WLAN Controller 4402 - Port HA Fails

Similar Messages

• Wlan Controller 4402 with 15 APs (1242 ag)

  Can anyone help me to configure 4402 wlan controller ( deploying procedure ) with 15 access points .
  Rgds,
  Senthil

  Hi Senthil,
  Very broad question but I will send you some links and see if that helps. You can please come back if you have any doubts on the same.
  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42lwap.html
  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/ccfig42.html
  HTH
  Ankur
  *Pls rate all helpfull post

• 1131ag LWAP in WLAN controller 4402

  Hi, i have 1131ag but at controller 4402 i see Number of radio interfaces 2, 802.11b/g/n admin status enable, oper status up and regulatory domain supported, but en 802.11a/n admin status enable, oper status down and regulatory domain not supported, why 802.11a is not supported?

  hello, AP is the model AIR-LAP1131AG-A-K9 and I configured the controller with the code of mexico MX. Now try the U.S. code, but it is the same result.
  Juan Ramon
  thanks....

• Voice over WLAN Controller 4402

  Hi,
  I am trying to get QoS running on a 4402 controller and am having some challenges. I have created a Voice VLAN and have placed its SSID into the Platinum Prfile. The port coming out from the controller is setup as a dot1Q trunk.
  When I span the controller port and run a sniffer trace I see that phones QoS settings are still being set as best effort 00.
  Any recommendations would be appreciated
  Thanks

  Hi
  When you say it's marked as 00 are you talking COS or DSCP?
  If you look at the Platinum QoS profile in the Controller's Web GUI, you'll see a box named 'Wired Protocol' or something like that... This you can change to dot1p, at which point a '6' in a box will appear. Setting this to '5' should bring it in line with other Cisco kit.
  I'd also clear off the unnecessary commands on the switch port:
  switchport priority extend trust
  auto qos voip trust
  Finally - if you are using VLAN2 for one of the wired VLANs (especially the Voice VLAN) set the native VLAN to another unused one... the native VLAN won't have any CoS marking on it. Alternatively if you can confirm from your network capture that packets are DSCP marked correctly you can just set the port to 'mls qos trust dscp'.
  Regards
  Aaron
  Please rate helpful posts...

• Wlan controller distribution port link down

  I have one wlc 4402 and in one distribution is a 1000Base T modul from 3Com (3CS93FP).
  I have a fast ethernet switch, but i couldn?t configure the port. i see only link status down. What could happened.
  Thank?s in advance
  tempomat

  If you are referring to connecting the 1000BaseT to your FastEthernet port, it is not possible: Although the 1000BaseT is spec'ed as 10/100/1000, the wlc4400 does not currently support anything other than 1000 (1GB) connection.

• WLAN controller 4400 series, use service-port for initial configuration, IP address?

  Hi, Everyone,
  I just got a new Cisco  Wlan controller 4402 from somebody else but I can't find a suitable console cable( DB-9 console on the controller) , I googled everywhere and I read I could use service port to do the initial configuration, the CISCO FAQ says initial IP for service port is 192.168.1.1, I tried use Cross-over   cable to connect a PC to the service port directly and use a normal cable with a switch to connect the service port and  a PC, both of the connections do not work out:  from the PC, I can't ping 192.168.1.1 ( PC IP changed to 192.168.1.20) , nor can I go http://192.168.1.1 .  The service port Link is solid GREEN and ACT is solid GREEN, the PC NIC says Connected with 100 Mbps , so I'm wondering the IP address of service port is not 192.168.1.1?  Please help.
  Any sussgestions and advices are  greatly appreciated.

  Hi,
  plz connect service port to the switch port that should be configured as access.
  connect a pc (ip address - as u mentioned) to the other port of the switch. both wlc and pc should be in same vlan (create a temperary vlan).
  try https to access the wlc.
  Thanks

• Data flow using a WLAN controller

  Can someone explain the flow of data from wireless client to some destination in the internal network (or the Internet) using a WLAN Controller? Use a 4402 as an example.
  Specifically, I am wondering if client traffic actually passes thru the WLAN Controller (4402). I am reading the configuration guide and it doesn't seem to be explicitly stated one way or the other.

  Hi Ken,
  This is a very common question these days.
  Here is a recent thread as well as an excerpt from a good doc:
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddaca5d
  In the Cisco Centralized WLAN architecture, LWAPP-enabled access points operate in the lightweight mode (as opposed to the autonomous mode). The access points associate to a Cisco WLAN controller. The controller manages the configuration, firmware, and control transactions such as 802.1x authentication. In addition, all wireless traffic is tunneled through the controller.
  LWAPP is an IETF draft protocol that defines the control messaging for setup and path authentication and run-time operations. LWAPP also defines the tunneling mechanism for data traffic.
  In an LWAPP environment, a Cisco Aironet LWAPP-enabled access point discovers a controller by using LWAPP discovery mechanisms and then sends it an LWAPP join request. The controller sends the access point an LWAPP join response allowing the access point to join the controller. When the access point is joined, the controller downloads its software if the versions on the access point and controller do not match.
  LWAPP secures the control communication between the access point and controller by means of a secure key distribution, utilizing X.509 certificates on both the access point and controller.
  From this doc:
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_quick_start09186a00805100f5.html#wp47092
  Hope this helps!
  Rob
  Please remember to rate helpful posts.........

• WLAN Controller - reg

  Hi, I have been working with WLAN controller 4402 for a while now however some strange thing happened this morning. all registered LWAP APs disappeared. upon rebooting, all of the APs came back (registered) but started disapperaring one by one after a few seconds. anyone knows whts happening?

  Hi, I checked the time on the controller and adjusted it accordingly but the same thing keeps happening. the debugs show the controller receiving LWAPP Discovery Requests and responding succefully yet nothing else happens.
  below is some logs
  P Disassociated. Base Radio MAC:00:1b:2a:12:71:50
  2 Tue Jun 10 08:11:16 2008 AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1b:2a:12:71:50 Cause=Max Retrasmission
  3 Tue Jun 10 08:11:16 2008 AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1b:2a:12:71:50 Cause=Max Retrasmission
  4 Tue Jun 10 08:11:04 2008 AP with Base Radio MAC 00:1b:2a:12:71:50 (NSSF-BLKA08thfloor-AP08B) is unable to associate. The regulatory domain configured on it '-E' does not match the controller's country code: Argentina
  5 Tue Jun 10 08:11:02 2008 AP Associated. Base Radio MAC: 00:1b:2a:12:71:50
  6 Tue Jun 10 08:10:59 2008 AP Disassociated. Base Radio MAC:00:1b:2a:12:71:f0
  7 Tue Jun 10 08:10:59 2008 AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1b:2a:12:71:f0 Cause=Max Retrasmission
  8 Tue Jun 10 08:10:59 2008 AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1b:2a:12:71:f0 Cause=Max Retrasmission
  9 Tue Jun 10 08:10:58 2008 AP Disassociated. Base Radio MAC:00:1b:2a:12:70:a0
  10 Tue Jun 10 08:10:58 2008 AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1b:2a:12:70:a0 Cause=Max Retrasmission
  11 Tue Jun 10 08:10:58 2008 AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1b:2a:12:70:a0 Cause=Max Retrasmission
  12 Tue Jun 10 08:10:58 2008 AP Disassociated. Base Radio MAC:00:1e:7a:3a:a9:90
  13 Tue Jun 10 08:10:58 2008 AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1e:7a:3a:a9:90 Cause=Max Retrasmission
  14 Tue Jun 10 08:10:58 2008 AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1e:7a:3a:a9:90 Cause=Max Retrasmission
  15 Tue Jun 10 08:10:56 2008 AP Disassociated. Base Radio MAC:00:1b:2a:12:71:20
  16 Tue Jun 10 08:10:56 2008 AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1b:2a:12:71:20 Cause=Max Retrasmission
  17 Tue Jun 10 08:10:56 2008 AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1b:2a:12:71:20 Cause=Max Retrasmission
  18 Tue Jun 10 08:10:56 2008 AP Disassociated. Base Radio MAC:00:1b:2a:12:72:50
  19 Tue Jun 10 08:10:56 2008 AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1b:2a:12:72:50 Cause=Max Retrasmission
  20 Tue Jun 10 08:10:56 2008 AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1b:2a:12:72:50 Cause=Max Retrasmission
  21 Tue Jun 10 08:10:53 2008 AP Disassociated. Base Radio MAC:00:1b:2a:12:70:20
  22 Tue Jun 10 08:10:53 2008 AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1b:2a:12:70:20 Cause=Max Retrasmission
  23 Tue Jun 10 08:10:53 2008 AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1b:2a:12:70:20 Cause=Max Retrasmission
  24 Tue Jun 10 08:10:48 2008 AP with Base Radio MAC 00:1b:2a:12:71:f0 (NSSF-BLKA05thfloor-AP05B) is unable to associate. The regulatory domain configured on it '-E' does not match the controller's country code: Argentina
  25 Tue Jun 10 08:10:47 2008 AP with Base Radio MAC 00:1b:2a:12:70:a0 (NSSF-BLKA06thfloor-AP06B) is unable to associate. The re

• I need to bridge a printer off a wireless bridge using a 4402 WLAN Controller

  I need to bridge a printer off a wireless bridge using a 4402 WLAN Controller.  Would I need to make any changes on the 4402 WLAN Controller?

  One options is to take a cisco autonmous access point and configure it as a WGB. And no, you would not have to do anything special to the WLC in thay deisgn. The WGB would act as a wireless client.
  Make sense?

• Cisco 1010AP Can't find 4402 WLAN controller

  Hi folks,
  I'm running a 4402 WLAN controller running 5.2 code. I've got some 1010APs that don't associate with the WLC. I'm trying to keep the setup basic. The access points are plugged into the same VLAN as the native vlan for port1 on the controller. I've setup a DHCP server in the manner documented. The WLAN controller is configured as a master server. This is the message that I get in the web interface for WLC:
  AP with MAC 00:0b:85:6e:4a:90 (AP 1010 #1) is unknown.
  Any clues as to what I'm doing wrong?

  Hi Daniel,
  You won't like this I'm sure, but this is why the 1010 is not working;
  **Note: Controller software release 5.0.148.0 or later is not compatible with Cisco Aironet 1000 series access points.
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn52.html
  Hope this helps!
  Rob

• Wireless lan Controller 4402 / ping dynamic interface failed

  hi,
  i've a problem with a Wireless Lan Controller 4402.
  When i configure the dynamic interface on the my network , with wired lan
  i don't reach (i use the ping command) the ip address of the WLC.
  In my case (wired):
  On my pc i've a ip 10.1.78.1 255.255.0.0 and dgw 10.1.1.1 (vlan721)
  The lan WLC have a ip of management 10.12.2.4 /24 (vlan799) [dgw 10.12.2.1]
  dynamic vlan 792 ip add 10.12.78.100 / 22 (vlan792) [dgw 10.12.68.1]
  i ping these interfaces (10.12.2.4 and 10.12.78.100) and the ping is ok.
  When i create a dynamic interface vlan 721 starting the problem:
  dynamic vlan 791 ip address 10.1.1.240 / 16 (vlan721)
  After this ......the ping on 10.12.2.4 and 10.12.78.100 don't respond very well
  and i lose the 80-90% of the ping packages.
  through the wi-fi instead I do not have problems.
  the problem exist only via wired (cable).
  Can you help me?
  Thanks
  FCostalunga

  Hello,
  Pinging the dynamic interface is officially not supported. The reason why is because the controller places a very low priority on ICMP traffic. Typically, you will not have an issue with doing so on your wireless network because this interface is basically a gateway for the client. However, from the wired network - the only interface designed to respond to pings 100% of the time is the management interface. Hope this helps!
  -Mark

• Communication between : AP and WLAN controller

  Hi,
  The communication between AP and WLAN Controller is ( Data and Control ) UDP.
  Source port 1024 and destination port 12222 and 12223. Actually which device listen to which port or both should listen as control and data can be generated from both the devices.
  How does the user ( wireless client) traffic is switched - if user traffic is a TCP traffic. It will be sent to WLANC and then WLANC forwards it to respective VLAN or default gateway ( depending upon the destination in the packet ).
  Please explain / share the experience.
  any link on cisco.com
  Thanka in advance
  Subodh

  "the LWAPP Control and Data messages are encapsulated in UDP packets that are carried over the IP network. The only requirement is established IP connectivity between the access points and the WLC. The LWAPP tunnel uses the access point's IP address and the WLC's AP Manager interface IP address as endpoints. The AP Manager interface is explained in further detail in the
  implementation section. On the access point side, both LWAPP Control and Data messages use an ephemeral port that is derived from a hash of the access point MAC address as the UDP port. On the WLC side, LWAPP Data messages always use UDP port 12222. On the WLC side, LWAPP Control messages always use UDP port 12223.
  The mechanics and sequencing of Layer 3 LWAPP are similar to Layer 2 LWAPP except that the packets are carried in UDP packets instead of being encapsulated in Ethernet frames."
  Taken from "Cisco 440X Series Wireless LAN Controllers Deployment Guide"

• AIR-LAP1310G-E-K9 acces point not joining to 5508 wlan controller

  Hi,
  I have Cisco AIR-LAP1310G-E-K9 access point and 5508 wlan controller with version 7.0.220 and it is joining to the WLAN controller.  I have enabled dhcp in the lan controller and i dont have external dns server. How to fix this issue?  Can this LAN controller version will support this access point? 
  My Lan Controller Management IP Address is 10.10.10.5
  Please find the below configuration of 1300 access point.
  AP001d.4513.dd68#reload
  Proceed with reload? [confirm]
  %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
  %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.
  flashfs[0]: 4 files, 2 directories
  flashfs[0]: 0 orphaned files, 0 orphaned directories
  flashfs[0]: Total bytes: 7741440
  flashfs[0]: Bytes used: 2052608
  flashfs[0]: Bytes available: 5688832
  flashfs[0]: flashfs fsck took 14 seconds.
  Base ethernet MAC Address: 00:1d:45:13:dd:68
  Initializing ethernet port 0...
  Reset ethernet port 0...
  Reset done!
  ethernet link up, 100 mbps, full-duplex
  Ethernet port 0 initialized: link is up
  Unable to get our ip address: no "IP_ADDR" variable set
  The system has been encountered and error initializing
  tftp file system. The system is ignoring the error and
  continuing boot. If you interrupt the system boot process,
  the following commands will set IP_ADDR, DEFAULT_ROUTER
  and NETMASK environment variables, initializing tftp file
  system, and finish loading the operating system software:
      set IP_ADDR
      set DEFAULT_ROUTER
      set NETMASK
      tftp_init
      boot
  Loading "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx"...############################################################################################################################################################################################
  File "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx" uncompressed and installed, entry point: 0x3000
  executing...
                Restricted Rights Legend
  Use, duplication, or disclosure by the Government is
  subject to restrictions as set forth in subparagraph
  (c) of the Commercial Computer Software - Restricted
  Rights clause at FAR sec. 52.227-19 and subparagraph
  (c) (1) (ii) of the Rights in Technical Data and Computer
  Software clause at DFARS sec. 252.227-7013.
             cisco Systems, Inc.
             170 West Tasman Drive
             San Jose, California 95134-1706
  Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2008 by Cisco Systems, Inc.
  Compiled Wed 19-Mar-08 19:09 by prod_rel_team
  Image text-base: 0x00003000, data-base: 0x003BE9E0
  Initializing flashfs...
  flashfs[1]: 4 files, 2 directories
  flashfs[1]: 0 orphaned files, 0 orphaned directories
  flashfs[1]: Total bytes: 7741440
  flashfs[1]: Bytes used: 2052608
  flashfs[1]: Bytes available: 5688832
  flashfs[1]: flashfs fsck took 2 seconds.
  flashfs[1]: Initialization complete....done Initializing flashfs.
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco AIR-LAP1310G-E-K9R   (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
  Processor board ID FHK1133E002
  PowerPCElvis CPU at 262Mhz, revision number 0x0950
  Last reset from reload
  LWAPP image version 3.0.51.0
  1 FastEthernet interface
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 00:1D:45:13:DD:68
  Part Number                          : 73-8960-09
  PCA Assembly Number                  : 800-24963-06
  PCA Revision Number                  : A0
  PCB Serial Number                    : FOC113000V7
  Top Assembly Part Number             : 800-28479-05
  Top Assembly Serial Number           : FHK1133E002
  Top Revision Number                  : B0
  Product/Model Number                 : AIR-LAP1310G-E-K9R
  The name for the keys will be: ap.cisco.com
  % The key modulus size is 1024 bits
  % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
  ip ssh version 2
      ^
  % Invalid input detected at '^' marker.
  transport input ssh
                   ^
  % Invalid input detected at '^' marker.
  aaa new-model
  ^
  % Invalid input detected at '^' marker.
  aaa authentication login default enable local none
  ^
  % Invalid input detected at '^' marker.
  o
  ^
  % Invalid input detected at '^' marker.
  Press RETURN to get started!
  *Mar  1 00:00:05.442: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
  *Mar  1 00:00:06.473: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
  *Mar  1 00:00:07.817: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2008 by Cisco Systems, Inc.
  Compiled Wed 19-Mar-08 19:09 by prod_rel_team
  Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
  transport input ssh
                   ^
  % Invalid input detected at '^' marker.
  *Mar  1 00:00:33.860: %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
  *Mar  1 00:00:33.860: %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER
  *Mar  1 00:00:33.861: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
  logging origin-id string AP:001d.4513.dd68
           ^
  % Invalid input detected at '^' marker.
  logging 255.255.255.255
          ^
  % Invalid input detected at '^' marker.
  logging trap 3
          ^
  % Invalid input detected at '^' marker.
  *Mar  1 00:00:37.440: Logging LWAPP message to 255.255.255.255.
  AP001d.4513.dd68>
  %LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
  %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
  Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
  %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  AP001d.4513.dd68>

  Your debug is very telling ..
  AP001d.4513.dd68>
  %LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
  %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
  Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
  %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  AP001d.4513.dd68>
  What are you using to tell the AP where the contoller lives ? Since you are consoled into the ap you can use the -> capwap ap controller ip address
  This will point the ap to your controller
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Cisco LWAP & WLAN Controller Flexconnect Across HP Switches

  Hello All, I'm looking for a little guidance in making the needed routing and switching configuration changes on our Corporate Network to accomadate flex connect functionality for Cisco Lightweight Access Points (LWAPs).  The LWAPs that are currently configured on our network only work when our WLAN Controller is up and running and I need for them to be disconnectable so that we can move the WLAN Controller to our virtual co-lo.  It should be known that I inhereted this network from the previous admin and have been working hard to map everything out to the best of my ability.  Also, the WLAN controller is already operating in our production network so it limits my ability to do much testing. 
  Just FYI, I'm a new Systems Admin promoted from a Desktop Support role and have my CCENT (Currently working on CCNA & MCITP Server Admin) so I have some knowledge but it is limited on the networking and switching side of things.  Unfortunately, the Senior Systems Admin has even less knowledge of networking than me and I don't really have anyone to turn to which is why I'm posting here.  I would have utilized GNS to help me simulate the configuration however there are HP switches in the mix and no means of emulating them.
  -Relevant Device List-
  (CONSA251) Sonicwall  NSA 240 - 10.1.1.251
    Interface Information 
  Interface    IP Address    Description   
  X0  ->  LAN
    10.1.1.251   LAN Interface  
  X1  ->  WAN
    *************   Time Warner WAN  
  X2  ->  DMZ
    *************   DMZ Interface  
  X3  ->  WAN
    *************   Sprint WAN  
  X0-V20  ->  LAN
    10.1.101.1   Corporate WLAN  
  X0-V30  ->  LAN
    192.168.1.1   Guest WLAN 
  (CORT250) Cisco 3845 - 10.1.1.250
  (CO-WLAN-CTRLER) Cisco 5508 Wireless Controller - 10.1.1.2
  (COSW240) HP Procurve 4108GL - 10.1.1.240
  (COSW238) HP Procurve 2510B-24 - 10.1.20.238
  (CORP-AP-MIS) AIR-LAP1131AG-A-K9 - 10.1.1.79
  (COSW239) HP1810G-24 - No IP (Inaccesible but being replaced)
  I will now go on to explain our network topology as it pertains to the WAPs and WLAN Controller and how I believe it needs to be configured in order to operate from my perspective. 
  Our Corporate and Guest Wireless Access is provided via the Sonicwall CONSA251 through a connection from the X0 interface to HP Switch COSW239 which is then connected to WLAN Controller CO-WLAN-CTRLER as detailed below:
  Device - Interface Name/Port
  CONSA251 - X0
  COSW239  - 2
  COSW239  - 18,19
  CO-WLAN-CTRLER - 2,3
  The WLAN Controller currently communicates with all the LWAPs via Layer 3 TCP\IP as I understand it and then routes all DHCP requests and traffic destine for the 10.1.101.1 (corporate WLAN) and 192.168.1.1 (Guest WLAN) to the Sonicwall and vice versa.
  Now what I am trying to do is VLAN the LWAP CORP-AP-MIS across the HP Switches to the X0 interface on the Sonicwall NSA240 where it will be able to route traffic via VLAN 20 & 30.  The problem lies in my inexperience with HP VLAN configurations and how the ports need to be configured on each device so it can route traffic to the Sonicwall when the WLAN Controller is shutdown.
  The LWAP CORP-AP-MIS layer 2 trace to the WLAN Controller is as shown below:
  Device - Interface Name/Port
  CORP-AP-MIS -  FA/0
  COSW238     - 16
  COSW238     - 25
  COSW240     - B4
  COSW240     - H6
  CORT250     - GigabitEthernet0/0
  CORT250     - Se1/0
  CONSA251    - X0
  Now for all intesive purposes the Corporate Router CORT250 should probably be handling the routing for our Corporate and Guest Wireless network however that was not the way it was originally setup and I have to work with what was inhereted.  The Corporate Router CORT250 has a default route to the Sonicwall and the Sonicwall CONSA251 has all the routing already in place for the Corporate & Guest WLANs.
  What I would like to do is VLAN off the X0-V20&V30 accross multiple switches and switchports to each LWAP in our building.  I do have the LWAP I'm testing on configured with Flex Connect which I understand is required for it to be disconnectable.
  Any guidance on how I would go about configuring this accross devices would be appreciated.  I know there are some difference between HP and Cisco Switching terms and how tagging, untagging, and trunking works however I lack the experience to apply this in practice especially in a production environment. 
  I will be happy to provide any additional information or clarification that is needed.  Thank you in advance for the help.

  Just to add about the ISE... you can profile, but having only one ssid might or might not work in your situation.  Also if you end up with remote sites or ap's in h-reap mode, currently ISE cant do any profiling.  If you go with the 7500 or 5508/WiSM2, they don't really do an active-active or active backup. They are both up and you can split the load or put all ap's on one, its up to you.  I usually split the load just to make sure both are working.  I don't want to all of a sudden loose the primary and then find out my secondary/backup is not working.

• WLAN controller redundancy over IP VPN

  Customer currently has a Cisco 5500 WLAN controller at one of our datacenters. They want to add a WLAN controller as redundancy at their local site which shall be used as a secondary failover controller. This site is reachable over VPN. Which redundancy options do I have here? As i understand with HA functions the controllers has to be within the same L2 network and have low latency. Is my only option here to manually configure a new controller, buy double the AP licenses and copy the config from the old one? And if the first fail the APs would need to reboot and reassociate with the secondary controller?
  Would be really greatful if someone could point me in the right direction :)

  You have a few options .. 
  1. Buy two fully licensed controllers. One primary one secondary and configure as such.
  2. HA N+1 where you buy one fully licensed controller and one HA controller or a controller with a minimum of 50 licenses. Put the secondary controller into ha mode and it will go to max licenses. 
  http://www.cisco.com/c/en/us/td/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide/Licensing.html
  3. APSSO AND CLIENT SSO this is where you need layer 2. There is a data base that syncs between the
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.pdf