Wireless controller ha between wlc5508 and wlc 4402

Similar Messages

• Can we create Mobility group between WISM2 and WLC 5500

  Dears,
  I need your feedback urgent please,
  Can we create Mobility Group between WISM2 and WLC 5500
  Firmware for WISM2 > 7.4.121.0
  Firmware for WLC5500 > 6.0.196.0
  I created Mobility Group with (IP address , MAC Address and Mobility group name) for Foreign Controller. if any configuration required from my side.
  Wait your feedback urgent please
  Regards,

  Hi,
  Controllers do not have to be of the same model to be a member of a mobility group. Mobility groups can be comprised of any combination of controller platforms.
  Thats enough :)
  Regards
  Dont forget to rate helpful posts

• Encrypted L3 Communications Between LAP and WLC?

  Hi All,
  I am working with a client that wants to put LAPs remote to their WLC (a 4402). The rub is that the communications between the LAP and WLC must be secure even across their private WAN! I have a couple of resulting questions if anyone is able to help;
  I can't find out if and what encryption method is (is it AES etc.?) used on the backhaul between LAPs and the WLC and what's involved?
  Terminology may be wrong here, this is not a wireless mesh, just conventional LAP to WLC
  The client's WAN is already encrypted (IPSec VPN over VPLS) in parts - what's the consequence of running AP<-->WLC with end-to-end encryption (if possible) over a WAN with IPSec, i.e. double encryption?
  Strange but true - any pointers will be much appreciated.... Phil.C

  With a 4400 series controller the control traffic between the AP and controller is already AES encrypted.  The user traffic is not encrypted.  If you use a 5508 controller all traffic between the AP and controller is AES encrypted.
  As for running the traffic through a VPN, that should work.  The issue I typically see with this is with the MTU.  The controller will drop any packets with a data payload less than 32bytes.  Depending on the MTU over the VPN I have seen packets get fragmented and this to be an issue.  If you are using one of the CAPWAP versions (5.2 or newer) dynamic MTU discovery is part of the protocol and this MTU issue really doesn't exist.

• DHCP and WLC 4402 clients

  Hi
  Our scenario is that we are building a test rig-up prior to WLC deployment. We have a 4402 WLC with LAP1242s, Windows clients. The WLC is running v4.2.99 firmware.
  Our problem is that the wireless clients are not collecting DHCP addresses.
  The configuration is:
  Base network address is 172.31.4.0 / 255.255.252.0.
  WLC on 172.31.7.220 / .221.
  DHCP server on 172.31.4.12
  G/W on 172.31.4.1.
  We are simulating the gateway with an ADSL router (not connected so no external traffic but at the moment that is the least of our troubles), and the DHCP server with a Cisco 805 router with only the Ethernet interface in use (the 805 permits us to configure a different D/G to the DHCP server).
  We have a catalyst 2950 switch in the circuit which has no VLANs nor access-lists configured.
  The wireless clients can associate to the LWAPs but do not collect an IP address.
  Wired clients can collect DHCP addresses and ping the DHCP, GW and controller.
  Can anyone help me understand what is going on here please and how to get the DHCP working?
  We did use this configuration - exactly these boxes in fact - to configure a different WLC last week (different subnets though) and we were successful - but not now.
  Thanks in advance

  I see.
  We are not using option 43 at all. The DHCP server is unchanged - the APs are using network broadcast to find the controller. As I posted above, the APs are contacting the controller without a problem, the clients are associating with the APs without a problem, only the clients weren't getting an IP adress.
  The problem appeared to go away totally after I re-configured it with v4.1.185. It's in and working now so I won't be spending any more time on it.
  While it would be interesting to try things out, these controllers are too expensive to have one lying around for long ;-)

• Wireless Bridge/Relay between WRT110 and WAP4410N

  I recently purchased and installed a WRT110 router to gain wireless internet access for my laptop at home.  The setup was fairly simple and seems to work fine except for the range of the signal.  Once I am greater than about 30 ft from the router, my signal strength drops to "low".  The router is located in the office at one corner of the house and if try to access at the other corner diagonally (about 100 ft) I have not signal.  I purchased a WAP4410N access point with hopes of relaying the wireless signal to all areas, by placing it near the center of the house, by I can't seem to get it to work.  I am a newbie to this wireless setup and not sure which connection type to use, the Access Point or the Wireless Client/Repeater.  The Client/Repeater is what I have tried and the 4410 found the 110 when I performed the site survey, when connected directly to it, but when I disconnect the patch cord and try the connection wirelessly, I get nothing.
  Has anyone setup this combination and if so, were you able to get it to work?

  What firmware are you using ????    If you are using the linksys firmware then maybe you should try another firmware that is 3rd party firmware like the DD-WRT .  They have that feature for client Repeater or a Repeater Bridge that can be used as a wireless Repeater wirelessly or you can use it wired to the computer.

• Inter-Controller and Inter-Subnet Roaming between WLC 4402 and 5508?

  Hi!
  Will it support roaming between WLC 5508 ver. 7.0 and WLC 4402 ver. 4.2?

  Here is the matrix for support of IRCM, but the answer is yes.
  http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html#wp116668
  Sent from Cisco Technical Support iPhone App

• WLC-4402+AIR-LAP1142N problem

  Hello all,
  I've got a following problem with bringing up simple wireless configuration. There is a WLC-4402 controller and several remote locations (I am testing one so far). Two WLAN configured (one for employee and the other for guest access - no mobility anchoring used, guest is just mapper to VLAN restricted on the firewall). WLC serves DHCP pools for wireless clients. Problem I am experiencing at the moment is that user with laptop is able to connect to guest WLAN, got an IP but can communicate (ping) only its own IP, the controller IP in guest subnet and default gateway (which is the firewall interface). Traffic to any other destinations never hit gateway (I am running tcpdump on it to confirm). I double checked controller config but no luck so far. Could that be caused by missconfigured tunnel? No ACL or restriction set on WLC - see attached config.
  Thank you in advance,
  Peter

  Is this an open network or have you enabled layer 3 security? Web Auth? I can see you have created a lobby admin account so expect that you use this for guest account creation with web auth..
  When you associate/receieve IP address to the open guest network have you then opened a web browser and authenticated? Until you enter your login details created on the WLC I would imagine that you wouldn't be able to send any data.
  If you have authenticated already, can you check on the WLC that the client is associated/authenticated and is the Corp network ok? Also what is the topology between the WLC/Firewall/Remote sites.
  Cheers
  Mat

• Catalyst 3750G and WLC 440x - Port Channel - Configuration - Best Pactice

  What is the best practice to use when configuring port channel between Catalystr 3750G switch stack and WLC 4402 / 4404 Wireless Lan Controllers:
  a) Negotiate to LACP
  b) Negotiate to PAgP
  or
  c) Hard-code to Port Channel without any negotiation.
  Any pointers to any useful links - much appreciated and configuration example as well.

  Answer is 'C'... channel-mode on
  Configuring Neighbor Devices to Support LAG
  The controller's neighbor devices must also be properly configured to support LAG.
  •Each neighbor port to which the controller is connected should be configured as follows:
  interface GigabitEthernet
  switchport
  channel-group mode on
  no shutdown
  •The port channel on the neighbor switch should be configured as follows:
  interface port-channel
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan
  switchport trunk allowed vlan
  switchport mode trunk
  no shutdown
  Here is a link that explains it. Hope this answers your question:
  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42mint.html#wp1116136
  Here is a Best Practice doc:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080810880.shtml

• WCS and WLC AP values not fully in sync.

  I have recently added several new aps on my network,after they connect to the controller, I set a hostname, and change the ip address to a static. However, WCS still sees the aps by the old ip and host name despite going into each one, hitting audit, and then save, any way to fix this? Thanks.

  You may want to also consider the following:
  1) Both the WCS and the WLC need to be at the same major revs (i.e.: The if the WCS is at v4.2, then the WLC should also be at 4.2). Failure to do so results in some significantly bizarre behavior such as errors after an audit - at least that was my experience.
  2) You may have better success if you make the change from the WCS which pushes the change to the WLC and that way the WCS is already aware of the change. (Normally, this should work - I know of one instance where it does not: changing Master Controller Mode from the WCS).
  3) If you feel strongly about making the change in the WLC (and are running a newer version of code in the WCS/WLC - i.e.: 4.x), there is a setting that forces the WLC to send configuration changes to the WCS once APPLY and "Save Configuration" are clicked:
  From the *WCS*, click on Configure->Controllers and click on the controller you wish to change, and check the "Refresh on Save Config Trap" check box and click OK.
  This will cause the controller to push any configuration changes up to the WCS after an APPLY and "Save Configuration" are clicked.
  4) In terms of getting the WCS to actually synch up with the controller (assuming the WCS and WLC are at the same rev. levels), you may need to do what I did (this was subsequent to upgrading to v4.2 in both the WLC and WCS and having chronic "mismatch" status between the WCS and WLC):
  From the WCS:
  Configure->Controllers, check the controllers you wish to synch up. From the dropdown, select "refresh config from controller"
  Next, select the DELETE option (instead of the RETAIN option). I believe that there are bugs in the software that upgrades earlier revisions to 4.2. I know that it might seem undesirable to DELETE information in the WCS, however, if you choose "DELETE", it seems to get rid of the residual information from the previous revisions that did not upgrade properly and the WCS will now be in synch with the controllers. DELETING the other settings makes the audit errors go away.
  Subsequent audits may go better for you after performing the step shown above. However, you may need to repeat this process in item 4 above once or twice more until the database gets cleaned up, but after that my own experience has been that the WCS and WLC will eventually stay in synch.
  It is unfortunate that we are forced to come up with workarounds like these when the software should clearly be able to handle this on its own, but we do what we must to get the job done.
  Hope this helps,
  - John
  (Please rate helpful posts)

• Prime, MSE and WLC NMSP Status

  I have a 5508 WLC and have loaded a demo of Prime 2.1 and MSE 8.0.
  The NMSP status is showing as inactive in Prime and MSE and therefore the clients are not showing on the map I have loaded.
  Any ideas?

  MSE doesn't sync with WLC when added with PI 2.1.1
  CSCup93101
  Description
  Symptom:
  NMSP is not active between MSE and WLC when added using PI 2.1.1.
  Conditions:
  This applies to only MSE added Prime Infrastructure after upgrade to 2.1.1 on Prime Infrastructure.
  If the MSE was already added to Prime Infrastructure in 2.1 or previous releases, and then upgrade to PI 2.1.1 was performed customers will not run into the NMSP problem between MSE and WLC after the PI upgrade to PI 2.1.1.
  Workaround:
  Push a template (Templates > Features and Technologies > Controller > Security > AAA > AP or MSE Authorization) with MSE MAC address and key hash.
  Please contact Cisco TAC for a patch.
  Last Modified:
  Dec 11,2014
  Status:
  Fixed
  Severity:
  2 Severe
  Product:
  Network Level Service
  Known Affected Releases:
  (1)
  2.1(1)

• Transfer of Licenses on Wireless Controller 2504

  we have two controllers, they were initially set up to operate independently but are not set up as Primary and Secondary with N+1 fail over.  Can the licenses from the secondary controller be transferred to the primary? 
  wireless controller is 2504

  Hi
  Did these WLC only have base AP license or adder license.
  Base AP: *** You cant remove base-ap license from WLC and transfer to other.
  Adder : *** Yes you can transfer adder license from one WLC to other.
  Permanent or base licenses—These licenses are programmed into the controller hardware at the time of manufacturing. These licenses are base count licenses that cannot be deleted or transferred.
  Adder licenses—These licenses are wireless access point count licenses that you can activate by accepting the RTU EULA. The EULA states that you are obliged to purchase the specified access point count licenses at the time of activation. You must activate these licenses for the purchased access points count and accept the EULA.
  To know more contact Cisco TAC.
  Regards
  Dont forget to rate helpful posts

• Wireless Controller locking down User per SSID

  I am using Wireless Controller 4112. We use WPA enterprise mode for authentication and encryption via Microsoft IAS server and MS AD domain.
  My question is how to lock down a user to a specific SSID? I would guess that this is via some vendor specific radius attributes, am I right? And if so, what would be the name (and ID) for the attributes?
  Thanks in advance.

  Making progress in setting up the wireless controller with multiple VLAN and WLAN/SSID. I create a virtaul interface at the controller and assign a VLAN number to it. The controller mgmt port is also set to a trunk port. Create a new SSID WLAN and have it mapped to the new virtual interface. Things work good.
  The new problem I am trying to solve is how to prevent wired users to access the controller admin web interface via the virtual interface IP. I try create ACL and map it to the virtual interface. It doesn't seem working.

• Trouble with WPA in WDS between AE and WRT54G

  Hi folks, I've have WDS with my AEBS as a remote base station and a Linksys WRT54G as the main base station. I've be running smoothly with 128 bit WEP encryption for about 6 months, so last weekend I tried upgrading the network to WPA personal .
  As soon as I go to WPA the AEBS stops talking to the WRT54G. My G4 powerbook can get an get an IP address directly from the WRT54G (when it's in range) so I'm confident the WPA password is correct. Other than changing the wireless security settings I left the AEBS configuration the same as was working for WEP.
  I'm running Airport Admin 4.2 and I've tried both firmware 5.6 and 5.5.1 -- same problem in each case. No connection between AEBS and WRT54G.
  I had hoped the AEBS would send and error messages to the system console, but so far I have found no useful diagnostic to debug this problem.
  Anyone out there get WPA encryption working for a wireless distribution system between AEBS and WRT54G ?
  Thanks,
  David

  Thanks for the reply Henry.
  Hmm... I'm running WRT54G firmware version: v4.20.6, May. 26, 2005.
  The SSID's are the same (WEP still works) and personal WPA in the WRT54G is set up using a pre-shared key and TKIP algorithm.
  And yet still with DHCP turned on I see that my AEBS is generating "local" IP addresses 256.xxx.xxx.xxx rather than getting an address from the range served by the WRT54G. Since this same configuration work using 128 bit WEP I'm assuming the issue is that the AEBS and WRT54G aren't talking properly.
  Do you have a pointer to the previous discussion that suggested WPA on an Linksys AEBS WDS is possible? ... maybe I can contact the author directly.
  Thanks again,
  David

• Problems between a Wireless Controller and a Switch.

  I have a Wireless Controller 4402 connected to one sw2960G.
  I configured the controller with LAG and the switch (sw2960G) with etherchanel.
  I connected the controller 2 distribution ports to the 2 ports of the switch (configured with etherchanel).
  It worked like it should work.
  But the problem is like this: if I take one cable that is connected to the switch and unplugged that cable from the switch (if that cable is the one connected to controllers port one) I have connectivity between both machines.
  If I plug in the switch the cable connected to controller port one and take the other cable and unplugged that cable from the switch I stop the connectivity between the two machines.
  I think that was not supposed to happen… because the LAG in the controller should put every AP in the second controller's port, and the connectivity between the machines should not end.
  Can any one help me?
  Can any one tell me what I am doing wrong?
  Thanks in advance,
  Rui

  With LAG enabled in the controller I think I can have only one ap-manager interface.
  The LAG will (it is supposed to) do the load balance automatically.
  I mean, if one of the interfaces is “down” the other will have to coupe with all the AP's.
  I should have always connection between the controller and the switch.
  The STP of the controller is configured by default (STP Mode = OFF).
  In the case of etherchannel load balance… I saw the Cisco documentation and I did not saw any thing about that. I think that The LAG as to do that for the controller… I'm right about that?
  I will see the link that you advised…
  Can you help me?
  Thanks,
  Rui

• Connectivity between 3850 and wireless radio controller

  We are connecting a remote warehouse to corporate office through wireless radio controllers. we connected corporate office controller to a 3750 and configured the port as trunk. we connected the remote controller to a new 3850 switch. we are unable to ping radio controllers or switches. Any help would be greatly appreciated.

  Interface is showing up up.
  LAN-B55-F3-R325-SW01#sh int g1/0/1
  GigabitEthernet1/0/1 is up, line protocol is up (connected)
    Hardware is Gigabit Ethernet, address is d48c.b596.c501 (bia d48c.b596.c501)
    Description: *** Connection to Radio Controller ***
    MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
    input flow-control is off, output flow-control is unsupported
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 363
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 10000 bits/sec, 18 packets/sec
    5 minute output rate 86000 bits/sec, 135 packets/sec
       514671015 packets input, 73497025643 bytes, 0 no buffer
       Received 1085394 broadcasts (366403 multicasts)
       0 runts, 2 giants, 0 throttles
       1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
       0 watchdog, 366403 multicast, 0 pause input
       0 input packets with dribble condition detected
       612703588 packets output, 91643874369 bytes, 0 underruns
       0 output errors, 0 collisions, 3 interface resets
       0 unknown protocol drops
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier, 0 pause output
       0 output buffer failures, 0 output buffers swapped out
  LAN-B55-F3-R325-SW01#