WGB with a WLC

Similar Messages

• WGB with AP1310 and LAP with WLC in 4.1

  I make a WGB with a autonomous AP1310 and an LAP manage by a WLC2006 in 4.1 version.
  The bridge is up and working, but it's very strange:
  - The bridge is up and i can always ping the IP of the BRI interface of the 1310.
  - When the bridge go up, i see the IP of computer behind the 1310 in a Wireless client list of the controler, but i can ping it only 25% of time.
  - If i wait a long time, the MAC/IP are leaving the Wireless client list of the controler and i can ping the computeur. At this time, if i do a "debug arp enable" on the controler i didn't see ARP response from the controler for computeur bihind the bridge.
  Does anyone have the same problem ? Does anyone do WBG with controler in 4.1 ? Any issues ?
  Thanx for your help.

  Hello,
  Thanks for your prompt replies.
  @Saritha:
  1. On new document Save call is giving message as "NOT Modified", as i didn't perform any actions.So Yes, I'm able to perform SAVE.
  2. Yes, I have performed other operations like creating a Report.
  @Eric: 3. Yes, the folder which I'm trying to save is writable for the user.
  My Observation: When I'm trying to 'SAVE AS' on new document its giving 500 error as I said earlier.
  1. But, after creating new document, I created a new Report for that document, then 'SAVE AS' working. That means after performing some action/modifying the document 'SAVE AS'  is working for me.
  2. Same issue(500 error) observed when trying to perform 'SAVE AS' call on the EXISTING document as well (which is create in BI Launchpad, refreshing and working fine).
  So, is it mandatory to perform any action (which brings the document to Modify mode [i guess]) before this 'SAVE AS' call ?
  Thanks,
  Ram

• Is it possible to config H-REAP/REAP and CAPWAP in Autonomous mode with a WLC?

  I'm going to deploying all new AP as Remote-Edge AP and they will be shipped straight to site.  With a pool of WLCs deployed in central DC locations.  I would like to get local staff to deploy a basic CLI discovery script for the APs.  However, i thought LAPs don't have CLI???
  I'm thinking I must use a Lightweight AP with the WLC to use Remote-Edge AP functionality - However, I'm not sure... the configuration example at the bottom doesn't state whether it an Autonomous AP or a Lightweight one.  
  http://www.cisco.com/en/US/products/ps6087/products_tech_note09186a0080736123.shtml
  H-REAP Controller Discovery using CLI commands
  H REAPs will most commonly discover upstream controllers via DHCP option 43 or DNS resolution. Without either of these methods available, it may be desirable to provide detailed instructions to administrators at remote sites so that each H REAP may be configured with the IP address of the controllers to which they should connect. Optionally, H REAP IP addressing may be set manually as well (if DHCP is either not available or not desired).
  This example details how an H REAP's IP address, hostname, and controller IP address may be set through the console port of the access point.
  AP_CLI#capwap ap hostname ap1130ap1130#capwap ap ip address 10.10.10.51 255.255.255.0ap1130#capwap ap ip default-gateway 10.10.10.1ap1130#capwap ap controller ip address 172.17.2.172
  Could anyone help?
  Cheers
  Adrian.

  Hi Adrian,
  Further down in the doc you linked;
  H-REAP Controller Discovery using CLI commands
  H REAPs will most commonly discover upstream controllers via DHCP       option 43 or DNS resolution. Without either of these methods available, it may       be desirable to provide detailed instructions to administrators at remote sites       so that each H REAP may be configured with the IP address of the controllers to       which they should connect. Optionally, H REAP IP addressing may be set manually       as well (if DHCP is either not available or not desired).
  This example details how an H REAP's IP address, hostname, and       controller IP address may be set through the console port of the access       point.
  AP_CLI#capwap ap hostname ap1130
  ap1130#capwap ap ip address 10.10.10.51 255.255.255.0
  ap1130#capwap ap ip default-gateway 10.10.10.1
  ap1130#capwap ap controller ip address 172.17.2.172
  Note: Access points must run the LWAPP-enabled IOS® Recovery Image Cisco           IOS Software Release 12.3(11)JX1 or later, in order to support these CLI           commands out of the box. Access points with the SKU prefix of LAP (for example,           AIR-LAP-1131AG-A-K9), shipped on or after June 13, 2006 run Cisco IOS Software           Release 12.3(11)JX1 or later. These commands are available to any access point           that ships from the manufacturer running this code level, has the code upgraded           manually to this level, or is upgraded automatically by connecting to a           controller running version 6.0 or later.
  These configuration commands are only accepted when the access point is       in Standalone mode.
  Cheers!
  Rob

• Hellp on Nokia E61i associating with Cisco WLC 4402

  I met some problem with associate Nokia's dual mode mobile phone E61i with Cisco WLC 4402, hope someone can help me on it:
  I setup a VOICE WLAN in 4402(v5.0.148), Layer2 security is WPA1+WPA2, Key management using 802.1x, WPA1 policy enable both TKIP and AES, Radius server using ACS engine(v4.1.1.23)(enable PEAP-MSCHAPv2);
  I can use my laptop to join this WLAN(my laptop configure with PEAP/MSCHAPv2, WPA-TKIP, not validate server certificate), but can't let E61i join it, each time it will remind me “unable to connect, WPA authenticate failed).
  In E61i, I select WPA/WPA2 as WLAN security mode, enable EAP-PEAP, under EAP-PEAP, I enable EAP-MSCHAPv2; however under Cipher, there's a lot of options such as “RSA,3EDS,SHA”, “RSA,AES,SHA”, but there's no TKIP, I have tried to enable all of them and tried only enable those items which include AES, but I failed each time with the same reminder “unable to connect, WPA authenticate failed”. I checked ACS's failed log, there's no record; In 4402, there also have no record.
  If I change the security to open or static WEP for VOICE WLAN, then the E61i can connect to the WLAN.
  I think the problem maybe relate to encryption or certificate, right now I just do the test in lab, not in customer's real environment, so I use ACS to generate a self signed certificate and installed it in ACS.
  Pls. help to point me what I need to adjust to make it work. Thanks!

  Hello,
  CCKM Key Management mode on Nokia E61i phone can be used
  against Cisco LWAPP AP's with TKIP encryption
  Nokia E61i (and other E-series WLAN enabled phones) are supporting CCKM key management method with both dynamic WEP and TKIP ciphers.
  On the phone configuration, 802.1X security mode needs to be in use in order to enable CCKM support. WPA/WPA2 security mode on the phone is dedicated to standards based WPA and WPA2 methods and it does not allow usage of proprietary CCKM key management method.
  Phone's 802.1X security mode does not mean that phone would only support dynamic WEP encryption method in this mode although in contexts term "802.1X" may be attached to pure dynamic WEP (legacy / pre WPA era)security methods.
   802.1X security mode can be seen on Nokia Eseries phones as sort of an "everything with EAP based authentication is allowed" mode, meaning that following key management and cipher configurations are supported:
  - WPA-Enterprise  = WPA Key Management (EAP based authentication) with TKIP encryption
  - WPA2-Enterprise = WPA2 Key Management (EAP based authentication) with AES encryption
  - Mixed WPA/WPA2-Enterprise = I.e. WPA/WPA2 Mode Migration WPA2 Key Management (EAP based authentication) with AES (for unicast data) and TKIP (for multicast data) ciphers
  - 802.1X dynamic WEP = legacy (pre-WPA era) 802.1X based dynamic WEP (EAP based authentication with dynamic WEP encryption)
  Supported:
  - CCKM with WEP = CCKM Key Management (EAP based authentication) with dynamic WEP encryption
  - CCKM with TKIP = CCKM Key Management (EAP based authentication) with TKIP encryption
  Not supported:
  - CCKM with AES = CCKM Key Management (EAP based authentication) with AES encryption
  Please note that CCKM-AES mode (CCKM Key Management with AES cipher) is not working properly due to some incompatibilities between Cisco and Nokia implementations thus it must not be listed as a supported combination on the current Nokia E-series devices. We are also seeing CCKM-Fast
  Re-authentication failures with Cisco autonomous AP's when AES encryption is used although initial authentication to autonomous AP's is successful. Nokia is currently working with Cisco to get CCKM-AES based authentications and roaming working properly with both LWAPP and autonomous Cisco AP's.
   Also note that Nokia E-Series does not support Cisco proprietary CKIP/CMIC encryption/data integrity methods. CKIP/CMIC is supported at least by Cisco autonomous AP's and it seems to be available also
  at least on LWAPP AP version 4.1.171.0.
   CCKM on E-Series devices has been tested against Cisco LWAPP (ver. 4.1.171.0) and it works when TKIP encryption is in use (WPA Policy + TKIP encryption in Cisco LWAPP configuration terms).
  In practice this means Cisco LWAPP is configured in a following manner: WLAN -> Edit -> Security-> 
  Layer 2 Security = WPA+WPA2
  WPA+WPA2 Parameters:
  -WPA Policy = enabled
  -WPA Encryption = TKIP enabled, AES disabled
  -WPA2 policy = disabled
  -Auth.Key Mgmt = CCKM
  Br,
  -Pasi-

• Local printers not working with 2504 WLC

                     I have a 2504  WLC with 3 1262 WAPs in lightweight mode.
       Clients connect using WPA2 PSK AES with no problem.  Clients are Windows XP Home SP3.  Test pages end up in print queue and eventually get a error printing status.  Clients are not part of a domain and in a standalone workgroup - techstream.
  Printer can be pinged from wireless client.
  Another 1262N WAP in standalone mode connected to same lan from windows 7 sp1 clients have no problem printing to a local printer.
  What does work on the Windows XP Home client is connecting to a network shared printer authenticating with domain admin id and password and it works.  Reboot and the network shared printer can not connect multiple reasons are "access is denied" and message box says "only security tab will be displayed....."   Another Windows XP Home SP3 client on reboot can't open the network shared printer with message "Can't find printer"
  The local printers do work on these pc's with an old colubris router that has an outside interface on our lan and internal network with clients getting dhcp address from colubris router of 192.168.3.XXX  . 
  What is wrong with the wireless 2504 WLC?
  Thanks
  Broadcast forwarding was enabled.

  Although a cisco tech support was helpful in making sure multicasting was enabled and a multicast server defined, the problem was at the CP2025DN printer. It had old network ip mask and gateway configured on the printer.
  The new devices were part of the new network configuration (Mask and gateway had changed). I didn’t change that printer when I changed all the other printers at the facility because it was still active thru the old wireless network. I forgot to change the printer ip config when I brought the new wap on the new wireless network with the wlc 2504.
  End result was the clients were part of a different subnet and gateway configuration then the printer and this disrupted the communication between clients and the printer. Once I corrected the mask and gateway on the printer to be the same as the dhcp scope of the wireless network, communication and printing worked.
  Problem solved.  User error

• Is 1252G AP compatible with 5508 WLC

  hi,
  I want to know whether 1252G AP can register with 5508 WLC? from the datasheet 5505 support CAPWAP while 1252 is LWAP. Kindly provide the link regarding the compatibility as well.
  Regards
  Nareh

  hi,
  I would also to add that I will be using CAP 1552E (802.11N) outdoor AP with the 1252G AP. Is it possible that both LWAP and CAPWAP AP registers with the same 5508 WLC ?
  Regards
  Nareh

• Issue with 2504 WLC and 2602 AP. need help please.

  Somehow the AP does not associates with the 2504 controller.
  What could possibily be the issue.
  Thanks in advance.
  Anyway,  Here is the log from the AP.
  AP log
  ===========================================================
  *Mar  1 00:30:35.551: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.120.4 obtained through DHCP
  *Mar  1 00:30:35.551: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
  *Mar  1 00:30:44.551: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
  *Mar  1 00:30:44.551: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'SNGNY-WLC1'running version 7.0.220.0 is rejected.
  *Mar  1 00:30:44.551: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
  *Mar  1 00:30:44.551: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 2 state 2.
  *Mar  1 00:30:44.551: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
  *Mar  1 00:30:44.551: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.120.4
  ===========================================================
  show version output from the Access Point
  =========================================================
  AP0006.f6ec.be2a#show ver
  Cisco IOS Software, C2600 Software (AP3G2-RCVK9W8-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2012 by Cisco Systems, Inc.
  Compiled Tue 11-Dec-12 00:07 by prod_rel_team
  ROM: Bootstrap program is C2600 boot loader
  BOOTLDR: C2600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(25e)JA1, RELEASE SOFTWARE (fc1)
  AP0006.f6ec.be2a uptime is 33 minutes
  System returned to ROM by power-on
  System image file is "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx"
  Last reload reason:
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  --More--
  *Mar  1 00:33:46.071: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
  *Mar  1 00:33:46.171: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.120.98, mask 255.255.255.0, hostname AP0006.f6ec.be2a
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco AIR-CAP2602I-A-K9    (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.
  Processor board ID FGL1704ZC0Q
  PowerPC CPU at 800Mhz, revision number 0x2151
  Last reset from power-on
  LWAPP image version 7.4.1.37
  1 Gigabit Ethernet interface
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 00:06:F6:EC:BE:2A
  Part Number                          : 73-14588-02
  PCA Assembly Number                  : 800-37899-01
  PCA Revision Number                  : A0
  PCB Serial Number                    : FOC165188Y4
  Top Assembly Part Number             : 800-38356-01
  Top Assembly Serial Number           : FGL1704ZC0Q
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-CAP2602I-A-K9  
  Configuration register is 0xF
  ========================================================

  Blake's right.  Your WLC is running 7.0.X code which does not support the AP2600.  Check the Release Notes and look under Software Release Support for Access Points to determine what suitable firmware your WLC can support your AP.

• What do i need to install with a WLC ?

  Hello everybody !
  I have a question, I have to implement a wifi solution in my company, and the Cisco solution seems to be adapted.
  But there are so many documents so I'm lost in the informations.
  Can you please say me what I need to have a complete and reliable solution ?
  What is the difference between NCS, WCS, Prime infrastructure ?? Is it necessary or I can to only install a controller and put the adapted license ?
  Thank you guys.
  Raphaël
  P.S : Sorry if my english is not perfect !

  Yes you can start with that...
  The only reason I say that you need to speak with someone is because I have seen many environments that was just slapped together in hopes that it would work. Design it right from the start and it will cost less in the long run. There are many options of WLC's and access points that you need to take into consideration. Redundancy, how will you secure the wireless and also implementing a solution that will still work for you in 5 years. Trust me on this... You don't want us to just tell you what to buy and putting all your requirements into a thread would be difficult. Speak with someone and then if you have questions or maybe want us to validate the design or purchase, we can help you there.
  Sent from Cisco Technical Support iPhone App

• ISE 1.2 - CWA supplicant provisioning with anchor WLC

  Hi all,
  Having an issue with supplicant provisioning via CWA on an anchor controller. I am able to connect via CWA and authenticate etc no problems but when the device registration page appears it says "unable to connect to the network at this time" - the mac address is populated but the button says try again. Once I click try again it cycles back to the original guest portal login page. In the reports section the failed supplicant provisioning message is "Error while trying to determine access privileges: Fail to get hostName from session cache.".
  I have tried the same policy without the anchor (ie local controller) and it works perfectly. Interestingly enough if I manually register the device first then connect to the guest portal it allows me to click register and proceed to supplicant provisioning. I have also tried the anchor setup using peap and the NSP redirect - this also works perfectly.
  I can confirm ahead of time that firewalls etc are not an issue with permit IP any any between all working parts - no blocks no drops etc. The policy is the standard trustsec CWA setup with Enable self-provisioning ticked. For what it is worth I am absolutely confident with the config having deployed this before - albeit without an anchor controller.

  Stephen,
  I was able to work with TAC the customer account team to find a resolution.  The issue is with the Anchor WLC and the session not being replicated.  I was able to get around it by disabling radius accounting for the ssid on the anchor controller, but when looking at the bug it looks like an alternative fix is to disable fast ssid switching, which would cause issues with BYOD in the dual ssid world.  I'm still doing testing, but the accounting change seems to have solved it.  The bug ID is: CSCui38627

• URGENT HELP WITH VIRTUAL WLC

  We had a problem with Virtual Machine which Cisco Virtual WLC installed. Virtual Machine files were damaged and the system was not start normally. We have had to reinstall the WLC, but after installation impossible to import current license to new one.
  how can we install this licence again?

  Licenses are tied to the device they're being used on. With a virtual WLC, the license is tied to the unique identifier of the vWLC and when you recreated the vWLC after your VMware problems the new vWLC has a different unique identifier.
  It's a similar situation to what happens when a physical controller is faulty and is swapped out by cisco, the replacement will have a different serial number and you'd have to re-host the license to the new serial number.

• Not able to form EoIP tunnel with anchor WLC

  Hi all,
  I have a WLC at a remote site that is supposed to form an EoIP tunnel with 2 anchor WLCs located at a data center. From the site WLC and the anchor WLCs, the mobility show UP on both ends. Also I can ping to the mobility peers from each end. However, when I look into the client details on the remote site WLC, there is no Mobility Anchor IP address, which tells me that the EoIP tunnel between the site and anchor controller is not forming for some reason. Any idea what I could be missing?
  (WOHW-WC01) >show client detail 0c:3e:9f:ab:db:ed
  Client MAC Address............................... 0c:3e:9f:ab:db:ed
  Client Username ................................. N/A
  AP MAC Address................................... 0c:68:03:b9:44:70
  AP Name.......................................... WOHW-LAP016
  Client State..................................... Associated
  Client NAC OOB State............................. Access
  Wireless LAN Id.................................. 66
  Hotspot (802.11u)................................ Not Supported
  BSSID............................................ 0c:68:03:b9:44:72
  Connected For ................................... 1469 secs
  Channel.......................................... 6
  IP Address....................................... Unknown
  Gateway Address.................................. Unknown
  Netmask.......................................... Unknown
  IPv6 Address..................................... fe80::1c1a:e07c:dd48:bc7e
  Association Id................................... 3
  Authentication Algorithm......................... Open System
  Reason Code...................................... 1
  Status Code...................................... 0
  Session Timeout.................................. 0
  Client CCX version............................... No CCX support
  QoS Level........................................ Bronze
  802.1P Priority Tag.............................. disabled
  CTS Security Group Tag........................... Not Applicable
  KTS CAC Capability............................... No
  WMM Support...................................... Enabled
    APSD ACs.......................................  BK  BE  VI  VO
  Power Save....................................... ON
  Current Rate..................................... m7
  Supported Rates.................................. 9.0,12.0,18.0,24.0,36.0,48.0,
      ............................................. 54.0
  Mobility State................................... None
  Mobility Move Count.............................. 0
  Security Policy Completed........................ No
  Policy Manager State............................. STATICIP_NOL3SEC
  >>> No Mobility peer IP address <<<<
  (WOHW-WC01) >show mobility anchor wlan 66
  Mobility Anchor Export List
   WLAN ID     IP Address            Status
   66          137.183.242.149       Up                              
   66          137.183.242.150       Up                              
  (WOHW-WC01) >show mobility sum           
  Mobility Architecture ........................... Flat
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... WOHW_ENT1
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0x9cbf
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 3
  Mobility Control Message DSCP Value.............. 0
  Controllers configured in the Mobility Group
   MAC Address        IP Address       Group Name                        Multicast IP     Status
   bc:16:65:f9:18:60  137.183.242.150  CIN_GUEST1                        0.0.0.0          Up
   e0:2f:6d:7c:42:20  143.27.201.52    WOHW_ENT1                         0.0.0.0          Up
   f8:72:ea:ee:a0:00  137.183.242.149  CIN_GUEST1                        0.0.0.0          Up

  It works now. I changed the NAC state to "Radius-NAC". Now the mobility hand-off is occurring. 
  (WOHW-WC01) >show wlan 66 
  WLAN Identifier.................................. 66
  Profile Name..................................... PGGuest
  Network Name (SSID).............................. PGGuest
  Status........................................... Enabled
  MAC Filtering.................................... Enabled
  Broadcast SSID................................... Enabled
  AAA Policy Override.............................. Enabled
  Network Admission Control
    Client Profiling Status ....................... Disabled
     DHCP ......................................... Disabled
     HTTP ......................................... Disabled
    Radius-NAC State............................... Enabled

• Certificate based authentication with Cisco WLC and Juniper IC

  Hi
  I have a cisco WLC 4400 and Juniper IC which works as the external Radius server.
  I want the wireless clients to be authenticated using certificates. I know the Juniper IC can understand certificates.
  My question is can cisco WLC understand that the information being presented to it by the client is not username/pwd but a user certificate.
  i have also looked at this article :
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html
  What i don't understand here is the need of WLC authenticating the user with his credentials by LDAP when it has authenticated the user cert.
  All your help is appreciated.

  Hi,
  Since you use an external radius server you don't have to worry for this.
  The only config that you need to do on WLC is to define the radius server under Security-AAA-Radius-Authentication and on your WLAN-Security-AAA.
  The doc you refer is only for Local Radius on WLC.
  Hope this helps
  Regards,
  Christos

• Dynamic VLAN assignment issue with ACS & WLC

  I have configured an ACS (v4.2) & a WLC 4402 (5.2.193.0) according to the document listed at: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
  When I attempt to authenticate a user in the ACS local user database, I receive an auth failure.  I have enabled debugging in the WLC's CLI and I see that I get an authentication failure from the ACS.  Upon reviewing the ACS's 'failed attempts' log, I see the username I attempt to authenticare with but it reports 'CN user unknown' even though this user is the local database.
  During troubleshooting, I discovered that if I modify the AAA client for the WLC and change it to 'Cisco Aironet' rather than 'Cisco Airespace', authentication works perfectly, the proper user is authenticated to the local database and I am able to connect to the SSID.  The only issue is that because I'm now using Aironet instead of Airespace, the IETF attributes 064, 065, and 081 (VLAN, 802, and the VLAN ID respectively) do not properly assign the VLAN that the user needs to be on.
  Am I missing something?

  I determined that a NAP was blocking my authentication using Airespace and can successfully authenticate with both Aironet and Airespace now.  I also reviewed the debug output of both types of connections and I can see the proper attributes coming through, but the wireless clients just won't assign to the right VLAN interface.
  I've reviewed all of the configuration settings per the document about 40 or 50 times now and I am certain I'm not missing anything.  I do indeed have override enabled but the configured interface 'management' is still the one the user is assigned to every time, even in the client connection details under the monitor tab.  ARGH!!

• What is the best outdoor AP that compatible with the WLC 5508?

  Dear All,
  hope my email finds you well
  i'm searching for the bes Wireless Outdoor AP that is compatible with WLC 5508 (has a lightweight Image)?
  I used befor the 1310 LAP but it was nightmare to me, so I do not like to use it again and i'm searching for the new generation of the outdoor,
  many thanks in advance,
  Ahmed

  Can you give us more information about what you are planning to do?  The latest outdoor WAP is the 1550 but it's MESH.
  Otherwise, you can use the 3500, 3600 or the 1260.

• GUest WLAN with Anchor WLC - roaming problems

  Hello,
  my wireless network consists in 3 WLC 4402 which manage 40 APs.
  I have a fourth WLC which I installed on my DMZ for guest vlan anchoring and web autentication.
  Everiting works fine but I have a problem:
  If my client associates with an AP and then I authenticate I'm ready to make traffic. As soon as my client roams to an AP managed by a differnt WLC I need to authenticate again. If I roam back to the first AP i need to reauthenticate.
  In my guest WLAN I use WEB authentication provided by the internal web server of the Anchor WLC.
  Thnks everybody

  Here are the output of show mobility summary.
  The last WLC is the anchor.
  WLC1
  Symmetric Mobility Tunneling (current) .......... Disabled
  Symmetric Mobility Tunneling (after reboot) ..... Disabled
  Mobility Protocol Port........................... 16666
  Mobility Security Mode........................... Disabled
  Default Mobility Domain.......................... mob1
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0x392f
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 2
  Mobility Control Message DSCP Value.............. 0
  Controllers configured in the Mobility Group
  MAC Address IP Address Group Name Multicast IP Sta
  tus
  00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
  00:23:04:7d:73:20 10.20.1.21 mob1 0.0.0.0 Up
  WLC2
  Symmetric Mobility Tunneling (current) .......... Disabled
  Symmetric Mobility Tunneling (after reboot) ..... Disabled
  Mobility Protocol Port........................... 16666
  Mobility Security Mode........................... Disabled
  Default Mobility Domain.......................... mob1
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0x392f
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 2
  Mobility Control Message DSCP Value.............. 0
  Controllers configured in the Mobility Group
  MAC Address IP Address Group Name Multicast IP Sta
  tus
  00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
  00:23:04:7d:62:a0 10.20.1.22 mob1 0.0.0.0 Up
  WLC3
  Symmetric Mobility Tunneling (current) .......... Disabled
  Symmetric Mobility Tunneling (after reboot) ..... Disabled
  Mobility Protocol Port........................... 16666
  Mobility Security Mode........................... Disabled
  Default Mobility Domain.......................... mob1
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0x392f
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 2
  Mobility Control Message DSCP Value.............. 0
  Controllers configured in the Mobility Group
  MAC Address IP Address Group Name Multicast IP Sta
  tus
  00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
  00:23:04:7d:79:80 10.20.2.21 mob1 0.0.0.0 Up
  WLCAnchor
  (Cisco Controller) >show mobility summary
  Symmetric Mobility Tunneling (current) .......... Disabled
  Symmetric Mobility Tunneling (after reboot) ..... Disabled
  Mobility Protocol Port........................... 16666
  Mobility Security Mode........................... Disabled
  Default Mobility Domain.......................... mob1
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0x392f
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 4
  Mobility Control Message DSCP Value.............. 0
  Controllers configured in the Mobility Group
  MAC Address IP Address Group Name Multicast IP Sta
  tus
  00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
  00:23:04:7d:62:a0 10.20.1.22 mob1 0.0.0.0 Up
  00:23:04:7d:73:20 10.20.1.21 mob1 0.0.0.0 Up
  00:23:04:7d:79:80 10.20.2.21 mob1 0.0.0.0 Up