OOB Management of Cisco 2504

Hello,
I am wondering if this is possible, and how to execute. 
We have a separate physical network for guest wireless access that we will be using a cisco 2504 controller and AP's. I wanted to manage the WLC from the corporate network, and wanted to have a management interface on our DMZ to allow 443 management from inside our corporate network.
I tried making the built in management interface on our corporate DMZ network, and another interface for the Guest Network, but I am unsuccessful:
Management port 1: 192.168.x.x
Dynamic interface port 2: 10.5.x.x
Once I enable Dynmaic AP management on the Guest network, I cant ping any devices on that network.
I also tried making a VLAN for the management network and another vlan for the Guest network and mapping them to the single built in management port, but I have been unsuccessful in that.

Hi,
ip http server
ip http authentication local
ip http secure-server
username cisco password cisco.
HTH,
Bjornarsb

Similar Messages

  • Wi-Fi Installation in large property W/Cisco 2504

    Hi,
    I have an interesting job where i am having to fit a wifi network through a large property. I was advised to use the Cisco 2504 WLC and 9 x Cisco AIR-AP1142N access points.
    I know that out of the box the AP's (in standalone versions) have the GUI enabled.
    Not being completley up with CLI etc, is the WLC GUI enabled straight out of the box? if not, is it complicated to get it up and running? I'm pretty good at learning/understanding these things just as long as i have a rough idea of what to do!
    Thanks in advance,
    Josh                  

    Thats great, Thanks steve.
    I have the Controller (although AP's are still on order - out of stock ) but i have one final question before i start to set it up!
    I'm looking at this guide: http://www.cisco.com/en/US/docs/wireless/controller/2500/quick/guide/ctr2504_q_s.html#wp34023 and it talks about Management interface. I presume the management IP address would be the fixed ip of the controller if you like.
    So if i had a network with a DHCP server. The Router/Server was 192.168.2.1 and the DHCP range started from .10, i could set this to be 192.168.2.2 with the router of the management interface to be .2.1. I then could set the VLAN id to be 0 as i don't need a seperate managment lan (it's only for a house afterall, and if i lock it down with passwords it should be fine).
    With the Management Port, i presume that can be the port that connects into the main PoE Switch, similalry the Management DHCP server would be 192.168.2.1?
    Virtual Gateway IP address i guess is irelevant as there will be no mobility group?
    And DHCP bridging, like on any other wifi system/AP would be 'No' as the Router will be dealing with all DHCP requests?
    Thanks again for your fantastic help so far!
    Josh

  • Help required to implement Cisco 2504 WLC and 1042 Access Points

    Hi,
    My name is Vidya Sagar. I am new to Wireless technology. We are planning to implement Wireless in our office. I have given the requirements below. Kindly go through the details and let me know how to start.
    We have purchased Cisco 2504 Wireless Controller (One) and Ciscon 1042 Access Points (Five). At present I am going to use 3 access points only.
    I have attached a simple diagram of our office network. We have more than 30 VLANs configured in Core Switch, we are planning to give wifi access to only 3 VLANs.
    1. VLAN 121 ( IP Segment - 10.52.121.0 /24)
    2. VLAN 116 ( IP Segment - 10.52.116.0 /24)
    3. VLAN 100 ( IP Segment - 192.168.100.0 /24) (Guest)
    Please give me a implementation plan to do this. I would like to use LDAP or ACS for authentication purpose.
    Regards,
    Vidya Sagar

    Lets just do this simple first before you start using ACS as that will require a certificate installed on the ACS for using PEAP.
    So first off, the WLC we will say is in vlan 10. When you are going through the startup wizard, make sure you define the vlan tag to 10 on the management interface. Make sure your virtual interface is an IP address that is not routed in your network, like an out of band IP.
    Make sure the WLC time is correct or use NTP!!!!
    Now you should be able to http or https to the WLC. I would upgrade the code to v7.4 and install the FUS image. Please reference this link for the upgrade procedure. You don't have to upgrade now... I would wait till you get everything working first.
    http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
    Now I would connect the APs on the same vlan as the WLC for now. Make sure there is dhcp on that subnet. Once the APs have joined, then you can move them to any subnet you want. Since you don't have many APs it would be okay to leave them in the same vlan as the WLC management or out them on any other vlan you choose. The APs will be connected to an access port NOT a trunk port!!!!
    The WLC will need to be connected on a dot1q trunk port only allowing vlans 10,100,116,121. The 2504 running v7.4 will support LAG (etherchannel). Any ways, your switch port should look like this for example only
    Interface gigabit1/0/1
    description WLC2504
    switch port trunk encapsulation dot1q
    switchoort mode trunk
    switch trunk allowed vlans 10,100,116,121
    spanning-tree portfast trunk
    channel-mode group 10 mode on << only for v7.4 if you use lag
    Don't connect all four ports right now, just port one!!!!
    Your Guest vlan, you will need to create an ACL to block traffic from accessing the internal network. You might want to allow dhcp and DNS bit I would leave it open first until you can verify everything is working.
    Now on the WLC you need to create a dynamic interface for vlan 100, 116, and 121. If you click on the Controller tab in the GUI and click on interfaces on the left hand side, that will take you to where you can add/delete/modify your interfaces. When creating these interfaces, make sure you add the dhcp server IP address for the primary and or backup.
    Now that you have your dynamic interfaces created, its time I create your SSID. Now click on the WLAN tab on the GUI and click on WLAN and then on the too right select Create New and then click go. Select WLAN on the drop down menu and then for the profile name I would use the SSID name also for simplicity.lean e the WLAN id to 1 for this and 2 for the next and so on. After defining these and clicking Apply you can now define your SSID. On the General tab, enable the status and leave the radio policy to all for now, you can decide later what you want to use. Choose your interface you wan to place this SSID on and enable Broadcast SSID for now and leave everything else alone. Now click on the Security tab and on the layer 2 Security, leave it at WPA + WPA2, only check WPA2 Policy and for WPA2 encryption choose AES only. Now go to the bottom of that screen and choose PSk. We will do pre shared key for now so you get to understand the setup and make sure everything is working first. Now on the PSK format, choose ASCII and put your pre shared key in the input box. Make this simple to for testing. You don't want to put in symbols or anything like that. When you are don with that, check apply on the top right and test.
    Now you can repeat this with your other SSIDs just to test. Your guest network you can leave open for now to test open authentication.
    Here are some links for the WebAuth feature:
    https://supportforums.cisco.com/docs/DOC-13954
    http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b1a506.shtml
    Now if you want to use ACS with PEAP, here is some links for that:
    https://supportforums.cisco.com/videos/2499
    http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bd1100.shtml
    https://www.google.com/url?sa=t&source=web&cd=8&ved=0CFQQtwIwBw&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWk_bRdmsQlA&ei=_BEyUeCYM8TdqAHHsICAAw&usg=AFQjCNF8PiVBQK1Kipb4j8AzD153bKtmgA&sig2=smHhNVmCr2of2NzbnDhGmw
    Well that is it, hopefully you can get the wireless up for testing and verifying everything works!
    Sent from Cisco Technical Support iPhone App

  • 100% Noob - Need Help for basic setup of Cisco 2504 and 1600 AP

    Hello,
    I am completely noob in (cisco) networking.
    I have to setup a basic but secure wireless network.
    I have a cisco 2504 and 2 APs 1600 + a random switch
    I have 4 ports on the controller.
    I want to keep the 1st port on the network for the controller management, plug my internet box on the 3rd port, and my switch on the 4th port. Then the AP will be on the switch.
    I am able to make something working when everythings are plugged on the switch, plugged in the first port (default management port).But this is not what I want.
    First thing, Is that possible ?
    1st port : office network
    2nd port : empty
    3rd port : Internet Box
    4th port : Switch + all APs
    Then, if that is possible, how should i configure the controller to make that work ? I am completely lost in the menus.
    I dont need a perfect configuration, just something simple and working.
    1 SSID, 10 DHCP addresses, block wireless users trying  to go on the office network.
    If anyone could help my doing that, It would be very nice.
    Thank you.

    You basically need two SSIDs one for corporate users and second for guests .check the link with  step by step config and brief details .
    http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html

  • Cisco 2504 Local radius configuration, is their any ways for backing up the user db? In case the WLC dies

    Cisco 2504 Local radius configuration, is their any ways for backing up the user db?  In case the WLC dies

    Please find the guide to keep the backup:-
    http://www.cisco.com/en/US/partner/docs/wireless/controller/7.0/configuration/guide/c70mfw.html#wp1063850

  • Cisco-2504 restart itself

    hello,
    I use a Cisco-2504 wireless controller since few month, with six AP.
    I encounter none problem.
    but last week en today the controller resrat itself, so all my user are disconnect during six minutes (restart times) after all is OK.
    I don't understand what's happen.
    have you idea ? 
    Cisco-2504 Software Version 7.6.120.0
    log : in attach files.

    v7.6.130.0 is the code you should be on. Also make sure you upload the latest FUS 1.9.0.0 which takes 35-45 minutes to complete.  The log doesn't show much except for an internal error but that's its. 
    -Scott

  • Cisco 2504 Configuration

    Hello,
    I have a cisco 2504 controller with 10 AP's. I have 3 WLANs. I would like to have one WLAN only broadcast to 2 of my 10 AP's? Is this possible? If so how would I configure the WLan?

    so i followed the configuration sheet that was listed in the article below
    http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_wlan.html#wp1128591
    Underneath the
    Creating Access Point Groups
    i followed it and made the modifications. But i am still able to see the one WLAN under all AP's?

  • Cisco 2504 WCL and 1702i

    I have just purchase a Cisco 2504 along with two 2702i and one 1702i.
    The WLC works fine with both 2702i.
    Unfortunately, it won't locate the 1702i.
    I have just see that the problem could be that the 2504 is running software 7.6.120.0 and that I should upgrade.
    Unfortunately, I don't have a service agreement with Cisco and therefore can't!
    Am I the only one who thinks it unreasonable that you can purchase new products that are advertised to work together to then be told that your five day old WLC doesn't come with the latest firmware and that I only have RMA support and can't download the latest software?
    Regards
    Daniel

    Hi Scott
    Thankfully, TAC took pity on me and sent me the latest firmware.
    That has now fixed the problem and the 1702i is working fine with the 2504 WLC.
    I shall look into the cost of a service agreement for future problems.
    Regards
    Daniel

  • Power adapter for cisco 2504 WLC

    Hi all ,
    Is there any other part numbers for cisco 2504 WLC power adpater other than
    PWR-2504-AC= ?
    Thanks,
    Regards,
    Vijay.

    No "PWR-2504-AC=" is the only power adapter option for 2504.
    Please check the datasheet:-
    http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html

  • Cisco 2504 Management Via Wireless

    I have a 2504 connected via a 2960S switch to an ASA5505.
    Wireless is working well - wireless clients get their IP addresses from the 2504 and wired clients from the ASA (different ranges from the same subnet).
    One issue though is I cannot access the web interface of the 2504 when connected to wireless, only wired.  Everything else is accessible on wireless and I can ping the management address of the 2504 but the page fails to load in a browser.
    I've had a look for an obvious setting but can't see one - am I missing something.
    Thanks

    HI,
    First you must enable the management over wireless:
    Via GUI:
    Management > Mgmt Via Wireless page and check the Enable Controller Management to be accessible from Wireless Clients check box.
    Via CLI:
    config network mgmt-via-wireless enable
    Regards
    Dont forget to rate helpful posts

  • Cisco 2504 controller, setting management wlan interface Vlan Identifier to anything but 0 loses management ability

    I have setting the Management Interface Vlan Identifier to 0 or untagged.
    If i change this to a vlan, I am unable to manage the device, is this correct?
    Steve

    If u make it untagged then specify the NATIVE vlan on the switchport..
    If u tag the management interface, then dont configure the native vlan on the switchport..
    Both the cases u will be able to access!!
    Lemme know if this answered ur question!!
    Regards
    Surendra

  • Cisco 2504 OEAP NAT directly connect AP's no ip

    I setup my 2504 to work with OEAP.  When I enabled NAT on the management interface the one AP I have directly connected to the WLC is no longer getting an IP address.  Any idea why this is?

    First, it is not recommended to have an AP directly connected to the WLC, you really need to connect it to an upstream switch and let it connect that way.
    My first thought would be that you need to take a look a the below link that talk about how the NAT ip commands work.
    http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/command/reference/cli70MR1commands.html#wp14087790
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • Log management in controler 2504

    HI
    One of my end customer is looking log report where as he can come to know how many user is connected to a particular SSID and what application is being used on the particular SSID. Does WLC 2504 support log information management or does the customer needs to go for Log server.
    Regards
    Jetendra

    Cisco 2504 WLC can provide summary information (live - past 120 seconds).
    Please refer the attachment.
    For historical information, you can use Cisco Prime Infrastructure
    http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-infrastructure/index.html
    Hope that answers your question.

  • Embeded Event Manager on cisco 3560 switch

    Can someone help me please? I have EEM configured on cisco 3560 switch. The configuration is below. I want that switch inform me through email when device with particilular IP address become unavailable. For some reason this configuration is not good and I can't tell why. I already try to debug this with debug event manager action mail but didn't see any output .
    ip sla 11
    icmp-echo ip address
    frequency 20
    ip sla schedule 11 life forever start-time now
    event manager applet device-TEST
    event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.11 get-type exact entry-op lt entry-val "2" poll-interval 20
    trigger occurs 5 period 120
    action 02.0 mail server "ip address" to "[email protected]" from "[email protected]" subject "device is down"

    The mail part looks good, I'm not sure you are hitting the trigger right.
    Why not do a track on the ip sla instead of the snmp stuff?
    Here's a good example of that.
    https://learningnetwork.cisco.com/blogs/network-sheriff/2009/06/19/writing-your-first-eem-applet

  • Cisco 2504 as Anchor not passing TCP 8443

    Hello,
    I have a very strange scenario with 2504 WLC. It is deployed as an Anchor with 5508 as the foreign. In summary, my set up is as follows:
    2504 - Anchor (version 7.6.120), Port 1- MGT, Port 2 - Guest subnet, No AAA Server, Internal DHCP server
    5508 - Foreign (version 7.6.101.1, Guest interface (dummy, non-routable and no vlan on switch), MAC filtering, ACL-redirect, AAA with Radius NAC.
    The mobility tunnels are up and FW rule also allows DNS and TCP/8443 from the guest subnet. The guest client receives its DHCP address and queries external DNS on the DMZ, but after that nothing happens. The web redirect URL times out.
    I can see hits on the FW ACL for the DNS query and response but none for TCP/8443. The client browser times out. From wireshark, I can see the client query the DNS for the ISE hostname and the DNS replies with the IP address, but I don't see the guest send a packet to ISE. It's as if the DNS packet flows through the Guest interface, but the TCP/8443 packet doesn't flow out of the Anchor WLC to the Foreign to be sent to ISE.
    Please does anyone understand this very strange occurrence.

    After contacting Cisco TAC without a successful resolution, I discovered that Policy Set was the problem. This was very strange as the Policy set was evaluated and the correct Authz policy applied. 
    I had a policy set with Radius conditions equal 802.11 AND Wireless_MAB. This was to separate it from another policy set for 802.1X. The Wireless_MAB policy set was evaluated and the web redirect ACL was applied by ISE, but after that ISE didn't respond with the Guest Portal page. 
    As soon as I removed the condition Wireless_MAB from the policy set  definition, the Guest portal worked.
    I think Cisco should either evaluate the Policy set functionality and fix it or release a statement that Policy set can't work with 2 conditions defined, which I think doesn't make sense as why would I use Policy set for Radius Nas_Port_type 802.11. This means the 802.1X Policy set would be checked first (if it is first in the order) before the Wireless_MAB Policy as both use NAS_port_type of 802.11.

Maybe you are looking for

  • Error while generating excel report on citrix Metaframe

    Hi All, I have developed a form which generates excel on client server. At my work people are using citrix metaframe and when i try to open the same form on the citrix the host command does not work. Can any one help me with this issue. currently the

  • Is this possible???? (About Image alt attribute)

    I have been assigned a wierd task for my project. We have alt attributes in the image tag which seems to be throwing up some issues with our clients. For the same reason, I have to remove alt attribute from all the image tags. The client wants someth

  • MSI GE70 2OE-029 HDD rpm?

    Hi! Since Slovakia nor Czech Republic doesn't have their own forums or contact mail/phone number directly to MSI, I've decided to ask you people! I am thinking of buying MSI GE70 2OE-029. I want to make sure that everything (what is listed to have -

  • Query alternative item

    Hi all. Can you please help me with a query. I would very much like to show some information for the alternative items of an item. Let's say I have 3 alternative items for item A. For these items I would very much like to list item code (original ite

  • Document attribute ticked on InfoObject which is nav attribute

    Hi SDN Community, We have recently enhanced a query, by removing a natural characteristic Cost Centre Category ZCOBCAT that exists in an infocube, and replaced this with a characteristic which is a navigational attribute - CC Func Code ZCCFUNCCD. eg.