Setting management interface WLC 7.4.121.0

Similar Messages

• 2 AP Management interface WLC 5508 at the same time

  Good afternoon,
  I have a customer that wants a few APs are managed by the interface of management and do join by that interface and another group of APs are managed and do join by another interface configured as "Enable Dynamic AP Management"
  is a WLC 5508, i created an interface by checking the option "Enable Dynamic AP Management" but does not work, by the interface of management are recorded without problems.
  Is it possible to do this? Are you supported?

  I don't know I understand your question properly or not.
  I think you want to join APs to management and AP manager interface at same time ?
  When you want to allow APs to join on two ports 1(management) & 2 at the same time, then you have use this:
  As you must be aware that only one AP manager is allowed per port. So if you leave the Management interface as an AP‐manager and just create one additional AP manager interface, you’ll allow APs to join to either port, but the Management interface will not be able to fail over since that would make two AP managers on the same interface.
  Or 
  Remove the AP management function from the Management interface and then create two new AP manager interfaces (one for each port).
  Regards
  Dont forget to rate helpful posts

• WLC 5508 AP-Manager interface

  Hi, I own a WLC 5508 and I (probably) do not understand AP-Manager interfaces. I have a lab with 2x 1242AG and 1x 1252AG connected to c2960. APs are in vlan 10 (192.168.10.0/24, configured via DHCP), APs are connected to "switchport mode access" interface. c2960 is connected via a trunk to c4506, and WLC is plugged in gi1/3 and gi1/4 (both through twingig). Both ports are configured as "switchport mode trunk". Management interface on WLC is on WLC port 8 (connected to gi1/4), and AP-Manager is on WLC port 1 (connected to gi1/3). Management interface on WLC has "Dynamic AP management" set to disabled, and AP-Manager has it set to enabled. Both, Management and AP-Manager interfaces are tagged, vlan id 12 and 13 (subnets 192.168.12.0/24, 192.168.13.0/24) respectively. APs receive their IP configuration via DHCP (server located in vlan 20, 192.168.20.0, ip helper-address in use), and try to discover WLC by DNS resolution (CISCO-CAPWAP-CONTROLLER.some.domain resolves to AP-Manager IP correctly). But APs do not join to controller, WLC says "Ignoring discovery request received on non-management interface", AP has "not joined" status in Monitor/Statistics/AP Join.
  But if I set management interface as "Dynamic AP enabled", and change DNS to resolve CISCO-CAPWAP-... to it's IP everything works fine - AP joins at once. Please help, how to join LAP to AP-Manager interface? Join to WLC manager is simple, but my design requires at least 2 AP-Manager interfaces.

  Hello,
  I just wanted to mention foremost; a split LAG configuration is not supported on the WLCs.  This "can" be achieved if you are splitting your LAG ports amongst VSS configuration on your two capable devices, but is not a recommended or supported configuration. I would highly suggest a LAG configuration over your individual port.  As far as the "ap-manager" concern you have of managing more than 48 APs, you are correct in that the AP-manager cannot handle more than 48 APs, however only when in an individual port configuration.  The LAG will overcome this limitation.
  George was correct about your DNS entry, this needs to point to the WLC's management interface.  This is why the AP joined when you pointed the DNS entry back to the management address-- as intended.
  This link is anchored to the mgmt, ap-manager, and dynamic interface creation for the 7.0.116.0 Config Guide: http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_ports_interfaces.html#wp1286790
  "If" you want to keep an individual port configuration, and need more than 60 APs connected, you will need to create more than one "ap-manager" interface.  You will just make a new dyanamic intreface and place it on the same network as the current ap manager (ie, management interface) and mark it for dynamic ap management.  All APs will still need to only see the management interface for joining; the WLC will assign to the appropriate AP manager as needed.  The WLC will fill up the first AP manager before joining building tunnels through the next AP-manager interface, so in your lab you will not really be able to test this behavior, assuming the 3-4 APs you were using.
  1. You can keep your management interface with "dynamic ap management" enabled so this serves as the first AP manager; if you desire. 
  2. You will need to create another dynamic interface mapped to the next port.  enabled "dynamic ap management" again here, and place this new "ap-manager" interface on the same vlan as the mgmt.  Keep in mind creating a dynamic interface and designating it as an AP manager prevents mapping that interface to a WLAN, see note below.
  *NOTE (from config guide): When you enable this feature, this dynamic interface is configured as an AP-manager interface (only one AP-manager interface is allowed per physical port). A dynamic interface that is marked as an AP-manager interface cannot be used as a WLAN interface.
  I would highly suggest the LAG configuration so there is no need to worry about the ap manager interfaces, regardless of the number of APs communicating. This also allows for growth if WLC needs to be licensed for more and more APs.

• WLC to use Management Interface & Few more getting started Questions

  Hello,
  I'm yet to implement the Wireless LAN in one of our client's corporate office. There 40 x 1130AG LWAPP AP's and 4404 WLC with ACS 4.x for the Authentication of the Wireless Clients who is trying to access the LAN.
  For the WLC to connect to the Dual Core Switch, i need to use only one Management Interface with Distribution System port 1 being the Primary and mapping the DS Port 2 as the Backup port for the Management Interface. Is this Right? or do i have configure Dynamic Interfaces as well. Is management interface for accessing / management and configuration only? Management Interface will communicate with ACS for AAA and AP's who would like to associate with the WLC, is this Right?
  Note: WLC, AP's, Wireless Clients & AP's are in the same IP Subnet.
  Few other question of WLAN's so it helps me during implementation -
  • Can I use the 802.1x Authentication application found in the Windows XP for the Wireless Interface; instead of Cisco Client Application. For this; I have to configure the WLC / Wireless Client to use EAP algorithm; is this Right?
  • With the help of RRM, the channel interference between multiple AP's (3 - 4 AP's) in the same area is controlled by the WLC by changing the Channels used by the AP which is not same on all the AP's. Is this right?
  • How many Client Users will connect per Channels. 802.11 a / g will provide 11 Channels, is this Right?.
  • I'm trying to set in the WLC to limit the Client connections per AP to 25, can this be achieved?
  Please, can anyone help me in calrifying the above points.
  Regards,
  Keshava Raju

  Many Thanks Mr. Dennis for your help & Clarification.
  With ref to your reply point no# 1. I have actually planned to connect one Gig port of the controller to each of the Dual Cisco Core Switch setup. Can i use all 4 Controller Interfaces configured as LAG and Port 1 & 2 connecting to Core Switch 01 and Port 3 & 4 connecting to Core Switch 02?
  I have Final two more questions, Request you to help me calrifying this?
  • I'm willing to configure Multicast communication between the WLC & AP's. For this configuration is it necessary to Connect the WLC in a different VLAN than the VLAN of the AP's. Is it necessary that I have to set the controller to LWAPP Layer 3 mode to support the Multicast communication?
  • Though I do not have implementation experience of the WLAN. My understanding of the Interface settings on the WLC - is I will have to configure one Management Interface for in-band management. Do I have to configure AP-Manager Interface (to support Multicast communication) and to make the WLC to communicate with ACS for Client Authentication. All of the Wireless Devices including the ACS are in one VLAN / IP Subnet, is only one Management Interface is enough for communicating with AP's (with Multicast) and communicating with ACS for forwarding the Authentication messages between the ACS & Wireless Clients?

• WLC Duplicate IP address detected for AP-Manager Interface

  I am getting an error log in the WLC saying, its IP address is duplicate by another machine with MAC address A.B.C.D
  But this MAC address A.B.C.D is the MAC address of the AP-Manager Interface in the same controller.
  Model No.                   AIR-WLC2106-K9
  Software Version                 7.0.116.0
  %LWAPP-3-DUP_IP: spam_lrad.c:27626 Adding client 58:b0:35:83:72:86 to  exclusion list due to IP Address conflict with AP 'AP_DUXO_3'
  %LWAPP-3-DUP_AP_IP: spam_lrad.c:27612 Duplicate IP address  detected for AP AP_DUXO_3, IP address of AP  10.184.1.224, this is a  duplicate of IP on another machine (MAC address 58:b0:35:83:72:86)
  Cisco AP Identifier.............................. 1
  Cisco AP Name.................................... AP_DUXO_3
  Country code..................................... US  - United States
  Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-A
  AP Country code.................................. US  - United States
  AP Regulatory Domain............................. 802.11bg:-A    802.11a:-N
  Switch Port Number .............................. 1
  MAC Address...................................... cc:ef:48:1a:e4:af
  IP Address Configuration......................... Static IP assigned
  IP Address....................................... 10.184.1.224
  IP NetMask....................................... 255.255.0.0
  Gateway IP Addr.................................. 10.184.20.2
  Domain...........................................
  Name Server......................................
  NAT External IP Address.......................... None
  CAPWAP Path MTU.................................. 1485
  Telnet State..................................... Enabled
  Ssh State........................................ Disabled
  Cisco AP Location................................ DUXO_BOX
  Cisco AP Group Name.............................. default-group
  Does anyone have an issue like this ?

  Are you sure this MAC address 58:b0:35:83:72:86 isn't some type of Apple device?  Its OUI is registered to apple.  How do clients get ip addresses DHCP?  It appears that the IP 10.184.1.224 is statically assigned to your ap-manager and that this client 58:b0:35:83:72:86 is either getting that same IP from DHCP or the client is statically assigning it themselves. 

• WLC 5508 - Ignoring Primary discovery request received on non-management interface (2) from AP

  Hello,
  Im receving this error on my syslog server:
  capwap_ac_sm.c:1443 Ignoring Primary discovery request received on non-management interface (2) from AP
  already checked the configuration and everything seems ok. They are registered and with clients associated.
  What could be the cause?
  Thanks in advance,
  Chris

  Thanks Scott for your fast response.
  No, I'm not using LAG.
  What do you mean with separate AP Managers?
  I have one AP Manager on vlan 100 (10.100.0.25) and the Management interface on the same Vlan (10.100.0.26)
  And users use vlan 150 (10.150.0.x).
  The switch port where the AP is plugged is configured with:
  interface GigabitEthernet2/0/20
  switchport access vlan 100
  switchport mode access
  spanning-tree portfast
  On WLC I can also check the AP history:
  Last Error Occurred Reason            Layer 3 discovery request not received on management interface

• WLC IP Conflict with AP-Manager Interface

  I am getting an error log in the WLC saying, its IP address is being used by another machine with MAC address A.B.C.D
  But this MAC address A.B.C.D is the MAC address of the AP-Manager Interface in the same controller.
  have anyone faced an issue like this ?
  The same issue is having in another controller also. But I have two more controllers with the same IOS , which are working fine.

  Hey Scott...
  Thanks for ua quick response.
  We have controller 4402.
  We have all the two ports connected to core. But we have enabled LAG as well.
  It was working perfect since almost an year and half. Recently we had an image upgradation to 6.0.182.0.
  Upgradation was done for all the 5 controllers. But two are having this error log since then.
  Its not continously coming.. Only sometimes..

• ACL blocking traffic towards the management interface on WLC 5508

  Hello All,
  I need to apply an ACL in WLC 5508 such that it would allow https traffic on management interface only from selected clients. 
  For same, I have created an ACL permitting only the intended users while blocking the rest. Have applied the same on the management interface. 
  However still the access from all devices to management interface is not blocked. The ACL hit count too is not incremented. 
  I am on WLC code 8.0.110.0. 
  Has anyone else faced similar issue while applying ACL against management interface. 
  Highly appreciate the inputs. 
  Thanks and Regards,
  Adnan

  Hi Adnan,
  you have to apply this ACL as a CPU ACL. Then it will work.
  For your reference:
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109669-secure-wlc.html#t4
  Hope that helps...
  Kind regards
  Philip
  --> Pls rate useful responses <--

• 5508 WLC HA pair - change management interface settings

  Hi,
  We have a pair of 5508 WLC's in a HA configuration that is working well at the moment, however I have noticed that the management interface is configured as untagged. I would like to change this to tagged and change the attached switch to trunk for these devices but if I try and edit the management interface through the GUI the VLAN and IP address section is greyed out and cannot be changed. While I could attempt it through the CLI and am comfortable doing that, the fact that it cannot be changed through the GUI implies that this should not be changed and so I am after further information. I don't have any lab equipment other than the HA pair in production so I cannot try changing it through the CLI at the moment. 
  The WLC's are in LAG mode if that makes any difference. I realise there may be downtime required for making this change but I am trying to work out the steps to get this done without having to drastically reconfigure things. 
  Any assistance would be appreciated. 

  Introduction of New Interfaces for HA Interaction
  Redundancy Management Interface
  The IP address on this interface should be configured in the same subnet as the management interface. This interface will check the health of the Active WLC via network infrastructure once the Active WLC does not respond to Keepalive messages on the Redundant Port. This provides an additional health check of the network and Active WLC, and confirms if switchover should or should not be executed. Also, the Standby WLC uses this interface in order to source ICMP ping packets to check gateway reachability. This interface is also used in order to send notifications from the Active WLC to the Standby WLC in the event of Box failure or Manual Reset. The Standby WLC will use this interface in order to communicate to Syslog, the NTP server, and the TFTP server for any configuration upload.
  Redundancy Port
  This interface has a very important role in the new HA architecture. Bulk configuration during boot up and incremental configuration are synced from the Active WLC to the Standby WLC using the Redundant Port. WLCs in a HA setup will use this port to perform HA role negotiation. The Redundancy Port is also used in order to check peer reachability sending UDP keep-alive messages every 100 msec (default timer) from the Standby WLC to the Active WLC. Also, in the event of a box failure, the Active WLC will send notification to the Standby WLC via the Redundant Port. If the NTP server is not configured, a manual time sync is performed from the Active WLC to the Standby WLC on the Redundant Port. This port in case of standalone controller and redundancy VLAN in case of WISM-2 will be assigned an auto generated IP Address where last 2 octets are picked from the last 2 octets of Redundancy Management Interface (the first 2 octets are always 169.254).

• Any advantages to setting the AP-Manager and Management interface to an untagged vlan?

  Any advantages to setting the AP-Manager and Management interface to an untagged vlan? Currently, our controllers have their management and ap-manager interfaces on the same untagged vlan. Would it be wise to change this? Are there any gotchyas I should be aware of?

  No really, there won't be a problem. Management an AP-manager can be on different vlans.
  The vlan you chose to untag is the vlan you should declare as native on the switch, that's it.
  No advantage in having interfaces configured in a way or another.
  Some people want the management to be in a "management" subnet and the ap-manager will be in the subnet with all the APs. Some others have several AP subnets so the ap-manager is in the same as management ... no importance whatsoever as long as the config is coherent.
  The only thing that is worth considering is the size of AP subnet to me. If you give a /16 for APs and have 1000 APs in a single subnet, ARP and broadcast storms will be hitting the fan. But the vlan tag/untags that you chose are not important
  To rate an answer, click on the stars below it. 1 for not so useful and 5 for very useful.
  Nicolas
  ===
  Don't forget to rate answers that you find useful.

• WLC 5508 Management Interface Connection

  I'm setting up a new 5508.  I've used the config from a 4402, have successfully connected to the Service port to manage the device, but for some reason cannot connect to the Management interface.  In this case, port 1.
  The service port is connected to a Catalyst switch and grabbed an ip address (10.2.x.x subnet) no problem.  I can access the 5508 via https using the SP.  However, port 1 is connected to the same Catalyst switch, but on a different vlan (subnet 10.20.x.x).  Both ends show that the interfaces are up, I can ping the interface from any other host on the network, but when I try to manage the device via https I cannot connect.  We are using WCS and I cannot add the device from the WCS.  About all I can do is ping that interface.
  I've probably overlooked something very basic, but I'm baffled.

  Thanks for the reply.
  No, definitely not that.  I have all of those enabled.  I have the SP connected to another vlan on the same switch and can manage through that port(https, telnet).  I've tried about every combination of trunk port, access port, etc.  I'm beginning to suspect the GBICs (10baseT), but both ends show that I am connected at 1000 and I can ping the ip address of the management interface.

• WLC 5508 management interface

  Hi, I have a particular wireless design that requires one WLC 5508 to be connected to two seperate swithces. Port 1 of WLC is connected trunk to Switch A and Port 2 of WLC is connected to Switch B. Each switch has its own local VLANS. When I connect 1130s LAPs they need to find the management interface initially and then use only AP management interfaces. since there is only one management interface, if I assign management interface on a vlan that is configured on switch A then APs on switch A join fine but those on switch B keep asking for management interface and from capwap debug on WLC it says that join request was received on wrong ineterface ....
  the only work around to this was to make routing between switch A and switch B for the two vlans on which APs reside... but for security purposes - client would like to avoid this
  any help much appreciated ..

  Hi thanks for your reply,
  Yes I agree perfectly with your explanation - On both switches I have UDP forward for 5246 and 5247 and everything works fine.
  You understood exactly what's happening for initial discovery the Guest AP asks for managemnt interface through WLC port 2 but managerment IP is on admin side WLC port 1 and then it drops packet saying that it was received on the wrong port. In fact that is why I put an ACL between the Admin switch and guest switch taht allows only 5426 capwap control - just to allow that initial discovery from guest AP to contact Management interface which can only be assigned to one port and in my case it is on the admin switch side. And that is why I had to make a route between the two independent switches.
  My question is to know if there is any other way with my given design to eliminate this initial discovery to the management inetrface, as my client would like the admin and guest switches to be completely seperated i.e. without the routing. Is there any way that the guest APs can make contact with the AP management interface on their side only skipping the discovery of the management interface ? the guest APs were primed on the admin side so they know the IP. After the initial discovery, if I remove the routing between admin and guest switch, guest APs keep their connectivity without any problems.

• WLC 5508 with 6.0.188 -- ap-manager interface..

  6.0.188 code on new 5508 WLC does not show ap-manager interface.
  6.0.188 code on 4404 wlc does have ap-manager interface.
  Both are working fine.
  Why is that?

  The 5500 controllers use the management interface to function as both the management interface and ap-manager.  There will not be an ap-manager in the 5500.

• Cisco 2504 controller, setting management wlan interface Vlan Identifier to anything but 0 loses management ability

  I have setting the Management Interface Vlan Identifier to 0 or untagged.
  If i change this to a vlan, I am unable to manage the device, is this correct?
  Steve

  If u make it untagged then specify the NATIVE vlan on the switchport..
  If u tag the management interface, then dont configure the native vlan on the switchport..
  Both the cases u will be able to access!!
  Lemme know if this answered ur question!!
  Regards
  Surendra

• Wlc 5508 management interface vlan - access point vlan

  Is it required that the access points are in the same vlan as the management interface on a wlc 5508?

  There is a story behind this .. Just yesterday my guy was like "aps wont join" .. I let him hammer away at it .. It was the check box
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."