Problem Concurent client WLC 5508

Similar Messages

• WLC-5508 - Software Update issue

  Hi,
      I'm having a little problem with a WLC-5508, It has the 6.0.199.4 image version and when I try to update it with any of the new versions the controller prompt this error: "% Error: Code file transfer failed - Error while writing output file". I think the controller has no enough memory to copy the file.
      I ran the show memory statistics and the free system memory tells It has enogh space. So I don't know what to do, I read all the configuration manual but I can not find any slution. The probles is that I need to asosiate 8 new AP-2602 and with this old software version they are not compatible.
  If anyone knows a posible solution, it would help me a lot.
  Thanks!!

  You can not directly upgrade the ios, kindly consult the following cisco link 
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
  "It is not possible to directly upgrade to the 7.4.100.0 release from a release that is older than 7.0.98.0"
  you have to complete the work in two step i.e 6.x to 7.0.x and then to 7.4

• Wlc 5508 inaccessible after upgrade to version 8

  dear all,
  I have a problem after upgrading wlc 5508, 
  at first after upgrade everything works fine, but while waiting for APs to rejoin, wlc suddenly inaccessible either via SSH, telnet or console
  I have restart the wlc with no luck
  LED indicator for SYS and ALR are off
  any suggestion will be highly appreciated
  thanks
  regards

  If the appliance failed in the first month after delivery, you might be able to squeeze off an RMA. 
  If the appliance failed in the first year after delivery, I don't care what is written in the "warranty", you can't do anything until you have a valid Service Contract.

• IP-MAC Binding for WLC-5508

  Hello!
  I am having problem in configuring wlc 5508, in a security option i applied mac-filtering and it works fine.
  Now I need to configure ip-mac address binding, i tried both with gui and cli method but it is not working. While configuring mac-filtering on gui there is a option to define ip address, after defining xx.xx.xx.xx ip address for device xx it is not peaking particular ip from the pool.  
  mac-filtering is still working with out issue.
  Also tried with cli.....
  Looking through the configuration guide i tried every possible ways but couldn't get any resolution.
  mac-binding, mac-filtering is enable,
  What will be the possible causes of this?
  does it support mac-ip binding in its local database?
  I would be thankful in your any suggestions and advises!  
  Nikhil

  Thanks for reply David,
  Currently user are authenticate from mac address and we want IP-MAC base authentication in cisco 5508 controller.
  we are facing some problem that in stead of ip-mac pair only mac address is authenticate.
  can u guide me that how can i authenticate IP-MAC pair in cisco 5508 controller?
  or Is this possible on Cisco 5508 controller as it is showing ip address field in GUI option?
  i am waiting your reply.

• WLC 5508 - wlan stability problems

  Hi.
  I have a WLC 5508 with half a dozen LAPs (AIR-CAP3502I-E-K9).
  They have been working but sometimes clients detect conectivity problems with the wlan.
  Here is the message log I can obtain from the controller:
  Nov 09 12:16:31.886: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!*dot1xMsgTask: Nov 09 12:16:10.286: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 00:26:c6:12:e8:32Previous message occurred 7 times.Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!*apfReceiveTask: Nov 09 11:51:30.788: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *spamApTask2: Nov 09 11:51:20.144: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.23.1.118*dot1xMsgTask: Nov 09 11:50:44.878: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client e0:ca:94:93:be:67*apfReceiveTask: Nov 09 11:50:40.672: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:38.625: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:35.531: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:31.068: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:29.257: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:28.707: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  Can somebody help me to understand these messages?
  1)
  *apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  2)
  Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!
  3)
  *dot1xMsgTask: Nov 09 11:50:44.878: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client e0:ca:94:93:be:67
  Thanks

  1)
  *apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  //APs are rebooting. don't panic, check the up time of AP. This message seen when AP rebooted/freshly joined and waiting for wlc to assign channel.
  2)
  Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!
  //It is cosmetic and can be ignored.
  3)
  *dot1xMsgTask: Nov 09 12:16:10.286: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 00:26:c6:12:e8:32
  //Keys M1-M5 used for wireless auth, here client having struggle completing the auth process.
  get output of, WLC>debug client

• WLC 5508 Problem with #DOT1X-3-INVALID_REPLAY_CTR

  Hi all,
  I have WLC 5508 with version 7.4.110.0 and with 13 AccessPoints.So 12 of this AP are  AIR-LAP1142N-E-K9 and 1 is AIR-CAP3602I-E-K9.
  Logs of my WLC are:
  *Dot1x_NW_MsgTask_1: Jan 11 01:15:05.167: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 90:c1:15:c6:c3:49 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_4: Jan 11 01:09:41.015: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 5c:0a:5b:c1:16:34 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_3: Jan 11 01:03:32.269: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 40:b3:95:13:da:cb - got 00 00 00 00 00 00 00 03, expected 00 00 00 00 00 00 00 04
  *Dot1x_NW_MsgTask_3: Jan 11 01:03:32.266: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 40:b3:95:13:da:cb - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 04
  *Dot1x_NW_MsgTask_0: Jan 11 01:03:31.648: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 24:77:03:67:01:48 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_5: Jan 11 01:03:31.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:da:c1:cd - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_2: Jan 11 01:03:31.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client cc:78:5f:29:cc:82 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_4: Jan 11 01:03:31.633: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 08:11:96:55:81:c4 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_0: Jan 11 01:03:31.631: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 84:3a:4b:56:36:50 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_1: Jan 11 01:03:31.630: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:e2:d4:91 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_0: Jan 11 00:59:52.593: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client a0:88:b4:60:20:f8 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *apfRogueTask_3: Jan 11 00:59:32.168: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 2, Requested containment level 4
  *apfRogueTask_3: Jan 11 00:58:38.635: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 1, Requested containment level 4
  *Dot1x_NW_MsgTask_0: Jan 11 00:50:06.885: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 10:68:3f:46:4e:e8 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_0: Jan 11 00:50:06.883: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 10:68:3f:46:4e:e8 - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 02
  *dot1xMsgTask: Jan 11 00:49:05.842: #DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:618 Client c8:e0:eb:19:2a:97 may be using an incorrect PSK
  *apfRogueTask_3: Jan 11 00:40:42.576: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 3, Requested containment level 4
  *Dot1x_NW_MsgTask_3: Jan 11 00:40:17.471: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client c4:43:8f:f1:8c:8b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_4: Jan 11 00:40:03.368: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client f0:d1:a9:8e:1a:dc - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_1: Jan 11 00:39:30.528: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:d8:84:09 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  I already go to this link to check the Description of errors-
  http://www.cisco.com/en/US/docs/wireless/controller/message/guide/msgs4.html#wp1000139
  Appreciate all feedback. Thank you.

  Hi Ruben,
  a) After successful dot1x authentication, session keys are derived from pairwise master key.
  b) When the AP transmits a key to a station by default, it expects a response back within a set timeframe.
  c) If the station does not respond, the AP increments the counter and retransmits the key.
  d) If the AP receives a response to first message just after the retransmission of the key, a mismatch occurs in the counter.
  This in most of the cases will be a client driver problem.
  Solution :
  1) try to increase the EAPOL-Key Timeout ( config advanced eap ).
  2) Upgrade the client driver.
  *****Help out other by using the rating system and marking answered questions as "Answered"*****

• WLC 5508 - Clients disconnecting

  I am running WLC 5508 7.2.111.3 with some 2602i AP.
  Last week one user reported his new macbook pro 2013 was encountering connectivity issues.His older macbook pro 2009 was working perfectly.
  The user is sitting in the middle of 2nd floor having equal distance from second's floor access points.
  The problem is that his Macbook pro 2013 was persistently trying to associate with 3rd's floor Access Points. Whatever i tried to do (deauthenticate user,rebooting 2nd & 3rd floor APs) the connection was persistent to 3rd floor Access Point. Even when i tried to install an Access Point in the user's office his Macbook Pro 2013 refused (!!!) to leave 3rd's floor Access Points.However his Macbook pro 2009 was always connected to the nearest Access Point (either to 2nd floor Access Points or to the newly installed access point in his office).
  This week i had two visitors in 4th floor reporting that their Laptops (Sony Vaio) were doing very slow with the wireless.
  When i tried to troubleshoot i found in the controller that their laptops were associating with 4th floor Access Points and after a minute they were disconnected and trying to associate to Ground Floor (!) Access Points. Of course they couldn't establish a connection and then associated again with 4th floor access points and after a while disconnected and trying to associate to Ground Floor Access Points
  I tried to debug client with Sony Vaio and saw in the controller the following message
  *apfMsConnTask_7: Mar 24 10:42:15.473: %APF-4-INVALID_ACTION_CATEGORY: apf_wme_utils.c:5481 Could not process 802.11 Action. Received Action frame with invalid category field(not supported by controller) from client. Mobile:*********, Category:7.
  I also see a lot of these messages for other clients.
  *apfMsConnTask_3: Mar 19 12:03:54.243: %APF-4-ASSOCREQ_PROC_FAILED: apf_80211.c:5275 Failed to process an association request from c8:6f:1d:24:0e:7d. WLAN:5, SSID:************. mobile in database timed out.
  Am i hitting any bug similar or equal to CSCue53980?

  have you tried with open authentication ( no security ) ? Check if client is able to associate then

• WLC 5508 WPA Authentication Problems

  Hello,
  We have a WLC 5508 with 7.4.100.0 Firmware.
  We are using 1141 and 1142 APs and we are having authentication problems with clients that are connecting to our WLAN with WPA+AES autentication. The clients receive in her laptop a password error, and we receive the following log in wlc:
  Client Excluded: MACAddress:f8:f1:eb:dd:ff:cd Base Radio MAC :08:ad:dd:76:4d:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4
  The strange thing is that the problem is solved restarting the Access-points.
  Anyone had this problem previusly?
  Thanks in advance.

  I made the configuration using the Cisco Recommended settings, the strange thing its that the users connect normally, until they starts with authentication problems. I restart the access points and the problem its solved.
  Cisco Recommended  and not recommended Authentication Settings
  Security encryption settings need to be identical for WPA and WPA2 for TKIP and AES as shown in this image:
  These images provide examples of incompatible settings for TKIP and AES:
  Note: Be aware that security settings permit unsupported features.
  These images provide examples of compatible settings:

• Windows Sharing problem from WLC 5508 to wired LAN

  Dear All,
  I'm having problem with windows sharing (file/printer sharing) from Wireless lan client which is connected to AP3500 and
  WLC 5508 then to Nexus 7010. It's already using ip command, for example \\192.168.84.65
  WLC os version 7.0.116.0 (using AP groups)
  Nexus os version 4.2(6)
  The weird thing is i can connect using windows sharing from wired LAN to wireless user however not vice versa.
  for better explanation, here are the scenarios
  1. Wireless lan to wired LAN using windows sharing - failed
  1. Wired LAN to Wireless lan using windows sharing - success.
  I've been analyzing by making sure that all the to end, there would be no firewall within source pc(s) and destination pc(s) and also
  the ACL inside Nexus.
  Been dying here to find solution for this, due to the customer is using it for file and printer sharing service.
  Anyone has idea to solve this problem, i'm looking forward for any suggestion coming.
  Arrai.

  Peer to peer within wlc is using default setting which is allowed and as you may know, peer to peer permission only related between wireless client not wired one. CMIIW.

• WLC 5508, SW 6.0.199.4, 1142 AP: Clients getting dropped intermittently

  We have deployed a WLC 5508 w/ SW version 6.0.199.4, 1142 AP's & open authentication w/ MAC filtering. Clients are randomly getting dropped with "Limited Access" shown in Win 7. In this state, the client machine is unable to ping the gateway and sometimes lose their DHCP assigned IP as well. A manual disconnect/re-connect to the SSID is required everytime.
  I ran a debug on one the clients stuck in the "Limited Access" state (debug client xx:xx:xx:xx):
  *Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Adding mobile on LWAPP AP 3c:ce:73:c5:1e:b0(0)
  *Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station:  (callerId: 23) in 5 seconds
  *Apr 15 16:59:23.205: e0:91:53:60:1f:e4 apfProcessProbeReq (apf_80211.c:4722) Changing state for mobile e0:91:53:60:1f:e4 on AP 3c:ce:73:c5:1e:b0 from Idle to Probe
  *Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
  *Apr 15 16:59:23.225: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
  *Apr 15 16:59:23.225: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
  *Apr 15 16:59:23.646: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
  *Apr 15 16:59:23.646: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
  *Apr 15 16:59:23.666: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
  *Apr 15 16:59:23.666: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
  *Apr 15 16:59:28.553: e0:91:53:60:1f:e4 apfMsExpireCallback (apf_ms.c:418) Expiring Mobile!
  *Apr 15 16:59:28.554: e0:91:53:60:1f:e4 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [3c:ce:73:c5:1e:b0]
  *Apr 15 16:59:28.554: e0:91:53:60:1f:e4 Deleting mobile on AP 3c:ce:73:c5:1e:b0(0)
  On doing a manual re-connect, got the following logs:
  *Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Association received from mobile on AP b8:62:1f:e9:9f:30
  *Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying site-specific IPv6 override for station e0:91:53:60:1f:e4 - vapId 7, site 'Academy', interface 'students'
  *Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying IPv6 Interface Policy for station e0:91:53:60:1f:e4 - vlan 15, interface id 14, interface 'students'
  *Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying site-specific override for station e0:91:53:60:1f:e4 - vapId 7, site 'Academy', interface 'students'
  *Apr 15 17:01:38.143: e0:91:53:60:1f:e4 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1276)
  *Apr 15 17:01:38.143: e0:91:53:60:1f:e4 STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
  *Apr 15 17:01:38.143: e0:91:53:60:1f:e4 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
  *Apr 15 17:01:38.143: e0:91:53:60:1f:e4 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [b8:62:1f:e5:6a:90]
  *Apr 15 17:01:38.144: e0:91:53:60:1f:e4 Updated location for station old AP b8:62:1f:e5:6a:90-0, new AP b8:62:1f:e9:9f:30-0
  *Apr 15 17:01:38.144: e0:91:53:60:1f:e4 apfProcessAssocReq (apf_80211.c:4268) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from Probe to AAA Pending
  *Apr 15 17:01:38.144: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
  *Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 START (0) Initializing policy
  *Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
  *Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
  *Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP b8:62:1f:e9:9f:30 vapId 7 apVapId 2
  *Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
  *Apr 15 17:01:38.144: e0:91:53:60:1f:e4 apfPemAddUser2 (apf_policy.c:213) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from AAA Pending to Associated
  *Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station:  (callerId: 49) in 65535 seconds
  *Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Including FT Mobility Domain IE (length 5) in Initial assoc Resp to mobile
  *Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Sending Assoc Response to station on BSSID b8:62:1f:e9:9f:30 (status 0) Vap Id 2 Slot 0
  *Apr 15 17:01:38.145: e0:91:53:60:1f:e4 apfProcessRadiusAssocResp (apf_80211.c:1957) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from Associated to Associated
  *Apr 15 17:01:38.189: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
  *Apr 15 17:01:38.189: e0:91:53:60:1f:e4 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0,  mobility state = 'apfMsMmQueryRequested'
  *Apr 15 17:01:39.953: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
  *Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4166, Adding TMP rule
  *Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
    type = Airespace AP - Learn IP address
    on AP b8:62:1f:e9:9f:30, slot 0, interface = 13, QOS = 0
    ACL Id = 255, Jumbo F
  *Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
  *Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
  *Apr 15 17:01:39.954: e0:91:53:60:1f:e4 Sent an XID frame
  *Apr 15 17:01:40.807: e0:91:53:60:1f:e4 Orphan Packet from STA - IP 169.254.201.128
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP processing DHCP DISCOVER (1)
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP   xid: 0x9b24c896 (2602879126), secs: 1280, flags: 0
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP   chaddr: e0:91:53:60:1f:e4
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP processing DHCP OFFER (2)
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP   xid: 0x9b24c896 (2602879126), secs: 0, flags: 0
  *Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP   chaddr: e0:91:53:60:1f:e4
  *Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP   ciaddr: 0.0.0.0,  yiaddr: 10.6.2.160
  *Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  *Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP   server id: 10.6.15.254  rcvd server id: 10.6.15.254
  *Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP successfully bridged packet to STA
  *Apr 15 17:01:43.240: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 316, port 13, encap 0xec03)
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP processing DHCP REQUEST (3)
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   xid: 0x9b24c896 (2602879126), secs: 1280, flags: 0
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   chaddr: e0:91:53:60:1f:e4
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   requested ip: 10.6.2.160
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   server id: 10.6.15.254  rcvd server id: 10.6.15.254
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP processing DHCP ACK (5)
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   xid: 0x9b24c896 (2602879126), secs: 0, flags: 0
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   chaddr: e0:91:53:60:1f:e4
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   ciaddr: 0.0.0.0,  yiaddr: 10.6.2.160
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  *Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP   server id: 10.6.15.254  rcvd server id: 10.6.15.254
  *Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 DHCP_REQD (7) Change state to RUN (20) last state RUN (20)
  *Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Reached PLUMBFASTPATH: from line 4972
  *Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Replacing Fast Path rule
    type = Airespace AP Client
    on AP b8:62:1f:e9:9f:30, slot 0, interface = 13, QOS = 0
    ACL Id = 255, Jumbo Frames = NO,
  *Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Successfully plumbed mobile rule (ACL ID 255)
  *Apr 15 17:01:43.242: e0:91:53:60:1f:e4 Assigning Address 10.6.2.160 to mobile
  *Apr 15 17:01:43.242: e0:91:53:60:1f:e4 DHCP successfully bridged packet to STA
  *Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 Added NPU entry of type 1, dtlFlags 0x0
  *Apr 15 17:01:43.242: e0:91:53:60:1f:e4 Sending a gratuitous ARP for 10.6.2.160, VLAN Id 15
  *Apr 15 17:01:46.428: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
  *Apr 15 17:01:46.428: e0:91:53:60:1f:e4 DHCP processing DHCP INFORM (8)
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP   xid: 0xbb0d5d87 (3138215303), secs: 0, flags: 0
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP   chaddr: e0:91:53:60:1f:e4
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP   ciaddr: 10.6.2.160,  yiaddr: 0.0.0.0
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP processing DHCP ACK (5)
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP   xid: 0xbb0d5d87 (3138215303), secs: 0, flags: 0
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP   chaddr: e0:91:53:60:1f:e4
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP   ciaddr: 10.6.2.160,  yiaddr: 0.0.0.0
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  *Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP   server id: 10.6.15.254  rcvd server id: 10.6.15.254
  show client e0:91:53:60:1f:e4 (after re-connect)
  (Cisco Controller) >show client detail e0:91:53:60:1f:e4
  Client MAC Address............................... e0:91:53:60:1f:e4
  Client Username ................................. N/A
  AP MAC Address................................... b8:62:1f:e9:9f:30
  Client State..................................... Associated    
  Client NAC OOB State............................. Access
  Wireless LAN Id.................................. 7 
  BSSID............................................ b8:62:1f:e9:9f:31 
  Connected For ................................... 105 secs
  Channel.......................................... 11
  IP Address....................................... 10.6.2.160
  Association Id................................... 8 
  Authentication Algorithm......................... Open System
  Reason Code...................................... 1 
  Status Code...................................... 0 
  Session Timeout.................................. 65535
  Client CCX version............................... No CCX support
  QoS Level........................................ Silver
  Diff Serv Code Point (DSCP)...................... disabled
  802.1P Priority Tag.............................. disabled
  WMM Support...................................... Enabled
  U-APSD Support................................... Disabled
  Power Save....................................... OFF
  Current Rate..................................... m7
  Supported Rates.................................. 1.0,2.0,5.5,11.0,6.0,9.0,
      ............................................. 12.0,18.0,24.0,36.0,48.0,
      ............................................. 54.0
  Mobility State................................... Local
  Mobility Move Count.............................. 0
  Security Policy Completed........................ Yes
  Policy Manager State............................. RUN
  Policy Manager Rule Created...................... Yes
  ACL Name......................................... none
  ACL Applied Status............................... Unavailable
  Policy Type...................................... N/A
  Encryption Cipher................................ None
  Management Frame Protection...................... No
  EAP Type......................................... Unknown
  Interface........................................ students
  VLAN............................................. 15
  Quarantine VLAN.................................. 0
  Access VLAN...................................... 15
  Client Capabilities:
        CF Pollable................................ Not implemented
        CF Poll Request............................ Not implemented
        Short Preamble............................. Implemented
        PBCC....................................... Not implemented
        Channel Agility............................ Not implemented
        Listen Interval............................ 1
        Fast BSS Transition........................ Not implemented
  Fast BSS Transition Details:
  Client Statistics:
        Number of Bytes Received................... 36509
        Number of Bytes Sent....................... 32902
        Number of Packets Received................. 300
        Number of Packets Sent..................... 66
        Number of EAP Id Request Msg Timeouts...... 0
        Number of EAP Request Msg Timeouts......... 0
        Number of EAP Key Msg Timeouts............. 0
        Number of Data Retries..................... 95
        Number of RTS Retries...................... 0
        Number of Duplicate Received Packets....... 1
        Number of Decrypt Failed Packets........... 0
        Number of Mic Failured Packets............. 0
        Number of Mic Missing Packets.............. 0
        Number of Policy Errors.................... 0
        Radio Signal Strength Indicator............ -66 dBm
        Signal to Noise Ratio...................... 29 dB
  Nearby AP Statistics:
        APSOEBFF_COR3(slot 0) .....................
  antenna0: 50 seconds ago -91 dBm................. antenna1: 50 seconds ago -76 dBm
        APSOEAFF_FAC(slot 0) ......................
  antenna0: 108 seconds ago -89 dBm................ antenna1: 108 seconds ago -87 dBm
        APSOEBGF_FAC(slot 0) ......................
  antenna0: 50 seconds ago -82 dBm................. antenna1: 50 seconds ago -71 dBm
        APSOEBGF_STAFF(slot 0) ....................
  antenna0: 49 seconds ago -74 dBm................. antenna1: 49 seconds ago -58 dBm
  WLAN config
  WLAN Identifier.................................. 9
  Profile Name..................................... STAFF
  Network Name (SSID).............................. STAFF
  Status........................................... Enabled
  MAC Filtering.................................... Enabled
  Broadcast SSID................................... Enabled
  AAA Policy Override.............................. Disabled
  Network Admission Control
    NAC-State...................................... Disabled
    Quarantine VLAN................................ 0
  Number of Active Clients......................... 32
  Exclusionlist.................................... Disabled
  Session Timeout.................................. Infinity
  CHD per WLAN..................................... Disabled
  Webauth DHCP exclusion........................... Disabled
  Interface........................................ staff
  WLAN ACL......................................... unconfigured
  DHCP Server...................................... Default
  DHCP Address Assignment Required................. Disabled
  Quality of Service............................... Silver (best effort)
  Scan Defer Priority.............................. 5,6
  Scan Defer Time.................................. 100 milliseconds
  WMM.............................................. Allowed
  Media Stream Multicast-direct.................... Disabled
  CCX - AironetIe Support.......................... Enabled
  CCX - Gratuitous ProbeResponse (GPR)............. Disabled
  CCX - Diagnostics Channel Capability............. Disabled
  Dot11-Phone Mode (7920).......................... Disabled
  Wired Protocol................................... None
  IPv6 Support..................................... Disabled
  Peer-to-Peer Blocking Action..................... Disabled
  Radio Policy..................................... All
  DTIM period for 802.11a radio.................... 1
  DTIM period for 802.11b radio.................... 1
  Radius Servers
     Authentication................................ Disabled
     Accounting.................................... Disabled
     Dynamic Interface............................. Disabled
  Local EAP Authentication......................... Disabled
  Security
     802.11 Authentication:........................ Open System
     Static WEP Keys............................... Disabled
     802.1X........................................ Disabled
     Wi-Fi Protected Access (WPA/WPA2)............. Disabled
     CKIP ......................................... Disabled
     Web Based Authentication...................... Disabled
     Web-Passthrough............................... Disabled
     Conditional Web Redirect...................... Disabled
     Splash-Page Web Redirect...................... Disabled
     Auto Anchor................................... Disabled
     H-REAP Local Switching........................ Disabled
     H-REAP Learn IP Address....................... Enabled
     Infrastructure MFP protection................. Enabled (Global Infrastructure MFP Disabled)
     Client MFP.................................... Optional but inactive (WPA2 not configured)
     Tkip MIC Countermeasure Hold-down Timer....... 60
  Call Snooping.................................... Disabled
  Band Select...................................... Disabled
  Load Balancing................................... Disabled
  HELPPPP!

  We have 75 evenly distributed AP's servicing the 500 odd users. Found the below traps on WLC. I was making some changes in the WLAN settings at the time:
  Tue Apr 16 00:03:45 2013          Client Excluded: MACAddress:8c:a9:82:5d:d2:dc Base Radio MAC :3c:ce:73:c6:fe:00 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
  106          Tue Apr 16 00:03:45 2013          Client Excluded: MACAddress:58:94:6b:f2:24:c8 Base Radio MAC :c8:f9:f9:4c:01:30 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
  107          Tue Apr 16 00:03:45 2013          Client Excluded: MACAddress:bc:77:37:72:dc:0b Base Radio MAC :3c:ce:73:c6:53:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
  108          Tue Apr 16 00:03:45 2013          Client Excluded: MACAddress:00:26:c7:7d:12:76 Base Radio MAC :3c:ce:73:c4:79:80 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
  109          Tue Apr 16 00:03:45 2013          Client Excluded: MACAddress:bc:77:37:75:1f:93 Base Radio MAC :c8:f9:f9:2b:85:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
  110          Tue Apr 16 00:03:45 2013          Client Excluded: MACAddress:ac:72:89:58:8e:b9 Base Radio MAC :3c:ce:73:c6:53:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
  111          Tue Apr 16 00:03:44 2013          Client Excluded: MACAddress:bc:77:37:26:cd:e3 Base Radio MAC :3c:ce:73:c5:1f:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
  112          Tue Apr 16 00:03:44 2013          Client Excluded: MACAddress:ac:72:89:25:ea:e0 Base Radio MAC :3c:ce:73:c6:77:70 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
  113          Tue Apr 16 00:03:44 2013          Client Excluded: MACAddress:00:24:2c:6a:85:3d Base Radio MAC :3c:ce:73:c6:6a:50 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
  114          Tue Apr 16 00:03:44 2013          Client Excluded: MACAddress:68:5d:43:61:16:51 Base Radio MAC :3c:ce:73:f6:0c:20 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
  115          Tue Apr 16 00:03:44 2013          Client Excluded: MACAddress:7c:d1:c3:8a:64:f6 Base Radio MAC :3c:ce:73:c4:74:20 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2

• WLC 5508 HA Problem Soft.ver 7.4.100

  Dear Support,
  we are using two WLC 5508 software ver.7.4.100 with first 50AP license and in the next day we add 50AP license again to the primary WLC. when we activate HA base in the following guiden http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html but when we doing test the failover we found a couple log message on the Secondary WLC like below and not for long time all AP on the Secondary WLC was drop off. 
  1. DP Critical Error
  2. *RRM-DCLNT-2_4: May 23 07:43:53.204: #RRM-3-RRM_LOGMSG: rrmTables.c:682 RRM LOG:  Could not retrieve  RRM Coverage Measurement DataKey BSSID:34:db:fd:dd:3e:20,Key SlotId:0
  *RRM-DCLNT-2_4: May 23 07:43:53.164: #RRM-3-RRM_LOGMSG: rrmTables.c:682 RRM LOG:  Could not retrieve  RRM Coverage Measurement DataKey BSSID:34:db:fd:dd:3e:20,Key SlotId:0
  *RRM-DCLNT-2_4: May 23 07:43:52.854: #RRM-3-RRM_LOGMSG: rrmTables.c:682 RRM LOG:  Could not retrieve  RRM Coverage Measurement DataKey BSSID:2c:36:f8:72:fc:c0,Key SlotId:0
  I also send a complete log for both problem above and enclose it with pdf file. need you advice and assistance,
  regard, afriansyah

  I agree go to version 7.4.121.0 I has some strange issues on prior releases. Personally I am running 7.6.120.0 right now but that's mainly due to support for the 3702 access points.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html#pgfId-74573
  that's a good guide just to double check yourself just in case. -

• Upgrade WLC 5508 to 7.4.121.0 problem

  After I upgraded WLC 5508 from 7.2.111.3 to 7.4.121.0, all 3602i APs don't associate with the controller.  All APs were working/associating with controller on 7.2.111.3 at same setting.  IP address of APs are setup as DHCP.
  The error message is "AP couldn't get IP address".   
  Any one has this type of problem when you upgrade WLC 5508 from 7.2.111.3 to 7.4.121.0.
  Thanks,

  Hi,
  This doesn't look like software issue.
  You have to check why the APs are not able to get ip address. Try connecting a PC to a swtich port where one of these APs are connected and see if you are able to get IP on PC.
  Also check if the DHCP server is reachable and if there are IP address in the pool assigned for APs.
  HTH,
  Thanks & Regards,
  Ishant
  *** Please rate the post if you find it useful ***

• WLC 5508, DHCP Problem after Update Cisco ASA(DHCP-Server)

  Hello,
  our Problem is, our Apple Devices get no ip adress from our Cisco ASA Cluster(ASA 9.1.2) over Wireless(Cisco WLC 5508). All other devices(Windows, Android,...) work correct, without problems. Our WLC is in HA-Mode.
  Does anybody have an Idea?
  Thank you very much and Best regards,
  Stefan

  Hello again,
  I hope this case is the solution.
  https://supportforums.cisco.com/message/3942112#3942112
  I will let you know after downgrade.
  Best regards,
  Stefan

• WLC 5508 , AP client dhcp address different from WLAN interface VLAN subnet?

  Hope the title makes sense, here's my situation: I have multiple businesses on 1 WLC 5508, there's a LAG to my core switch with seperate interfaces for each, broken up by vlans.
  My question is: if i have a WLAN setup to use interface "Company A" which is vlan 10 with an ip of 10.0.1.5 which then points to 10.0.1.10 for dhcp.
  Can the WLAN client connecting to the Company A WLAN use an IP in a different IP range?(192.168.1.10?) can the wlc route? from the perspective of the DHCP server where doers the request come from? (10.0.1.5?)
  Can the DHCP server 10.0.10.10 on vlan 10 respond back with and ip on a different subnet to assign to the client to use and still be fully fonctioning? would the default gateway for the client need to be 10.0.1.5?  So the clients ip would be 192.168.1.10 /24 with a gateway of 10.0.1.5 (ip adress fo vlan10 interface on WLC) And if multiple clients on the same subnet wanted to talk to each other woudl the WLC know how to route them to each other without passing through the default gateway?
  Sorry if this is confusing I'm having a bit of a hard time explaining it in works, i can try and draw somethign up if it makes more sense.
  thanks
  Eric

  I think if you want these clients to stick to a WLAN configured on a VLAN that has a different IP addressing you could configure your VLAN with the normal IP addressing then add on the SVI the 2nd IP_Class_default_gateway.
  E.G.
  Vlan 10
  interface vlan 10
  ip address 10.0.10.1 255.255.255.0
  ip address 192.168.1.1 255.255.255.0 secondary
  Clients that receive IP address from 192.168.1.0/24 network will be able to reach 192.168.1.1 and all traffic will pass right.

• WLC 5508 + NPS MS-CHAP v2 Auth problems

  Hi,
  I am having a lot of trouble trying to set up a Cisco WLC 5508 to use NPS on Windows Server 2008 as it's authentication.
  When a client attempts to connect to the WLAN, the authentication is denied on Windows 7/Vista/XP, however, on Mac/iOS clients, it asks to accept the certificate (this is a public cert, issued by Entrust - however, it is a wildcard cert..), but then it will connect.
  So I have two questions:
  1/ Why won't the windows clients authenticate? If I set up the WLAN profile on the windows machine, and I deselect "Validate server certificate", then they connect just fine....
  2/ Is it possible to make it so the user is not prompted to accept the certificate? Why can't this certificate be validated locally by the client?
  Thanks,
  Josh

  Looks like it might have been an issue with that certificate, I don't know.
  Either it didn't like the wildcard, or it didn't like the intermediate/root CA.
  I downloaded a Comodo Trial SSL and plugged that in - works like a charm now!