SNMP traps with WLC 4402

Currently using WLC 4402 with about a dozen WAPs. I would like to start logging some messages to troubleshoot some association issues. The syslog does not seem adequate for this the issues I am having. I noticed the default SNMP traps but is only holds 255 traps. I have tried to setup an SNMP server to get the traps but I get no data, only OID values. I was successful in getting the MIBs for the OIDs but still not all the data that I see on the brief traps screen.

Hi,
I have tried it with solarwinds and works fine for me. Talking about the traps. But they are too many.
The OID is : 1.3.6.1.4.1.14179.1.1.2.4.1.22
snmp info for polling:
MIB Value Type: Raw Value
Format: None
SNMP Get Type: Get Table
Polling Type: node
On WLC go to Managemnet (top TAB)
Right hand select > SNMP > Traps Control.
In this menu select what traps to need to be logged.
These traps will be shows on the oid polled.

Similar Messages

Cisco AIR-LAP1041N-E-K9 not working with WLC 4402 version 7.0.116.0

Hi All,
appreciate your support for a problem i started facing today. i have a Cisco WLC 4402 running version 7.0.116.0 and it is working great with 25 Cisco 1252 APs. we have recieved a new 20 Cisco 1041N APs today and i installed one in our site but it doesn't work. it worked fine and loaded the image from flash and got the WLC ip address through DHCP option and started showing the below error:
*Mar 1 00:00:10.021: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:10.033: *** CRASH_LOG = YES
*Mar 1 00:00:10.333: Port 1 is not presentSecurity Core found.
Base Ethernet MAC address: C8:9C:1D:53:57:5E
*Mar 1 00:00:11.373: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:11.465: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1088 messages)
*Mar 1 00:00:11.494: status of voice_diag_test from WLC is false
*Mar 1 00:00:12.526: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.594: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.647: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-K9W8-M), Version 12.4(23c)JA2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 13-Apr-11 12:50 by prod_rel_team
*Mar 1 00:00:13.647: %SNMP-5-COLDSTART: SNMP agent on host APc89c.1d53.575e is undergoing a cold start
*Mar 1 00:08:59.062: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:08:59.062: bsnInitRcbSlot: slot 1 has NO radio
*Mar 1 00:08:59.138: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:08:59.837: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:09:00.145: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:09:09.136: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 172.16.26.81, mask 255.255.255.0, hostname APc89c.1d53.575e
*Mar 1 00:09:17.912: %PARSER-4-BADCFG: Unexpected end of configuration file.
*Mar 1 00:09:17.912: status of voice_diag_test from WLC is false
*Mar 1 00:09:17.984: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:09:19.865: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:09:19.886: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.873: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.874: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
Translating "CISCO-CAPWAP-CONTROLLER.atheertele.com"...domain server (172.16.40.240)
*Mar 1 00:09:29.029: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.100.102 obtained through DHCP
*May 25 08:27:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:02.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:03.175: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:03.177: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:03.177: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:03.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:03.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:03.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:03.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:03.448: status of voice_diag_test from WLC is false
*May 25 08:27:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:14.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:15.185: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:15.186: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:15.186: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:15.330: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:15.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:15.334: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:15.334: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:15.450: status of voice_diag_test from WLC is false
*May 25 08:27:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:26.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:27.182: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:27.183: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:27.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:27.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:27.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:27.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:27.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:27.433: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:27.446: %PARSER-4-BADCFG: Unexpected end of configuration file.
*May 25 08:27:27.447: status of voice_diag_test from WLC is false
*May 25 08:27:27.448: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*May 25 08:27:27.456: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 25 08:27:38.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:38.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:39.183: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:39.184: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:39.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:39.326: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:39.329: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:39.329: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:39.330: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:39.446: status of voice_diag_test from WLC is false
*May 25 08:27:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:49.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:50.179: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:50.180: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:50.180: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:50.323: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:50.326: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:50.326: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:50.326: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:50.425: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:50.438: %PARSER-4-BADCFG: Unexpected end of configuration file.
i searched for the regulatory domains difference between AIR-LAP1041N-E-K9 and AIR-LAP1041N-A-K9 and didn't find any difference that may affect the operation of this AP.
just to mention that our configuration in WLC for regulatory domains is:
Configured Country Code(s) AR
Regulatory Domain 802.11a: -A
802.11bg: -A
My question is, should i only include my country in the WLC (IQ) to add the requlatry domain (-E) to solve this problem? or changing the country will affect the operation of all working APs??
Appreciate your kind support,
Wisam Q.

Hi Ramon,
thank you for the reply but as shown in the below link:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html#wp233793
the WLC in version 7.0.116.0 supports Cisco 1040 seiries APs.
Thanks,
Wisam Q.

SNMP Trap with Solaris 9

Hello,
I am looking for information on SNMP traps that can be generated by the SNMP installed with the OS.
How can I configure them and what is available?
I read the doc Solstice Enterprise Agents 1.0 User Guide but did not find anything to configure SNMP Traps.
Or which MIB should I use to get an event log that will report problem?
Any help would be great!
Thanks

Hi,
Even im facing this issue, for latest solaris 10 patches also.
Thanks,
Srikanth.

Snmp traps with Call Manager 4.13

Anyone being able to get snmp traps from Call Manager 4.13 to work. I can walk the MIB and get snmp cold start traps but no Call Manager specific traps

There is a possibility that the CCM service controls this trap and thus cannot send a trap until it is up. This is an issue seen in many devices not just CCM. CCM supports only certain traps.Refer the following URL for more information
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a00803f52e1.html#wp1041935

AP 1131ag not able to join with WLC 4402

In some of my spare time, I've been trying to get this AP to join with this WLC. It's been about two weeks now. I'm not sure what the problem is. I think that there are a few possible issues, but I'm asking the more experienced & knowledgeable support community. I did convert the autonomous AP to a LAP. So here are some outputs:
AP sh ver
AP0014.6956.6926#sh ver
Cisco IOS Software, C1130 Software (C1130-K9W8-M), Version 12.4(25e)JAO3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 18-Dec-13 20:53 by prod_rel_team
ROM: Bootstrap program is C1130 boot loader
BOOTLDR: C1130 Boot Loader (C1130-BOOT-M) Version 12.3(2)JA3, RELEASE SOFTWARE (fc2)
AP0014.6956.6926 uptime is 2 hours, 11 minutes
System returned to ROM by power-on
System image file is "flash:/c1130-k9w8-mx.124-25e.JAO3/c1130-k9w8-mx.124-25e.JAO3"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1131AG-A-K9 (PowerPCElvis) processor (revision A0) with 27638K/5120K bytes of memory.
Processor board ID FTX0924T1NR
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 7.3.1.72
1 FastEthernet interface
2 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:14:69:56:69:26
Part Number                          : 73-8962-07
PCA Assembly Number                  : 800-24818-06
PCA Revision Number                  : C0
PCB Serial Number                    : FOC092238UU
Top Assembly Part Number             : 800-25544-01
Top Assembly Serial Number           : FTX0924T1NR
Top Revision Number                  : A0
Product/Model Number                 : AIR-AP1131AG-A-K9
Configuration register is 0xF
WLC sh sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 4.2.205.0
RTOS Version..................................... 4.2.205.0
Bootloader Version............................... 4.2.205.0
Build Type....................................... DATA + WPS
System Name...................................... wlcVA010a03a01
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 10.10.1.1
System Up Time................................... 4 days 0 hrs 54 mins 42 secs
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ 00:18:73:35:DC:40
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
WLC debug lwapp errors enable
Fri Jan 24 16:55:15 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.
Fri Jan 24 16:55:15 2014: 00:13:5f:f8:94:f0 Unable to free public key for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:55:15 2014: 00:13:5f:f8:94:f0 Decoding Join Request failed for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:55:20 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.
Fri Jan 24 16:55:20 2014: 00:13:5f:f8:94:f0 Unable to free public key for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:55:20 2014: 00:13:5f:f8:94:f0 Decoding Join Request failed for AP 00:13:5f:f8:94:f0
WLC debug lwapp events enable
Fri Jan 24 16:52:20 2014: 00:13:5f:f8:94:f0 Received LWAPP DISCOVERY REQUEST from AP 00:13:5f:f8:94:f0 to ff:ff:ff:ff:ff:ff on port '1'
Fri Jan 24 16:52:20 2014: 00:13:5f:f8:94:f0 Successful transmission of LWAPP Discovery Response to AP 00:13:5f:f8:94:f0 on port 1
Fri Jan 24 16:52:20 2014: 00:13:5f:f8:94:f0 Received LWAPP DISCOVERY REQUEST from AP 00:13:5f:f8:94:f0 to ff:ff:ff:ff:ff:ff on port '1'
Fri Jan 24 16:52:20 2014: 00:13:5f:f8:94:f0 Successful transmission of LWAPP Discovery Response to AP 00:13:5f:f8:94:f0 on port 1
Fri Jan 24 16:52:31 2014: 00:13:5f:f8:94:f0 Received LWAPP JOIN REQUEST from AP 00:13:5f:f8:94:f0 to 06:0a:10:10:00:00 on port '1'
Fri Jan 24 16:52:31 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.
Fri Jan 24 16:52:31 2014: 00:13:5f:f8:94:f0 Unable to free public key for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:52:31 2014: 00:13:5f:f8:94:f0 Decoding Join Request failed for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 Received LWAPP JOIN REQUEST from AP 00:13:5f:f8:94:f0 to 06:0a:10:10:00:00 on port '1'
Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.
Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 Unable to free public key for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 Decoding Join Request failed for AP 00:13:5f:f8:94:f0
WLC debug pm pki enable
Fri Jan 24 16:49:45 2014: sshpmGetIssuerHandles: invalid args (0x13d7edd0/0x13d7edd4/0x13d7edd8/0x30231b14/0)
Fri Jan 24 16:49:45 2014: sshpmFreePublicKeyHandle: called with (nil)
Fri Jan 24 16:49:45 2014: sshpmFreePublicKeyHandle: NULL argument.
Fri Jan 24 16:49:50 2014: sshpmGetIssuerHandles: invalid args (0x13d91320/0x13d91324/0x13d91328/0x30231b14/0)
Fri Jan 24 16:49:50 2014: sshpmFreePublicKeyHandle: called with (nil)
Fri Jan 24 16:49:50 2014: sshpmFreePublicKeyHandle: NULL argument.
Thanks!
Leon

cisco AIR-LAP1131AG-A-K9 (PowerPCElvis) processor (revision A0) with 27638K/5120K bytes of memory.WLC sh sysinfoManufacturer's Name.............................. Cisco Systems Inc.Product Name..................................... Cisco ControllerProduct Version.................................. 4.2.205.0RTOS Version..................................... 4.2.205.0Bootloader Version............................... 4.2.205.0Build Type....................................... DATA + WPSFri Jan 24 16:55:20 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.
adding to Above .
Manually add self-signed certificates (SSCs) to a Cisco Wireless LAN (WLAN) Controller (WLC).
you can manually add the SSC to the WLC.
these kind problems occure with Lightweight AP Protocol (LWAPP)-converted AP.
Via GUI:
Choose Security > AP Policies and click Enabled beside Accept Self Signed Certificate.
Select SSC from the Certificate Type drop-down menu.
Enter the MAC address of the AP and the hash key, and click Add.
Via CLI:
Enable Accept Self Signed Certificate on the WLC. The command is config auth-list ap-policy ssc enable.
(Cisco Controller) >config auth-list ap-policy ssc enable
Add the AP MAC address and hash key to the authorization list,The command is config auth-list add ssc AP_MAC AP_key .
(Cisco Controller) >config auth-list add ssc
More to check here:
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00806a426c.shtml.
Also mention by Scott that this is very old version on WLC.Please upgrade it.
Hope ite helps.
REgards
Dont forget to rate helpful posts

Restrict Access Vlan with WLC 4402

Folks, I have three SSID configured on WLC and three groups configured on ACS and I need to restrict SSID access based on ACS group.
I tried to use this guide below.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml
How you can see, this example is aplicable to 802.1x and work out fine with 2 SSIDs that I have but the third SSID don't work because it use the NAC Web login to Auth the user, I needed to fallback because this configuration blocked my NAC Authentication.
Although I have configured NAR just Group2 and Group3, users on Group1 that are Auth with NAC were blocked.
Anyone Know Why this or How can i configure this restriction on WLC and ACS?
thanks a lot

Hi,
You could be hitting DDTS CSCdu52690.
I will suggest to do an upgrade ACS version 3.0 is old and unsupported.
Thanks,

Possible with WLC 4402

Wanted to know if the 4402 would fit our envirment till we move to a different means of authentication at our school. I already have the 4402 for the new method but we are not ready to deploy that as yet.
Currenly the wireless network we use has a VPN concentrator at the head of the network. We use standalone APs that broadcast an open SSID. Users attach the the SSID and get a private IP. They authenticate with a VPN client. Once authenticated they are given a public IP address.
I would like to be able to place the 4402 and its 1131 APs on this network and have it with with the VPN method we use know. What I don't know. Will I be able to config the 4402 to handle the private then public exchange of IP addresses that the client phase through as they authenticate? I have no control over the VPN and the DHCP servers. Everything is untagged on this network and there are no VLANs. Would I need to create interfaces for the private and public subnets that the client use? 4402 is on another subnet along with the AP. Since the network is untagged I might need a separate port for the private and public subnets. The 4402 would then not have enough ports for this to work or am I'm not thinking correctly.
Craig

I found the VPN passthrough setting for the WLAN an enabled it. It appears clients are connecting to the open WLAN. Looks like they are not getting a private IP.
We use external DHCP server and it isn't in same subnet as the pool it distributes. Users are to connect to the open WLAN and obtain a private IP from the DHCP server. They then authenticate via the VPN client and obtain a public address. Not sure how to define the interface for the WLAN. Should be be based on the private ip subnet or public. Since the DHCP server is not on the clients private subnet do I need a routing statement to allow client to be able to contact DHCP server.
Craig

Cisco WLC 5508 not sending SNMP Traps

Hello Everyone.
I'm having a weird error on our WLC environment. We have an HA with two cisco WLC 5508 and i cannot get SNMP Traps working on a Windows PC running Kiwi Syslog server (free ed.).
I can receive correctly Syslog messages, but not traps.
I Tried also to send SNMP Traps from WLC to a different PC using Linux with snmptrapd and it works fine.
I tried then to send from my Linux box a snmp trap to my Windows PC, and it works fine, but i still cannot receive anything from WLC.
Using Wireshark to detect traffic, i cannot see any packet on udp port 162.
I cannot figure out any problem with my scenario, but i can see the following errors on syslog:
*rmgrTrasport: Mar 30 16:08:22.602: #RMGR-3-INVALID_PING_RESPONSE: rmgr_utils.c:270 Ping response from <my_windows_PC> is invalid. Ip address do not match.
My WLC Version is 7.6.130.0
Thank you for your support.

I have gone through your query and found the following fruitful links ,please let me know if it helps and mark it correct answer if it is.
https://www.manageengine.com/network-monitoring/help/userguide/processing_traps.html
https://rscciew.wordpress.com/2014/10/12/snmp-configuration-on-wlc/
Thanks :)

How view snmp Traps CISCO PRIME 1.2

It is posible to view snmp Traps from WLC to CISCO Prime ?? How ?

Hi Steve :
I need to view the traps which are generated in the Controller, I need to view that in the Cisco Prime Infractructure. I´ve configured Communities in WLC with IP Address to Cisco Prime and Trap Receiver with IP address to Cisco Prime.
Now, How can I view these Traps in the Cisco Prime ?.
Another question , Is it posible to configure Switch from Cisco Prime ?
Thanks,
Claudio

Monitoring SNMP Traps from Windows Server

Hello All
im looking for a way to monitor an application that runs with os windows server 2003 and windows 2008 r2 and send its alarms as a snmp traps with system center operations maanger 2012 R2.
in the scom 2007 environment i could discover the servers as network device and recive traps and genrate alerts.
is there a way to edit the existing management pack to enable the windows server discovery as a network device
and enable traps with a microsoft oid to be resived ?
i understand that this is by desigin from
http://technet.microsoft.com/en-us/library/hh212935.aspx
or is there another option to create this monitor with scom 2012 R2?
Thank you

Hello Yan.
thank you for the replay i understand that this is by design,
what im looking for is a way to edit the management pack that discard those OID
or even a 3rd part solution to monitor windoes server snmp genrated alerts.
thank you

Enterprise Manager Grid Control can send SNMP Traps to third-party?

GC 11.1
It looks like a simple config, but I've got into a confusion about it.
I'm trying to figure out the configuration to send SNMP traps to a third party server.
My scenario is:
Node A (managed, monitored) ---- GC box------ SNMP box (final destination).
My understanding is that the traps (notification methods) configured on GC box are generated by the Agent on Node A, then received by the GC and distributed as e-mails.
What is the config to set the traps from A to reach SNMP box?
There is the help page from the GC page (confused about interpretation):
"Add SNMP Trap pageThe Add SNMP Trap page enables you to provide the name of the host (machine) on which the SNMP Master Agent is running and other details so that SNMP traps can be sent through Notification Rules.
An example is shown below.
Name HP OpenView Console
Description Notification method to send trap to HP openview console
SNMP Trap Host Name litleguy.us.oracle.com
SNMP Host Port 162
SNMP Community public
This SNMP host will receive your SNMP traps.
Note: A Test Trap button exists for you to test your setup."
Any suggestions are highly appreciated.
Thx,

Please reply with the specific questions around this.
11.1
EM can send SNMP traps to specific designated receivers. You create an advanced notification method (of type SNMP Trap) with the appropriate details about the receiver.
(See Setup->Notification Methods)
In the notification rules UI, you specify the alerts you are interested in forwarding and select the SNMP trap advanced notification method you created earlier.
The SNMP receiver should be provided the correct MIB that defines the SNMP trap. There were some bugs with the MIB definition in one of the releases (don't recall which one off hand), so if the traps you are receiving don't match what the receiver expects - please let us know and we can point to the right one.
regards

Need Information For Connecting Access point to WLC 4402

Hi Friends
I need Some information for Connecting my New Access point ( Cisco AIRLAP 1242AG) with WLC(4402) Controller
In our network set up we have two WLC(4402) we needs to Connect this New Accesspoint To one of our WLC
My Access point is brand New. I need to Know what all i have to do inorder to connect this AP to the controller (from Acesspoint perspective & WLC perspective)
I need to Know what I need to do in AP to connect to the Controller
Do i need to Assign Static IP Address forAP or after connecting to the switch it automatically gets ip from DHCP and regsiter with controller??
Do i Need to Configure my AP with default gateway(the switch to which is connected ?) & DO i need to configure the AP with Controller Ip address ??
Pls Assist
Regards
Safwan

Hi Scot...
We tried Connecting the Access Point yesterday, but it failed....
We are using Cisco 3500 Access point ...
when we connected , first it automatically got an ip address using DHCP but following error occurred
P70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
Not in Bound state.
*Mar 1 00:13:56.539: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination
*Mar 1 00:13:56.555: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne
d DHCP address 10.50.11.26, mask 255.255.0.0, hostname AP70ca.9bd5.77c6
*Mar 1 00:14:04.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
.182.0 on WLC USSTLController01
*Mar 1 00:14:14.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
.182.0 on WLC USSTLController01
*Mar 1 00:14:24.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported
version 6.0
.182.0
version 6.0
.182.0
on WLC USSTLController01
version 6.0
.182.0
Then I COnfigured Ap with Static ip address & default gateway & controller Ip but tht too didnt work...
.182.0 on WLC USSTLController01
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
*Mar 1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
3750X-48P (e05f.b907.9a20)
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>en
Password:
AP70ca.9bd5.77c6#
*Mar 1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
P70ca.9bd5.77c6>
*Mar 1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
3750X-48P (e05f.b907.9a20)
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>en
Password:
AP70ca.9bd5.77c6#
*Mar 1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
I also Need to Know Cisco Access point 3500 can be associated with WLC 4402 ( version 6.0.182.0) ??
Pls Advice How to proceed further

WLC 4402, LAP1242AG APs and Layer 2 Switch Network Design

Hi Every One,
I am new designer in the Wireless technology. During design i came accros through a confusing/complex existing topology which i have to integrate with WLC 4402 as below;
Existing:
1: I have 12 Switches; all vtp mode server. all in single vlan 1 with single subnet 192.168.0.0/24. All users ports in this single vlan 1.
2: All of these are old switches including 2950G, 350GXL, 4912.
3: All the switches gateway is Pix Firewall (192.168.0.1).
To Do:
1: I have to implement 1 * WLC 4402, 22 *LAP1242AG Access Points.
2: WLC will be connected to 350GXL or 4912 through Fiber.
3: Access Points will be connected to all other 20 switches randomely.
Confusion:
1: In my design i created separate vlan 450 for WLC and APs management. But this is not doable in this current setup because all the switches are vtp mode server. Also the gateway is Firewall. Which will require configuration on all existing switches + Pix.(I DONT WANT TO GO FOR THIS OPTION).
2: To make my work easy, is this possible to Put the WLC, APs in the same vlan 1 (192.168.0.0/24) that is currently used by the existing switches? The gateway for these WLC and APs will be Pix (192.168.0.1).
3: I tried to search Cisco examples, but in every example Cisco has made a separate vlan for WLC, APs management. So will Point 2 worK?
4: Do i require any specific changes for this?
5: ANY OTHER DESIGN SUGGESTION?????????
Please find the attached Diagram for more information.

Thanks for the reply.
1: U mean dat the switch port config will be as below;
int g0/10
description connected to WLAN Controller
switch mode access
switch access vlan 1
int g0/23
description connected to AP
switchport mode access
switchport access vlan 1
so below wil b the sumary of config:
All switches, WLC, APs, Wireless users and Wired users will be in the same subnet (192.168.0.0/24). Is it ok??
2: Wat do u mean by vtp config; Please clarify???
As i mentioned all switches are in vtp mode server. vtp domain name is configred on 12 out of 15 switch. Do i need to config same vtp domain name on all switches? I also have to check vtp pass??

Help required with WLC software upgrade

I have a customer with WLC 4402 in use, running software version 7.0.98.0, and supporting 11 APs at present. The customer wants to enlarge the WLAN, which involves increasing the number of APs. I have purchased a new WLC5508, and have installed it onto the network alongside the 4402. the 5508 is running software version 7.0.116.0. Because the wireless network is critical to the user, we want to move the APs over to the new controller while the network is up and running, then remove the 4402.
However, when we set the 5508 as the master controller, or tell one of the APs to use the 5508 as its primary controller, the AP connects to the new controller, downloads the new software version, attempts to load it but reports an error with the unzipped file size of the software and fails to boot. formatting the flash on the AP, then disconnecting the 5508 from the network and rebooting the AP allows it to connect to the 4402, it downloads the older software and boots as normal. A new AP, if connected to the 5508 in a test scenario (ie no 4402) connects, downloads and boots perfectly.
I have the upgrade software to allow the 4402 to be upgraded to 7.0.116.0, but I am concerned that, if this is installed, the existing APs will then fail to boot from the 4402 or the 5508.
all APs are 3502s, running IOS version 12.04(23c)JA when connected to the 4402 and 12.04(23c)JA2 on the 5508.
Any suggestions would be gratefully received
Thanks

Hi Pat,
thanks for the reply. I am off site until the morning, but will attach the colsole output tomorrow.
Your mentioning a corrupt image makes me wonder - we had a lot of trouble setting up the initial config on the new WLC, getting a lot of launch failures. Eventually things seemed to settle down (it certainly booted successfully first time this morning) and getting an AP to connect without a problem made me hope it was just a quirk of the configuration wizard, but I think I will try a reboot of the WLC before I do anything else, just to check it is stable.
If it is a corrupt image it may take a little while to sort, as we have not as yet got a support contract on the 5508 - the plan was to upgrade the existing contract on the 4402 once they were swapped out, but I'll let you know whats going on
Rob

Can a WLC have multiple SNMP Trap Receivers with the same cummunity string?

My Monitoring team want me to send traps to three different trap collectors with the same SNMP Community string.
I have 2106's, 2504, 4400's, 5500's, 7510 all running either version 6 or 7.
Is this possible on a Wireless controller? If so, how?

Read this from my friends blog ..
http://mrncciew.com/2013/02/14/configuring-snmp-on-wlc/
"Also you can configure SNMP trap receiver where WLC can send its snmp trap messages. Community Name means SNMP trap receiver name & that does not have any significance like snmp community value."
It doesnt appear to have the same significants .. But I havent tested it
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

SNMP traps with WLC 4402

Similar Messages

Maybe you are looking for