Wlan controller connections

I have two options when connecting wlan controller 4404:
1) to a 2600 router (outside internal lan)
2) to a 2900 catalyst (inside lan)
Which one should I take as the best one ?

By default, controllers block Telnet sessions. You must use a local connection to the serial port to enable Telnet sessions.
direct ASCII serial connection to the controller console port
A remote console session over Ethernet through the pre-configured Service Port or through Distribution System Ports
Before you log into the CLI, configure your connectivity and environment variables based on the type of connection you use

Similar Messages

  • Can the 7510 WLAN controller connect via Gig Ethernet not 10G?

    Is it possible just to use the 2 x 1Gb connections, not the 10Gb ports?
    James

    The 1Gb ports are not meant for data connection.
    http://www.cisco.com/en/US/products/ps11635/products_tech_note09186a0080b7f141.shtml#pf

  • Communication between : AP and WLAN controller

    Hi,
    The communication between AP and WLAN Controller is ( Data and Control ) UDP.
    Source port 1024 and destination port 12222 and 12223. Actually which device listen to which port or both should listen as control and data can be generated from both the devices.
    How does the user ( wireless client) traffic is switched - if user traffic is a TCP traffic. It will be sent to WLANC and then WLANC forwards it to respective VLAN or default gateway ( depending upon the destination in the packet ).
    Please explain / share the experience.
    any link on cisco.com
    Thanka in advance
    Subodh

    "the LWAPP Control and Data messages are encapsulated in UDP packets that are carried over the IP network. The only requirement is established IP connectivity between the access points and the WLC. The LWAPP tunnel uses the access point's IP address and the WLC's AP Manager interface IP address as endpoints. The AP Manager interface is explained in further detail in the
    implementation section. On the access point side, both LWAPP Control and Data messages use an ephemeral port that is derived from a hash of the access point MAC address as the UDP port. On the WLC side, LWAPP Data messages always use UDP port 12222. On the WLC side, LWAPP Control messages always use UDP port 12223.
    The mechanics and sequencing of Layer 3 LWAPP are similar to Layer 2 LWAPP except that the packets are carried in UDP packets instead of being encapsulated in Ethernet frames."
    Taken from "Cisco 440X Series Wireless LAN Controllers Deployment Guide"

  • AIR-LAP1310G-E-K9 acces point not joining to 5508 wlan controller

    Hi,
    I have Cisco AIR-LAP1310G-E-K9 access point and 5508 wlan controller with version 7.0.220 and it is joining to the WLAN controller.  I have enabled dhcp in the lan controller and i dont have external dns server. How to fix this issue?  Can this LAN controller version will support this access point? 
    My Lan Controller Management IP Address is 10.10.10.5
    Please find the below configuration of 1300 access point.
    AP001d.4513.dd68#reload
    Proceed with reload? [confirm]
    %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
    %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.
    flashfs[0]: 4 files, 2 directories
    flashfs[0]: 0 orphaned files, 0 orphaned directories
    flashfs[0]: Total bytes: 7741440
    flashfs[0]: Bytes used: 2052608
    flashfs[0]: Bytes available: 5688832
    flashfs[0]: flashfs fsck took 14 seconds.
    Base ethernet MAC Address: 00:1d:45:13:dd:68
    Initializing ethernet port 0...
    Reset ethernet port 0...
    Reset done!
    ethernet link up, 100 mbps, full-duplex
    Ethernet port 0 initialized: link is up
    Unable to get our ip address: no "IP_ADDR" variable set
    The system has been encountered and error initializing
    tftp file system. The system is ignoring the error and
    continuing boot. If you interrupt the system boot process,
    the following commands will set IP_ADDR, DEFAULT_ROUTER
    and NETMASK environment variables, initializing tftp file
    system, and finish loading the operating system software:
        set IP_ADDR
        set DEFAULT_ROUTER
        set NETMASK
        tftp_init
        boot
    Loading "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx"...############################################################################################################################################################################################
    File "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx" uncompressed and installed, entry point: 0x3000
    executing...
                  Restricted Rights Legend
    Use, duplication, or disclosure by the Government is
    subject to restrictions as set forth in subparagraph
    (c) of the Commercial Computer Software - Restricted
    Rights clause at FAR sec. 52.227-19 and subparagraph
    (c) (1) (ii) of the Rights in Technical Data and Computer
    Software clause at DFARS sec. 252.227-7013.
               cisco Systems, Inc.
               170 West Tasman Drive
               San Jose, California 95134-1706
    Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2008 by Cisco Systems, Inc.
    Compiled Wed 19-Mar-08 19:09 by prod_rel_team
    Image text-base: 0x00003000, data-base: 0x003BE9E0
    Initializing flashfs...
    flashfs[1]: 4 files, 2 directories
    flashfs[1]: 0 orphaned files, 0 orphaned directories
    flashfs[1]: Total bytes: 7741440
    flashfs[1]: Bytes used: 2052608
    flashfs[1]: Bytes available: 5688832
    flashfs[1]: flashfs fsck took 2 seconds.
    flashfs[1]: Initialization complete....done Initializing flashfs.
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    cisco AIR-LAP1310G-E-K9R   (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
    Processor board ID FHK1133E002
    PowerPCElvis CPU at 262Mhz, revision number 0x0950
    Last reset from reload
    LWAPP image version 3.0.51.0
    1 FastEthernet interface
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 00:1D:45:13:DD:68
    Part Number                          : 73-8960-09
    PCA Assembly Number                  : 800-24963-06
    PCA Revision Number                  : A0
    PCB Serial Number                    : FOC113000V7
    Top Assembly Part Number             : 800-28479-05
    Top Assembly Serial Number           : FHK1133E002
    Top Revision Number                  : B0
    Product/Model Number                 : AIR-LAP1310G-E-K9R
    The name for the keys will be: ap.cisco.com
    % The key modulus size is 1024 bits
    % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
    ip ssh version 2
        ^
    % Invalid input detected at '^' marker.
    transport input ssh
                     ^
    % Invalid input detected at '^' marker.
    aaa new-model
    ^
    % Invalid input detected at '^' marker.
    aaa authentication login default enable local none
    ^
    % Invalid input detected at '^' marker.
    o
    ^
    % Invalid input detected at '^' marker.
    Press RETURN to get started!
    *Mar  1 00:00:05.442: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
    *Mar  1 00:00:06.473: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
    *Mar  1 00:00:07.817: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2008 by Cisco Systems, Inc.
    Compiled Wed 19-Mar-08 19:09 by prod_rel_team
    Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
    transport input ssh
                     ^
    % Invalid input detected at '^' marker.
    *Mar  1 00:00:33.860: %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
    *Mar  1 00:00:33.860: %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER
    *Mar  1 00:00:33.861: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
    logging origin-id string AP:001d.4513.dd68
             ^
    % Invalid input detected at '^' marker.
    logging 255.255.255.255
            ^
    % Invalid input detected at '^' marker.
    logging trap 3
            ^
    % Invalid input detected at '^' marker.
    *Mar  1 00:00:37.440: Logging LWAPP message to 255.255.255.255.
    AP001d.4513.dd68>
    %LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
    %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
    Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
    %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
    %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
    %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
    %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
    AP001d.4513.dd68>

    Your debug is very telling ..
    AP001d.4513.dd68>
    %LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
    %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
    Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
    %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
    %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
    %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
    %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
    AP001d.4513.dd68>
    What are you using to tell the AP where the contoller lives ? Since you are consoled into the ap you can use the -> capwap ap controller ip address
    This will point the ap to your controller
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • Cisco LWAP & WLAN Controller Flexconnect Across HP Switches

    Hello All, I'm looking for a little guidance in making the needed routing and switching configuration changes on our Corporate Network to accomadate flex connect functionality for Cisco Lightweight Access Points (LWAPs).  The LWAPs that are currently configured on our network only work when our WLAN Controller is up and running and I need for them to be disconnectable so that we can move the WLAN Controller to our virtual co-lo.  It should be known that I inhereted this network from the previous admin and have been working hard to map everything out to the best of my ability.  Also, the WLAN controller is already operating in our production network so it limits my ability to do much testing. 
    Just FYI, I'm a new Systems Admin promoted from a Desktop Support role and have my CCENT (Currently working on CCNA & MCITP Server Admin) so I have some knowledge but it is limited on the networking and switching side of things.  Unfortunately, the Senior Systems Admin has even less knowledge of networking than me and I don't really have anyone to turn to which is why I'm posting here.  I would have utilized GNS to help me simulate the configuration however there are HP switches in the mix and no means of emulating them.
    -Relevant Device List-
    (CONSA251) Sonicwall  NSA 240 - 10.1.1.251
      Interface Information 
    Interface    IP Address    Description   
    X0  ->  LAN
      10.1.1.251   LAN Interface  
    X1  ->  WAN
      *************   Time Warner WAN  
    X2  ->  DMZ
      *************   DMZ Interface  
    X3  ->  WAN
      *************   Sprint WAN  
    X0-V20  ->  LAN
      10.1.101.1   Corporate WLAN  
    X0-V30  ->  LAN
      192.168.1.1   Guest WLAN 
    (CORT250) Cisco 3845 - 10.1.1.250
    (CO-WLAN-CTRLER) Cisco 5508 Wireless Controller - 10.1.1.2
    (COSW240) HP Procurve 4108GL - 10.1.1.240
    (COSW238) HP Procurve 2510B-24 - 10.1.20.238
    (CORP-AP-MIS) AIR-LAP1131AG-A-K9 - 10.1.1.79
    (COSW239) HP1810G-24 - No IP (Inaccesible but being replaced)
    I will now go on to explain our network topology as it pertains to the WAPs and WLAN Controller and how I believe it needs to be configured in order to operate from my perspective. 
    Our Corporate and Guest Wireless Access is provided via the Sonicwall CONSA251 through a connection from the X0 interface to HP Switch COSW239 which is then connected to WLAN Controller CO-WLAN-CTRLER as detailed below:
    Device - Interface Name/Port
    CONSA251 - X0
    COSW239  - 2
    COSW239  - 18,19
    CO-WLAN-CTRLER - 2,3
    The WLAN Controller currently communicates with all the LWAPs via Layer 3 TCP\IP as I understand it and then routes all DHCP requests and traffic destine for the 10.1.101.1 (corporate WLAN) and 192.168.1.1 (Guest WLAN) to the Sonicwall and vice versa.
    Now what I am trying to do is VLAN the LWAP CORP-AP-MIS across the HP Switches to the X0 interface on the Sonicwall NSA240 where it will be able to route traffic via VLAN 20 & 30.  The problem lies in my inexperience with HP VLAN configurations and how the ports need to be configured on each device so it can route traffic to the Sonicwall when the WLAN Controller is shutdown.
    The LWAP CORP-AP-MIS layer 2 trace to the WLAN Controller is as shown below:
    Device - Interface Name/Port
    CORP-AP-MIS -  FA/0
    COSW238     - 16
    COSW238     - 25
    COSW240     - B4
    COSW240     - H6
    CORT250     - GigabitEthernet0/0
    CORT250     - Se1/0
    CONSA251    - X0
    Now for all intesive purposes the Corporate Router CORT250 should probably be handling the routing for our Corporate and Guest Wireless network however that was not the way it was originally setup and I have to work with what was inhereted.  The Corporate Router CORT250 has a default route to the Sonicwall and the Sonicwall CONSA251 has all the routing already in place for the Corporate & Guest WLANs.
    What I would like to do is VLAN off the X0-V20&V30 accross multiple switches and switchports to each LWAP in our building.  I do have the LWAP I'm testing on configured with Flex Connect which I understand is required for it to be disconnectable.
    Any guidance on how I would go about configuring this accross devices would be appreciated.  I know there are some difference between HP and Cisco Switching terms and how tagging, untagging, and trunking works however I lack the experience to apply this in practice especially in a production environment. 
    I will be happy to provide any additional information or clarification that is needed.  Thank you in advance for the help.

    Just to add about the ISE... you can profile, but having only one ssid might or might not work in your situation.  Also if you end up with remote sites or ap's in h-reap mode, currently ISE cant do any profiling.  If you go with the 7500 or 5508/WiSM2, they don't really do an active-active or active backup. They are both up and you can split the load or put all ap's on one, its up to you.  I usually split the load just to make sure both are working.  I don't want to all of a sudden loose the primary and then find out my secondary/backup is not working.

  • Virtual WLAN Controller Guest Anchor

    We are planning a WLAN upgrade and the security policy is to forward wireless Guest user traffic to the DMZ controllers. We are now considering the Virtual WLAN Controller and all AP's will register with the virtual controllers and we will use Flexconnect for Staff and internal traffic that will switch their traffic onto the local switch.
    We wish to forward the guest traffic to the DMZ Guest Anchor controller which will be a 5508 controller. This will also offer Office Extend AP service.
    I have looked at teh virtual controller docs and not very clear if this deployment model is supported. Below is a diagram of what we wish to deploy and can anyone advise if thsi is a supprted deployment model.

    Well you can use the vWLC to anchor to a 5508, but not the other way around. So if you use the DMZ 5508 for OfficeExtend, you will not be able to anchor the traffic back to the inside. Cisco doesn't support reverse anchoring for a Remote-LAN in OfficeExtend and requires you to actually have the OfficeExtend AP's connect to an inside WLC. In v7.0.x you were able to do this reverse anchor, but it was removed on later codes.
    Sent from Cisco Technical Support iPhone App

  • WLAN CONTROLLER 2100

    We have have three different locations on three different subnets 172.17.0.0/16, 172.20.0.0/24 and 172.21.0.0/24.
    An MPLS connects all three offices together.
    All three routers are doing DHCP server for their respective LAN
    All internet traffic must pass through 172.17.0.0/16 where I have my sonic wall firewall.
    My aim is to deploy the WLAN controller on the 172.17.0.0/16 network.
    Then plug 1131LAP access points on each of the subnets.
    Access points are able connect to the controller but my challenge is that when a client connects to an any of the APs, dhcp is assigned from the 172.17.0.0/16 LAN irrespective of which location the client is connecting from.
    When I log in to the controller I can see that the APs are assigned ip address from the dhcp server at their location e.g AP at 172.21.0.0/24 gets an ip address of 172.21.0.42/24 from its local router but when a client connects to that same AP the client is given an ip from 172.17.0.0/16 network.

    Thanks Scot. Yes I configured a guest WLAN and allowed tunnel to WLC but I had problem in dealing with access rule configuration.Here is what I did;
    I created a "Guest" interface on physical port number 2,then assigned a completely different IP address of 192.168.0.2
    Create a guest SSID and assigned it to the guest interface.
    On the firewall device (NSA 2400) I configured a second physical interface (GUEST ZONE) 192.168.0.1 and defined a dhcp scope on this interface
    Create access rule that
    Denys traffic from GUEST > LAN and LAN > GUEST
    Allows traffic from GUEST to WAN and WAN to GUEST
    Then connect WLC port 2 to the guest interface port on NSA 2400 device.
    When clients connects to the guest SSID,ip is assigned correctly from the Firewall device.
    From windows connection icon I can that there is access to the Internet but it won't browse
    Also a ping to the WLC interface 192.168.0.2 replies fine but
    Ping to firewall 192.168.0.1 times out continuously.
    Is it possible for me to define acl within the WLC that will block traffic from the guest LAN to our corporate LAN so that I can forget about the access rule within the NSA 2400 .?
    Once again thank you so much your post has being very helpful
    Sent from Cisco Technical Support iPad App

  • WLAN Controller not changing channels

    We have a 2000 wireless controller with 4 1240 access points connected to it. The users would like to run their current non-cisco wireless network until all testing has been completed with the new cisco wireless installation. We have their old wireless on channel 11. It is my understanding that the WLAN Controller should see the old wireless gear and readjust itself so that there no interference. Well the problem is that the Cisco aps that can see the old wireless gear is setting itself with the same channel and not adjusting itself, it basically acts like it doesn't even care that the other wireless network is there. Is there a setting somewhere that I'm missing on the controller?? Any help would be greatly appreciated..

    Is "Avoid non-802.11b noise" also checked?
    On the controller if you go to management->trap logs, do you see any events that mention RF Manager changing channels? How about interference profile failed?
    How about in monitor->rogue APs. Does it see the existing APs there?
    In Wireless->802.11b/g radios, what channels and power levels do you see for your current ones?
    Sorry for so many questions, I haven't see this as an issue before. One thing you could try is setting channel selection to manual and kicking it off. It shouldn't matter, but you never know.
    -Eric

  • WLAN Controller CDP

    CDP is a layer 2 protocol. Therefore, I have to assume that in a layer 3 routed architecture for a WLAN controller that the CDP information is tunneled back to the controller. What would cause the controller to NOT have accurate CDP information about all of its connected APs, assuming CDP is not globally and/or locally shut down?
    Regards,
    Scott

    Not directly related to your problem, but a good reason to upgrade and move away from 4.2.61.0 is a nasty bug I just ran into. Local account that expire are not removed from the controller's database (so they're still in there but not visible in your management interface nor CLI). Once the database fills up to the maximum configured (512 is the default) you can no longer create local accounts.
    CSCsm17944 :
    WLC does not recognize the expired lifetime of guest user accounts, so
    that the local user database is not cleared and can fill up with
    non-active entries, preventing any other local net users from being created.
    You can check the databse size and fill using the CLI command: Show database summary
    Just my 2 cents.
    Leo

  • Wlan Controller 2500

    Hi my friends:
    Its posible to implement feature H-reap in wlan controller 2504 with iso version7.2.103.0, because i dont have this option in my wlan controller.
    thank.
    Marco

    Hello,
    As per your query i can suggest you the following solution-
    Yes it is possible to implement feature H-reap in wlan controller 2504 with iso version7.2.103.0.This is known as flex-connect.
    For more details on how to configure flex-connect please refer to the link-
    http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html
    Hope this will help you.

  • WLAN controller 4400 series, use service-port for initial configuration, IP address?

    Hi, Everyone,
    I just got a new Cisco  Wlan controller 4402 from somebody else but I can't find a suitable console cable( DB-9 console on the controller) , I googled everywhere and I read I could use service port to do the initial configuration, the CISCO FAQ says initial IP for service port is 192.168.1.1, I tried use Cross-over   cable to connect a PC to the service port directly and use a normal cable with a switch to connect the service port and  a PC, both of the connections do not work out:  from the PC, I can't ping 192.168.1.1 ( PC IP changed to 192.168.1.20) , nor can I go http://192.168.1.1 .  The service port Link is solid GREEN and ACT is solid GREEN, the PC NIC says Connected with 100 Mbps , so I'm wondering the IP address of service port is not 192.168.1.1?  Please help.
    Any sussgestions and advices are  greatly appreciated.

    Hi,
    plz connect service port to the switch port that should be configured as access.
    connect a pc (ip address - as u mentioned) to the other port of the switch. both wlc and pc should be in same vlan (create a temperary vlan).
    try https to access the wlc.
    Thanks

  • WLAN Controller configuration help needed

    Hi,
    I need to configure AP with WLAN controller for guest access. we have 2 vlans. vlan 1 - guess vlan (internet only access) and vlan 2 - all access.
    while configuring wlan controller. which vlan should i configure as native vlan? I have radius server which would check health of the user and would direct wlan controller to put in user in vlan 1 or 2 depending on its credentials.
    please advise how to implement it. what would be initial steps.

    Hi,
    I have couple of doubts before going further for solution to implement ?
    What model of wlan controller & AP , you are using ?
    to configure the Controller , initially you need to configure the interface ( which are virtual ) .
    You need to connect controller to your existing LAN set-up may be one of the port of your core switch ............
    below are the interface which you need to configure in controller .......
    1) Management interface with IP ( which will be used to access your controller from lan ... ) this is ip should be able to ping from the network.
    2) AP manager IP ( this is again depend on model ) if it is 5500 , this is not required ..
    3) Virtual IP : this is should the IP address which is not at all there in your lan eq.1.1.1.1
    4) dynamic interface with IP : this is the interface which will map your vlan to WLAN
    once you create the mentioned interfaces , you need to create the wlan and map the above dynamic interface with respective wlan.if required you can configure the DHCP pool as well in controller for Wlan.
    let me know , whether this information helped  you ........................

  • Wlan Controller 2504

    Hi friends:
    I had configured in my wlan controller, 02 radius server for 802.1x authenticaction. I want to kown wich radius server will use my user to connect.
    I want that firt use the IP:10.240.4.7 and second the IP 10.240.134.7, but allway use the IP 10.240.134.7
    Best Regard,
    Marco

    Hi Marco,
    Are you saying that even though 10.240.4.7 is selected as the first server the authetication request are not at all going to that server? Are you able to see any passed or failed authetication logs on this ACS?
    Also im not sure which version of code you are running on WLC. You may have to look at  below document to understand more about RADIUS fallback feature.
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008098987e.shtml#passive
    Hope that helps
    Regards
    Najaf
    Please rate when applicable or helpful !

  • Wlan Controller Hotspot Solution

    Hi,
    We are using cisco wlan controller for our wireless network. By the way we need guest internet access for our guests. Can we make a hotspot solution with only our controller? I mean the user will join the guest network and then a web page opens then user enters the credentials. Then he can use the internet.
    Thanks.

    Its better to use different Vlans:
    The LAP is registered to the WLC. The WLC is connected to the Layer 2 switch. The router that connects the users to the WAN also connects to the Layer 2 switch. You need to create two WLANs, one for the guest users and the other for the internal LAN users. You also need a DHCP server to provide IP addresses for the guest and internal wireless clients. The guest users use web authentication in order to access the network. The internal users use EAP authentication. The 2811 router also acts as the DHCP server for the wireless clients.
    Note: This document assumes that the WLC is configured with the basic parameters and the LAP is registered to the WLC. Refer to Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC) for information on how to configure the basic parameters on a WLC and how to register the LAP to WLC.
    When configured as a DHCP server, some of the firewalls do not support DHCP requests from a relay agent. The WLC is a relay agent for the client. The firewall configured as a DHCP server ignores these requests. Clients must be directly connected to the firewall and cannot send requests through another relay agent or router. The firewall can work as a simple DHCP server for internal hosts that are directly connected to it. This allows the firewall to maintain its table based on the MAC addresses that are directly connected and that it can see. This is why an attempt to assign addresses from a DHCP relay are not available and the packets are discarded. PIX Firewall has this limitation.

  • Wlan controller, can't bring up the gui, please advise

    Hi,
    I as configuring WLAN controller, I did following configuration but I still couldn't bring up the GUI and I wasn't able to ping WLAN controller interface ip addresses from other devices and visa versa.
    Service Interface IP Address Configuration [none][DHCP]: none
    Service Interface IP Address: 10.10.10.1
    Service Interface Netmask: 255.255.255.0
    Enable Link Aggregation (LAG) [yes][NO]: yes
    Management Interface IP Address: 192.168.132.1
    Management Interface Netmask: 255.255.255.0
    Management Interface Default Router: 192.168.132.2
    Management Interface VLAN Identifier (0 = untagged):
    Management Interface DHCP Server IP Address: 192.168.132.111
    AP Manager Interface IP Address: 192.168.132.4
    AP-Manager is on Management subnet, using same values
    AP Manager Interface DHCP Server (192.168.132.111):
    Virtual Gateway IP Address: 10.42.1.230
    Mobility/RF Group Name: NapNac
    Network Name (SSID): test
    Allow Static IP Addresses [YES][no]: yes
    Configure a RADIUS Server now? [YES][no]: no
    Warning! The default WLAN security policy requires a RADIUS server.
    Please see documentation for more details.
    Enter Country Code list (enter 'help' for a list of countries) [US]: US
    Enable 802.11b Network [YES][no]: yes
    Enable 802.11a Network [YES][no]: yes
    Enable 802.11g Network [YES][no]: yes
    Enable Auto-RF [YES][no]: yes
    Configure a NTP server now? [YES][no]: yes
    Enter the NTP server's IP address: 10.50.2.3
    Enter a polling interval between 3600 and 604800 secs: 4000
    Configuration correct? If yes, system will save it and reset. [yes][NO]: yes
    >config network webmode enable
    >config network secureweb enable
    I did above config. but I still couldn't bring up the GUI.
    Please advise how do I resolved this.
    Thanks...

    Hello
    You can give your pc ip address 192.168.132.X and connect directly with the management interface (no lag configured)
    Possible problems
    ->Management interface doesn't tag frames while switch does
    Management Interface VLAN Identifier: xxx or put 0 and configure it as native vlan on the switch
    --> LAG wrong configured on the switch --> ports down
    Check if your etherchannel (LAG) on the switch is up
    Still not ok
    -> Default-gateway is wrong

Maybe you are looking for