WLC 4400 and WLC 5500

Similar Messages

• Migrate WLC 4400 to WLC 5500

  Hi experts,
  I want to Migrate WLC 4400 with WLC 5500, But i don't know how to do this.
  Should i create new configuration or use my  WLC 4400 config ?
  I want to know about IOS for WLC 5500, should I upgrade my Access Point to connect with new WLC ?
  I need a good method to migrate this WLC. So my WLC 5500 can run properly.
  Thankyou for your help.

  I have no idea how Ravi's answer is considered "correct" when he didn't address the most important aspect of your thread.  
  As far as I'm aware, you need to ensure both controllers are running the same firmware or 7.0.250.X. 
  Take a copy or export the config of the 4400 configuration to your TFTP server.  Edit the file and change the necessary settings.  Go to the 5500 and download this configuration file.  Upgrade the firmware and the bootstrap if necessary.

• WLC 4400 and multiple authentication servers e.g. RADIUS, ACS

  WLC 4400 and multiple authentication servers e.g. RADIUS, ACS
  Can the WCL 4400 be set up to use multiple RADIUS servers? The user accounts for accessing wireless would use a RADIUS server. The administrative accounts for the WLC would reside on an ACS server.

  Yes, that is correct. You can set acs to use both radius and tacacs.
  For this you need to add WLC twice in acs-->network configuration. But you need to keep host name different.
  eg 1) Host name WLC --->IP x.x.x.x -->Auth using -->radius
  2) Host name WLC1--->IP x.x.x.x --->Auth using -->Tacacs.
  You need to set up tacacs commands on WLC along with radius commands.
  Regards,
  ~JG
  Please rate helpful posts

• WLC 4400 and IDS attacks

  Hi,
  I have a WLC 4400 and a WCS 5.2. I'm receiving alarm about flood atacks and desauthentication attacks from a client. These alarms are detected by the IDS system. I'd like to know if there are any way to block this client.
  Thanks a lot.

  Thanks Sschmidt,
  I saw this solution. The problem it's that i must create an entry by any client. If there are any client that capture the wpa key and after chage his mac i couldn't block them. Is that correct? I don't know how easily it's capture authenticantion packets with a WLC.
  Thanks

• WLC 4400 to WLC 5508

  Hi All
  I want to migrate from WLC 4400 to WLC 5508. currently on WLC 4400 we got 10 AP are connected with 5 SSID having different authentication method. On WLC 5508 If I create the same SSID with same key, will I need to reconfigure anything on end user PC and smart devices
  any tool to migrate wlc 4400 config to wlc 5508
  cheers
  Vishal 

  Thanks Scott, some more inquiry
  how to reboot the AP from the controller. ( I see 'Reset AP' -  this option to reboot or something else)
  how to disconnect all users connected to specific SSID from controller
  Can AP model 3702 work with WLC  5508, do we need specific software version
  cheers
  Vishal

• WLC 4400 and 5500 Fail-over

  Can we do the same thing with WCL 4400 and 5500 series for failover? We have 1 existing 4400 WLC and we wanted to purchase another 1 for fail-over as well as backup. But right now, 4400 is EOL already. The only option is to have the 5500 WLC.
  So if you do have previous set-up like this, so I would need your inputs.. Otherwise, same as usual, will gonna test to work this out.

  You can have both in a primary and backup, but make sure they are on the same code version. I'm assuming that you also have the configuration correct for the two wlc to communicate.
  I would put them both on the 7.0.220.0.
  Sent from Cisco Technical Support iPhone App

• Preventive maintenance WLC 4400 and 5500?

  Hi good morning,
  i asking for help in order to make a preventive maintenance for WLC 4000 and 5500.
  the main problem is: can i open the WLC´s and clean all the circuits they have inside? or must i only cleaning out the WLC?
  And i would like to know if there are documentation about this topic.
  thanks.

  thanks
  I thought of opening the WLC, and use compressed air to remove dust only.
  but like you mention would be better not open it.
  Greetings

• WLC 4400 and IDS/IPS

  One of my clients is keen to know the IDS/IPS capabilities with WLC 4400. Any hints? Also can anyone explain IDS sensor to me? Thank you.

  There are a number of IDS capabilities that are highlighted regarding the WLC. Unfortunately, you will find that the product continues to suffer from ongoing false positives and a severe lack of documentation (and support) for the IDS.
  For example, if you utilize containment against a rogue AP (which is used to prevent users from attaching to the rogue), the system detects its own containment messages as a denial of service attack. The system is not intelligent enough to know that it is the source of these messages and ignore them.
  Initially, Cisco flagged these false positive as "cosmetic" and claimed that to fix them required a "feature request that must be run through the Cisco sales team" which we did in the spring of 07. Cisco has be VERY slow in coming around on getting these fixed (it has been well over a year since these have been documented and they are still not resolved in the current version of 4.2).
  The Wireless IDS system is also famous for other false alarms which Cisco TAC has linked to alarming on normal behavior when a client goes out of range and a string of deauthentication messages is sent to make sure that the conversation has ended. The WLC 4.2 continues to flag these as false-positive denial-of-service attacks even though the IDS parameters could be adjusted (from the factory) to account for the known 64 repeated deauths that are sent.
  The IDS file is capable of "tuning" but the parameters are very lightly documented. In fact, the IDS parameter file itself had the least sparse version of documentation and it is a text file only 200-lines long.
  In terms of determining if a rogue AP is on-wire. This functionality does not work reliably (not just if there is no path on the wired network to the controller which is understandable) but even if the rogue AP is on the same subnet as the controller. It just plain does not work.
  If you are attempting to determine if there are clients on the rogue AP, this mechanism works with limited success since the AP has to catch the client attaching during its brief scan interval. This results in misleading information.
  There are other false alarms that appear to be related to a specific chipset (using the OUI / first octet of the MAC address). However, there has been very little movement on Cisco's part in getting resolution to getting these anomalies addressed. The basic attitude has been "if we didn't see it in our lab in San Jose when we wrote the code, there's nothing we can do". Since the IDS lacks any ability to "phone home" (sending the alarms it is seeing to the development team) they end up having to develop in a relatively limited environment.
  For more information, please reference the following:
  Wireless LAN Controller IDS Signature Parameters
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml
  I would send you the link to some of the bugs, such as CSCsj06015, CSCsh35010, CSCsk60655, etc. but the Cisco bug tool ( http://tools.cisco.com/Support/BugToolKit/ )is currently not working (no doubt the system is getting overworked). Maybe the site will be up when you read this.
  In the interest of fairness, there have been efforts over the past year by Cisco to address these false alarms and a number of them appear to finally be resolved.
  Bottom line: In my opinion, the wireless IDS is still not ready for prime time. To quote my customer, "I just can't trust it". Unless you set your customer's expectations fairly low, you will both end up disappointed.
  That said, the product itself still has many compelling reasons to implement it including ease of installation and management. If you are willing to wade through the various bugs in the IDS and WCS it still is the best game in town.
  - John

• Config migration from WLC 4400 to WLC 4400

  Hi all
  My customer has made a trade-in from a WLC 4400 to a WLC 5500. How do I migrate the existing config from the old to the new platform? Can I use the backed-up config of the WLC 4400 (I guess not due to the hardware-parameters which are different)? Or is there a conversion tool?
  The WLC 4400 already runs a 6.x release.
  Thanks
  Toni

  Thanks for your replies, guys. Just for you to let you know, my local Cisco channel systems engineer confirmed that there's no tool available and that you could try to copy&paste some parameters of the text config, yet there's no guarantee for success for that.
  So the only recommended thing to do by now is to build the entire config on the WLC 5500 from scratch.

• WLC 2112 and WLC 2504

  This might be a really stupid question but I need to ask just so that I get a definitive answer. I have a customer that is using a WLC 2112 and has maxed out the licenses for the WLC. I have suggested for him to purchase a 2504 with 30 or 40 licenses to replace the existing 2112. He doesn't want to purchase 30 to 40 licenses and doesn't want to remove the 2112 from the network environment. He would rather purchase a WLC 2504 with 15 licenses and just add that into the network.
  My question is, will there be a problem running a 2504 and a 2112 on the same network? Or can I just make one a primary and one a secondary?

  That should be fine. Just make sure the WLCs are running the same code version and everything should work fine. This is required for APs failover from one WLC to another. You don't want the APs upgrading or downgrading code versions every time the ap moves from the primary to the secondary WLC.
  Sent from Cisco Technical Support iPhone App

• Migrate WLC 4400 to WLC 5508

  I'm looking for some suggestion. We have a WLC 4402 and will be upgrading to WLC5508. The WLC 4402 will be moved to a smaller office to provide wireless coverage there.
  Would it be better to upgrade the 4402 with the 5508, then wipe it clean and configure it for the new office from scratch.
  Or configure the 5508 from scratch then change the settings in 4402 to reflect the new office.
  Is there a way to use WCS to move all of the configurations from 4402 to 5508

  Abhishek,
  I strongly recommend you delete your post.  It's going nowhere.  You've posted a link which points to another link that no longer exist.  FAIL! 
  Aqeel,
  Delete your post.  You're not reading AND understanding the OP.  Your solution is irrelevant because it talks about how to upgrade the WLC firmware.
  Gents,
  May I recommend you consider getting PROPER TRAINING?  Cisco has a wealth of Cisco Training for staff which could potentially benefit.  Get yourselves properly trained before making any posts. 

• C3850 WLC enabled and WLC 2504, which one should be Primary controller.

  I have 2 designs to make a better solution, please advise me.
  I have C3850 and WLC 2504.
  1. I will use C3850 as mobility controller (MC) and mobility agent (MA) for WLC 2504. Does it work? or
  2. I will use WLC 2504 as MC and MA for C3850.
  Can I do both of design?
  Which one is better?
  Please recommend me a solution.
  Thank you in advance.

  Hi
  2504 (or any legacy WLC) itself having MC/MA & we cannot separate that role on it. You can seperate MC & MA functionality in Converged Access product platforms (3850/3650) only.
  Therefore here are the answer to your queries
  1. You can have a 3850 with MC/MA functionality. But your 2504 will be a separate controller on your mobility domain. You can allow roaming between these two systems configuring them as mobility peers. You cannot register 3850 connected APs to any other controller other than 3850 WLC itself.So you cannot use these two different system as high availability for AP.
  You need to have min 7.6.x  on your 2504 in order to configure mobility between 2504 & Converged Access system.
  Here is a reference post how you configure roaming between 5508 & Converged Access MC (5760/3850/3650)
  http://mrncciew.com/2014/05/06/configuring-new-mobility/
  2. None of the documents listed the 2504 could act as MC for 3850/3650(MA). So my understanding is you should have 5760/5508/WiSM2/8500 as MC. But you can test it & see whether 2504 could act as MC which I doubted.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• WLC 4400 and supported APs

  Hello.
  Does anyone know which indoor APs are still sold by Cisco and supported by a 4400 WLC? From my research I only found 3500.
  Thanks in advance,
  João.

  The complete list of APs which can be supported on the 4400 can be found here.

• WLC 4400 and RADIUS accounting

  Have trawled what docs there are and cant find out if the RADIUS accounting messages from the 4400 include the name of the lightweight AP handling the user session.
  I'm guessing there might be a new Cisco VSA for it.
  Anyone know?
  Thanks

  The error message could be because of any unused protocol.

• WLC 4400 and user authentication

  I would like to know if it's possible to configure/use WLC4400 to authenticate user from LDAP database. Currently I have LDAP server with VPN 3020 box to control user access for WLAN. Is there any way that I could set up 4400 box with my existing LDAP server without using VPN 3020?
  Thanks in advance.

  You'll need a radius middle man. ACS will do it natively.