PRIMARY SECONDARY TERTIARY WLC 5508 6.0.196
Hi,
i have a problem on the high disponibility. In fact my LAP 1242 connect the cisco-capwap-controller.localdomain for the first time but after it don't respect my primary registred on HIGH DISPONIBILITY.
Do you have an idea?
Thanks.
Hi, you need to make sure that the primary WLC that you have configured on the AP is in fact replying to the discovery request
of the AP.
If the AP receives a discovery request from the WLC that is configured as a Primary then it will join it.
Some of the reasons for the AP no to join the primary are:
1- Wrong WLC name on the AP configuration
2- WLC doesn't reply to the discovery request of the AP
3- WLC is already full
4- AP is not getting authorized on the WLC and Authorization have been enabled for the APs on the WLC.
5- ....
Hope this helps
Serge
Similar Messages
-
Difference between N+1 HA model and traditional secondary/Tertiary Cisco 5508 Model.
Hi Team
we are going to implement N+1 HA cisco WLC high availability for that we have procured one WLC 5508.
However i am not able to find out difference between N+1 and secondary WLC configured under each AP in wireless tab ?
As per my understanding both are giving the same functionality. Can you please highlight any difference ?
Thanks....Hi Scott
Thanks a lot for the information .This is very useful.However i need one small clarification..
There are three redundancy model..
1+1 where you need one WLC acts HA SKU
N+1 Where one WLC is backup for all N WLC
Third and last one is , where we mention the secondary and tertiary WLC under wireless tab.
So i want to know the difference between second and third option.
Thanks -
CAPWAP Primary/Secondary/Tertiary Question
After going to the High Availability Tab in the WLC GUI and setting the primary, secondary, and tertiary, how do you see that in the CLI in the AP?
I tried using show capwap ip config, it doesn't show any entries at all?
And also, is there a command to do that in the CLI in the AP? to set the primary, secondary, and tertiary?
Thank you."ou need to run th config ap... from a WLC. You have autonomous AP's so you need to convert them to LWAPP and you also need a WLC to do this."
It's been converted to LWAPP, but haven't joined a WLC yet.
What I wanted to do was configure a primary, secondary before joining it to a WLC.
Because what I would of done is first have it join a controller, then go into the GUI and change the HA (High Availablilty) and add the primary/secondary controllers.
Thought if I could skip the first step and try to configure it from the AP. -
3600 AP keeps bouncing between Primary & Secondary 5760 WLC
Hello All,
I am not sure if it was a good idea to change the controllers from software based to IOS based :(..... Anyway this is the first time I am working on the IOS based controllers and have been going through very unusual thing. I have a 3600 AP and a couple of 2600 AP, I am just at the start of the configuration for a new deployment. Even though I have many concerns but I will start with the one which is bothering me the most, which is the APs keep jumping from a primary controller to the secondary controller. I have attached the sh run, sh logging, and the sh version for a 3600 AP and the two controllers. All I can understand from the logs is that the capwap interface keeps going down which causes the AP to fall back to the other controller, I have also tried turning off the AP FALLBACK feature, still no luck.
Addiditional Confusions,
Does any one know as how to setup HA in these controllers, as I do not see any HA or RP (Port) on these controllers neither there is any stacking module on the controllers. Would it be the old way of doing it, which was defining Primary and Secondary Controllers on the APs, if yes than I should receive two different licenses for the Controllers. But these are my devices Part numbers:
Primary: AIR-CT5760-500-K9
Secondary: AIR-CT5760-HA-K9
for now I have enabled the evaluation license on both the devices. I hope that does not make any difference.Hi,
I have been doing some of my own trouble shooting and found out that as soon as I create a layer 3 interface on the controller so as to map it to any SSID, all of my APs start to jump on to the secondary controller and since there is a primary and secondary controller configuration on each AP they tend to come back but than soon after they jump back to the secondary....... As soon as I delete the additional layer 3 interfaces, apart from the wireless management, I get all the APs back to normal register to the controller without a glitch, I am pasting the logs being received for the APs behaviour. I have marked the logs in between with Asterics to indicate when I cleared the layer 3 interfaces and from there onwards all the APs started coming up again
Mar 12 15:09:58.624: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 4 times.!]
Mar 12 15:09:58.624: *%CAPWAP-3-ECHO_ERR: 1 wcm: Did not receive heartbeat reply; AP: 1c1d.86ee.7b40
Mar 12 15:10:03.427: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:10:05.373: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap13, changed state to down
Mar 12 15:10:08.539: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 7 times/sec!.]
Mar 12 15:10:11.657: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:10:11.657: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:10:11.660: %LINK-3-UPDOWN: Interface Capwap30, changed state to up
Mar 12 15:10:12.703: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap30, changed state to up
Mar 12 15:10:13.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap16, changed state to down
Mar 12 15:10:13.678: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap28, changed state to down
Mar 12 15:10:15.840: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:10:15.840: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:10:18.070: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap11, changed state to down
Mar 12 15:10:18.268: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap20, changed state to down
Mar 12 15:10:20.695: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 4 times/sec!.]
Mar 12 15:10:25.608: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap14, changed state to down
Mar 12 15:10:32.273: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times/sec!.]
Mar 12 15:10:35.526: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap24, changed state to down
Mar 12 15:10:47.032: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap29, changed state to down
Mar 12 15:10:50.913: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 2 times/sec!.]
Mar 12 15:10:58.725: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:10:58.726: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:10:58.726: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:10:58.726: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:11:00.521: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap30, changed state to down
Mar 12 15:11:08.450: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:11:08.450: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:11:08.921: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Join Request) and state (CAPWAP Join Response) combination
Mar 12 15:11:09.318: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP f0:29:29:92:c7:f0
Mar 12 15:11:09.319: %LINK-3-UPDOWN: Interface Capwap15, changed state to up
Mar 12 15:11:10.319: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap15, changed state to up
Mar 12 15:11:13.413: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap27, changed state to down
Mar 12 15:11:14.095: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP f0:29:29:92:c7:f0
Mar 12 15:11:14.095: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:c0:a0
Mar 12 15:11:14.098: %LINK-3-UPDOWN: Interface Capwap23, changed state to up
Mar 12 15:11:15.098: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap23, changed state to up
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:11:56.713: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:c0:a0
Mar 12 15:11:56.713: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:12:06.178: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap23, changed state to down
Mar 12 15:12:06.899: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 5 times/sec!.]
Mar 12 15:12:10.411: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:12:10.411: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:ca:60
Mar 12 15:12:10.413: %LINK-3-UPDOWN: Interface Capwap1, changed state to up
Mar 12 15:12:11.266: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:ca:60
Mar 12 15:12:11.266: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 1c:1d:86:ee:7b:40
Mar 12 15:12:11.267: %LINK-3-UPDOWN: Interface Capwap3, changed state to up
Mar 12 15:12:11.413: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap1, changed state to up
Mar 12 15:12:12.267: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap3, changed state to up
Mar 12 15:12:16.889: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap4, changed state to down
Mar 12 15:12:30.365: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 1c:1d:86:ee:7b:40
Mar 12 15:12:30.365: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e6:10
Mar 12 15:12:30.366: %LINK-3-UPDOWN: Interface Capwap22, changed state to up
Mar 12 15:12:31.366: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap22, changed state to up
Mar 12 15:12:33.942: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e6:10
Mar 12 15:12:33.942: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:12:48.627: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap1, changed state to down
Mar 12 15:12:51.385: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 4 times/sec!.]
Mar 12 15:13:06.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap15, changed state to down
Mar 12 15:13:09.053: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:13:09.053: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
VIP_G_M_Core1(config-if)#
Mar 12 15:13:12.177: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:13:16.687: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 2 times.!]
Mar 12 15:13:16.687: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:13:16.688: %LINK-3-UPDOWN: Interface Capwap31, changed state to up
Mar 12 15:13:17.689: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap31, changed state to up
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:13:20.998: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:13:20.998: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1d:c0
Mar 12 15:13:21.001: %LINK-3-UPDOWN: Interface Capwap21, changed state to up
VIP_G_M_Core1(config-if)#
Mar 12 15:13:22.001: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap21, changed state to up
VIP_G_M_Core1(config-if)#
Mar 12 15:13:23.935: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap22, changed state to down
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:13:40.943: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1d:c0
Mar 12 15:13:40.943: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:13:41.815: %DOT1X-5-FAIL: Authentication failed for client (c0f8.da9f.8227) on Interface Ca21 AuditSessionID 0a06906e53207995000001b8
Mar 12 15:13:41.815: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (c0f8.da9f.8227) on Interface Ca21 AuditSessionID 0a06906e53207995000001b8
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:13:44.342: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:13:44.342: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:13:44.344: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:13:54.081: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 2 times.!]
Mar 12 15:13:54.081: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:13:55.673: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap31, changed state to down
Mar 12 15:13:57.761: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:13:57.761: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cd:01:f0
Mar 12 15:13:57.763: %LINK-3-UPDOWN: Interface Capwap6, changed state to up
Mar 12 15:13:58.642: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cd:01:f0
Mar 12 15:13:58.642: *%CAPWAP-3-ECHO_ERR: 1 wcm: Did not receive heartbeat reply; AP: 1c1d.86ee.7b40
Mar 12 15:13:58.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap6, changed state to up
Mar 12 15:13:59.044: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap18, changed state to down
Mar 12 15:13:59.512: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:14:07.361: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 2 times.!]
Mar 12 15:14:07.361: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:6f:80
Mar 12 15:14:07.362: %LINK-3-UPDOWN: Interface Capwap2, changed state to up
Mar 12 15:14:08.111: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:6f:80
Mar 12 15:14:08.111: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:2d:60
Mar 12 15:14:08.115: %LINK-3-UPDOWN: Interface Capwap8, changed state to up
Mar 12 15:14:08.363: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap2, changed state to up
Mar 12 15:14:08.964: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap21, changed state to down
Mar 12 15:14:09.114: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap8, changed state to up
Mar 12 15:14:13.525: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap3, changed state to down
Mar 12 15:14:16.013: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.6.5.132:1812,1813 is not responding.
Mar 12 15:14:16.013: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.6.5.132:1812,1813 is being marked alive.
THIS IS WHERE I DELETED THE LAYER 3 INTERFACES ON THE WLC
Mar 12 15:14:24.129: %DOT1X-5-FAIL: Authentication failed for client (c0f8.da9f.8227) on Interface Ca6 AuditSessionID 0a06906e532079bf000001b9
Mar 12 15:14:24.129: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (c0f8.da9f.8227) on Interface Ca6 AuditSessionID 0a06906e532079bf000001b9
Mar 12 15:14:42.537: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:2d:60
Mar 12 15:14:42.537: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:4d:80:10
Mar 12 15:14:42.539: %LINK-3-UPDOWN: Interface Capwap17, changed state to up
Mar 12 15:14:43.539: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap17, changed state to up
Mar 12 15:14:46.456: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:4d:80:10
Mar 12 15:14:46.456: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:22:a0
Mar 12 15:14:46.458: %LINK-3-UPDOWN: Interface Capwap5, changed state to up
Mar 12 15:14:47.459: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap5, changed state to up
Mar 12 15:14:52.018: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:22:a0
Mar 12 15:14:52.018: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:bc:d0
Mar 12 15:14:52.021: %LINK-3-UPDOWN: Interface Capwap0, changed state to up
Mar 12 15:14:53.021: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap0, changed state to up
Mar 12 15:14:58.080: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:bc:d0
Mar 12 15:14:58.080: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 7c:95:f3:54:0d:d0
Mar 12 15:14:58.083: %LINK-3-UPDOWN: Interface Capwap9, changed state to up
Mar 12 15:14:59.082: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap9, changed state to up
Mar 12 15:14:59.727: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 7c:95:f3:54:0d:d0
Mar 12 15:14:59.727: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:ca:60
Mar 12 15:14:59.730: %LINK-3-UPDOWN: Interface Capwap10, changed state to up
Mar 12 15:15:00.730: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap10, changed state to up
Mar 12 15:15:04.498: %SW_MATM-4-WIRELESS_MAC_MOVE_NOTIF: Host 40f0.2f58.a172 moving from Port Te1/0/1 to Port Ca17 as wireless entry
Mar 12 15:15:05.916: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:ca:60
Mar 12 15:15:05.916: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 24:b6:57:5b:7d:90
Mar 12 15:15:05.918: %LINK-3-UPDOWN: Interface Capwap7, changed state to up
Mar 12 15:15:06.918: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap7, changed state to up
Mar 12 15:15:11.247: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 24:b6:57:5b:7d:90
Mar 12 15:15:11.247: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:de:b0
Mar 12 15:15:11.248: %LINK-3-UPDOWN: Interface Capwap19, changed state to up
Mar 12 15:15:12.249: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap19, changed state to up
Mar 12 15:15:17.150: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:de:b0
Mar 12 15:15:17.151: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP f0:29:29:92:c7:f0
Mar 12 15:15:17.152: %LINK-3-UPDOWN: Interface Capwap26, changed state to up
Mar 12 15:15:18.152: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap26, changed state to up
Mar 12 15:15:19.211: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP f0:29:29:92:c7:f0
Mar 12 15:15:19.211: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:dd:60
Mar 12 15:15:19.212: %LINK-3-UPDOWN: Interface Capwap25, changed state to up
Mar 12 15:15:20.212: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap25, changed state to up
Mar 12 15:15:28.681: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:dd:60
Mar 12 15:15:28.681: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:ff:d0
Mar 12 15:15:28.684: %LINK-3-UPDOWN: Interface Capwap12, changed state to up
Mar 12 15:15:29.684: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap12, changed state to up
Mar 12 15:15:30.285: %SW_MATM-4-WIRELESS_MAC_MOVE_NOTIF: Host 286a.bae3.de95 moving from Port Te1/0/1 to Port Ca7 as wireless entry
Mar 12 15:15:31.078: %SW_MATM-4-WIRELESS_MAC_MOVE_NOTIF: Host e0b9.ba1e.02b4 moving from Port Te1/0/1 to Port Ca7 as wireless entry
Mar 12 15:15:34.781: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:ff:d0
Mar 12 15:15:34.781: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:a7:10
Mar 12 15:15:34.782: %LINK-3-UPDOWN: Interface Capwap13, changed state to up
Mar 12 15:15:35.783: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap13, changed state to up
Mar 12 15:15:37.962: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:a7:10
Mar 12 15:15:37.962: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e6:10
Mar 12 15:15:37.964: %LINK-3-UPDOWN: Interface Capwap16, changed state to up
Mar 12 15:15:38.965: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap16, changed state to up
Mar 12 15:15:40.401: %SW_MATM-4-WIRELESS_MAC_MOVE_NOTIF: Host e0b9.ba1e.4c97 moving from Port Te1/0/1 to Port Ca7 as wireless entry
Mar 12 15:15:44.895: %AUTHMGR-4-UNAUTH_MOVE: (slow) MAC address (40f0.2f58.a172) from Ca0 to Ca17
Mar 12 15:15:50.124: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e6:10
Mar 12 15:15:50.124: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:9b:20
Mar 12 15:15:50.127: %LINK-3-UPDOWN: Interface Capwap28, changed state to up
Mar 12 15:15:51.126: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap28, changed state to up
Mar 12 15:15:54.510: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:9b:20
Mar 12 15:15:54.510: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:a4:2f:00
Mar 12 15:15:54.512: %LINK-3-UPDOWN: Interface Capwap11, changed state to up
Mar 12 15:15:55.513: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap11, changed state to up
Mar 12 15:15:58.371: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:a4:2f:00
Mar 12 15:15:58.371: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:c9:10
Mar 12 15:15:58.374: %LINK-3-UPDOWN: Interface Capwap20, changed state to up
Mar 12 15:15:59.263: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:c9:10
Mar 12 15:15:59.263: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:ce:70
Mar 12 15:15:59.266: %LINK-3-UPDOWN: Interface Capwap14, changed state to up
Mar 12 15:15:59.373: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap20, changed state to up
Mar 12 15:16:00.265: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap14, changed state to up
Mar 12 15:16:02.655: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:ce:70
Mar 12 15:16:02.655: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e7:10
Mar 12 15:16:02.658: %LINK-3-UPDOWN: Interface Capwap24, changed state to up
Mar 12 15:16:02.877: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e7:10
Mar 12 15:16:02.877: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:4d:7f:a0
Mar 12 15:16:02.878: %LINK-3-UPDOWN: Interface Capwap29, changed state to up
Mar 12 15:16:03.659: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap24, changed state to up
Mar 12 15:16:03.879: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap29, changed state to up
Mar 12 15:16:07.595: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:4d:7f:a0
Mar 12 15:16:07.595: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:16:07.598: %LINK-3-UPDOWN: Interface Capwap30, changed state to up
Mar 12 15:16:08.597: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap30, changed state to up
Mar 12 15:16:10.146: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:16:10.147: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:d6:30
Mar 12 15:16:10.148: %LINK-3-UPDOWN: Interface Capwap27, changed state to up
Mar 12 15:16:10.821: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:d6:30
Mar 12 15:16:10.821: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 1c:1d:86:ee:7b:40
Mar 12 15:16:10.824: %LINK-3-UPDOWN: Interface Capwap23, changed state to up
Mar 12 15:16:11.148: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap27, changed state to up
Mar 12 15:16:11.824: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap23, changed state to up
Mar 12 15:16:16.727: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 1c:1d:86:ee:7b:40
Mar 12 15:16:16.727: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:62:e0
Mar 12 15:16:16.730: %LINK-3-UPDOWN: Interface Capwap4, changed state to up
Mar 12 15:16:17.729: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap4, changed state to up
Mar 12 15:16:21.617: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:62:e0
Mar 12 15:16:21.617: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:bf:50
Mar 12 15:16:21.618: %LINK-3-UPDOWN: Interface Capwap1, changed state to up
Mar 12 15:16:22.619: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap1, changed state to up
Mar 12 15:16:23.266: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:bf:50
Mar 12 15:16:23.266: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:c0:a0
Mar 12 15:16:23.268: %LINK-3-UPDOWN: Interface Capwap15, changed state to up
Mar 12 15:16:24.268: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap15, changed state to up
Mar 12 15:16:26.127: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:c0:a0
Mar 12 15:16:26.127: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1d:c0
Mar 12 15:16:26.128: %LINK-3-UPDOWN: Interface Capwap22, changed state to up
Mar 12 15:16:27.128: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap22, changed state to up
Mar 12 15:16:27.919: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1d:c0
Mar 12 15:16:27.920: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:a7:e0
Mar 12 15:16:27.921: %LINK-3-UPDOWN: Interface Capwap31, changed state to up
Mar 12 15:16:28.922: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap31, changed state to up
Mar 12 15:16:30.051: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:a7:e0
Mar 12 15:16:30.051: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:a4:29:00
Mar 12 15:16:30.053: %LINK-3-UPDOWN: Interface Capwap18, changed state to up
Mar 12 15:16:31.054: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap18, changed state to up
Mar 12 15:16:32.695: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:a4:29:00
Mar 12 15:16:32.695: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:67:40
Mar 12 15:16:32.697: %LINK-3-UPDOWN: Interface Capwap21, changed state to up
Mar 12 15:16:33.697: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap21, changed state to up
Mar 12 15:16:34.336: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:67:40
Mar 12 15:16:34.336: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:d0:20
Mar 12 15:16:34.339: %LINK-3-UPDOWN: Interface Capwap3, changed state to up
Mar 12 15:16:35.339: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap3, changed state to up -
Hi,
I don't undestand this document
http://www.cisco.com/c/en/us/td/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide/N1_HA_Overview.html
How can the third 5508 (suport max 500 AP) backup all other WLC ? n+1 how ?
With secondary wlc configured in HA-SKU (without AP SSO) the 500 licenze are permanent ?
who can explain me.. this is a document bug ??What they're describing is HA N+1, not HA 1:1 AP SSO. This option, which is "NON-AP-SSO", allows you to use an HA-SKU or > -50-k9 SKU coverted, to operate as a dedicated +1 WLC in HA. When using this configuration, this WLC allows the use of the "hardware maximum" of the device: Thus 500 APs for WLC 5508, or 1000APs for a WISM2 (as an example). Since this WLC can wait as a backup to multiple WLCs, that's why it's not capable of the AP SSO, which requires a 1:1 pairing of the HA WLC with an Active HA WLC.
When using the HA N+1 the WLC acts the same as the pre AP-SSO "HA" concept; where you had Primary, Secondary Tertiary configs on your APs (which you may still have). All it is saying is that the N+1 HA WLC can act as one of these Secondary/Tertiary WLCs, much like a WLC you had licenesed for 250 or 500 APs could do previously.
In the past you would use, lets say a 250 WLC AP as this backup WLC. Many people were frustrated that they had to have a $60,000 WLC just sitting there "waiting for something to fail". But that's what it did. If a WLC failed, lets say one with 100 APs, this backup WLC would take on the APs and use 100 of it's 250 AP license count. If additional WLCs failed, the process continued until this backup WLC was filled.
The idea of using the HA-SKU in an N+1 is that while yes, you don't get the 1:1 AP SSO configuration, you are getting more bang for your buck in that this WLC can sit as a backup (as it did in the past) but it can accept up to the maximum it's hardware can handle in terms of AP count, not only what it was permanently licensed for. Rather than spending $100,00 on a 500 AP count WLC to backup your 2x250 AP count WLCs, why not look at a $50,000 HA-SKU that can "handle" up to 500 APs.
So given this scenario, this WLC is "backuping up all other WLCs" for whom it is a Secondary/Tertiary WLC backup.
As far as the HA-SKU "licenese", it's not "permanent" per se. With an HA SKU in N+1 you have a 90 day timer which will then "nag you" (via console) that this HA WLC is not truly intended to permanently house these APs. The idea is that if the Primary WLC failed, you would get it back online and then move your APs back to where they belong and return the HA N+1 WLC back to 0 APs. -
SNMP TRAP ON Secondary WLC 5508
Hi I'm Louis,
I work on 2 WLC 5508 with version 7.4 and Prime Infrastructure 1.3
We have activate AP SSO to work with a primary and secondary controller.
We have added the controller to Prime infrastructure and activated SNMP.
We receive correctly the alarms on Prime.
But when we work on Primary WLC, and the secondary crash we haven't got information about that. No SNMP received.
That is normal ?
Thx for your reply
RegardsI find this, in Monitoring and Troubleshooting the Redundancy States
http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/user/guide/chgdevconfig.html
On my primary controller, in SNMP => Trap Log , I can see :
RF failure notification ErrorType: 34 Reason :Lost Peer, Moving to Active-No-Peer State! => When I unplug RP link
RF progress notification unitId: -1407319963 peerUnitId :14 unitState: -1407319863 peerUnitState :5
RF progress notification unitId: -1407319963 peerUnitId :14 unitState: -1407319863 peerUnitState :9 => When I plug the RP link.
So I can see the trap on my controller but there is nothing in Prime ... -
Cisco 5508 HA VS Primary/Secondary- Feedback
Anyone having issues with 5508 HA switching between the pair? Would you say that the Primary/secondary fail over is good enough?
Hi Leo, Scott
So I was doing a bit more reading on this http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/69639-wlc-failover.html it is an old document but working through it the document suggested that you didn't need to specify the IP address of the Primary or Secondary controller in the Wireless -> All AP -> AP_NAME -> High Availability. I removed this from one of the APs that was at the time serving no clients and tried to move it to the secondary and it worked. I then moved it back to the primary and it worked again.
Any reason why this would happen? The IP addresses I was using were 100% correct. The only difference I see for this controller as opposed to others we manage is the introduction of new interface types i.e. 'redundancy management' , 'redundancy port' ,etc. I do not have redundancy enabled so I'm guessing not, but having trawled through the configuration this is the only difference I can see? -
Primary, Secondary and Tertiary Pass
Dear OTN Members:
I am working on Locale builder utility for the development of URDU locale. As u all must have
been aware there are 4 options (language definition, territory definition, character set,linguistic sorting). I have configured the first two options (language definition, territory definition) working on third option(Character set) and will move on the linguistic sorting in just couple of hours.
I have to develop a multilingual locale in URDU. I checked GENERIC_M locale in Locale builder
and tried to understand its development technique But unable to grab anything from it.
I am workign on the option "UNICODE COLLATION SEQUENCE" present in Linguistic sorting. But in this
screen a tree has been made comprises of Primary, Secondary and Tertiary Pass.
Will any one have this idea that
1)
"How this tree of primary, secondary and tertiary pass be
made in any English"
2)
How this sort of tree can be configured in Arabic / Urdu language
Plz reply soon..
REgards
SAlman1)
"How this tree of primary, secondary and tertiary pass be
made in any English"
There is a white paper on OTN that explains this:
http://otn.oracle.com/tech/globalization/pdf/TWP_Sorting_10gR1.pdf
2)
How this sort of tree can be configured in Arabic / Urdu language
That's a tough one because there doesn't seem to be a standard for Urdu sorting. Probably modifying GENERIC_M for whatever your requirements are is best. -
What I am trying to configure is Mobility Groups.
My understanding is that this will allow AP to successfully register and fail over over seamlessly if any of the WLC had to fail ?
It could be I am confusing two things into one :( & I am totally confused and not understanding the benefits of mobility group mentioned above.
Also when a AP starts up and registers with the WLC ......I click on a registered AP > High Availability ( Primary / Sec / Tertiary ) all fields are blank...
Initially I also thought that once my SSO is all setup and working than those options "AP > High Availability" will get populated automatically but clearly not unless something is not working.
My current config is as follows:-
WLC 5508 * 2
WLC 1 - Primary
WLC 2 - HA SKU (Secondary )
Redundancy = SSO (Both AP and Client SSO)
=============
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.130.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... WLC5508
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. SSO (Both AP and Client SSO)
IP Address....................................... 10.31.66.21
Last Reset....................................... Software reset
System Up Time................................... 0 days 22 hrs 39 mins 57 secs
System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... GB - United Kingdom
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +38 C
External Temperature............................. +21 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0
Burned-in MAC Address............................ F8:72:EA:EE:5B:B2
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 500
============================================
TATA,
Mobility and mobility groups are used for the wireless users roaming. What we know that a wireless users can roam between different APs within the same WLC, but when the SSID is used within multiple WLCs, and the client wanted to roam to an AP joined to another WLC, you would need to configure WLC mobility to maintain seamless roaming. For more info:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001101.html
Now, I understand that your purpose is to have high availability for your APs. No this is done traditionally from the AP page, under HA tab, where you configure the WLCs names and IPs there. This can be done manually on each AP (you can use CLI to make it easier) or you can push a configuration template using a management server (WCS/NCS/CPI).
Configuring HA on the AP:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110000.html
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110001.html
Using CPI to push AP configuration templates:
http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-0/configuration/guide/pi_20_cg/temp.html
Now mobility may play a role in this, as if you have already configured mobility for your WLCs, then you won't need to configure a "name" for the WLCs when you add them under the HA tab in AP configuration page. That's it.
BR, Ala -
Redundancy for WLC 5508 7.1.103
I was trying to setup 2x WLC 5508 follow this instruction , copy config of 1 WLC to another and change the IP address. Then setup HA in global config for all AP
https://supportforums.cisco.com/thread/2036661
Is there a way to confirm fail-over work without turning off the 1st WLC ?
I tried this command on 1 of the AP "show capwap client config"
But it does not show secondary controller config.Are you sure you don't see primary and secondary controller's IP addresses on the command "show capwap client config"?
If configured, primary, secondary or tertiary WLCs appear on the output of this command like this:
mwarName WLC1
mwarIPAddress x.x.x.x
mwarName WLC2
mwarIPAddress y.y.y.y
mwarName WLC3
mwarIPAddress z.z.z.z
Where, WLC1 is the primary, WLC2 is the secondary and WLC3 is the tertiary.
Note that the listing order determines which one is primary and which is secondary...etc. (first listed is primary, second is secondary..etc).
You double check the output of your command.
You can take Leo's advice about testing HA without reloading the WLC, but you can also check HA per AP basis. Try adding one ACL that prevents specific AP from communicating with the primary WLC and wait to see if it will join the secondary or not.
HTH
Amjad
You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you". -
Master Secondary Cisco WLC environment
I've inherited 2 Cisco wireless WLC's recently.. we have what we consider our Master Cisco WLC 5508 controller, and a 2504 WLC at our HQ. Bottom line, these WLC's are set as individual master controllers and their respective AP's connect to each of their respective controllers. The difference we have is the APs and locations which connect to our master wlc at our data center, guest access works fine. The AP's that connect to our WLC 2504, do not have an Internet POP so today, employee wireless access is working, but I cannot get them guest access as it is not connected in any way to the master in our data center. I've come over from a Aruba environment where we have a master/local environment and it worked perfectly. Is this design in a Cisco WLC environment possible ? Thanks, Dan
You have two different model controllers and there is no master local. In the Cisco side you set the primary, secondary and or tertiary controller. What you need to do is to make sure that the VIP is the same and that each controller is configured in the others mobility group.
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/107188-mobility-groups-faq.html
Then you can anchor the SSID to the WLC in the data center. That's how you can get this to work.
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob41dg/emob41dg-wrapper/ch10GuAc.html
Please rate helpful post and Cisco Support Community will donate to Kiva
Scotty -
Converged Access Design Help (Catalyst 3850 and WLC 5508...Mobility Oracle)
Hello,
I am an engineer working with a Cisco Gold Partner in Saudi Arabia. We have a large university as our client where they are constructing a new
building and require our services to build the network infrastructure. Therefore, we are to implement the routing and switching infrastructure as
well as the Wireless solution.
At present, I have no issues in implementing the R&S infrastructure as it is very straight forward but it has implications on the deployment of
the wireless solution which I explain further below. The R&S infrastructure comprises of the typical Core, Distribution, and Access layers and we
are focusing on the local distribution and access switches with regards to the new building. The client has a converged Layer 3 network spanning
from distribution layer to core layer and they are running EIGRP for this convergence. This is not a problem and has already been implemented.
Yet, the challenge arises in deploying the WLAN infrastructure. The client already has a Cisco WLAN infrastructure in place where they have a
large number of LAPs that are registered with their controllers in the Data Center. They have two WLC 5508 where one is the Primary and the other
the Secondary. The local distribution switch to which the WLC are connected also is the gateway for the SVIs for the SSIDs that are configured on
the controllers. This means that once the packets from the AP come in to the WLC, they are tagged with the correct VLAN and sent to the directly
connected distribution switch which then routes it into the rest of the Layer 3 network. Interestingly, the WLC 5508 are running AireOS 7.6 and
support the "New Mobility" feature. The two controllers have formed a Mobility Group (MG) between each other.
Now, the new building will have two Catalyst 3850 switches installed where each one has a total of 40 AP licenses pre-installed and activated
i.e. a total of 80 APs can be supported by the two switches. A total of 67 LAPs will be deployed in the new building which can be accommodated
between the two switches and their integrated controller.
Yet, based on my understanding and research about Converged Access is that, ideally, the Catalyst 3850 will only run the Mobility Agent (MA)
feature while a central controller would provide the Mobility Controller (MC) service. unfortunately, there are not enough licenses on the
existing WLC 5508 nor can we migrate the new licenses that will facilitate such a split deployment.
This means that I would need to configure the two Catalyst 3850 as independent MC and form a MG between them. I have done this and tested this
already and the mobility is working fine. But my concern is not about getting the Catalyst 3850 to work as this is simple but rather it is
focused on creating a common Mobility Domain (MD) so that clients can roam from this new building to the rest of the campus while maintaining the
state of their connections to the WLAN infrastructure.
To make things more complicated, since the new building will have its own Layer 3 distribution switch and the Catalyst 3850 switches will connect
to this distribution switch, it means that new VLANs and SVIs need to be created for the SSIDs broadcast in the new building. This means that new
subnets need to be assigned to the SSIDs.
As such, I have the following questions:
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means
that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG
as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to
the solution as per the next question. Please advise which is a better option?
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can
then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD).
Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Please advise at your earliest. To assist further, I have attached a topology diagram which may aid in explaining the situation with more
clarity. If these things are clarified, I will be better able to wrap my head around the technology and in turn service my clients better.
Regards,
AmirHi Amir,
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to the solution as per the next question. Please advise which is a better option?
I would configure them in the same mobility group. Also configure same SPG for those two 3850 stacks if users are frequently roaming within these two buildings.
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD). Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
MO is not required (it is only for very large scale deployments)
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Yes, documents are hard to find :(
These notes may be useful to you based on my experience. I am running IOS-XE 3.6.1 in my production.
http://mrncciew.com/2014/05/06/configuring-new-mobility/
http://mrncciew.com/2013/12/14/3850ma-with-5760mc/
HTH
Rasika
*** Pls rate all useful responses **** -
Second WLC 5508 for HA N+1 with Mesh Network
Hi,
End user has a WLC 5508 and around 12 LAPs (an increasing un short time) configured and working for mesh network (some ROOTs and MAPs)
now is the way to deploy an additional 5508 in another site so that be the backup of the first controller.
Taking into account that is a mesh network what would be the options in WLC's config so that we can have the shortest time for LAPs to associate to
the backup controller?
I appreciate your comments
regardsyes, wlcs can be on different sites. be sure to configure primary, secondary wlc name and ip on those APs.
-
Deployment of WLC-5508 with 2702i-D have performance issue.
Hi Team,
We have centrally deployed WLC-5508 with 50 AP licence along with HA scenario. we have 3 locations.
1- HQ. have 26 AP with POWINJ5.
2- Branch location A- 8 AP with POWINJ5.
3. Branch location B have 8 AP with POWINJ4.
my exception is to achieve that single SSID with dynamic VLAN from group police (NPS). MY HO have 26 AP and those are working in local mode.
and branches are connected through flexconnect mode. and all are working with different-2 NPS.
Now i am facing a problem with this deployment are following.
1- branch A have performance issue.
2- HQ have performance issue.
3- i don't want to go with dedicated NPS for every location.
In order to achieve this deployment i want only single SSID with primary and secondary NPS at my HQ with dynamic VLAN for respective departmental users vlans..
above is my problem and concern. otherwise i am successfully achieving this solution with dedicated NPS with single group policy. but when i am going forward to achieve my expectation that time i am facing authentication issue at my HQ and sometimes am not able to get proper VLAN IPs. at my HQ.
kindly help me in that to understand where I am doing wrong things to achieve my expectation.
Thanks.
NalinI am facing 2 different problems.
1st issue- in existing setup we have throughput issue. (while downloading or uploading any data from the internet or Intranet, that time wireless clients are facing slowness of the Speed. and same time when i am trying from LAN i am not facing any issue)
2nd Issue- I want to achieve only single SSID with primary and secondary NPS (AD group is bind with vlan Attributes) with dynamic VLAN for respective departmental users.
for Issue no 2 i have created SSID to achieve the single ssid parameter for every location. in order to achieve i have change all access points mode local to Flexconnect mode after that i have created AP groups location wise and then create flexconnect Groups where i have mapped all the vlan through AAA VLAN-ACL mapping. created interface group and mapped all the vlans in that group.
for more understanding please go through the below mentioned CLI view.
Cisco Controller) >show wlan apgroups
Total Number of AP Groups........................ 4
Site Name........................................ GURGAON-AP-GROUP
Site Description................................. GURGAON-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Pol icy
3 gurgaon-interface Disabled None
--More-- or (q)uit
4 gurgaon-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
GUR-AP-01 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:e4 default location 1 IN 1
GUR-AP-05 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b5:18 default location 1 IN 1
GUR-AP-03 2 AIR-CAP2702I-D-K9 bc:16:65:13:71:00 default location 1 IN 1
GUR-AP-07 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:f8 default location 1 IN 1
GUR-AP-06 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:e0 default location 1 IN 1
GUR-AP-08 2 AIR-CAP2702I-D-K9 f4:4e:05:45:78:98 default location 1 IN 1
GUR-AP-02 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:2c default location 1 IN 1
GUR-AP-04 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:64 default location 1 IN 1
GUR-AP-09 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b4:44 default location 1 IN 1
Site Name........................................ MUMBAI-AP-GROUP
Site Description................................. MUMBAI-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
--More-- or (q)uit
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-7-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:d8 7th Floor 1 IN 3
--More-- or (q)uit
FAL-7-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:18 7th Floor 1 IN 1
FAL-7-AP14 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ad:e8 7th Floor 1 IN 1
FAL-7-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:4c 7th Floor 1 IN 1
FAL-7-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:bc 7th Floor 1 IN 1
FAL-7-AP13 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:80 7th Floor 1 IN 1
FAL-7-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:94 7th Floor 1 IN 1
FAL-7-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:e8 7th Floor 1 IN 1
FAL-7-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:f0 7th Floor 1 IN 3
FAL-7-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:e4 7th Floor 1 IN 1
FAL-7-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:84 7th Floor 1 IN 3
FAL-7-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:14 7th Floor 1 IN 1
FAL-7-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:c8 7th Floor 1 IN 3
FAL-7-AP11 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:08 7th Floor 1 IN 1
Site Name........................................ MUMBAI-THIRD-FLOOR-AP
Site Description................................. MUMBAI-THIRD-FLOOR-AP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
--More-- or (q)uit
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-3-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:a4 3rd Floor 1 IN 3
FAL-3-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:94 3rd Floor 1 IN 3
FAL-3-AP11 2 AIR-CAP2702I-D-K9 f4:0f:1b:73:00:74 3rd Floor- Eurek 1 IN 3
FAL-3-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:d0 3rd Floor 1 IN 3
--More-- or (q)uit
FAL-3-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b5:88 3rd Floor 1 IN 3
FAL-3-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:9c 3rd Floor 1 IN 3
FAL-3-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:af:a0 3rd Floor 1 IN 1
FAL-3-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:fc 3rd Floor- Eurek 1 IN 3
FAL-3-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:28 3rd Floor 1 IN 3
FAL-3-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:f4 3rd Floor 1 IN 3
FAL-3-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:8c 3rd Floor 1 IN 2
FAL-3-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:f4 3rd Floor 1 IN 3
Site Name........................................ RAHEJA-AP-GROUP
Site Description................................. RAHEJA-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
--More-- or (q)uit
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
5 raheja-interface Disabled None
2 raheja-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-RAHEJA-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:1c Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:37:3c Confrennce Room 1 IN 3
FAL-RAHEJA-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:48 Near Confrence R 1 IN 3
FAL-RAHEJA-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:c0 Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:a0 Near Server Room 1 IN 3
FAL-RAHEJA-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:20 Reception Area 1 IN 3
FAL-RAHEJA-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:68 USER BAY ROAD si 1 IN 1
FAL-RAHEJA-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:d4 Training Room 1 IN 1
--More-- or (q)uit
Site Name........................................ default-group
Site Description................................. <none>
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
3 gurgaon-interface Disabled None
4 gurgaon-guest Disabled None
5 raheja-interface Disabled None
6 test Disabled None
Cisco Controller) >show flexconnect group summary
FlexConnect Group Summary: Count: 4
Group Name # Aps
Gurgaon-AP 9
HQ-3RD-FLR-AP-GROUP 12
HQ-7THFLR-AP-GROUP 14
Raheja-AP-Group 8
(Cisco Controller) >show flexconnect group detail Gurgaon-AP
Number of AP's in Group: 9
bc:16:65:13:71:00 GUR-AP-03 Joined Flexconnect
f4:4e:05:45:78:98 GUR-AP-08 Joined Flexconnect
f4:4e:05:78:ae:64 GUR-AP-04 Joined Flexconnect
f4:4e:05:78:ae:e4 GUR-AP-01 Joined Flexconnect
f4:4e:05:80:b3:2c GUR-AP-02 Joined Flexconnect
f4:4e:05:80:b3:e0 GUR-AP-06 Joined Flexconnect
f4:4e:05:80:b3:f8 GUR-AP-07 Joined Flexconnect
f4:4e:05:80:b4:44 GUR-AP-09 Joined Flexconnect
f4:4e:05:80:b5:18 GUR-AP-05 Joined Flexconnect
Efficient AP Image Upgrade ..... Disabled
Master-AP-Mac Master-AP-Name Model Manual
Group Radius Servers Settings:
Type Server Address Port
Primary Unconfigured Unconfigured
Secondary Unconfigured Unconfigured
--More-- or (q)uit
Group Radius AP Settings:
AP RADIUS server............ Disabled
EAP-FAST Auth............... Disabled
LEAP Auth................... Disabled
EAP-TLS Auth................ Disabled
EAP-TLS CERT Download....... Disabled
PEAP Auth................... Disabled
Server Key Auto Generated... No
Server Key.................. <hidden>
Authority ID................ 436973636f0000000000000000000000
Authority Info.............. Cisco A_ID
PAC Timeout................. 0
Multicast on Overridden interface config: Disabled
DHCP Broadcast Overridden interface config: Disabled
Number of User's in Group: 0
Vlan :........................................... 203
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 205
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 204
--More-- or (q)uit
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 206
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 207
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 208
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 209
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 210
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 211
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 212
Ingress ACL :................................... None
Egress ACL :.................................... None
--More-- or (q)uit
Vlan :........................................... 216
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 217
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 218
Ingress ACL :................................... None
Egress ACL :.................................... None
Group-Specific FlexConnect Wlan-Vlan Mapping:
WLAN ID Vlan ID
WLAN ID SSID Central-Dhcp Dns-Override Nat-Pat
(Cisco Controller) >
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 6
WLAN ID WLAN Profile Name / SSID Status Interface Name PMIPv6 Mobility
1 FRACTAL-EMP-MUMBAI / FRACTAL Enabled group for mumbai none
2 FRACTAL-GUEST / FRACTAL-GUEST Enabled guest wifi none
3 FRACTAL-EMP-GURGAON / FRACTAL-GURGAON Enabled gurgaon-interface none
4 GURGAON-GUEST / FRACTAL-GUEST-GURGAON Enabled gurgaon-guest none
5 RAHEJA-EMP-WIRELESS / FRACTAL-R Enabled raheja-interface none
6 TEST-SSID / TEST-SSID Enabled test none
hope this will give you proper understanding. -
WLC 5508 Internal DHCP server issues
Hi,
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
- I have an LWAP connected to the WLC in HREAP mode.
- WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
- Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
guest 1 301 10.255.255.30 Dynamic No No
management 1 100 172.17.1.30 Static Yes No
service-port N/A N/A 192.168.0.1 Static No No
virtual N/A N/A 10.0.0.1 Static No No
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 4
WLAN ID WLAN Profile Name / SSID Status Interface Name
1 LAN Enabled management
2 Internet Enabled management
3 Managment Assets Enabled management
4 Guest Enabled guest
(Cisco Controller) >show dhcp detailed guest
Scope: guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 10.255.255.31
Pool End......................................... 10.255.255.254
Network.......................................... 10.255.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 10.255.255.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 8.8.8.8 8.8.4.4 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... e8:b7:48:9b:84:20
IP Address....................................... 172.17.1.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.17.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.30.50.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show interface detailed guest
Interface Name................................... guest
MAC Address...................................... e8:b7:48:9b:84:24
IP Address....................................... 10.255.255.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.255.255.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 301
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show dhcp leases
MAC IP Lease Time Remaining
00:21:6a:9c:03:04 10.255.255.46 23 hours 52 minutes 42 seconds <<<<<<< lease remains even when the client is disconnected.
*********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
(Cisco Controller) >show client detail 00:21:6a:9c:03:04
Client MAC Address............................... 00:21:6a:9c:03:04
Client Username ................................. N/A
AP MAC Address................................... a0:cf:5b:00:49:c0
AP Name.......................................... mel
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2 <<<<<<<< 'Internet' SSID
BSSID............................................ a0:cf:5b:00:49:ce
Connected For ................................... 319 secs
Channel.......................................... 36
IP Address....................................... 10.255.255.46 <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
Power Save....................................... OFF
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
H-REAP Data Switching............................ Central <<<<<<<<<
H-REAP Authentication............................ Central <<<<<<<<<<
Interface........................................ management
VLAN............................................. 100 <<<<<<<<<<< right Vlan
Quarantine VLAN.................................. 0
Access VLAN...................................... 100Hi All,
I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
Thanks,
Raj Sandhu
Maybe you are looking for
-
How to open a "PDF Documents" in iBooks?
Hello! In order to "study" some documents (underline, write comments, etc as it was presented in the Maverick Video Show), i added some pdf documents to iBooks (on Maverick). How to open it/them? when i click on a "book" (document), nothing happens.
-
Workflow using photoshop elements as external editor
Hi. I am very satisfied with aperture 3. I think it is an excellent program, and the organization of pictures are excellent. I love all the editing options as well. However I looked at some tutorials on photoshop elements 9, and really like some of t
-
MacBook Air won't turn on - it only hoots !
My MacBook Air (2009/2010) will not turn on: when I press the power button there's a tinny little hooting sound every 5 seconds, exactly in sync with the flashing power light - that's all - no sound of fans or anything, nothing to see on the black s
-
Infinite loop deferring registration
My web app is hanging when I try to access it on Tomcat. The following is infinitely printed to my log. Please let me know what I should be looking for going wrong as I don't know where to begin with this on. I'm using Kodo 2.5.2. 358125 DEBUG [Threa
-
IDSM-2 gives 500Mbps in IPS mode and 600Mbpgs in IDS mode. Bundling 4 IDSM-2 in single chassis gives 2Gbps performance with Sup 32. But the FWSM provides 5Gbps throughput and the Sup 720 supports 40Gbps switching. What is the disconnect here? How do