WLC 2106 and 802.1q

Does the 2106 support 802.1q trunks. If so what do you have to do to enable a trunk port?

The 2106 does support 802.1q trunking only. You don't have to do anything on the wlc side, Just configure the trunk port on the switch to 802.1q. Also the management and ap manager should be configured as the native vlan on the switch.

Similar Messages

  • WLC-2106 and multiple interfaces on the same network

    Hi there,
    I recently created a TAC request to the Cisco support regarding our WLC-2106, but they could not help me. Basically I just learned that you can create new interfaces for the wireless LAN controller and then dedicate them to a given wireless network (SSID). This way I could more effectively utilize network bandwidth also. Problem is that all of the interfaces have to be in a different network segment in order to work, which is not what I want. I specifically want to have several interfaces on the same network segment.
    Has anyone tried to accomplish the same?

    Basically what I've misunderstood is that all the traffic generated by our wireless clients have been going through the single 100Mbit/s ethernet port on the wireless LAN controller (management interface), and to mitigate this I thought I could create new interfaces (ports) and dedicate those to given WLAN networks.. I see now that this is not supported. Not inside the same network at least.
    So, by reading further and consulting my best friend Google I learned about a setting called "AP Mode". Changing that from Local (the default) to H-REAP the APs should not route their traffic anymore through the management interface on the wireless controller, but instead route all the client traffic directly to the local LAN. This way you effectively remove the 100Mbit/s bottle-neck when all the APs were using the management interface both for configuration and client data traffic.
    It seems you also have to enable H-REAP Local switching from a given WLAN network in addition to changing the AP Mode of your access points to H-REAP. I'm still in the testing phase here so should anyone have any insight to this, I'd be greatful to hear more.

  • WLC 2106 and Linksys Bridge WET610N works with 7.0.116.0 release?

    Hi all,
    i'm having troubles with WLC 2106 controller and several wireless bridges, so i'd like to know if i can fix it in some way.
    My environment is as follows:
    1 WLC 2106 with 2 Aironet 1240G
    I have a production appliance that needs an ethernet port to work, so i bought a Linksys Bridge WET610N to make it works via wireless.
    The Linksys bridge connects to the 1240G as a client and works well, but the appliance connected to the ethernet port of the bridge is unreachable.
    Searching for the problem, i found that the wlc act as a proxy arp for the wireless clients and being the ethernet appliance a "passive" client, the controller isn't aware of it.
    My WLC is running the 7.0.98.0 firmware. In the release notes for the 7.0.116.0, in the "Non-Cisco WGB Support" seems to state that now also non cisco bridges can work using the passive client feature. I've already enabled it on my controller but this didn't solve my problem.
    Can anyone tell me if the upgrade to the 7.0.116.0 can fix it?
    Thanks in advance
    Riccardo Coppola

    I'm not sure what (cheap) devices can do the wgb feature that is inter-brand compatible.
    The thing is that the WLC enforces the rule "1 wireless client = 1 client". Meaning you can't bridge multiple clients behind a wireless clients, that just screws up roaming mechanisms etc ...
    Cisco WGBs have the IAPP protocol to tell the WLC "listen, I'm a WGB wireless client and those are the wired clients connected to me, allow them on the network".
    What does "universal WGB" feature does is that the WGB forwards the traffic of the client (only 1 client supported in this case !) to the infrastructure AP but the WGB never sends anything with its own mac address. It uses the client mac address as source.
    This means that the WLC has no way of knowing that there is more than 1 device. It just thinks that your wired client is a wireless client.
    So it's more than mac cloning since the WgB has to be the one authenticating to the infrastructure (Wpa/wpa2 whatsoever) by spoofing the client mac. The WGB is still in charge of roaming decisions and so on and so on...
    I hope it clarifies the situation ?

  • WLC 2106 and iPhones

    Just recently I am having issues with my WLC 2106 WiFi network and iPhones.  For the past week, the iPhones have been locking up the network much like as it was described with the ARP issues with the exception that what I have been reading, this issue did not effect the 2100 series.
    I've done searches but have not found anything applicable to what is happening now.
    Any help will be GREATLY appreciated.

    It's running on v. 4.0.217.0.  Right now I'm controlling who is accessing the wifi via MAC filter to prevent anyone with an iphone to log on but that just doesn't cut it since there's a lot of visitors coming in to use the wifi.
    I won't be able to go in and do more testing for a week or two to get that debug log.
    But this seems to be a common issue with at least the 2106s.  As soon as anyone logs in with an iphone, the controller locks up and the only thing to do is reboot.  It only fairly recently started happening so maybe it's only with the newer iphones?

  • WLC 2106 Disable 802.11b

    Hello,
    I am trying to enable more channels in the DCA channel list for 802.11/b/g/n.  However, when i hit apply i get this message:
    "802.11b network needs to be disabled to apply changes to DCA."
    I do not see a spot to disable B. Would this be something i need to do from the CLI?
    THanks!
    Seth

    Hi,
    You ned to disable Radios before doing the above config.. here is the was we do it..
    WLC GUI >> Wireless >> 802.11 B/G/N >> Network >> Disable 802.11B/G network setup
    Now do the required setup and go back to the same place and enable it.. this will do it for you!!
    Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
    Regards
    Surendra

  • WLC 2106 and Microsoft IAS and Windows XP Supplicant

    For one of my SSID's I am using 802.1x with WPA2/AES. I have configured IAS on windows server 2003 and from the server message logs I am able to authenticate a user. I never complete the authentication through the eyes of the WLC though. In using debug commands on the WLC I can see an error that I can not solve.
    Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Received EAPOL-Key from mobile 00:23:4e:70:a9:97
    Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:23:4e:70:a9:97
    Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:23:4e:70:a9:97
    Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Stopping retransmission timer for mobile 00:23:4e:70:a9:97
    I suspect my issues revolves around the message: Ignoring invalid EAPOL version (1) in EAPOL-key message
    Anyone have any idea or insight on additional debug steps that can be taken?
    Regards,
    Justin

    ERD Commander (ERD 5.0) is the version that supports Windows XP. The next version is DaRT Supported Vista and later

  • Help Please: WLC 2106 and RADIUS

    Hello,
    In the WLC there are two groups (say A and B).  How would I take group B and point it to a RADIUS server for authentication please?  Looking for a step by step answe please. The server is ping reachable.  I have seached  but did not see any difinitive answer.
    Thanks!

    You can achieve what you want per WLAN.
    configure authentication servers order in wlan settings as per this image:
    HTH
    Amjad
    You want to say "Thank you"?
    Don't. Just rate the useful answers,
    that is more useful than "Thank you".

  • WLC 5760 and 802.11r/CCKM support

    Experts;
    I have a couple of 5760 controllers running as MC/MA and I am planning to enable Layer 3 roaming between the two 5760 MC/MA controllers. On a 5508 controller running Air-IOS there is an option, "fast transition", for devices that support 802.11r, my understanding if a device doesn't support 802.11r "fast transition" should not be checked. 
    I like to know if there is a similar command or option for 802.11r support on a 5760 controller and if the only configuration option to establish mobility between the 5760 controllers is that both controllers need to be in the same mobility group.
    Thanks;
    Juan

    Hi Juan,
    my understanding if a device doesn't support 802.11r "fast transition" should not be checked
    This is because certain clients that does not support 802.11r (like Mac OSX) won't like when SSID advertising 802.1X & 802.r FT (802.11r mixed mode) on the same SSID. Therefore they will not associate to that SSID. See this post as it listed 802.11r supported & unsupported devices/OS.
    https://supportforums.cisco.com/discussion/12314591/8021r-and-fast-roaming
    You need to have IOS-XE 3.6 onward to support 802.11r mix mode. (7.6 or 8.0 for AireOS codes)
    Regarding config you will find that options (enabling & Over the DS tick box) under SSID  configuration (refer link provided by Daniel). If you want to go more into detail how these different options work please read below, I have used 3850 in these post, but config should be same for a 5760.
    1. http://mrncciew.com/2014/09/06/cwsp-802-11r-ft-association/
    2. http://mrncciew.com/2014/09/08/cwsp-802-11r-over-the-ds-ft/
    3. http://mrncciew.com/2014/09/07/cwsp-802-11r-over-the-air-ft/
    In your case both 5760 should be in same mobility group in order to MDID to be same which is required for 802.11r fast roaming.
    Pls do not forget to rate our responses if that is useful
    HTH
    Rasika

  • WLC 4402 and 802.1x How to...

    We have an WLC 4402 with the latest code on it. We also have LAP1131AG as our AP's. We have an MS IAS as our RADIUS server. Is there a document on how to implement 802.1x for the internal Laptop users to use wireless networking in the office?
    Thanks.

    Hi Kendo,
    See f this link helps you
    http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig41/c41sol.htm#wp1086421
    http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig41/c41sol.htm#wp1086421
    HTH
    Ankur
    *Pls rate all helpfull post

  • WLC 5508 and 802.11n

    We are currently deploying multiple 3502 AP's and a WLC5508. Is it recommended to put the access points that are one the same site as the controller on H-REAP or put them on local mode. The WLC5508 has a max uplink of 8 Gb can that be a limitation when using local mode? Or is this only a theoratical restrain?

    Hey Sebastiaan,
    I would say it depends on your traffic flows and enviroment, how u would like to design your Network. The 5508 is able to handle up 500 access points for business-critical wireless services at locations of all size. 16MB per AP (theoreticaly). When u think to HA, normaly not more than 250 AP's will join one Controller.
    how much want u deploy? the 8 Gbit could be a limitations but I would say u can use the local mode if you want.
    much more relaxed will be H-Reap if your desing  allows that.
    We use a mix mode, depends on the SSID.
    regards,
    Sebastian

  • WLC 2106 Configuration steps

    I have WLC 2106,And 5 LWAP, 3 Cat3560 Switches.and my 2851 CME router providing DHCP for Data VLAN 1 nad Voice VLAN 100
    any one can please help me how to do the basic configuration
    when i configure Managment and AP manager on WLC 2106 on untaged VLAN 0 i can able to ping but when i cahnged the VLAN to 1 im not able to communicate to WLC from switch or any port from WLC
    please help me to configure the WLC
    Thanks & Regards
    PRajoth

    The software guide states "A zero value for the VLAN identifier (on the Controller > Interfaces page) means that the interface is untagged.
    The default (untagged) native VLAN on Cisco switches is VLAN 1. When controller interfaces are configured as tagged (meaning that the VLAN identifier is set to a non-zero value), the VLAN must be allowed on the 802.1Q trunk configuration on the neighbor switch and not be the native untagged VLAN.
    Cisco recommends that only tagged VLANs be used on the controller. You should also allow only relevant VLANs on the neighbor switch's 802.1Q trunk connections to controller ports. All other VLANs should be disallowed or pruned in the switch port trunk configuration. This practice is extremely important for optimal performance of the controller.
    Note Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for management interfaces to ensure that controllers properly route VLAN traffic"
    Can you supply a screen shot of the interfaces page from your WLC and supply the WLC switch port configuration also? Just to sanity check what you have so far?

  • AP 1140 and WLC 2106

    Does someone know if WLC 2106 support AP 1140 ? I read that AP 1140 is CAPWAP only and I don't know if WLC 2106 supports CAPWAP.
    Thanks

    Yes it does, you may have to upgrade your controller software to get 802.11n and CAPWAP, use the latest code 6.0.182.
    CAPWAP was supported from code 5.2.157
    The max throughput on the 2106 though is only 100mbps so yo wont see the highest speeds

  • WLC 2106 problem

    Hello,
    I have problem with new one WLC 2106 controller. I make this basic configuration (after reset):
    (Cisco Controller) >show interface summary
    Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
    ap-manager                       1    10       10.10.10.21     Static  Yes    No
    management                       1    10       10.10.10.20     Static  No     No
    virtual                          N/A  N/A      1.1.1.1         Static  No     No
    At this point, everything works OK. Controller is accesible via HTTPS, AP (one 1130) is connected too. But next I need create new WLAN and another interface VLAN - named ak-lan
    config interface create ak-lan
    config interface port ak-lan 1
    HTTPS acces is still working, but when I configure IP adress:
    config interface address dynamic-interface ak-lan 10.10.11.10 255.255.255.0 10.10.11.1
    HTTPS acces stops. In fact, it seem like HTTPS starts on new interface - it's accesible via 10.10.11.10, but (after certificate warning) shows only empty page (Page is not accesible..)
    I dont have an idea why. I tray downgrade software (originaly comes with 7.0.98.0) to 6.0.196.0, whitch I use on another same controller, but the behavior is the same. Now I use software 6.0.199.4. Again the same behavior.
    "show interface summary" says:
    (Cisco Controller) >show interface summary
    Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
    ak-lan                           1    11       10.10.11.10     Dynamic No     No
    ap-manager                       1    10       10.10.10.21     Static  Yes    No
    management                       1    10       10.10.10.20     Static  No     No
    virtual                          N/A  N/A      1.1.1.1         Static  No     No
    (Cisco Controller) >
    All interfaces (excluding virtual) matched to ping. All ïnterfaces have netmask 255.255.255.0.
    There was another strange thing - "show sysinfo" says that I use sw 6.0.199.4 and emergency is 7.0.98.0, but "show boot" says:
    (Cisco Controller) >show boot
    Primary Boot Image............................... 6.0.199.4 (active)
    Backup Boot Image................................ 6.0.196.0
    (Cisco Controller) >
    (Cisco Controller) >show sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 6.0.199.4
    RTOS Version..................................... 6.0.199.4
    Bootloader Version............................... 4.0.191.0
    Emergency Image Version.......................... 7.0.98.0
    Build Type....................................... DATA + WPS
    System Name...................................... ak-wlc
    System Location..................................
    System Contact...................................
    System ObjectID.................................. 1.3.6.1.4.1.9.1.828
    IP Address....................................... 10.10.10.20
    System Up Time................................... 0 days 0 hrs 46 mins 35 secs
    System Timezone Location.........................
    Configured Country............................... DE  - Germany
    Operating Environment............................ Commercial (0 to 40 C)
    Internal Temp Alarm Limits....................... 0 to 65 C
    Internal Temperature............................. +55 C
    State of 802.11b Network......................... Enabled
    State of 802.11a Network......................... Enabled
    Number of WLANs.................................. 0
    3rd Party Access Point Support................... Disabled
    Number of Active Clients......................... 0
    Burned-in MAC Address............................ E0:5F:B9:63:7B:00

    Switch is C2960, port Gi0/2:
    Gi0/2     T wlc              connected    trunk      a-full  a-100 10/100/1000BaseTX
    interface GigabitEthernet0/2
    description T wlc
    switchport trunk allowed vlan 10,11,100
    switchport mode trunk
    end
    VLANs are set properly. Router is ASA 5510, and routing is fine. Morever, interfaces on WLC is accesible via ping (I dot't try telnet or ssh).

  • WLC 2106 question

    Hello,
    What is the recomended way to connect  5 APs 1242 to a wlc 2106?
    Connect directly the 5 APs to the wlc and use one port for the management interface and connection to the switch or to connect the APs to a switch and use one connection for the wlc?
    Thanks in advance.

    Depends on the AP.
    One FastEthernet connection to the switch doens't "really" create a bottleneck.  Your AP might.  If you, say, you have 1130 or older then I'd say no significant bottleneck because the APs are also FastEthernet.
    If you use the newer ones, like the 1250 and newer, which has GigEthernet and/or higher throughput (if you enable 802.11n) the yes.  The switch AND the WLC 2100 are both the bottleneck.

  • WLC 5508 And Third Party SSL for Web Authenticaiton

    Hello,
    We are using WLC 5508 and currently the authentication process is via Customized WebAuth. As you know that with the WebAuth the authentication process won't work unless you launch Web Browser and you will be redirected to the Authentication Page where you type your username and password. This is a bit fuzzy for most of the users and what I'm thinking is to use different authentication mechanism where the user will automatically be prompted upon connecting to any SSID. I have read that Public/Thrid Party certificate will do this and any client can accept the public certificate.
    Anyone can elaborate on this approach?
    Regards, 

    With machines that are not part of the domain, typicall if you still want to secure them usin 802.1x, you would leverage a radius server and users would be told of the SSID to connect to and enter their AD credentials.  Of course, if you use AD credentials, users will now join all their other devices to that SSID. This is where ISE comes in and you can profile devices. Even though the WLC with v7.6 can profile, it's not a full fledge profiler.  Depending on how well you know radius, you can leverage a portal page also and depending on the AD group a user is a member of, you can out them is a specific Vlan or if you leverage interface groups.  You can do many things, but you need to really know radius and client types to figure out what can and work well in your environment. Radius alone to someone who hasn't played with it, can take days to setup without help. 
    Every client I setup radius for is different and it comes down to how their users are setup in AD, what devices they have and the requirements. 
    Scott

Maybe you are looking for

  • Sonicwall netextender not working after upgrading to 10.6.7

    Hi, I upgraded to 10.6.7 the other day and now sonicwall netextender wont connect to our office server anymore. It keeps comming up with Failed to connect - check log for details. But nothing is actually in the log for the time period. Has anyone els

  • MSI 915G combo no sound or internet

    Hi Motherboard: MSI 915G Combo For one day ago I decided to format my hard drive. I installed Windows Xp professional and all drivers. But when the computer had started up so didnt the sound or the internet work, I've tried to reinstall the drivers t

  • Changes to Jpeg not Showing in other programs

    I made changes to a JPEG using bridge and the raw filter and notice it does not show those changes in other programs. I usually use DNG's and notice that other programs show the image correctly modified, I think there is a new thumbanil embedded. Do

  • Deploy Forms and Reports with Load Balancing

    I am trying to determine what we need to install here. I have read OracleAS, Web Cache, Application Server, and Forms documents and have no answer still. We are currently run 9iAS with Forms and Reports 6i only. I did not do any of those installs. We

  • NI 6501/9 - Knowing state of Digital Out pins... (in C#)

    Hi, I'm trying to work on a "driver" for an NI 6501 (and down the road, 6509) DIO device.  We've got a method that sets the state of a pin and creates all the necessary digital out channel calls.  It appears that the command works fine, by having LED