Second WLC 5508 for HA N+1 with Mesh Network
Hi,
End user has a WLC 5508 and around 12 LAPs (an increasing un short time) configured and working for mesh network (some ROOTs and MAPs)
now is the way to deploy an additional 5508 in another site so that be the backup of the first controller.
Taking into account that is a mesh network what would be the options in WLC's config so that we can have the shortest time for LAPs to associate to
the backup controller?
I appreciate your comments
regards
yes, wlcs can be on different sites. be sure to configure primary, secondary wlc name and ip on those APs.
Similar Messages
-
DHCP on WLC 5508 - 7.4.100.0 - with HA
Hi All,
I'm just looking for some ideas on a problem we've encountered the last few days with DHCP on certain SSID's. To give you an idea, we have a wireless network with 13 SSID's being managed by a WLC 5508 pair configured as high availability (52 AIR-CAP3502I). Yesterday we encountered an issue with DHCP on a few of the SSID's but not all, and as a last resort a reboot of the controller fixed the problem. Statically assigning addressing allows for traffic to traverse the network out to the web and back so I don't think it's a VLAN configuration issue on the wired side. It's worth mentioning however that the controllers are configured for a LAG to HP switches. DHCP is being handled by an external windows DHCP server and the primary server address points to the gateway which has a relay configuration pointing to the windows server on the other side of it. Again, rebooting the controller fixed the problem and the web traffic traverses fine if statically assigning addressing. Any ideas or suggestions would be appreciated.
Thanks,
KeithWell to determine if its a LAG issue with the HP, just connect one port. This will help determine if its an HA issue or not. I don't know the HP platform, but the WLC uses src-dst-IP for load balancing across the LAG. Maybe the HP is sending the traffic back on a different port. So just having one port connected should eliminate if its a LAG issue or not.
Sent from Cisco Technical Support iPhone App -
WLC 5508 - AP's are conecting with WLC but unable to regester with WLC
Hi,
I have old 4400 series wlc and recently I have configured 5508 wlc and 6 new Access Point.
when you go to MONITER - AP Join their it shows connected AP detail with AP IP address but if u see it in under WIRELESS Option their is not showing any AP's detail.
I mean to say that AP's are connecting with WLC and also getting IP address but unable to regester with WLC.
Even I have checked with remove Radius configuration also from wlc as well as from acs.
please suggest......Im not able to post info it says below msg, plesse suggest how i can provide detail.
This message can not be displayed due to its content. Please use the contact us link with any questions.
Also I like to say that after factory rest 4 out of 6 is done now 2 remain. -
Prime Infrastructure with Mesh Networks
My customer has a Mesh network at a sea port. They have about 15 mesh access points at each location with two controllers each. Would Prime Infrastructure work with a mesh deployment? There is a lot of interference and sometimes the performance of the network is affected. I want to use the WCS portion of Prime, to manage the mesh coverage, parent/child relationship between the RAP's and MAP's.
Please let me know if Prime is something I can suggest to my customer to ease the management of the mesh network.
Thanks,
ScottHi Scott
Prime is the replacement for wcs. Wcs isn't supported past code 7.0.
Sent from Cisco Technical Support iPad App -
WLC 5508 to WLC 5508 for Mobility Group
Hi
I have 5508 WLC (Running 7.2) in seperate buildings. I have created ACL's on both Controllers and the only thing that is failing is the Mobility Control Function. The ACL on WLC B is the Exactly the same except with some IP's being reversed. I have allowed EoIP and Mobility Traffic on both Controllers. The Data Path is Fine but the Control Path is stating down. I apologize in advance if I have been to vague. Any help would be appreciated.
Thank You
BillWell for mping, that is upd 16666/16667. So in your rule, your rule you shoulod have something like this:
17 16666-16666 16666-16666 Any Permit
17 16667-16667 16667-16667 Any Permit
What is the ip of the WLC's? YOur counters are all zero also.
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080a7c988.shtml#t4
Take a look at your show rules output without the ACL and then witht he ACL. -
WLC 5508- how to setting up with Web auth with 2 profile
Hi Guys,
I wanted to control the 2 different profile to access internet with Cisco default landing page is that possible??
Example:
When connnected the SSID will redirect to Cisco landing pages
Cisco landing pages will differentiate there is member or guess with the password key in.
Member can access internet for 30 minute
guess only can access internet for 15 minuteJust some notes on WebAuth in the WLC. The timeout is specified per SSID so there would be no way to set a timeout unless you use a radius server and send a radius attribute to the WLC to set the session timeout.
So we really need to know if you have a radius server, is the radius server tied to Active Directory or is the plan just using the WLC for everything.
Sent from Cisco Technical Support iPhone App -
WLC 5508 AP SSO FUS Upgrade with different Versions
Hi everybody,
I've got two 5508 configured as AP SSO and I want to upgrade the FUS to 1.9.0.0
The Image running is 7.6.110.0
On the active controller the FUS Version is 1.3
On the HA-SKU controller the FUS Version is 1.7
Now, can I upgrade the FUS to 1.9.0.0 using the GUI, even when both controllers don't use the same FUS Version? If yes, can I go directly from FUS 1.3 to 1.9.0.0?
thanks a lot,
marcUnfortunately its not possible to upgrade just the standby controller in a AP SSO setup. The Command "transfer" is not available on the controller with the standby role. :-/
I don't get it, why it's not possible to upgrade either FUS oder Software in a AP SSO setup without downtime. The reason why people use AP SSO is because they have a sensitive wireless environment (24/7) and care about not having some downtime. Hopefully there will give some improvements in future releases in case of downtimes when upgrading. -
ISE Profiling for Wireless Devices (WLC 5508) like Laptops and Mobile Devices
Hi,
We have integrated WLC 5508 to cisco ise 3315 with ios 1.1.1 and using Guest Sponsor portal for wireless guest users.
Where we have created open ssid in wlc and redirect web login portal in wlc for guest users. We have enable all respective node in policy service for profiling and also configure snmp in wlc as well as in ise.
When guest user is connected to open ssid its get redirected to web login page of ise portal and when it gets login we are only able to see the username which guest user login but not the end device in monitoring log.
Wireless End devices are not able to get profiled can any one tell me what configuration I need to do on ise or wlc side to profiled end guest wireless device like android,iphone and laptops
Thanks
PranavHi Tarikh,
I only want to identify the end devices for wilress guest user. I have configured MAB Authentication and configure autorization policy where in mention identity group any condition as wlc web authentication and athorization profile only guest mentioning plain access for the same.
Can you help me how I can achived profiling for wirless guest devices. I have configured all profiling probes . Enable snmp on wlc as well as in network devices.
What else I need to configured to achived just identiting device nothing but profiling and which should reflect in authnetication logs.
Thanks
Pranav -
EAP-TLS on WLC 5508 agains IAS RADIUS
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Hi, anyone experienced issue like this?
I am installing a WLC 5508 using EAP-TLS authentication with an IAS Radius server.
I got “Access-Accept” debug message received from RADIUS server.
However the wireless client failed to connect.
Below is partially the debug message from the WLC
Any feedbacks are welcome
*Oct 07 15:08:24.403: Callback.....................................0x10c527d0
*Oct 07 15:08:24.403: protocolType.................................0x00140001
*Oct 07 15:08:24.403: proxyState...................................00:19:7D:72:B4:3B-09:00
*Oct 07 15:08:24.403: Packet contains 12 AVPs (not shown)
*Oct 07 15:08:24.403: apfVapRadiusInfoGet: WLAN(1) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*Oct 07 15:08:24.404: 00:19:7d:72:b4:3b Successful transmission of Authentication Packet (id 101) to 10.86.8.105:1812, proxy state 00:19:7d:72:b4:3b-00:00
*Oct 07 15:08:24.404: 00000000: 01 65 00 d2 d0 bc 95 1b f7 c9 71 dd 32 cb b7 0a .e........q.2...
*Oct 07 15:08:24.404: 00000010: 52 eb 0c 3e 01 22 68 6f 73 74 2f 49 44 31 30 2d R..>."host/ID10-
*Oct 07 15:08:24.404: 00000020: 30 41 46 4a 30 33 31 2e 65 75 63 2e 6e 65 73 74 0AFJ031.euc.test
*Oct 07 15:08:24.404: 00000030: 6c 65 2e 63 6f 6d 1f 13 30 30 2d 31 39 2d 37 64 01.com..00-19-7d
*Oct 07 15:08:24.404: 00000040: 2d 37 32 2d 62 34 2d 33 62 1e 1a 30 30 2d 33 61 -72-b4-3b..00-3a
*Oct 07 15:08:24.404: 00000050: 2d 39 38 2d 39 35 2d 34 36 2d 35 30 3a 57 57 53 -98-95-46-50:TES
*Oct 07 15:08:24.404: 00000060: 33 30 30 05 06 00 00 00 01 04 06 0a 56 0c d2 20 300.........V...
*Oct 07 15:08:24.404: 00000070: 0c 49 44 48 4f 4a 58 43 30 30 31 1a 0c 00 00 37 .IDHOJXC001....7
*Oct 07 15:08:24.404: 00000080: 63 01 06 00 00 00 01 06 06 00 00 00 02 0c 06 00 c...............
*Oct 07 15:08:24.404: 00000090: 00 05 14 3d 06 00 00 00 13 4f 27 02 03 00 25 01 ...=.....O'...%.
*Oct 07 15:08:24.404: 000000a0: 68 6f 73 74 2f 49 44 31 30 2d 30 41 46 4a 30 33 host/ID10-0AFJ03
*Oct 07 15:08:24.404: 000000b0: 31 2e 65 75 63 2e 6e 65 73 74 6c 65 2e 63 6f 6d 1.euc.nestle.com
*Oct 07 15:08:24.404: 000000c0: 50 12 80 be 54 a7 26 52 8e 63 0f 2f 87 a5 78 53 P...T.&R.c./..xS
*Oct 07 15:08:24.404: 000000d0: 68 6e hn
*Oct 07 15:08:24.405: 00000000: 02 65 00 34 3e c1 67 35 f7 be 57 75 43 ce 19 ca .e.4>.g5..WuC...
*Oct 07 15:08:24.405: 00000010: 83 5d 83 95 19 20 31 b1 03 a2 00 00 01 37 00 01 .]....1......7..
*Oct 07 15:08:24.405: 00000020: 0a 56 08 69 01 cb 63 8b 13 1e 16 37 00 00 00 00 .V.i..c....7....
*Oct 07 15:08:24.405: 00000030: 00 00 00 5f ..._
*Oct 07 15:08:24.405: ****Enter processIncomingMessages: response code=2
*Oct 07 15:08:24.405: ****Enter processRadiusResponse: response code=2
*Oct 07 15:08:24.405: 00:19:7d:72:b4:3b Access-Accept received from RADIUS server 10.86.8.105 for mobile 00:19:7d:72:b4:3b receiveId = 9
*Oct 07 15:08:24.405: AuthorizationResponse: 0x1524b3d8
*Oct 07 15:08:24.405: structureSize................................78
*Oct 07 15:08:24.405: resultCode...................................0
*Oct 07 15:08:24.405: protocolUsed.................................0x00000001
*Oct 07 15:08:24.405: proxyState...................................00:19:7D:72:B4:3B-09:00
*Oct 07 15:08:24.405: Packet contains 1 AVPs:
*Oct 07 15:08:24.405: AVP[01] Class....................................DATA (30 bytes)
*Oct 07 15:08:24.405: 00:19:7d:72:b4:3b Applying new AAA override for station 00:19:7d:72:b4:3b
*Oct 07 15:08:24.405: 00:19:7d:72:b4:3b Override values for station 00:19:7d:72:b4:3b
source: 4, valid bits: 0x0
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
dataAvgC: -1, rTAvgC
*Oct 07 15:08:24.405: 00:19:7d:72:b4:3b Inserting new RADIUS override into chain for station 00:19:7d:72:b4:3b
*Oct 07 15:08:24.405: 00:19:7d:72:b4:3b Override values for station 00:19:7d:72:b4:3b
source: 4, valid bits: 0x0
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
dataAvgC: -1, rTAvgC
*Oct 07 15:08:24.405: 00:19:7d:72:b4:3b Sending 802.11 EAPOL message to mobile 00:19:7d:72:b4:3b WLAN 1, AP WLAN 1
*Oct 07 15:08:24.405: 00000000: 01 00 00 04 03 ff 00 04 ........
*Oct 07 15:08:24.405: 00:19:7d:72:b4:3b Sending 802.11 EAPOL message to mobile 00:19:7d:72:b4:3b WLAN 1, AP WLAN 1
*Oct 07 15:08:24.405: 00000000: 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 ..._............
*Oct 07 15:08:24.405: 00000010: 00 3e 5d 2a e3 2a c2 22 71 0b 06 e8 42 6c 3c bf .>]*.*."q...Bl<.
*Oct 07 15:08:24.405: 00000020: 45 1e 5c e7 a1 68 ae 0c c0 9f 22 ce 0c 3e 96 45 E.\..h...."..>.E
*Oct 07 15:08:24.405: 00000030: ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*Oct 07 15:08:24.405: 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*Oct 07 15:08:24.405: 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*Oct 07 15:08:24.405: 00000060: 00 00 00 ...
*Oct 07 15:08:25.316: 00:19:7d:72:b4:3b Sending 802.11 EAPOL message to mobile 00:19:7d:72:b4:3b WLAN 1, AP WLAN 1
*Oct 07 15:08:25.317: 00000000: 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 ..._............
*Oct 07 15:08:25.317: 00000010: 01 3e 5d 2a e3 2a c2 22 71 0b 06 e8 42 6c 3c bf .>]*.*."q...Bl<.
*Oct 07 15:08:25.317: 00000020: 45 1e 5c e7 a1 68 ae 0c c0 9f 22 ce 0c 3e 96 45 E.\..h...."..>.E
*Oct 07 15:08:25.317: 00000030: ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*Oct 07 15:08:25.317: 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*Oct 07 15:08:25.317: 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*Oct 07 15:08:25.317: 00000060: 00 00 00 ...
*Oct 07 15:08:26.317: 00:19:7d:72:b4:3b Sending 802.11 EAPOL message to mobile 00:19:7d:72:b4:3b WLAN 1, AP WLAN 1
*Oct 07 15:08:26.317: 00000000: 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 ..._............
*Oct 07 15:08:26.317: 00000010: 02 3e 5d 2a e3 2a c2 22 71 0b 06 e8 42 6c 3c bf .>]*.*."q...Bl<.
*Oct 07 15:08:26.317: 00000020: 45 1e 5c e7 a1 68 ae 0c c0 9f 22 ce 0c 3e 96 45 E.\..h...."..>.E
*Oct 07 15:08:26.317: 00000030: ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*Oct 07 15:08:26.317: 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*Oct 07 15:08:26.317: 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*Oct 07 15:08:26.317: 00000060: 00 00 00 ...
*Oct 07 15:08:27.753: 00:19:7d:72:b4:3b Sending 802.11 EAPOL message to mobile 00:19:7d:72:b4:3b WLAN 1, AP WLAN 1
*Oct 07 15:08:27.753: 00000000: 01 00 00 30 01 01 00 30 01 00 6e 65 74 77 6f 72 ...0...0..networ
*Oct 07 15:08:27.753: 00000010: 6b 69 64 3d 57 57 53 33 30 30 2c 6e 61 73 69 64 kid=TES300,nasid
*Oct 07 15:08:27.753: 00000020: 3d 49 44 48 4f 4a 58 43 30 30 31 2c 70 6f 72 74 =IDHOJXC001,port
*Oct 07 15:08:27.753: 00000030: 69 64 3d 31 id=1
*Oct 07 15:08:27.760: 00:19:7d:72:b4:3b Received 802.11 EAPOL message (len 5) from mobile 00:19:7d:72:b4:3b
*Oct 07 15:08:27.760: 00000000: 01 01 00 00 00 .....
*Oct 07 15:08:27.760: 00:19:7d:72:b4:3b Sending 802.11 EAPOL message to mobile 00:19:7d:72:b4:3b WLAN 1, AP WLAN 1
*Oct 07 15:08:27.760: 00000000: 01 00 00 30 01 02 00 30 01 00 6e 65 74 77 6f 72 ...0...0..networ
*Oct 07 15:08:27.760: 00000010: 6b 69 64 3d 57 57 53 33 30 30 2c 6e 61 73 69 64 kid=TES300,nasid
*Oct 07 15:08:27.760: 00000020: 3d 49 44 48 4f 4a 58 43 30 30 31 2c 70 6f 72 74 =IDHOJXC001,port
*Oct 07 15:08:27.760: 00000030: 69 64 3d 31 id=1
*Oct 07 15:08:27.762: 00:19:7d:72:b4:3b Received 802.11 EAPOL message (len 41) from mobile 00:19:7d:72:b4:3b
*Oct 07 15:08:27.762: 00000000: 01 00 00 25 02 01 00 25 01 68 6f 73 74 2f 49 44 ...%...%.host/ID
*Oct 07 15:08:27.762: 00000010: 31 30 2d 30 41 46 4a 30 33 31 2e 65 75 63 2e 6e 10-0AFJ031.euc.t
*Oct 07 15:08:27.762: 00000020: 65 73 74 6c 65 2e 63 6f 6d est01.com
*Oct 07 15:08:27.764: 00:19:7d:72:b4:3b Received 802.11 EAPOL message (len 41) from mobile 00:19:7d:72:b4:3b
*Oct 07 15:08:27.764: 00000000: 01 00 00 25 02 02 00 25 01 68 6f 73 74 2f 49 44 ...%...%.host/ID
*Oct 07 15:08:27.764: 00000010: 31 30 2d 30 41 46 4a 30 33 31 2e 65 75 63 2e 6e 10-0AFJ031.euc.t
*Oct 07 15:08:27.764: 00000020: 65 73 74 6c 65 2e 63 6f 6d est01.com
*Oct 07 15:08:27.765: AuthenticationRequest: 0x1ad0b36cThanks for your reply jedubois
Really appreciate it.
I have tried to change the value for EAPOL-Key Timeout, still the client won't connect.
Below are the outputs for the eap advanced config
(Cisco Controller) >show advanced eap
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 5000
EAPOL-Key Max Retries............................ 2
(Cisco Controller) >
Any other suggestion? -
WLC 5508 Internal DHCP server issues
Hi,
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
- I have an LWAP connected to the WLC in HREAP mode.
- WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
- Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
guest 1 301 10.255.255.30 Dynamic No No
management 1 100 172.17.1.30 Static Yes No
service-port N/A N/A 192.168.0.1 Static No No
virtual N/A N/A 10.0.0.1 Static No No
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 4
WLAN ID WLAN Profile Name / SSID Status Interface Name
1 LAN Enabled management
2 Internet Enabled management
3 Managment Assets Enabled management
4 Guest Enabled guest
(Cisco Controller) >show dhcp detailed guest
Scope: guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 10.255.255.31
Pool End......................................... 10.255.255.254
Network.......................................... 10.255.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 10.255.255.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 8.8.8.8 8.8.4.4 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... e8:b7:48:9b:84:20
IP Address....................................... 172.17.1.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.17.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.30.50.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show interface detailed guest
Interface Name................................... guest
MAC Address...................................... e8:b7:48:9b:84:24
IP Address....................................... 10.255.255.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.255.255.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 301
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show dhcp leases
MAC IP Lease Time Remaining
00:21:6a:9c:03:04 10.255.255.46 23 hours 52 minutes 42 seconds <<<<<<< lease remains even when the client is disconnected.
*********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
(Cisco Controller) >show client detail 00:21:6a:9c:03:04
Client MAC Address............................... 00:21:6a:9c:03:04
Client Username ................................. N/A
AP MAC Address................................... a0:cf:5b:00:49:c0
AP Name.......................................... mel
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2 <<<<<<<< 'Internet' SSID
BSSID............................................ a0:cf:5b:00:49:ce
Connected For ................................... 319 secs
Channel.......................................... 36
IP Address....................................... 10.255.255.46 <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
Power Save....................................... OFF
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
H-REAP Data Switching............................ Central <<<<<<<<<
H-REAP Authentication............................ Central <<<<<<<<<<
Interface........................................ management
VLAN............................................. 100 <<<<<<<<<<< right Vlan
Quarantine VLAN.................................. 0
Access VLAN...................................... 100Hi All,
I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
Thanks,
Raj Sandhu -
WLC 5508 - Clients disconnecting
I am running WLC 5508 7.2.111.3 with some 2602i AP.
Last week one user reported his new macbook pro 2013 was encountering connectivity issues.His older macbook pro 2009 was working perfectly.
The user is sitting in the middle of 2nd floor having equal distance from second's floor access points.
The problem is that his Macbook pro 2013 was persistently trying to associate with 3rd's floor Access Points. Whatever i tried to do (deauthenticate user,rebooting 2nd & 3rd floor APs) the connection was persistent to 3rd floor Access Point. Even when i tried to install an Access Point in the user's office his Macbook Pro 2013 refused (!!!) to leave 3rd's floor Access Points.However his Macbook pro 2009 was always connected to the nearest Access Point (either to 2nd floor Access Points or to the newly installed access point in his office).
This week i had two visitors in 4th floor reporting that their Laptops (Sony Vaio) were doing very slow with the wireless.
When i tried to troubleshoot i found in the controller that their laptops were associating with 4th floor Access Points and after a minute they were disconnected and trying to associate to Ground Floor (!) Access Points. Of course they couldn't establish a connection and then associated again with 4th floor access points and after a while disconnected and trying to associate to Ground Floor Access Points
I tried to debug client with Sony Vaio and saw in the controller the following message
*apfMsConnTask_7: Mar 24 10:42:15.473: %APF-4-INVALID_ACTION_CATEGORY: apf_wme_utils.c:5481 Could not process 802.11 Action. Received Action frame with invalid category field(not supported by controller) from client. Mobile:*********, Category:7.
I also see a lot of these messages for other clients.
*apfMsConnTask_3: Mar 19 12:03:54.243: %APF-4-ASSOCREQ_PROC_FAILED: apf_80211.c:5275 Failed to process an association request from c8:6f:1d:24:0e:7d. WLAN:5, SSID:************. mobile in database timed out.
Am i hitting any bug similar or equal to CSCue53980?have you tried with open authentication ( no security ) ? Check if client is able to associate then
-
Cisco WLC 5508 V 7.0.116.0 Help
I have a WLC 5508, that has been working with AIR LAP 1522 AG-E-K9 and AIR LAP 1142N E K9 access points. I have deployed two
AIR-CAP1552E-A-K9 AP's on the WLC. I had to upgrade to Version 7.0.116.0, and had to set the country code to US ( Was ZA). The good news is that on US country code the new 1552's works great.
My problem now is to get the existing 1522 and 1142 AP's to work in conjunction with the 1552's on US country code.
Any information would be greatly appreciated.
Thank You in advance.George:
Multiple country codes are not supported for MESH APs.
You can only choose one country if you are using MESH APs whatever the model is.
If you have MESH APs with multiple country regulatories I think the only way to go is to replace your APs so all of them to be under same regulatory.
Features Not Supported on Mesh NetworksThese controller features are not supported on mesh networks:
Multi-country support
Load-based CAC (Mesh networks support only bandwidth-based, or static, CAC.)
High availability (fast heartbeat and primary discovery join timer)
EAP-FASTv1 and 802.1X authentication
EAP-FASTv1 and 802.1X authentication
Locally significant certificate
Location-based services
Reference: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008072ea79.shtml
HTH
Amjad -
Hi all,
I want some information about WLC setup.
I had wlc5508 with 12 LAP and it's working fine, but Now I want to purchase another WLC 5508 for redundant purpose.
If my older wlc failed then the new one will take care all the AP.
So can any one suggest me how to configure this type of topology and any docs.Hi Kiran,
This feature is called WLC fail over for LWAPPS.. here is the config example that gives us detailed explanation...
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml
lemme know if this answered your question..
Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull -
WLC-5508 Authorization failed to create SSID
Hi All,
I have two WLC-5508 for 50 AP's deployed. One is primary controller & other is secondary.
Recently noticed an unknown "authorization failed, no sufficient privileges for user" message poping up while making configuration changes
in WLC. Specificly when trying to create an new SSID. WLC Authentication is local. This message poped up earlier once or twice but it didnt prevent
from making changes that time.
How to troubleshoot ?
Regards
GautamDo you have any radius configured on the WLC by chance. If so can you make sure you don't have management checked there. I have not seen that issues with the 5508 and any of the 7.x code as of yet.
Sent from Cisco Technical Support iPhone App -
SNMP "Access Point" Lightweight WLC 5508
Hello
It is possible to configure SNMP in an AP lightweight with WLC 5508 to get some information with snmpwalk as a AP Serial number?
Thanks for your help
RegardsIt is possible to configure SNMP in an AP lightweight with WLC 5508 to get some information with snmpwalk as a AP Serial number?
Yes and no.
The details of the S/N are all found in the WLC. So if you need to do an SNMPwalk, do it on the WLC.
Maybe you are looking for
-
Calculation of tax on inclusive amounts
Dear all expert. We have a problem as follows I want to calculate Service tax on inclusive amount. For example........ total Invoice amount is Rs. 100.00 Service Tax is % 12.36 Therefor Service tax amount is 100*100/112.36 Therefore i want to post t
-
Alter a BAPI Result Table, how to get into the display "loop" ?
Hello all, i have a problem regarding the result rows of a RFC/BAPI Call. There are three views, let's say 1,2,3. In View 1, i call a BAPI, and display the results in a table in View 2. I added a button in each row, which calls View 3 and displays so
-
One email account on two computers
With the help of someone on these forums I have just set up a wireless network using Appl AirPort Extreme. I use Microsoft Entourage on both machines both using the same account. When I receive an email, it appears in the in-box of whichever of the t
-
How do I connect 2 external monitors with full HD to my MacBook Pro?
I would like to connect up my 2 external monitors to my MacBook Pro. But I want to have full HD resolution. I want to have the desktop stretched so I don't want mirror displays. What is the best way to accomplish this? Is there an adapter that I
-
Hi all, I've a some question related to MVC .. 1. I have a form and i have some simple dialogs to display for a user .. E.g. "Do you want to create this user?" .. I will use JOptionPane for this. Where should I place such statements? Is it a view or