXB compiling errors

    I have a problem during the compiling of a schema. It returns the following errors: parsing a schema... [WARNING] src-import.0: Failed to read imported schema document 'xlink.xsd'. line 29 of graphml-structure.xsd [ERROR] src-resolve: Cannot resolve