Two WLC same subnet VLAN flapping

Similar Messages

• CSS Load balancing on same subnet/vlan

  Hi
  I have connections coming in to a VIP which is load balanced with a CSS between web servers. However I need the web servers to talk to a VIP on the same subnet and then load balance that to servers in the same subnet as my web servers. We are using the CSS's in bridging mode. Is this possible?

  Yes, it is possible. You can define one VIP to load balance traffic on your web servers and another VIP (on the same subnet) to allow load balancing between web servers and back-end servers. If the web servers use a different TCP port to communicate with the back-end servers as for the web access, you can even use the same VIP address and two content rules.
  Something is however very important to make this working : you have to NAT the source address for the backend servers connections to make sure the return traffic pass through the CSS and not directly to the web server (they are on the same subnet).
  Yves Haemmerli (IBM)

• Two WLC over the same SUBNET - selection from AP for determinate WLC

  Hi
  I have the next problem, my company have two WLC (WISM1 - IOS 7.0 and WLC2504 - IOS 7.4), and we have 4 types of APs (1131, 1242, 1040 and 1600), well the WISM 1 manages the old APs 1131, 1040 and 1242, the 2504 manages the 1600, this because the WISM 1 don't support the 1600
  Well my question its how i can assigned to APs 1131, 1242 and 1040 to connect to WISM1 and not to 2504 , both are on the same subnet and the Ip its send for DHCP with option 43, others for DNS and apparently some of my APs connected to the 2504, I wish only connect to WISM 1
  How i can set priority in the AP for conect to WISM1?, i read the High Availability on the AP, this is enough or should we make any extra settings the WLC
  Thanks for the response
  Regards

  To understand the working of HA kindly study the following link .It will provide you step by step solution to the query
  Hi Kashif,
  I don't think you understand the nature of this thread.  It is IMPOSSIBLE to configure a 2504 & a WiSM-1 for HA (AP SSO). 

• Advantages and Disadvantages of having the APs and the WLC Management on same subnet

  Good day Experts;
  I have a 5760 WLC running as a centralized mode with 3702 AP terminating the CAPWAP tunnels on the 5760, I've also have another 5760 WLC with HA license, running on standby mode.
  I have two questions:
  1.- Can you please confirm that I don't need to configure "AP Manager" on the 5760 WLC (i.e. I don't need the following statement:   "wireless ap-manager interface vlanx" ). I don't need this configuration statement even the APs are on a different subnet than the Management of the WLC.
  2.- Are there any advantages and/or disadvantages of having the APs and the management of the 5760 WLC Management on a different subnet/vlan?   
  Thanks;
  Juan

  Hi Juan,
  1. Can you please confirm that I don't need to configure "AP Manager" on the 5760 WLC
  Yes, you do not want to create ap manager interface on 5760. Just management interface & that will do everything. Below should cover basics of the 5760 config
  http://mrncciew.com/2013/12/12/getting-started-with-5760/
  2.- Are there any advantages and/or disadvantages of having the APs and the management of the 5760 WLC Management on a different subnet/vlan?
  If you put AP management on the same vlan as WLC management, then AP broadcast discovery messages will reach WLC management. So you do not want to configure any WLC discovery mechanism (DNS or DHCP option 43) for AP to find WLC to register. This is ok for small scale deployment, but if you have 500-1000 AP these AP broadcast reaching WLC will be problematic (burden WLC). So it is recommended to seperate AP management to WLC management in large scale deployment. In that case you have to define a way to AP to get WLC IP information (DNS or DHCP option 43 is most common)
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Can 2 vlans have the same subnet?

  I hope the combined genius of the fellow community can answer me this. I am new to Cisco, and I understand VLANs as a physical boundary separating broadcast domains.
  I was wondering if it is possible to divide 1 subnet (192.168.1.0) into two separate VLANS? I have all layer 3 switches in my environment. Making matters worse, there would be no pattern for the IP address assignments into VLAN-A vs. VLAN-B..
  If this is possible, can you please explain the mechanisms for a successful implementation. 

  It mostly depends if/how you want hosts on them to talk one another (or other networks).
  If the answer is "not at all" then you can have as many VLANs as you like using the same subnet. 
  If the answer is "completely" then you have to either a. break your addressing (L3) down to have one set of hosts in subnet A (on vlan a) and the others in subnet b (on VLAN b). or b. have some fancy tricks in place with network address translation (NAT) in place.
  I'll leave the latter solution off as beyond the scope of your question.
  For the former, you would just change your subnet mask - for example, if the classful subnet is a "standard" /24 (255.255.255.0) then split it in two - /25 or 255.255.255.128. Assign hosts in one or the other.
  You have to have some pattern - all networking is based on patterns in some way or another.

• How do I load balance TFTP between two servers and a client on the same subnet?

  Hi,
  I have trawled through several documents and tried umpteen different configs, all to no avail. I have a PXE boot client trying to access a boot file via TFTP from a couple of TFTP servers on the same VLAN/subnet. For HA purposes I want to load balance the two TFTP servers.
  Config is currently;
  =====
  probe icmp ICMP_PROBE
    description icmp probe for default gateway tracking
    interval 5
    passdetect interval 15
  rserver host server1
    description Server1
    ip address 10.0.0.1
    inservice
  rserver host server2
    description Server 2
    ip address 10.0.0.2
    inservice
  serverfarm host serverfarm_01
    description servers used
    probe ICMP_PROBE
    rserver server1
      inservice
    rserver server2
      inservice
  class-map match-all L4_VIP_TFTP
    10 match virtual-address 10.0.0.10 udp eq 69
  policy-map type loadbalance first-match L7_TFTP
    class class-default
      serverfarm serverfarm_01
  policy-map multi-match L4_LB_VIP_POLICY
    class L4_VIP_TFTP
      loadbalance vip inservice
      loadbalance policy L7_TFTP
      loadbalance vip icmp-reply active
  nat dynamic 1 vlan 200
  interface vlan 200
    ip address 10.0.0.250 255.255.255.0
    nat-pool 1 10.0.0.241 10.0.0.243 netmask 255.255.255.255 pat
    service-policy input L4_LB_VIP_POLICY
    no shutdown
  ip route 0.0.0.0 0.0.0.0 10.0.0.254
  =====
  I have read the doco by Ivan Kovacevic amongst many others but as my clients and servers are on the same subnet, the config doesnt work.
  Can anybody point me in the right direction please. The devices are ACE 4710 running A3(2.3).
  Thanks

  Try using the following configuration:
  Note: Please make sure to configure also a udp probe to probe udp port 69, in case the application is down.
  You need to configure a management policy on the interface when using a UDP probe.
  That is because, when port 69 on the server will be unreachable, the server will send an ICMP unreachable.
  ACE will consider a udp probe as "failed" only when it sees ICMP unreachable.
  Without a management policy-map, the ICMP unreachable message will be dropped.
  Also, add an ICMP probe to the rserver because udp probe will not be enough when the physical interface will be down.
  That is because UDP is a connection-less protocol. To consider a UDP probe successfull, ACE need to see NO answer from the server in respose to the probe.
  The ACE will not see any answer from the server when the interface is down and thus, will consider the probe as "sucessful".
  With ICMP probe attached to the rserver, you also test the reachability of the server and not only the UDP port.
  Here is the configuration (of course, you can chage the names of the of the objects to the name you are using if you want) :
  access-list ALL line 10 extended permit ip any any
  probe udp TFTP
    port 69
    interval 5
    passdetect interval 15
  probe icmp ICMP_PROBE
    interval 5
    passdetect interval 15
  rserver host TFTP_1
    ip address 10.0.0.1
    probe TFTP
    probe ICMP_PROBE
    inservice
  rserver host TFTP_2
    ip address 10.0.0.2
    probe TFTP
    probe ICMP_PROBE
    inservice
  serverfarm host TFTP-SFARM
    rserver TFTP_1
      inservice
    rserver TFTP_2
      inservice
  sticky ip-netmask 255.255.255.255 address source TFTP-STICKY
    timeout 10
    replicate sticky
    serverfarm TFTP-SFARM
  class-map type management match-any MANAGE
    2 match protocol icmp any
  class-map match-all NAT
    2 match virtual-address 0.0.0.0 0.0.0.0 udp any
  class-map match-all TFTP
    2 match virtual-address 10.0.0.10 udp eq 69
  policy-map type management first-match MANAGE
    class MANAGE
      permit
  policy-map type loadbalance first-match ROUTE
    class class-default
      forward
  policy-map type loadbalance first-match TFTP-POL
    class class-default
      sticky-serverfarm TFTP-STICKY
  policy-map multi-match TFTP-MULTI
    class TFTP
      loadbalance vip inservice
      loadbalance policy TFTP-POL
      nat dynamic 1 vlan 212
    class NAT
      loadbalance vip inservice
      loadbalance policy ROUTE
      nat dynamic 2 vlan 212
  interface vlan 212
    ip address 10.0.0.250 255.255.255.0
    no normalization
    access-group input ALL
    nat-pool 1 10.0.0.241 10.0.0.243 netmask 255.255.255.0 pat
    nat-pool 2 10.0.0.10 10.0.0.10 netmask 255.255.255.0 pat
    service-policy input TFTP-MULTI
    service-policy input MANAGE
    no shutdown
  Let me know how it goes.
  Good luck!

• What happen when we connect Two PC with IP from Same subnets

  Scenario 2nd : What happen when we connect Two PC with IP from Same subnets. PC1 -192.168.10.1/24 PC2 - 192.168.10.2 on a two different L2 Switch on different vlans which are connected via a LAN cable.
  All ports are access ports
  Interview Question : No More Info.
  Pc1<SwA>------<SwB>PC2
  Q.1 Will they communicate If yes what will be packet/frame flow.
  Q.2 If not where will be the packet/frame drop. ? Why.
  I need step by step if possible plz how the packet moves , vlan taggings n all internal works that happens behind .. plz 
  thnx in advnce ....

  Hi Abhishesk,
  The PCs should communicate each othet.
  Since there is no trunk port involved, there is not tagging involved.
  Since both the PCs are into the same subnet. PC1 will not need default gateway for the communication with PC2. So PC1 will start with sending ARP request for PC2 MAC address.
   Since all the ports in SW1 are in same VLAN, the ARP should reach all ports including the switchport where SW2 is connected to.
  Sw2 has got a complete different access port on ALL the switchports. Sw2 will receive the ARP from Sw1. Remember that there is no tagging for the frame. Hence Sw2 will again send the ARP packet to all the ports which belong to same VLAN wherein the packet is received. ie, Sw2 will send the ARP packet to all the ports in Sw2. PC2 will also get the the ARP.
  The ARP reply will make it way back using the same logic.
  Now both the PCs can start the actual packet exchange.

• Is it possible to create two multicast DR on the same subnet?

  on server vlan 10.24.254.0/24, there are two routers:
  R1 is .2 and R2 is .3 with "IP pim sparse-mode" enabled.
  R1 and R2 are on two distinct Mcast domains
  R1 has
  ip pim rp-address 10.25.249.1 acl-one override
  R2 has
  ip pim rp-address 192.168.2.1 acl-two override
  The problem is R2 with higher IP address is now the IGMP and PIM DR. Any multicast app with RP 10.25.249.1 is NOT working because R1 can't receive IGMP join from servers.
  In addition, R1 by design can not reach 192.168.2.1 and same for R2 to reach 10.25.249.1
  Thus configuring two "IP PIM rp-address" is not possible
  how can I make R1 the DR for group IP under acl-one and R2 for group IP acl-two?
  or I have to change network topology?

  There can be only one DR on a the same subnet.If there are more than one DR on the same subnet it would endup sending duplicate multicast traffic for connected host.For more information refer the URL
  http://www.cisco.com/en/US/products/ps5763/products_configuration_guide_chapter09186a0080312878.html#wp1091449

• Two different Routers and same subnet, is it possible?

  Hi i have been presented with a problem that a friend of mine is having.
  There is two different Cisco routers on different location.
  example:
  router1 : 10.8.10.1 (has DHCP/FTP server)
  router2 : 10.8.12.1 (needs to talk to DHCP/FTP server on router1)
  the router2 has different ip configured but is it possible to change this to the same subnet as router 1? like 10.8.10.4?
  The DHCP/FTP server have been defined with scope 10.8.12.0 and on the Cisco switch on router2 its been configured (ip helper address DHCP-IP)
  this works, the clients connected to router2 gets ip from DHCP server ,but there is no FTP traffic.
  i figure its because the DHCP/FTP server doesent understand the other IP, so if its possible to setup a kind of mulitVPN to get the same subnet on router2 as router1 the FTP server can "see" the other router2 because it has the same subnet and ip range.
  Thank you for any experience, i really stuck on this one

  John,
  to simply put it having two routers on the same subnet is not possible as the purpose of a router is to route traffic between DIFFERENT networks. In order to accomplish this you will need routers and switches that understand VLANs and VLAN tagging.
  Hope this Helps
  Blake Wright
  Cisco SBSC Network Engineer

• Cannot get Telnet to work between two servers on same subnet

  I need to test if communication is open on port 8444 between two servers.
  I installed telnet client on a Server 2008 R2 server and telnet server on a Server 2008 SP2 server.  I also manually started the Telnet service that was set to disabled on the SP2 server.  I disabled the Windows firewall on both servers.  They
  are both on the same subnet so they don't need to go through any routers and I can ping successfully.
  When I try to telnet to the remote server by typing telnet "ip address" 8444, I get an error that says "Could not open connection to host, on port 8444:  Connection failed.
  I tried other ports like port 80 and got the same error.
  What else is needed to get this to work?

  VMs have nothing to do with it, as long as there's network communication between the servers.
  As I said, there must be a service or application listening on that port for it to respond. For example, try this:
  C:\> telnet
  When the telnet prompt opens, type in:
  open mail.messaging.microsoft.com 25
  If it works, you should see this:
  220 CH1EHSMHS035.bigfish.com Microsoft ESMTP MAIL Service ready at Thu, 7 Feb 2013 00:57:33 +0000
  That means that Microsoft's mail servers are LISTENING on port 25 and it responded. And note, telnetting to port 25 is a non-default telnet port, because port 23 is the default telnet port. When you type in a space and then a port number, you're telling
  the telnet client to use that port.
  That is the SAME THING if some sort of application or service is listening on port 8444 on that other server you're trying to telnet to. If there is no app or service listening, it will just time out.
  And no, installing the TELNET service on that sercver will NOT answer to any port other than 23. The telnet service by default, uses TCP 23, unless you specify otherwise.
  So once again, what service or app on that server is supposed to be listening on 8444?
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• Two Forests using Same Subnets?

  We've setup a new 2012 R2 forest that we plan to migrate our 2008 R2 resources to over time. Currently it is on our production network, on the same ip ranges as our production forest.
  I've suggested that we really should put the new domain on new, different subnets so that we don't have any issues with AD sites, replication, authentication or our AD site-enabled applications such as SCCM 2012. Not to mention DHCP.
  Has anyone been able to stand up a forest using the same subnets / Sites for two different forests? My thoughts are that it can't (shouldn't) be done.
  Orange County District Attorney

  DHCP is a major factor that I see, since you can't share two different DHCPs on the same subnet trying to give out different DNS addresses and other scope/server options.
  I agree with the others that it's better to separate the two prior to initiating a migration, no matter how small or large, to eliminate any possibility of issues occurring during the migration.
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Two WLC 2504 in same Network

  I have two WLC 2504 controllers. These controllers are for two different buildings. But they share a VLAN, and network address range.
  How can I control the access points to the register selected only at a specific controller.
  Example:
  AP 1 -> WLC 1
  AP 2 -> WLC 2
  AP 3 -> WLC 1
  Since the buildings also broadcast in different SSID.
  The two controllers are in a mobility group.

  I also ran into an install similar to yours. My client had a flat network and each wlc had licenses for the amount of APs in a particular building. What I did to make sure the APs never join the other wlc, is to use a Mac list. This allowed me to enter the APs base Mac address on the wlc and I enabled under the ap policy to verify authorization using Mac list. You can also do what AA mentioned which is good practice, but you have a chance that APs might join the other wlc. If the other wlc has different configurations, it might cause issues until the ap falls back to its primary.
  Sent from Cisco Technical Support iPad App

• SCVMM 2012 R2 – two iSCSI network interfaces connected to the same subnet

  I would like to configure two networks in SCVMM 2012 R2 which will be used by VMs to connect to iSCSI SAN. Both of these networks should be connected to the same subnet (192.168.100.0/24) because they will connect VMs to Dell EqualLogic using iSCSI MPIO.
  Those networks should be available on all Windows Server 2012 R2 Hyper-V cluster nodes.
  When I try to create two logical networks in SCVMM with the same subnet, I receive error (Unable to assign the subnet 192.168.100.0/24 because it overlaps with an existing subnet)
  How should I configure networking in SCVMM to allow one virtual machine to connect to the same subnet using two network interfaces?

  "How should I configure networking in SCVMM to allow one virtual machine to connect to the same subnet using two network interfaces?"
  You can achieve this by simply adding multiple vNICs to a VM - connected to the same VM Network. 
  -kn
  Kristian (Virtualization and some coffee: http://kristiannese.blogspot.com )

• Port forwarding between two servers from Same subnet

   Hi,
  We have a Cisco ASA 5520 Version 8.4(3). There exists a site to site VPN tunnel between us and a client and the client sends us the data to our local host/server 10.x.x.20 on port 52944. So 10.x.x.20 gets data on port 52944. We want to forward this data to a test server 10.x.x.21( same subnet IP) on port 52945. so basically I want to forward traffic from 10.x.x.20:52944 to 10.x.x.21:52945.
  Is this possible. I am a new bee to the networking and still learning. Excuse me if this sounds silly. 
  I know we can add one more ACL in the VPN tunnel and add this test server IP in the ACL. but, then I have to ask the clinet to change their ACL too. I dont want to do this. So I want to wrok around it. Any help or suggestions is much appreciated.
  Thanks in advance :)
  This is my first ticket in the support community.
  cs

  VMs have nothing to do with it, as long as there's network communication between the servers.
  As I said, there must be a service or application listening on that port for it to respond. For example, try this:
  C:\> telnet
  When the telnet prompt opens, type in:
  open mail.messaging.microsoft.com 25
  If it works, you should see this:
  220 CH1EHSMHS035.bigfish.com Microsoft ESMTP MAIL Service ready at Thu, 7 Feb 2013 00:57:33 +0000
  That means that Microsoft's mail servers are LISTENING on port 25 and it responded. And note, telnetting to port 25 is a non-default telnet port, because port 23 is the default telnet port. When you type in a space and then a port number, you're telling
  the telnet client to use that port.
  That is the SAME THING if some sort of application or service is listening on port 8444 on that other server you're trying to telnet to. If there is no app or service listening, it will just time out.
  And no, installing the TELNET service on that sercver will NOT answer to any port other than 23. The telnet service by default, uses TCP 23, unless you specify otherwise.
  So once again, what service or app on that server is supposed to be listening on 8444?
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• Two controllers on the same subnet

  One of our office that already has 1 2000 controller needs to install another one. Can the new controller be on the same subnet as the old one or does it have to be on a different subnet?
  thanks

  Roaming is an 8 hour conversation in itself, but I will answer your question with a 'yes', you should have a mobility group defined if wireless clients may move between APs associated with different controllers.
  Roaming actually has much more to do with the wireless security in use, the config of the client and back-end user database, and the layer 2 connectivity of the multiple controllers.
  If you are using WEP or WPA pre-shared-key with the same layer-2 termination on the controllers, then your users really aren't 'roaming' at all, they are constantly re-associating to the different APs anyway.
  Roaming, in my mind, means 'fast roaming' meaning less than 100 ms. This would require either Cisco proprietary CCKM, or some of the *sort of* WPA2 fast-reconnect features.