WLAN Subnet

Similar Messages

• Wlan - subnet size

  I'm wondering if there's a best practice regarding the subnet size of the dynamic interface.
  Is for example a /16 recommended, knowing broadcast/multicast to the clients are disabled.
  I've a setup where via aaa override, the users are placed in their corresponding vlan: admin (wlan I), staff
  (wlan II), guest (wlan III). There's only a wlc on the central site. So all wireless traffic from all sites (connected via fiber) are passing through the wlc. 
  I'm wondering if there's a difference (performance,other?,...) between a solution with three vlans (one for each ssid but large enough) versus
  1)ap group solution with dedicates vlan
  2)assign a vlan via aaa override based on 'location' and function (admin,...)
  (staf from site 1 = staf from site 2)
  So what are you thinking?
  Pro's /contra's of a big subnet in this situation and in general deployment

  Davy,
  I chuckle when people ask this question. I say this because we are all use to small subnets, because of the broadcast / multicast drama that happens on the wired side. As you pointed out, the WLC proxys this for the clients so its never sent over the wireless.
  Ive designed many a WLANs. I normally lead with /21 or  /22 which in most environments works well.
  If there are specific location needs, perhaps NATing or special security segmentation one could venture to use AP groups. This would allow then piece of mind knowing each location is defined by an AP group. Good example would be something like PCI. This could also aid in management as well.
  So if you find yourself needing more control in the future, ap groups will give that ability.

• ASA 5505 9.1(2) NAT/return traffic problems

  As part of an office move we upgraded our ASA to 9.1(2) and have been having what seem to be NAT problems with some services ever since. These problems manifest themselves with return traffic. For example, network time sync (NTP, port 123) works fine from the ASA, but hosts on the inside network cannot access external NTP servers (ntpq -pe shows all servers stuck in .INIT. status), creating problems with drifting clocks. Services like XBox Live also do not work; the XBox device can contact the internet, but return traffic from the service never gets back to the device.
  For NTP specifically, I've tried allowing NTP 123 through the firewall, but it doesn't help. Conceptually, this should not be required since an inside host is initiating the connection and the NAT rules "should" allow the return packets. To further muddy the waters around NTP, a Linux VM CAN get NTP if it's network adapter is in NAT mode (so it's NAT'ing through the host workstation, then through the Cisco) but CAN NOT get NTP if the adapter is running in bridged mode (so the VM is talking directly to the ASA as if it were just another machine on the inside network).
  I've stripped down the ASA config to the basics level, but still can't get this resolved. The main symptom of the problem is that if I disable the access-list rules around ICMP, I'll see lots of ICMP warnings in the ASA logs, which seems to indicate that there are traffic problems communiating with the inside hosts. I've narrowed the problem down to the ASA since replacing the device with a simple Netgear consumer-grade "firewall" lets all this traffic flow just fine.
  Network is extremely basic:
  DHCP ASSIGNED IP from ISP <----------> ASA <-----------------> inside (192.168.50.X)
                                                                    ^
                                                                   |----------------------- guest vlan (10.0.1.X)
  show running-config:
  Result of the command: "show running-config"
  : Saved
  ASA Version 9.1(2)
  hostname border
  domain-name mydomain.com
  enable password aaa encrypted
  passwd bbb encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  switchport trunk allowed vlan 1,3
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.50.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address dhcp setroute
  interface Vlan3
  nameif Guest-VLAN
  security-level 10
  ip address 10.0.1.1 255.255.255.0
  boot system disk0:/asa912-k8.bin
  boot system disk0:/asa911-k8.bin
  boot system disk0:/asa831-k8.bin
  ftp mode passive
  clock timezone EST -5
  clock summer-time EDT recurring
  dns domain-lookup outside
  dns server-group DefaultDNS
  name-server 208.104.2.36
  domain-name domain
  same-security-traffic permit inter-interface
  object network obj_any
  subnet 0.0.0.0 255.255.255.0
  object network Guest-WLAN
  subnet 0.0.0.0 255.255.255.0
  description Interent access for guest Wireless
  object network xbox-nat-tcp3074
  host 192.168.50.54
  object network xbox-nat-udp3074
  host 192.168.50.54
  object network xbox-nat-udp88
  host 192.168.50.54
  object service xbox-live-88
  service udp destination eq 88
  object network xbox
  host 192.168.50.54
  object network obj-inside
  subnet 192.168.50.0 255.255.255.0
  object network obj-xbox
  host 192.168.50.54
  object network plex-server
  host 192.168.50.5
  object network ubuntu-server
  host 192.168.50.5
  description Ubuntu Linux Server
  object network ntp
  host 192.168.50.5
  object network plex
  host 192.168.50.5
  object network INTERNET
  subnet 0.0.0.0 0.0.0.0
  object-group service xbox-live-3074 tcp-udp
  port-object eq 3074
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group service plex-server-32400 tcp
  description Plex Media Server
  port-object eq 32400
  access-list outside_access_in extended permit object-group TCPUDP any object xbox object-group xbox-live-3074 log alerts
  access-list outside_access_in extended permit object xbox-live-88 any object xbox log alerts
  access-list outside_access_in extended permit tcp any any eq echo
  access-list outside_access_in remark Plex Live access
  access-list outside_access_in extended permit tcp any object plex-server object-group plex-server-32400
  access-list outside_access_in extended permit icmp any any time-exceeded
  access-list outside_access_in extended permit icmp any any unreachable
  access-list outside_access_in extended permit icmp any any echo-reply
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu Guest-VLAN 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-713.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  object network xbox-nat-tcp3074
  nat (inside,outside) static interface service tcp 3074 3074
  object network xbox-nat-udp3074
  nat (inside,outside) static interface service udp 3074 3074
  object network xbox-nat-udp88
  nat (inside,outside) static interface service udp 88 88
  object network plex
  nat (inside,outside) static interface service tcp 32400 32400
  object network INTERNET
  nat (inside,outside) dynamic interface
  nat (Guest-VLAN,outside) after-auto source dynamic any interface
  access-group outside_access_in in interface outside
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  no user-identity enable
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  aaa authentication telnet console LOCAL
  http server enable
  http 192.168.50.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  crypto ca trustpoint ASDM_TrustPoint0
  enrollment self
  subject-name CN=border
  crl configure
  crypto ca trustpool policy
  crypto ca certificate chain _SmartCallHome_ServerCA
  certificate ca xxxx
    quit
  crypto ca certificate chain ASDM_TrustPoint0
  certificate xxxx
    quit
  crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
  telnet timeout 5
  ssh 192.168.50.0 255.255.255.0 inside
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  vpn-addr-assign local reuse-delay 60
  dhcp-client client-id interface outside
  dhcpd auto_config outside
  dhcpd address 192.168.50.5-192.168.50.132 inside
  dhcpd address 10.0.1.50-10.0.1.100 Guest-VLAN
  dhcpd dns 208.104.244.45 208.104.2.36 interface Guest-VLAN
  dhcpd lease 86400 interface Guest-VLAN
  dhcpd enable Guest-VLAN
  threat-detection basic-threat
  threat-detection scanning-threat shun except ip-address 192.168.50.0 255.255.255.0
  threat-detection statistics
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  ntp server 152.19.240.5 source outside prefer
  ssl trust-point ASDM_TrustPoint0 outside
  username xxx password xxx/ encrypted privilege 15
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  service call-home
  call-home reporting anonymous
  call-home
  contact-email-addr [email protected]
  profile CiscoTAC-1
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  hpm topN enable
  Cryptochecksum:xxx
  : end

  Hi,
  Configuration seems fine.
  With regards to the ICMP, you could also add this
  class inspection_default
    inspect icmp error
  I would probably start by trying out some other software level on the ASA
  Maybe some 8.4(x) software or 9.0(x) software. See if it some bug perhaps.
  One option is ofcourse to capture traffic directly on the ASA or on the hosts behind the ASA. And go through the information with Wireshark.
  - Jouni

• Adaptiva Software Distribution not working with Cisco APs in Local Mode

  A worldwide customer would like to use a new Software distribution system called Adaptiva to replace SCCM within Windows environment. As far as I understand, Adaptiva is designed to work like a snowball system. A single PC at a remote side can be "infected" with new Software and will distribute the package to other PCs within the same IP-subnet, saving WAN bandwidth.
  First tests are showing that it is working well with Cisco WLAN solution as long as we are using Flexconnect WLAN APs.
  Customer locations with Local WLAN AP design create problems for this new software distribution method.
  The WLAN-PCs can be reached from outside, but the establishment of the Client/Server-model between the WLAN Clients is not working. The Port used by this software for communication between clients in each WLAN subnet is UDP Port 34329.
  Our WLCs are running at  7.4.130.0. The problem is appearing independently of AP Multicast settings or Broadcast Forwarding.  Enabling Broadcast forwarding without Reboot did not improve the situation.
  Global Multicast Mode and IGMP Snooping are also of no influence.
  P2P Blocking Action is "Disabled" within the WLAN setup.
  Who has any idea what might cause this communication problem between WLAN clients in Local Mode of APs ?
  Thank You for answers
  Wini

  I can think of two solutions. You could 1: turn the "auto-lock" to never, so that your phone never sleeps. Or, you could 2: jailbreak your iPhone and install "insomnia". I wish we had the Cisco Mobile app. I usually use wifi/insomnia and turn data off at work since we have wireless pretty much everywhere...
  Sent from Cisco Technical Support iPad App

• Wireless data flow

  I have a question about how wireless data traffic flows between 2 wireless clients that are associated with the same AP/WLAN/subnet. It doesn't have to go through the WLC, does it?
  Is this documented some where on Cisco website that I can find?
  Thanks
  Binh Dinh

  When the access point (AP) joins a Wireless LAN (WLAN) controller, a Lightweight Access Point Protocol (LWAPP) tunnel is formed between the two devices. All traffic is sent through the LWAPP tunnel, which includes all client traffic. The only exception to this is when an AP is in REAP mode. When the AP is in Remote-Edge Access Point (REAP) mode, the control traffic is still tunneled to the controller but the data traffic is bridged locally on the local LAN.
  Here is the link info:
  http://supportwiki.cisco.com/ViewWiki/index.php/In_LWAPP_network,_does_all_the_network_traffic_both_from_and_to_the_WLAN_client_tunneled_through_a_4400_series_WLAN_controller_that_runs_firmware_version_3.2,_once_a_connection_is_established

• Creating "guest" VLAN on WLC 4400, created interface not selectable

  Presently have an internal network WLAN (HREAP) setup and running. I'm trying to create a guest Internet-only WLAN referencing this link http://www.cisco.rw/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
  Created dynamic interface "corp-26" and verified it was enabled. When I create the Internet-only WLAN... under Interface Name, only "management" appears in the drop down list; "corp-26" doesn't appear.
  How do I assign "corp-26" to my Internet-only WLAN?

  The management & ap-management are for the APs themselves. You will want a seperate vlan/wlan/subnet for your guest ssids altogether.
  You can provide dhcp from the controller or from a dedicated server.
  if you select override for dhcp under the wlan settings, provide a dhcp server address, otherwise add the dhcp server entries under the interface settings.
  What is really cool is that 1.1.1.1 appears as the dhcp server (unless you changed it on the controller to something else.) It has caused some confusion at times

• WLC 5508 , AP client dhcp address different from WLAN interface VLAN subnet?

  Hope the title makes sense, here's my situation: I have multiple businesses on 1 WLC 5508, there's a LAG to my core switch with seperate interfaces for each, broken up by vlans.
  My question is: if i have a WLAN setup to use interface "Company A" which is vlan 10 with an ip of 10.0.1.5 which then points to 10.0.1.10 for dhcp.
  Can the WLAN client connecting to the Company A WLAN use an IP in a different IP range?(192.168.1.10?) can the wlc route? from the perspective of the DHCP server where doers the request come from? (10.0.1.5?)
  Can the DHCP server 10.0.10.10 on vlan 10 respond back with and ip on a different subnet to assign to the client to use and still be fully fonctioning? would the default gateway for the client need to be 10.0.1.5?  So the clients ip would be 192.168.1.10 /24 with a gateway of 10.0.1.5 (ip adress fo vlan10 interface on WLC) And if multiple clients on the same subnet wanted to talk to each other woudl the WLC know how to route them to each other without passing through the default gateway?
  Sorry if this is confusing I'm having a bit of a hard time explaining it in works, i can try and draw somethign up if it makes more sense.
  thanks
  Eric

  I think if you want these clients to stick to a WLAN configured on a VLAN that has a different IP addressing you could configure your VLAN with the normal IP addressing then add on the SVI the 2nd IP_Class_default_gateway.
  E.G.
  Vlan 10
  interface vlan 10
  ip address 10.0.10.1 255.255.255.0
  ip address 192.168.1.1 255.255.255.0 secondary
  Clients that receive IP address from 192.168.1.0/24 network will be able to reach 192.168.1.1 and all traffic will pass right.

• Anyone put two wlans on two wisms into one subnet?

  We have two WiSM blades on one C6500 switch. We use WiSMs as DHCP relay pointing to central DHCP. Because of the lack of IP subnets, we want to use one /22 subnets for the two WLANs(same SSID) on two wisms. Anyone tried this? Any problems with this setup?
  Thanks!
  Zhenning

  If I understand this correctly, you want to have multiple vlans tied to one ssid. If this is correct, then AP Groups is what you need to configure.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml
  Unless youare trying to have one subnet and one ssid configured on both WiSM's, which should work.

• WLAN AP & Client subnet sizing

  Does anyone know of any recommendations regarding sizing of:
  - AP subnets
  - Client subnets
  when designing Cisco wireless networks?
  I've checked out the design guides and various FAQ's etc., but haven't come across anything obvious.
  In the case of AP subnets, I wonder if there is a recommended point at which the number of APs in a subnet becomes too high. There must be a break-point where the level of broadcast traffic starts to have negative impact on performance for all APs in the subnet. I often use an AP subnet range per switch stack or per floor, which seems to work fine, but may not be best use of limited IP address space. But, would it really be advisable to create a 24 bit AP range and then put 250 APs into it?
  The same question applies to client subnets. Again, if I have 500 users, I wouldn't usually create a single 23 bit subnet to accomodate them and then allow that single range to be assigned to a single SSID to cover a campus. Generally, I would use a number of ranges and use AP groups on an SSID to keep the broadcast domains down to reasonable sizes on the client side. Again, what is a 'reasonable' size (in terms of numbers of clients on a subnet)?
  I'm guessing there are a lot of variables in here (for instance the levels & types of traffic). But, I would be interested to hear of any tried & tested (or Cisco recommended) rules of thumb.
  Thanks in advance.
  Nigel.

  Just to add in another consideration to this discussion, I'd like to throw in multicasting.
  The main argument that underpins the sizing considerations discussed above is the fact that the WLC does not forward broadcasts to client, allowing large subnets to be used with no issues.
  However, with the growth of BYOD etc. recently, there is a growing demand for multicasting due to the services provided by Bonjour for Apple devices (e.g. Apple TV, Air Print etc.).
  I'd be interested to hear if anyone has any views on how the potential growth in multicast traffic for Bonjour services is going to impact client subnet sizing (if at all..?).
  There is a great guide about Bonjour deployment from Cisco at: http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml
  I'm guessing that IGMP snooping should ensure that only clients that need to receive a multicast stream will get it. But, even so, I'm guessing this will have some detrimental impact as many clients on the same subnet may receive the same stream?
  Anyone any useful input on this?
  Nigel.

• Im at my wits end with my n93i and WLAN. Could any...

  OK i havea netgear WG121 router and recently got an n93i.
  Now I had an n95 for a few days before and that used to connect to my WLAN fine by just using the wlan wizzard. But with this N93I it gives me no end of troubles.
  First of all I kept getting incorrect wep key error (even though I was entering in the wep key that I use on my pc). PS Out of curiosity should I be using the password that my PC connects to or the admin password to the router? Both didnt work anyway.
  So found this site http://www.wepkey.com/ for converting your ASCII key to Hex. Still didnt work. Only this time it said WLAN network not found.
  So then someone said I should try setting a static ip by entering in the gateway address, subnet from my PC as well as the ip address of my phone. When this was done the web page looked to be loading but then said no gateway reply.
  I honestley dont know what to do now. It seems there are so many people with WIFI problems around but I dont see any solutions.
  Can anyone assist me?

  I'm even more concerned now after hearing back regarding my initial post. Apparently any cancellations or changes are showing as done by me using the self help platform on my BT account. This isn't the case. The actions carried out on certain dates listed on the email I received were all carried out by BT over the phone and not myself. I didn't even know it was possible to cancel a direct debit using the BT website. I thought it had to be cancelled at the bank and then a phone call to BT. I was logged onto my BT account while the phone calls were taking place but any action was carried out by BT and not myself. 
  BT are insisting I have no DD set up. Yet it clearly shows on my bank account that there is an active DD for BT. To confirm that, I've spoken to my bank today who have verified there is most definitely a DD set up to pay BT on the bank account. They've double checked the account number with me and it's definitely for my BT account. The bank are sending me a letter confirming it's an active DD for me to include all other details for the Ombudsman because I really feel this needs fetching to their attention. 
  To be fair to the person who has replied I have been told I can pay a small amount and set the DD up rather than pay in full or face restrictions. But despite BT's insistence that I have no DD set up my bank clearly states I have. I'm now going to have to cancel the DD that BT are sure isn't active and set it up again.
  Incidentally the monthly payments I'm to make are £45 - less than the £60 and a lot less than the £104 previously mentioned! So on one hand I will have a satisfactory conclusion but on the other I have to still cancel a "none existent" existing DD, set a new one up and am out of pocket on bank charges caused by BT trying to take payment on the wrong date. I then have to trust they'll not do the same thing again.......
  It's all like a stupid joke that's just not funny. 

• DHCP Client will not work on a WLAN 4402

  Wireless Scenario
  I am attempting to create a wireless network using a 4402 WLAN Controller and 1200 series LWAPP access points.
  The WLAN Controller has the following interface settings:
  Management Interface 10.71.50.9
  Ap-Manager Intereface 10.71.50.8
  Virtual Interface 1.1.1.1
  VLAN 451 10.29.64.27
  I have two access points that both pulled a DHCP Address and recognize the WLAN Controller.
  Access Point 1 10.29.64.20
  Access Point 2 10.29.64.21
  I have configured the WLAN Controller to use the Cisco ACS Server for Authentication. I am using LEAP at present, but intend to go with certificate based authentication at a later date. The ssid I am using is ybor-wirenew. The client gets authenticated and associated but does not get an IP Address from DHCP.
  I have tried the internal DHCP server on the controller, and although the wireless client gets a 10.29.64.x address it will not communicate with the default gateway or the rest of the network.
  The only thing that works is creating a scope on the 10.71.50.x network. The client then gets an address and functions normally.
  I need this to work across subnets. Is there something that I am missing???

  The problem is with your AP's and wireless clients being in the same subnet/vlan. I learned the hard way the thw WLC's expect the AP's to appear like any other client device on your wired network. Once they are associated with the WLC, your wireless clients are dropped into a different VLAN/subnet. An example config would be:
  Management - 10.0.1.2 VLAN 1
  AP-Manager - 10.0.1.3 VLAN 1
  AP - 10.0.2.2 VLAN 2
  Wireless Clients - 10.0.3.x VLAN 3
  There are other known issues with crossing address space and the service port on the WLC.

• Connecting to a wlc across subnets

  I have recently purchased a 4402 wireless controller to manage our access points. When I put the APs on the same subnet as the ap-manager subnet I get the ap to connect. When I put the ap on the wireless subnet, it will not connect. Does not even register.
  I read I need to do layer 3 routing on the 4502 for this to work. I am trying to do that now. Do I need to set up anything on my switches to make sure that the packets go through(sort of like defining where to find the DHCP server) or should it just work? Do I need to set up a WLAN ID that matches the WLAN ID that the switches use? I thought I tried that first and had no luck. Any ideas on this vague question?
  I am trying to dig through the documentation to see if I can find the answer but so far I have not found anything.
  Sent from Cisco Technical Support iPhone App

  You will want to make sure your APs can route from where ever you install them to the WLC managment address.
  How APs find the controller can happen a few different ways:
  1) DNS A record
  2) Layer 2 broadcast (which you seen already)
  3) IP Route Forward
  4) DHCP Option 43
  5) Manual Prime the AP
  Most folks lead with option 43.
  http://www.my80211.com/cisco-wlc-labs/2009/7/4/cisco-dhcp-option-43-configuration-nugget.html
  if you check the config guide you will explain the other processes.

• Windows file sharing across subnets

  I have a SonicWall TZ170 wireless router that will not allow the LAN and WLAN to have the same subnet IP address. I have a WinXP Pro desktop on the LAN at 192.168.70.100 and a PowerBook on the WLAN at 192.168.71.100. The router firewall is set up to allow all traffic (any IP address) between the two subnets. However, no matter what i do, I cannot get the PowerBook to connect to the PC. (I've also tried SMB://192.168.70.100/share, where "share" is the name of the shared folder on the PC.) I know the file sharing settings are correct, since I can mount the PC share when the PowerBook is connected to the LAN.
  I've since read that SMB does not work over different subnets. Is this correct? If so, is there any other way to share files on the PC with the PowerBook?
  PowerBook G4 15 Mac OS X (10.4.8)

  Ideas?
  I'm downloading the manuals, to see if I can glean any clues from there as far as configuring the firewall rules in the device.
  I suggest that you do the same.
  http://www.sonicwall.com/us/support/3134.html
  There are several product guides and how-to PDF's...
  The other idea that might work would be to follow their suggestion: "Specifics at this point are probably best dealt with in the form of a call to our technical support team."
  this is looking less like a mac issue and more like a SonicWall issue.

• Can I change the name of a VLAN in the WLAN controller?

  We have three WLAN controllers and I recently noticed that a VLAN interface is not properly named.  It doesn't match the other controllers, and won't work right when using enterprise templates in WCS, etc.
  I would like to rename that interface so that it is the same as all of our other controllers.
  The interface is mapped to our guest WLAN, which is in an AP group.
  Is there an easier way to rename a VLAN interface?  The only way I can think to do it would be to create a dummy VLAN interface, remap the guest WLAN to the dummy interface, reboot all the APs in the AP group, then delete the VLAN interface and then recreate it with the proper name.
  Is there an easier way?
  Thanks in advance!

  Not really. You have to remove the interface in order to create a new one on that same subnet. You can create a dummy interface, but clients will be put onto that interface while you are deleting and recreating the new one.
  Sent from Cisco Technical Support iPhone App

• IOS device failed to get ip address on multiple wlan on the same anchor controller

  Dear Experts:
  in my implementation, we need 2 WLANs be served on the same anchor controller.
  WLAN1: wep/40bit, integration with NAC/OOB on anchor controller for guest wlan service.
  and guest account controlled by NACguest server.
  WLAN2: wep/40bit, no layer3 secuirty for temporary using.
  foreign controller: WiSM on v6.0.196.4 (also testing on 6.0.182.0)
  anchor controller: WLC4402 on v6.0.196.4
  on WLAN1:
  Windows7 client get ip address correctly.
  iOS (iPhone4 on 4.3.1/4.3.2, iPad2 on 4.3.1/4.3.2) can get ip address correctly on WLAN1.
  WLAN2, iOS device cannot get ip address.
  compare with debug message "debug clien mac" + "debug dhcp message enable"
  on both foreign and anchor controller.
  on foreign controller:
  PM state has changed from: DHCP_REQD (7) Change state to RUN (20) last state RUN (20)
  on anchor controller:
  PM state always stay on: DHCP_REQD (7) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
  Enable/Disable DHCP Address Assignment Required is not work.
  Enable/Disable DHCP proxy is not work.
  Any hit this issue when get ip address failed in multiple WLANs on the same anchor controller?
  In attachment log file,
  DMZ.log: anchor controller on DMZ.
  S3p1.log: WiSM on v6.0.182.0
  S3p2.log: WiSM on v6.0.196.4
  client mac: 00:1f:3b:05:33:c1, Windows7 Client
  client mac: 58:55:ca:cf:d2:07, iPhone4 with 4.3.1,
  WLAN1 subnet: 10.61.246.0/23
  WLAN2 subnet: 10.61.248.0/23

  Hi, Nicolas:
  just checking the attachment for the run-config on foreign/anchor controller.
  DMZ_run.config  - anchor controller
  s3p1_run.config - WiSM on v6.0.182.0
  s3p2_run.config - WiSM on v6.0.196.4
  at this moment, we have disable the wlan 10 on foreign controller, and wlan 2 on foreign controller.
  Wilson...