Switchport setup for lwapp access point running several ssid's

Similar Messages

• LWAPP Access point wont advertise SSID's

  I have a 4402 WLC and LWAPP AIR-LAP1131AG-E-K9  connected to it.
  I have been wrestling with the config for sometime now.
  I have a laptop right next to it that wont see the SSIDs I have configured being broadcast.
  I have no idea why but I do have the following errors in the log.
  Apr 17 11:37:59.091 sim.c:913 SIM-3-GW_MISMATCH: MAC address of the GW 00:0f:f7:32:c1:80 recieved in the JOIN Request differs from the cached MAC addr 00:00:0c:07:ac:64 of the Gw. Deleting the Gw IP 10.45.50.97 for the AP Mgr & sending ARP req. for resolv
  Apr 17 11:37:49.080 spam_lrad.c:1107 LWAPP-3-DISC_INTF_ERR2: Ignoring discovery request received on a wrong VLAN (70) on interface (1) in L3 LWAPP mode
  I notice the first error related to the GW IP, but I am not sure where this is specified and why it is mismatched.
  I also dont know what the second error means either about the wrong VLAN.
  Please can anyone help!
  Many thanks,
  Neil

  Ok I now understand why I am not seeing any SSID's
  I am actually troubleshooting this remotely and have a laptop sat next to the AP. The laptop has a hard wired connection that when connected disables the Wireless adpater. Its a HP nc6400 laptop. I am not sure if it is a laptop setting or a GPO.
  So the not seeing the SSID is fixed.
  When I shutdown the switchport for the laptop. I did see the laptop pick up a DHCP address in the wireless scope I configured.
  However this actually only worked once which was wierd.
  I solved the gateway mismatch by actually putting the correct gateway address into ap-manager interface.
  But I am still left with the message
  Apr 17 11:37:49.080 spam_lrad.c:1107 LWAPP-3-DISC_INTF_ERR2: Ignoring discovery request received on a wrong VLAN (70) on interface (1) in L3 LWAPP mode
  However this has been joined with another log entry;
  Apr 17 21:05:38.734 1x_auth_pae.c:2510 DOT1X-3-MAX_EAP_RETRIES: Max EAP identity request retries (21) exceeded for client 00:1b:77:31:9d:72
  The Mac address here is the Wireless Adapter of my test laptop.
  The information of the WLC is
  Product Identifier Description
  AIR-WLC4402-25-K9
  Version Identifier Description
  V04
  Possibly this is not what you are after but if you show me where to look that would be great.
  It might be relevant but I have joined the AP to the switch with
  switchport access vlan 70
  switchport mode access
  The config to the WLC is on a Gi port
  switchport trunk encapsulation dot1q
  switchport trunk allow vlan 2,11,70,80
  switchport mode trunk
  I am wondering if I should have
  switchport trunk native vlan 70 in here?
  The interface config on the controller is
  (Cisco Controller) >show interface SUMM
  Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Gu
  est
  ap-manager                       1    2        10.45.50.111    Static  Yes    No
  management                       1    2        10.45.50.110    Static  No     No
  service-port                     N/A  N/A      10.44.48.214    Static  No     No
  virtual                          N/A  N/A      1.1.1.1         Static  No     No
  york-vlan70                      1    70       10.44.51.1      Dynamic No     No
  Many thanks,
  Neil

• IOS to LWAPP for 1130AG Access Points

  We have initially installed IOS-based 1130 APs. If we would be upgrading it to LWAPP mode, could we pushed IOS-to-LWAPP upgrade thru the network? what procedures are required?

  Hi Leopoldo,
  This is possible and fully supported and can be done using the "LWAPP Upgrade Tool". Have a look at the following;
  LWAPP Upgrade Tool Troubleshoot Tips
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008072d9a1.shtml
  Access points must run Cisco IOS Release 12.3(7)JA or later before you use the upgrade tool.
  System Requirements
  You can use the Autonomous to Lightweight Mode upgrade tool to install Cisco IOS Release 12.3(11)JX on these access points:
  All 1100 series access points containing MP21G (802.11g) radios
  ***All 1130, 1230, and 1240 series access points
  All modular 1200 series access points running Cisco IOS software and containing these supported radios:
  802.11g: MP21G, MP31G
  802.11a: AIR-RM21A-x-K9, AIR-RM22A-x-K9
  All 1300 series access points in access point mode
  http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/b311jx1.html
  Cisco has released a free tool called the "Autonomous to Lightweight Mode Upgrade Tool" that allows selected Cisco Aironet autonomous access point models to be configured for lightweight mode operation.
  The Autonomous to Lightweight Mode Upgrade Tool supports the following models:
  Cisco Aironet 1240AG Series access points
  Cisco Aironet 1230AG Series access points
  Cisco Aironet 1200 Series access points that contain 802.11g (AIR-MP21G-x-K9) and/or second-generation 802.11a radios (AIR-RM21A-x-K9 or AIR-RM22A-x-K9)
  Cisco Aironet 1130AG Series access points
  **Cisco Aironet 1100 Series Access Points that contain 802.11g radios (AIR-AP1121G-x-K9)
  Cisco Aironet 1300 Series Access Points/Bridges (AIR-BR1310G-x-K9 or AIR-BR1310G-x-K9-R). A Cisco Aironet 1300 Series operating in Lightweight Access Point Protocol (LWAPP) mode only operates as an access point. This series does not support LWAPP bridging mode.
  The Autonomous to Lightweight Mode Upgrade Tool supports a process to migrate an autonomous access point from autonomous mode to lightweight mode. Unlike a VxWorks to Cisco IOS Software upgrade, this process is a Cisco IOS Software upgrade to the existing Cisco IOS Software image-not an operating system "swapout". In converted access points operating in lightweight mode, Cisco IOS Software continues to run on the access point, while LWAPP is used to communicate with a wireless LAN controller. Since LWAPP supports automatic access point configuration, there is no need to retain or convert the original autonomous Cisco IOS Software access point configuration.
  http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_white_paper0900aecd804f1a23.shtml
  Cisco Aironet Access Point Support for Lightweight Access Point Protocol
  http://www.cisco.com/en/US/products/ps6521/prod_bulletin0900aecd80321a2c.html
  Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp157147
  Hope this helps!
  Rob

• QOS config 4500 switchport for Lightweight access point

  What is the best QOS configuration what needs to be applied on a 4500 switchport for Lightweight access point.

  Hi,
  If you are asking about Layer 2 QoS configuration for switch-port then it is global command, which will apply on all switch-ports, not for any specific switch-port. 
  As far as switch-port mode is concern which in connected to LWAP then yes it is better you keep it in default mode.

• LWAPP Access Point IOS Upgrade?

  Using a 4400 Wireless Controller and WCS how do you upgrade the LWAPP IOS on Access Points to the latest version or is this even necessary? My LWAPP access points are fully functional 1131's and converted 1230's, but I would like to know what the procedure to update ios's are when a new one comes out. Do these automatically install when you update the controller software or do I need to download new IOS periodically and copy it to the controller or WCS, etc? What do you think?

  Hi Jim,
  When a Lightweight AP is connected to the WLC it has the same Version as the WLC. For example if the WLC is running 4.0.155.1 the AP is running 4.0.155.1. If you upgrade the WLC to a new version the AP's are upgraded at the same time. There is no need to do anything with the AP's themselves.
  Hope this helps!
  Rob

• Setup RV220W as Access Point

  Hi,
  May i know that can a CISCO RV220W setup as a Access Point in company network?
  We already have a router for IP management.
  is it possible to setup as Acces point?
  Also can we separate the guest and internal user for using wireless by difference SSID and VLAN.
  It seem it cannot setup if i need to setup limited network access right by SSID and VLAN.
  Thank you
  Rgds,
  Sun

  Thank you for your reply.
  For setup as AP, i understand your suggestion.
  Also i understand i can setup a VLAN assign to an SSID.
  Under this SSID, internal user can access our network.
  I can setup Lan Port (1) and Lan Port (2) in VLAN1, assign one SSID.
  i plug my default gateway(existing router) into Lan Port (1), so my internal user can access network resource by this SSID
  For guest SSID, we don't have other router.
  If i setup Lan Port (3) and Lan Port (4) in VLAN2, assign one new SSID.
  Where i can enable "inter-VLAN" with protection of local network?
  Can i setup the protection of local network with Guest SSID by RV220W?
  Do i need additional equipment?
  Rgds,
  Sun

• Looking for an Access Point with 2 Ethernet ports and powered via PoE

  Hi Gurus,
  I am looking for an Access Point with 2 Ethernet ports and the access point can be powered via PoE. I have been assigned with a requirement where the rooms need to have access point as well as an Ethernet Cable provided from the Access Point as a backup for connectivity.
  The room only has one data cable coming from the main IT room as well does not have a spare power socket to power the Access Point. Will be good if it can be centrally controlled or controller based.
  Any recommendations?
  Regards
  J

  For the backup plan, the cheapest solution may be to just run a couple new cat5e drops to the room(est cost $250). If not then purchase a small Cisco POE switch for the room(est cost $2k). For wireless I would purchase a POE enabled Cisco AP. But you will need to verify the POE switch/blade you will be connecting the AP to can power the AP you buy. I got burned by that issue when we purchased some Cisco 1251 AP's with dual radios and they needed more power than our 4500 POE blades could handle. We were told we would need to purchase new 48 port 10/100/1000 blades or power injectors. Our Cisco sales vendor took the heat for that mistake.
  Posted by WebUser Steven Kinney from Cisco Support Community App

• LWAPP Access points flapping

  Hi,
  I have 1252 and 1260 LWAPP access points in 20 sites connected to a 5500 controller over WAN through flexconnect.
  Last two weeks, i noticed that the access points associated to the primary controller keeps flapping.(ie) it stay in primary controller for a minute or two and then it goes off again and again. Moved the APs to the secondary controller. Again i see the same issue. Noticed that there is no issue with the bandwidth.
  This issue happened so far in two sites. The issue happens with all the access points at both of these sites. Replaced the access points. Still no luck. So converted the APs to autonomous mode as a temporary fix. Please let me know the suggestions.
  Thanks,
  Abinaya

  Hi Scott,
  Thanks for your reply...me and abinaya with in same team
  yes we have a huge gap between the AP up time and Joining time
  Let me tel you in how we are connected...
  We have 1000's of WAN link(MPLS) connected to Data Center.
  In Data Center we have this WLC 5508
  20 Locations are added to this WLC(Flex Connect), each location has 4-5 AP's
  Points we observed.
  When we change this AP's to Autonomus mode,its working fine. Even in autonomus mode AP has to reach DC for AAA
  If the WAN link has some problem, it should effect other devices which connect to DC.
  We replaced AP's...but no luck.
  This happened with different locations,different controllers.
  We found the below logs in all the AP's which met this problem.
  Dec 11 05:42:21.375: %DTLS-3-BAD_RECORD: Erroneous record received from X.x.x.x: Duplicate (replayed) record
  *Dec 11 05:42:42.971: %LWAPP-3-CLIENTEVENTLOG: Switching to Standalone mode
  *Dec 11 05:42:43.011: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to X.x.x.x:5246
  *Dec 11 05:42:43.055: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Dec 11 05:42:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: x.x.x.x peer_port: 5246
  *Dec 11 05:42:53.000: %CAPWAP-5-CHANGED: CAPWAP changed state to 
  *Dec 11 05:42:53.863: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: x.x.x.x peer_port: 5246
  *Dec 11 05:42:53.863: %CAPWAP-5-SENDJOIN: sending Join Request to x.x.x.x
  *Dec 11 05:42:53.863: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Dec 11 05:42:54.055: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
  *Dec 11 05:42:54.239: %CAPWAP-5-CHANGED: CAPWAP changed state to UP
  *Dec 11 05:42:54.247: %LWAPP-3-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
  *Dec 11 05:42:54.395: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller Cont-Name
  *Dec 11 05:42:54.439: %LWAPP-3-CLIENTEVENTLOG: Switching to Connected mode
  Please suggest if you observe some thing.
  Regards,
  Satya.M

• Autonomous vs LWAPP access point

  I am new to these 2 terms.
  What's the main difference between autonomous and LWAPP access point?
  Autonomous AP can work on it's own, while LWAPP need to be used with WNC?
  If I need to deploy an wireless enironment, I should use LWAPP, right?

  The main difference is autonomous do not require a controller to control the AP and it use WLSE for management software; the LWAPP require a WLC wireless controller to control all of the AP but provide ease of management for the communication / setting between APs, it use another management software call WCS.
  If you will deploy many APs, LWAPP will be better for easier management. If only a few APs, autonomous is fine because do not require additional WLC.
  LWAPP info. :
  http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_white_paper0900aecd802c18ee.shtml
  Hope this helps.

• License for Monitor Access Point

  Dear Friends,
  I have a 5508 controller with 200 access points . I have additional 10 access points to be used as Monitor Mode, as this will be connected to the MSSE. Question here is does the monitor access points requires licenses to configure on the controller or does IPS license of 25 AP's is enough for MSE.
  I think for these 10 Monitor Access Points, we need to have licenses for the controller as well as MSE license for the access point. Am I right in this assumption?
  BR,
  Sid

  Hi Sid,
  the license on the WLC is for "joined APs" whatever is their role. So monitor mode APs count the same as other APs.
  Regards,
  Nicolas

• LWAPP access points are unregistering from the controller

  Our wireless controller network designed with one 4402 controller and 30 LWAPP 1000 series access points.
  all lwapp access points are suddenly unregistering from the controller and registering with controller after few minutes. It was happen randomly 2 to 4 times in a day.
  I am adding the attachment of log file please help me anyone know identified this problem.
  Thanking you,
  Regards,
  Ranga Kishore
  9959344436

  Hi,
  What's the specific model of your 4402? How many access points do your controller support?
  Can you also check if the uplink or distribution ports on your WLC goes up and down. Thanks.
  Regards

• API for setting Access points with PEAP programmatically

  Dear Godly developers,
  Would like to find out if there is any APIs for setting Access points with PEAP programmatically?
  Regards
  hAoZ

  Thanks for your response. We don't have the Wireless LAN Controller installed and have only configured directly through the AP's, which don't seem to have any configuration changes regarding Aironet IE's. Is there a config change that needs to be made just on the AP's? Or is the Wireless LAN Controller software necessary to make this change?
  Thanks again.

• Question about using "dumb terminals" for multiple access points

  For both home and a small busniess setting I have been trying to find info about the possibility of using some form of dumb terminal to provide multimple acces points to a single computer rather than a network of multiple computers.
  I would like to use my LCD TVs, (which have AV and PC inputs) as monitors. I am going to purchase a new mac soon, and it seems it would make sense to spend more on 1 mac with more capability rather than 5 mac-minis (yes, I am trying to have 5 access points, with one one mac).
  I have CAT5 running to all the locations I want to use, I also have airport.
  For the most part I'm expecting only one user at a time, but occasional two. OS X is multi user, but can it support simultaneous users?
  I have searched the discussions/forums and some google searching. Maybe I'm asking the wrong questions. But, I can't imagine that I am the only person who has thought of this.
  If you have any thoughts or suggesting for further searching I would appreciate it. Thanks

  On each of these 'dumb terminals' I assume you are looking to access the complete Mac desktop from the central Mac?
  Unfortunately, this can't be done.
  In the past, the setup you describe first was used on mainframes where each end node was a dumb terminal. But it was just text.
  Next came X11 which does mostly what you are asking about, but each end node is basically a full computer in itself. You can remotely log into a central server and get a complete desktop session. This would take using a central computer that is running full X-Windows and then you'd need a PC running Linux, or running Windows and a X-Terminal package like Exceed or a Mac with X11 installed (not sure if you can make the Mac X11 do a full-blown desktop X session.) Note that as the central server, you'd need a computer running an OS with full-blown X-Windows (Linux, Solaris, HP-UX, etc.) -- OS X is UNIX but it doesn't run full X-Windows as its window manager.
  Finally, there is what are called 'thin clients' ... a good example is Sun Microsystems' SunRay... it's enough hardware on the client side to provide display, keyboard and mouse. They boot off a central Sun Solaris server and work just like X-Windows clients. The difference here is that the SunRay unit can't work on its own; it has no disk, and has to boot from the SunRay server.
  And of course there's Windows Terminal Services, which lets you do the same thing with Windows. I think that takes Windows Server edition software on the central computer, and then a regular PC as a client.
  Sounds like your only option is to use Mac minis as you suggest. But then there's no need for a central computer to share, obviously.

• How can I verify CAPWAP/LWAPP access point?

  Hello,
  I wonder how can I check / what command shoul I use on non-autonomous access points to see wether they are support capwap or they support lwapp??
  Thank you folks..

  Hello,
  I think Leo means how to distinguish by autonomous and lightwieght. not between LWAPP and CAPWAP.
  Autohomous APs have in their image nam: K9W7 while lightweight APs have K9W8. That is correct. But I think this is not the answer.
  In order to distinguish if an AP uses LWAPP or CAPWAP you have first to know that:
  - Some old APs support only LWAPP. They do not support CAPWAP (1010 and 1030 for example).
  - CAPWAP started with WLC version 5.2. If you have 5.2 or later then your AP supports CAPWAP. (old APs metnioed above are not supported on 5.x. they are supported on up to 4.x).
  - Some APs support CAPWAP only. They work onlyh on WLCs with version 5.2 and above that supports capwap. (1140 for example does not work with 4.x, 5.0 or 5.1). While some other APs may work with either lwapp or capwap (1240 works with lwapp if it joing WLC running 5.0 while it works with capwap if it joins WLC that runs 7.x).
  Now, in order to know if your AP supports capwap or lwapp:
  - You need to know if your AP has any limitation (if it is capwap only, lwapp only or can run on both).
  - if your AP can run on both lwapp and capwap you can do follow the follownig steps:
  * show version from the AP to know the IOS version running on it.
  * Go to this link (wireless compatibility matrix): http://tiny.cc/k08thw
  * in the page, look for your IOS versoin that you knew from show version command.
  * find what is WLC version that your AP version corresponds to.
  * If the corresponding WLC version is 5.2 or later then you are running CAPWAP. If your WLC runs 5.1 or earlier then      you are running lwapp.
  HTH
  Amjad

• Problems probing for rogue access points

  Hello,
  I have a situation where I am trying to locate a rogue AP in one of my office buildings. When I bring a laptop over there with NetStumbler or Inssider, I get no response from any access points or clients. Its like that throughout the entire building. However when I leave the building, the AP start to come up but I cant get near them.
  I have another build that we have as well and the probing works just fine. Would there be a controller template or access point template that would be causing this problem?
  Here is what I am running:
  Cisco 4400 controller with firmware 4.2.130.0
  Cisco 4400 controller with firmware 5.0.148.0
  Cisco WCS 5.1.64.0
  The access points that are connected to the controller with a firmware of 4.2.130.0 is the one that seems to be stopping my attempts with probing. So far my searching for causes has not turned up anything=(
  Any help would be greatly appreciative.

  What are you seeing in the logs? Are the two controllers being used as primary and secondary? You should keep the code the same, just in case ap's move to the other controller?
  When you see a rouge ap, it will also state which ap's are hearing that rouge ap and the signal strength. If you see it -86db or worse, then it is outside of your building most likely.