Wireless Design - WLC Configuration
Soon to be working on a design for a Wireless installation across one of our buildings. The wireless survery has been completed, and we'll be installing 175 APs, across the 3 floors of the
building.
With regards to the back-end WLC setup, I have a few queries around the WLC configuration. We're looking at implementing the 4400 series of devices, and due to us having nearly 200 APs, we'll need at least 2 x 4404 or 4 x 4402 - I'm assuming its simpler to have fewer devices to make management simpler.
Also, looking at the Cisco reference material, they recommend that a 4404 can support up to 100 APs, with regards configuring the ports on the box, would I need to configure LAG across the WLC
ports in order for it to accomodate all of the Access Points. If we were to go with a scenario of using 2 x 4404 devices, would we be in a position whereby if we lost a Controller, we'd lose
all of the Access Points associated with that Controller? In order for us to have full resiliency, we'd need an additional 4404 controller for the APs to failover on too?
From a licensing perspective, we'll be purchasing a licence to cover 200 APs.
TIA
Do you think that the phone carrier change the Android OS kernel and removed the proxy setting option before they sell it to consumers? If it's so why would they do such thing?
As far as I'm aware, no. Phone carriers don't care about wi-fi proxy. They won't make any money if they do and they equally won't make money if they don't. This "proxy" issue came straight from the developers of the Android OS themselves. It's been highlighted since day one of the Android release. This is why some browsers have incorporated proxy settings to their application because the Android OS developers are not interested to fix this shortfall.
RE: iPhone and iPad users if you use Windows proxy server and intergrated Windows authentication is enabled the credential should not be prompted for user if it's already entered in their devices.
Unfortunately, I don't have the details with me right now but I'll try to see if I still have this information when I go back to work.
Similar Messages
-
Question about Wireless Design and Controller
Hi Everyone,
Although I am not new to Cisco, I have somewhat limited experience with Wireless in general. I was hoping to get your help with the following:
We currently have a total of 8 1130AG, 4 on each floor. They were configured a few years ago, and now we are looking to update the design a bit. Each AP has its own SSID, and just provide internet access. Looking at the configuration, I noticed that they are not configured to use proper channels, just random channels (9, 10, 11, instead of 1, 6, 11, etc.). I noticed that when I roam between one AP to another, I lose about 4-8 pings before I re-establish connectivity again.
Here are my questions:
1. Do I need a controller in order to use just one SSID for the whole setup instead of the 8 seprate ones we currently have?
2. Will the controller helps in providing seamless transition when a client roams between AP's?
3. Is it normal to loose connectivity roaming around?
4. Can I reconfigure the current setup to use just one SSID and provide better transition between AP without the use of a controller?
5. Which controller would you recommend?
We don't have a need to anything fancy ,I am aware that I can enable multiple SSID, VLAN's, etc. Just trying to keep it as simple as possible, yet reliable.
Your input is appreciate.
Thanks1. With 8 AP's only, a WLC would be nice-to-have but not necessary. You can configure WLSE and it will do some limited functions.
2. This depends on the signal strengths, wireless coverage and configuration. If you enable WLSE, for instance, and you have no wireless black spots, then roaming should be no issues.
3. See #2.
4. You can configure multiple SSID (up to 16 are broadcasted) but if one AP doesn't have the SSID you use for roaming, the association will drop when the client tries to join that particular AP. It's like mobile phone towers. If your carrier is not in the area, you sure won't be able to use your mobile phone in that area.
5. For 8 1130 APs, I'd recommend the smallest of the lot: 2106 with either 6, 12 or 25 AP licenses. I'd recommend you the 25 AP licenses. If your finances allow you something bigger, then consider either the 4402 (25 AP licenses) or the 5508.
Cisco 2100 Series Wireless LAN Controllers
http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps7206/ps7221/product_data_sheet0900aecd805aaab9.html
Cisco 4400 Series Wireless LAN Controllers
http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps6307/product_data_sheet0900aecd802570b0_ps6366_Products_Data_Sheet.html
Cisco 5500 Series Wireless Controllers Data Sheet
http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps10315/data_sheet_c78-521631.html -
Hi guys........just have few qestions about designing WLC 5508
The scenario is that currently one of the client has a firewall Tiering T1 internet facing and T2 internal whioch has multiple DMZ connected.
T2 firewall has a DMZ switch connected which has a router which connects to MPLS cloud to different site across the country. (around 10 sites) all static routing.
Now the client is thinking to deploy wireless at all 10 sites using H-REAP. The issue is that client has only one WLC and they are not willing to buy other as i was thinking to deploy two WLC one for corporate and one for guest users. (one in internal network and on in DMZ)
Now my question is as follwow.
1- Keeping in mind that there is only one WLC where should i physically put it?
2- How guest users will work ? How the authentication will be done?
3-There are 8 SFP ports in WLC how physical topology will look like?
4-How many Vlans i have to make for wirless users will that be 10? (1 at each site) ?
my last question is that how these ports work on WLC are they just like swicth e.g one port can be assigned to different vlan....just confuse about interfaces and vlans on WLC (interfces concept)
Thanks guy and hope to get a response ASAP.1- Keeping in mind that there is only one WLC where should i physically put it?
Well since you will also be supporting Corporate and I'm guessing that is where the WLC sites, it should be in the inside network. You would just need to allow udp 5246 & 5247
2- How guest users will work ? How the authentication will be done?
Guest users can use webauth in which the credentials will be stored on the WLC.
3-There are 8 SFP ports in WLC how physical topology will look like?
This is the tricky part. You can either lag or not lag. You can't split up the lag (etherchannel). So you can either use all 8 if you with and create an etherchannel and then acl the guest traffic out the internet or you can put the guest on a layer 2 vlan in which you would connect that out to the dmz. Or you can use one port for the management and also have a backup port, one for your internal wireless and also have a backup port and the same for guest. SO it would look like this:
Management primary port 1 backup port 2
SSID primary port 3 backup port 4
Guest primary port 5 guest port 6
OR
Management & SSID's primary port 1 backup port 2
Guest primary port 3 guest port 4
4-How many Vlans i have to make for wireless users will that be 10? (1 at each site) ?
If you use local switching which I would think you would, the vlans for the SSID at the remote site will be created locally at each remote site. If you want to centrally switch, means all traffic will come back to the WLC, then you will need at least one. Now you can use a large subnet or have a subnet for each site, its up to you. You would use AP Groups for that.
my last question is that how these ports work on WLC are they just like switch e.g one port can be assigned to different vlan....just confuse about interfaces and vlans on WLC (interface concept)
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Hi guys........just have few qestions about designing WLC 5508
The scenario is that currently one of the client has a firewall Tiering T1 internet facing and T2 internal whioch has multiple DMZ connected.
T2 firewall has a DMZ switch connected which has a router which connects to MPLS cloud to different site across the country. (around 10 sites) all static routing.
Now the client is thinking to deploy wireless at all 10 sites using H-REAP. The issue is that client has only one WLC and they are not willing to buy other as i was thinking to deploy two WLC one for corporate and one for guest users. (one in internal network and on in DMZ)
Now my question is as follwow.
1- Keeping in mind that there is only one WLC where should i physically put it?
2- How guest users will work ? How the authentication will be done?
3-There are 8 SFP ports in WLC how physical topology will look like?
4-How many Vlans i have to make for wirless users will that be 10? (1 at each site) ?
my last question is that how these ports work on WLC are they just like swicth e.g one port can be assigned to different vlan....just confuse about interfaces and vlans on WLC (interfces concept)
Thanks guy and hope to get a response ASAP.OSITAN N Many thanks please comment
Internet
FW 1
! <---------------------Traffic comming this way
FW2--------DMZ--------------SW---------- Router -----------------IP MPLS-----------------
------Trusted----- ! !
! ------Branch Router-------> RT
! ! ! SW
DSN AD DHCP !
AP
USER
1 Where WLC Place so that Guest trafice dont go to Trusted area?
2. Its gona be H-Reap so DHCP would be local for branch
3. Voce user Qos? priority how ? example
4 Guest Firewall rules to use only internet ? -
Wireless LAN Connection Configuration
Need Basic Wireless LAN Connection Configuration Example
Hi
This link provide WLC configuration examples
http://www.cisco.com/c/en/us/support/wireless/5500-series-wireless-controllers/products-configuration-examples-list.html
Refer config guides if you need step by step guide for all features configurations
HTH
Rasika
*** Pls rate all useful responses *** -
Can some please help me with the Wireless LAN Connection Configuration?
I want to configure WLC in my Testing Lab , need help with the step by step configuration of WLC.
Please go through the below link for the Basic Wireless LAN Connection Configuration Example.
The below link has end – end configuration steps with the images.
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/68005-wlan-connect.html
Have i answered for your query. -
Question regarding Wireless design
Hi,
I am planning for a wireless design for a new site and would like to understand the following
1. Should I go with the Access Point (AP) that support 2.4 GHz or 5 GHz or both
2. What is the average coverage area in meters or feet for both the frequencies
3. If the overall area is 2000 Sq. feet with few walls in between, how many access points will be required approximately
4. What is the leading practice on the number of users per AP
5. What are the circumstances when a Wireless controller need to be deployed. Is it purely based upon the number of AP's to manage?
6. Should there be a separate DHCP scope for each AP? If not, how to AP's communicate with each other if there is no controller deployed?
Your time for answering these will be highly appreciated. Thank you.Hi Manoj,
Here is my responses to your qurey.
1. Should I go with the Access Point (AP) that support 2.4 GHz or 5 GHz or both
BOTH
2. What is the average coverage area in meters or feet for both the frequencies
These days coverage is not the primary criteria, its capacity. Roughly you need to put a AP for each 20-25 devices for normal data usage.
3. If the overall area is 2000 Sq. feet with few walls in between, how many access points will be required approximately
Based on the number of devices expected in each area you can determine that. If you do a survey do it in 5GHz which is lower cell size.
4. What is the leading practice on the number of users per AP
If it is typical data usage (email, browsing,etc) then 20-25 users per AP. If you require Video/voice then this number comes down to around 10.
5. What are the circumstances when a Wireless controller need to be deployed. Is it purely based upon the number of AP's to manage?
Always go for a Controller managed solutions. It is very hard to control RF environment if you go to manage then individually.(like autonomous AP)
6. Should there be a separate DHCP scope for each AP? If not, how to AP's communicate with each other if there is no controller deployed?
No, you can have single DHCP scope for AP. As long as AP & WLC have layer 3 reachability it will comunicate with each other using CAPWAP protocol.
HTH
Rasika
**** Pls rate all useful responses **** -
How to see version history of changes of a design or configuration object.
Hi All,
Is it possible to see a version history of the changes of a particular design or configuration object?
If so then please let me know, how we look that?
Regards,
SooryaHi,
U have to check all the versions,modified date ,type(created,change) in all the developed objects history.Select any developed object like data type,message type, mapping,interface mapping in IR and also in ID Objects.Select developed object,then go to its menu ,then select __History__.it shows all the information about that object.
Thanks
Ravi -
Force Integration Builder (Design and Configuration) language to be English
Hi Experts!
Does anyone know how to force the Integration Builder (Design and Configuration) language to be English? Since SSO is configured the logon screen do not appear and users can not choose the language they want. The problem is that the default language is German instead of English.
Thanks in advance.
Roger Allué i VallHi,
I've changed these parameters in the ExchangeProfile:
com.sap.aii.directory.serviceuser.language
com.sap.aii.integrationserver.serviceuser.language
com.sap.aii.ib.client.login.languages
com.sap.aii.ib.client.content.languages
com.sap.aii.adapterframework.serviceuser.language
com.sap.aii.rwb.serviceuser.language
com.sap.aii.applicationsystem.serviceuser.language
com.sap.aii.docu.languages
com.sap.aii.repository.serviceuser.language
Now all they have the value EN. I also restarted the applications (Server --> Services --> Deploy) :
sap.com/com.sap.aii.af.app
sap.com/com.sap.aii.af.cpa.app
However, nothing changed. Maybe I have to restart all the J2EE Engine?
Thanks in advance.
Roger Allué i Vall -
Wap200 wireless access point configuration
hi guys
I have a wap200 wireless access point configured and connected to the switch 2690 switch on vlan1, when I connect the wireless access points to the switch the port become disabled, is there a way to overcme this problem.
thank youHi Senzo.
Do you know the reason for the port becoming disabled? Can you run a "show int status err" on the switch and see if it give a reason for the port shutting down?
Matthew
Sent from Cisco Technical Support iPad App -
Guest wireless WLC configuration doubts
Hi Experts,
I have one WLC which is configured as a Foreign controller and other is configured with Anchor which is connected in DMZ ( behind firewall ) ...
I have one more Anchor controller which is physically connected to other remote office ...
As of now ,All guest clients are connecting to remote site anchor controller which is suppose to connecte locally configured anchor controller.
Can anybody suggest me ... what configuration or settings i need to look into so that guest clients can be connected to locally configured Anchor controller.
Please suggest me ....So you want the remote Anchor controller to be treated as a backup. Right ?
In my knowledge, that's not possible to use only one anchor controller at one time. since we have to enter the Anchor controller details in the foreign controller. So if we enter both the Anchor controllers in the Foreign controller they will start load balancing.
Other process is - make a manual entry in the Foreign controller at the time of primary anchor controller failure so that the traffic start moving to remote anchor controller. This is a work around.
Otherwise I don't know if there are any settings which can be done at the Primary Anchor controller to switch to backup controller in the event of failure. -
Hi!
Looking for some input on some design options for NAC with a wireless deployment since OOB and IB are now both options.
In a campus environment of up to 300 wireless users, in-band seems good so that we can have one SSID, but restrict a user login to a role and apply restrictions on the appliance, but I'm concerned about the common issue of the appliance becoming a bottleneck.
My other thought too would be have multiple SSIDs (VLANs) and have multiple appliances handle certain VLANs, but this is pricey.
In wireless OOB, it appears you can only have one "access" VLAN to maps users to (I guess b/c that is all the WLC supports?), so that does not work for us as we need to have employees and guests (among others, separated).
Please correct me on any misunderstandings.
All insight appreciated. Thanks for the input!Your understanding is correct.
For 300 wireless users, you may want to go inband and do enforcement at the NAC server level.
For OOB, you need to make different SSID for different roles.
e.g. Guest, Employees and Contractor
You can look at the configuration example too for OOB Wireless NAC 4.5 here:
http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080a138cc.shtml -
Just recently bought a couple of 5508's, one for lab and one for production.
So I am at early stage design here.
I have a few questions
I would like to create one vlan, that is trunked across all 8 floors of company, distrubution switches and associated AP's per floor.
Once a client tries to connect I would like them to be able to use their domain credentials (LDAP) to authenticate against the wireless
infrastructure. Once they authenticate, they are granted access to the wireless vlan which has connectivity back to the network.
From a design perspective is this the best way to go about doing this ? I see that there is a section for LDAP authentication, if they
are already logged into the domain and then undock their laptop and connect over wireless will they have to retype in the username and password ?
Seamless would be nice
From a guest (in house consultant) perspective, how do I design for just allowing them wireless access but only to the internet and not have access to rest of internal network. Is there a way to differnetiate via vlan assigment is they are a guest or an authenticated user ?
Pretty new to this 5508, but so far it looks great. Any advice / help would be appreciated.
Cheers
DaveLet's try to do it point by point.
If you are to accept guests, you are better with a separate SSID with no authentication. That separate SSID will be on a separate vlan so you just have to configure ACLs on your network to prevent internal network access.
With regards to authentication, LDAP is a user database. You still need an authentication server. WLC can act as one but it's not as good as a real aaa/radius server.
So the best is to have WLC using a radius server (Microsoft NPS/IAS or Cisco ACS or whatever) that will do PEAP authentication and will use Active Directory as the database (The radius server is using AD as database, not WLC).
This allows to dynamically assign vlans and funny stuff that radius server allows.
To have it "seemless" you can pre-configure the client supplicants to do PEAP and automatically use Windows login credentials, so they won't be prompted if all goes well.
For specific questions, I think all is covered in the WLC config guide but this should be a good set of pointers for you to know where to look.
Hope this clarifies.
Nicolas -
WLAN Clients not browsing on Cisco Wireless Controller WLC NME-AIR-WLC12-K9
HiI have a question and i need a solution and expert help.I have done a deployment which involves Security (ASA5540), Routing/voice gateway/wlc NME-AIR-WLC12-k9) and Switching (Cisco3845-ccme/k9)Below is the list of equipment used:1. Cisco ASA 5540 - which is connected at the edge to the ISP router
2. Core Switch WS-C4948E as core and DHCP Server for all VLANs
3. Access/Distribution Switches WS-C3560G-48PS-S connected as trunk to the core switch
4. Router/Voice Gateway/WLC Cisco3845-CCME/K9 - This is the voice gateway and also the WLC
5. Wireless APs AIR-LAP1242AG-E-K9 (12 qty)Here is the deployment scenario:1. G0/0 of the ASA is connected to a 7200 router from the ISP (Public IP Add)
2. G0/1 of the ASA is connected to gig 1/3 on the Core Switch on VLAN 2 which is the management VLAN (Local IP 10.1.1.2)
3. Port 3 of the Core switch is on vlan 2 connected to ASA - Management IP of Core Switch is 10.1.1.1. Core Switch is the DHCP Server for all VLANS on the network.
4. All the Access/Distribution switches are configured with IP Addresses on VLAN 2
5. Telephony Services is configured on the router and DHCP Pool for Access Points and Wireless Clients is running on the router.
6. Two DHCP pools were created on the router for APs and Wireless Clients.
7. G0/0 of the router is configured on the same network that issues dhcp ip to the AP and is connected to gig 1/1 on the core switch
8 G0/1 of the router is configured as the voice port for the IP Telephony Services and is connected to G 1/2 on the core switch1. Clients receiving DHCP IP on the Core Switch can communicate with all vlans and can browse to the Internet.
2. IP Telephony Services is running well.
3. Client on wireless can get IP from the DHCP on the router but cannot browse.I have pings from the router to the core switch and firewall, but clients connected to the wireless
cannot ping other vlans on the core switch and vice versa.The port connecting the router to the core switch is an Access Port, i have changed to to trunk but still no changes.My biggest problem now is how to make the clients on the wireless communicate with other clients on the network and be able to browse to the Internet.Below is the configs on the router and core switch.Router ConfigNimc_Voice_Router#sh run
Building configuration...
Current configuration : 10513 bytes
! Last configuration change at 13:03:55 Nigeria Mon Nov 29 2010 by admin
! NVRAM config last updated at 13:03:56 Nigeria Mon Nov 29 2010 by admin
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Nimc_Voice_Router
boot-start-marker
boot-end-marker
! card type command needed for slot/vwic-slot 0/2
logging message-counter syslog
enable secret
aaa new-model
! aaa authentication login default local
aaa session-id common
clock timezone Nigeria 1
dot11 syslog
ip source-route
ip dhcp excluded-address 10.1.12.1 10.1.12.10
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp pool LWAAP-AP
network 10.1.12.0 255.255.255.0
default-router 10.1.12.1
option 43 hex f104.c0a8.0002
dns-server 83.229.88.30 4.2.2.2 193.238.28.249
option 60 ascii "Cisco AP c1240"
ip dhcp pool Wireless
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
ip cef
no ip domain lookup
ip domain name nimc.gov.ng
ip name-server 83.229.88.30
ip name-server 193.238.28.249
ip name-server 4.2.2.2
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
archive
log config
hidekeys
interface GigabitEthernet0/0
description Connection to AP
ip address 10.1.12.1 255.255.255.0
ip helper-address 192.168.0.2
load-interval 30
duplex auto
speed auto
media-type rj45
interface Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/1
ip address 10.1.2.2 255.255.255.0
duplex auto
speed auto
media-type rj45
interface FastEthernet0/0/0
no ip address
shutdown
duplex auto
speed auto
interface Serial0/1/0
no ip address
shutdown
no fair-queue
clock rate 2000000
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
interface Integrated-Service-Engine1/0
ip address 192.168.0.1 255.255.255.0
no keepalive
interface Integrated-Service-Engine1/0.15
encapsulation dot1Q 15
ip address 192.168.1.1 255.255.255.0
interface Integrated-Service-Engine1/0.100
encapsulation dot1Q 100
ip forward-protocol nd
ip forward-protocol udp 12223
ip route 10.1.0.0 255.255.255.0 10.1.1.1
ip route 10.1.1.0 255.255.255.0 10.1.1.1
ip route 10.1.2.0 255.255.255.0 10.1.1.1
ip route 10.1.3.0 255.255.255.0 10.1.1.1
ip route 10.1.4.0 255.255.255.0 10.1.1.1
ip route 10.1.5.0 255.255.255.0 10.1.1.1
ip route 10.1.6.0 255.255.255.0 10.1.1.1
ip route 10.1.7.0 255.255.255.0 10.1.1.1
ip route 10.1.8.0 255.255.255.0 10.1.1.1
ip route 10.1.9.0 255.255.255.0 10.1.1.1
ip route 10.1.10.0 255.255.255.0 10.1.1.1
ip route 10.1.11.0 255.255.255.0 10.1.1.1
ip route 10.1.12.0 255.255.255.0 10.1.1.1
ip route 192.168.0.0 255.255.255.0 10.1.1.1
ip route 192.168.1.0 255.255.255.0 10.1.1.1
no ip http server
ip http secure-server
!Core Switch Configsh run
Building configuration...Current configuration : 10622 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
hostname Nimc_Core
boot-start-marker
boot-end-marker!
aaa new-model
aaa authentication login default local
aaa session-id common
storm-control broadcast include multicast
ip subnet-zero
no ip domain-lookup
ip domain-name nimc.gov.ng
ip dhcp excluded-address 10.1.2.1 10.1.2.10
ip dhcp excluded-address 10.1.4.1 10.1.4.10
ip dhcp excluded-address 10.1.5.1 10.1.5.10
ip dhcp excluded-address 10.1.6.1 10.1.6.10
ip dhcp excluded-address 10.1.7.1 10.1.7.10
ip dhcp excluded-address 10.1.8.1 10.1.8.10
ip dhcp excluded-address 10.1.9.1 10.1.9.10
ip dhcp excluded-address 10.1.10.1 10.1.10.10
ip dhcp excluded-address 10.1.3.1 10.1.3.10
ip dhcp pool Voice
network 10.1.2.0 255.255.255.0
next-server 10.1.2.1
option 150 ip 10.1.2.2
default-router 10.1.2.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
ip dhcp pool SF_DGs_Office
network 10.1.3.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.3.1
dns-server 81.199.3.7
lease 10
ip dhcp pool Admin_Process_Fac_Mgt
network 10.1.4.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.4.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool SF_IDD
network 10.1.5.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.5.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool Finance_Fin_Inv
network 10.1.6.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.6.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool Finance_CS
network 10.1.7.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.7.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool FF_Human_Capital_Mgt
network 10.1.8.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.8.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool FF_Legal_Services
network 10.1.9.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.9.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool SF_Procurement_Serv
network 10.1.10.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.10.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip vrf mgmtVrf
errdisable recovery cause bpduguard
errdisable recovery interval 180
power redundancy-mode redundant
spanning-tree mode mst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree mst configuration
name xxxx
revision 1
instance 1 vlan 1-20
spanning-tree mst 1 priority 0
spanning-tree vlan 1-20 priority 0
vlan internal allocation policy ascending
interface FastEthernet1
ip vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/2
switchport access vlan 4
switchport mode access
spanning-tree portfast
interface GigabitEthernet1/3
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/4
switchport mode access
spanning-tree portfast
interface GigabitEthernet1/5
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/6
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/7
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/8
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast!
interface GigabitEthernet1/9
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/10
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/11
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/12
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/13
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/14
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/15
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/16
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/17
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/18
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/19
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/20
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/21
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/22
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/23
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/24
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/25
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/26
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/27
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/28
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/29
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/30
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/31
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfastinterface GigabitEthernet1/32
switchport access vlan 2
switchport voice vlan 4
interface GigabitEthernet1/33
switchport mode access
interface GigabitEthernet1/34
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/35
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/36
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/37
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/38
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/39
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/40
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/41
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/42
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/43
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/44
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/45
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/46
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/47
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/48
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan1
no ip address
shutdown
interface Vlan2
description Management
ip address 10.1.1.1 255.255.255.0
interface Vlan3
description Enterprise
ip address 10.1.0.1 255.255.255.0
interface Vlan4
description Voice
ip address 10.1.2.1 255.255.255.0
interface Vlan5
description SS_DGs_Office
ip address 10.1.3.1 255.255.255.0
interface Vlan6
description Admin_Process_Fac_Management
ip address 10.1.4.1 255.255.255.0
interface Vlan7
description SF_National_Identity_Database
ip address 10.1.5.1 255.255.255.0
interface Vlan8
description Fin_Finance_Investment
ip address 10.1.6.1 255.255.255.0
interface Vlan9
description Fin_Corporate_Services
ip address 10.1.7.1 255.255.255.0
interface Vlan10
description FF_Human_Capital_Management
ip address 10.1.8.1 255.255.255.0
interface Vlan11
description FF_Legal_services
ip address 10.1.9.1 255.255.255.0
interface Vlan12
description SF_Procurement_Services
ip address 10.1.10.1 255.255.255.0
ip default-gateway 10.1.1.2
ip route 0.0.0.0 0.0.0.0 10.1.1.2
ip route 10.1.1.0 255.255.255.0 10.1.1.2
ip route 10.1.2.0 255.255.255.0 10.1.1.2
ip route 10.1.3.0 255.255.255.0 10.1.1.2
ip route 10.1.4.0 255.255.255.0 10.1.1.2
ip route 10.1.5.0 255.255.255.0 10.1.1.2
ip route 10.1.6.0 255.255.255.0 10.1.1.2
ip route 10.1.7.0 255.255.255.0 10.1.1.2
ip route 10.1.8.0 255.255.255.0 10.1.1.2
ip route 10.1.9.0 255.255.255.0 10.1.1.2
ip route 10.1.10.0 255.255.255.0 10.1.1.2
ip route 10.1.11.0 255.255.255.0 10.1.1.2
ip http server
--More--
control-plane
line con 0
stopbits 1
line vty 0 4
end
Please i need somebody to help meI wouldn't configure an ip address on the service engine subinterface.
Try setting up a vlan interface on the router with that ip address and the subinterface will be linked to the vlan interface through the encapsulation command. A vlan interface will better work as a gateway for the wireless clients
Nicolas -
Wireless Design - Best Practices for Data, Voice, and LBS
Hi,
I am currently in the process of designing a WLAN for a new hospital and I am getting some push back from my sales team. The requirements of the WLAN are data, voice, and location based services (RFID for medical equipment) ... needs to be 2.4 GHz for Guest and some apps/clients but primarily 5 GHz for most of the clients ... lastly needs to be N compatible for future use.
So, I did a predictive design with 1252's on the perimeter with 2.4 and 5 GHz patch antennas and 1142's in the middle to fill gaps ... I also scoped out 2 5508 for redundancy .... total design with -65 at my edges was 169. However, this is getting push back because of several cost issues ....
1. The bundle that Cisco offers for 5 100 AP license 5508 WLC is cheaper than buying 2 250 AP licenses WLC's ... which doesn't make any sense to me because I think 5 devices is over kill
2. The sales engineer is concerned about the power issues with the 1252's ... customer would rather not use power injectors ... and although they would have 6500's at there core ... they would only have basic switches in their IDF's so I wasn't sure which POE Switches would be able to handle 1252 but cost was an issue there as well
So, for my understanding when you are doing a WLAN design for LBS it's always best to have APs or antennas on the perimeter for better triangulation ... it makes more sense to me to do that with patch instead of Omni's ... however my sales engineer wants to use all 1142's ... so my question is what are the pro and cons behind using all Omni's or using Patch and Omni's?
Furthermore, if anyone has any documentation supporting why I would not use all Omni's that would be great because all the articles I have read on LBS just state that placement of APs is critical but doesn't give no specifics on whether it's a good practice to place them on the perimeter using a specific type of antenna or what.
Thanks in advance for you help and any ideas about this design!!!1. The 5508 is expensive because it's alot faster than the 4400 plus there are some features exclusive to the 5508 such as OfficeExtend. As the old network design adage goes: Your design can be done correctly, cheap or fast. Choose two.
2. The 1250 requires 19.5w of power to enable FULL MCS rates to both radios. Only the 3560E, 3750E or the Sup720 is capable of supporting that. Upgrading the IOS of the 1250 to 12.4(10b)JDA3 will allow the AP to operate both radios at 15.4w BUT at a lower MCS rates. Correct placement of the AP and the correct use of the antennaes will also help in the signal distribution.
3. Patch antennaes are mostly directional. The 1140 is onmi-directional BUT the signal strength is not as powrful as the 1250 at full power. The AIR-ANT2451NV is an omni-directional patch designed for the 1250.
Cisco Aironet Antennas and Accessories Reference Guide
http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/product_data_sheet09186a008008883b.html
Cisco Aironet 2.4 GHz and 5 GHz Antennas and Accessories
http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/product_data_sheet09186a008022b11b.html
Some of the new patch antennaes for the 1250
Cisco Aironet Dual Band MIMO Low Profile Ceiling Mount Antenna (AIR-ANT2451NV-R)
http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant2451nv.pdf
Cisco Aironet Very Short 5-GHz Omnidirectional Antenna (AIR-ANT5135SDW-R)
http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant5135sdw.pdf
Cisco Aironet Very Short 2.4-GHz Omnidirectional Antenna (AIR-ANT2422SDW-R)
http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant2422sdw.pdf
Cisco Aironet 5-dBi Diversity Omnidirectional Antenna (AIR-ANT2452V-R)
http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant2452v.pdf
Cisco Aironet 5-GHz MIMO Wall-Mounted Omnidirectional Antenna (AIR-ANT5140NV-R)
http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant5140nv.pdf
Cisco Aironet 5-GHz MIMO 6-dBi Patch Antenna (AIR-ANT5160NP-R)
http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant5160np.pdf
Cisco Aironet 2.4-GHz MIMO Wall-Mounted Omnidirectional Antenna (AIR-ANT2450NV-R)
http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant2450nv.pdf
Cisco Aironet 2.4-GHz MIMO 6-dBi Patch Antenna (AIR-ANT2460NP-R)
http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/data_sheet_ant2460np.pdf
Maybe you are looking for
-
Drag drop photo import to aperture folder why auto new project folder appear .
i do import photos from desktop to folder that i want in the aperture libary . as soon as i drag and drop photos automatically new peoject folder appear in the libabry as name untitled project.. why? i dont want that new project folder. i try to d
-
Problems with google stuff on Firefox
Recently, My Firefox has problems with googling stuff. For example, when I try to access simple Google.com on the address bar, it gives unusual error: Secure Connection Failed www.google.ca uses an invalid security certificate. The certificate does n
-
Exiting Bridge CS4 causes system to reboot.
I have been running CS4 on a Dell 3400 with Windows XP Professional for about a year with no problems. Recently however when I exit Bridge my system reboots on it's own. Oddly enough this does not happen when I open Bridge from within Photoshop the
-
Wie kann ich Lightroom 5 mit dem Internet verbinden?
Seit Lightroom 5 behauptet die Anwendung, ich habe keine Internetverbindung, was definitiv nicht stimmt. Daran scheitert sowohl die Übertragung eines fertiggestellten Buchprojekts an blurb als auch updates und verbindung zu Hilfeseiten aus der Anwend
-
How to restore recent changes from back up when lightroom 5 did not shut down properly?
I'm working on a Mac, which did an auto-update that apparently force quit Lightroom 5, which hadn't been closed for a week and thereby had a lot of "unsaved" work in its temporary files. Now when I open the catalogue I'm back to where I was a week ag