WLC 4400 (SW ver: 7.0.235.3) and 1242 AP connectivity issue

Hi ALL..,
I got the problem with WLC and APs, APs cannot get IP and can't connect to WLC, it show folloing error,
*Oct 24 14:45:27.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.2.11 peer_port: 5246
*Oct 24 14:45:28.000: %CAPWAP-5-CHANGED: CAPWAP changed state to 
*Oct 24 14:45:29.419: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.2.11 peer_port: 5246
*Oct 24 14:45:29.420: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.2.11
*Oct 24 14:45:29.420: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Oct 24 14:45:29.595: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Oct 24 14:45:29.602: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.2.11
*Oct 24 14:45:29.602: %DTLS-5-PEER_DISCONNECT: Peer 192.168.2.11 has closed connection.
*Oct 24 14:45:29.602: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.2.11:5246
*Oct 24 14:45:29.661: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Oct 24 14:45:29.661: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Oct 24 14:45:29.756:  status of voice_diag_test from WLC is false
My Management Int IP : 192.168.2.50
AP Mangement interface :192.168.2.11
DHCP server Pri : 192.168.2.12 Sec 192.168.2.13
There are reachability betweent SW and WLC. Do you have any idea about my issue?
Thanks and Regards
CSCO11872447

It seems your LAP AP is not getting the iP of the management subnet and LAP is in different subnet than your management IP.
Please try keeping the static IP on the LAP and then try joining it to the controller first and later on keep it on the DHCP.
when AP is plugged into a switch, the switch port needs to be access with the right VLAN allowed

Similar Messages

  • WLC 4400 4.2.176.0 Ver and Windows Vista

    We recently upgraded our WLC 4400s to 4.2.176.0. This was requested by Cisco. When the students returned from Christmas break, any student running Vista is able to authenticate to the AP, get an appropriate IP address and DNS configuration, but cannot get to any network resources, including Internet. If we hard code the DNS information in the wireless card TCP/IP Properties, the user can get to some Internet sites, but no HTTPS pages.
    All XP and MAC machines appear to be working fine.
    Any thoughts?

    The problem is that its not deauthenticating the user, its just dropping completely and disabling the windows zero configuration in the services.  I do not know how or what in the WLC would do this?  I really dont think this is anything that I can control.  I am guessing that there is an internal conflict on the pc.  I have been told that the image used to image the machine has had the manufacturers wireless client utility removed.  I did find a DW Utility in the services list.  I think that is my problem.  I did however go ahead and upgrade them to 5.2.193.  All I can do is have the customer monitor and see what happens.  Will post an update when I get one.

  • WLC 4404 Upgraded to 7.0.235.3 (WPA HandShake Timeout) not availbale

    Greetings,
    Just upgraded my Cisco 4404 WLC's to 7.0.235.3, the upgrade went just fine. My problem is when I either Telnet or SSH to my Lightweight AP's and run the "DOT11 WPA Handshake Timeout 1000" command the AP doesn't recognized this command. This is one of the reasons I upgrade my WLC's.I have several wireless printers that are passive and are heavily used and keep getting disassociated because they don't respond in time.
    Any Help would be greatly appreciated.

    that command is for IOS AP, not for the WLC. 
    Q.    How do you change the Wi-Fi Protected Access (WPA) handshake timeout   value on a Wireless LAN Controller (WLC) through CLI? I know I can do this on   Cisco IOS® Access Points (APs) with the dot11 wpa handshake   timeout value command, but how do you   perform this on a WLC?
    A. The ability to configure the WPA-Handshake timeout through the WLCs was       integrated in software release 4.2 and later. You do not need this option in       earlier WLC software versions.
    These commands can be used to change the WPA Handshake timeout:
        config advanced eap eapol-key-timeout
        config advanced eap eapol-key-retries
    The default values continue to reflect the WLCs current       behavior.
       - the default value for eapol-key-timeout is 1 second.
       - the default value for eapol-key-retries is 2 retries
    Note: On IOS APs, this setting is configurable with the dot11           wpa handshake command.
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • Troubleshoot Cisco Airlap 1242 with WLC 4400 Series LWAPP_CLIENT_ERROR_DEBUG: spamHandleCfgReqTimer: Did not recieve the Config response

    I have a Problem with my new AIRLAP 1242 to connect with WLC 4400
    after debug in my airlap it shows :
    Reset done!
    ethernet link up, 100 mbps, full-duplex
    Ethernet port 0 initialized: link is up
    Loading "flash:/c1240-k9w8-mx.123-7.JX8/c1240-k9w8-mx.123-7.JX8"...######################################################################################################################################################################################################################################
    File "flash:/c1240-k9w8-mx.123-7.JX8/c1240-k9w8-mx.123-7.JX8" uncompressed and installed, entry point: 0x3000
    executing...
                  Restricted Rights Legend
    Use, duplication, or disclosure by the Government is
    subject to restrictions as set forth in subparagraph
    (c) of the Commercial Computer Software - Restricted
    Rights clause at FAR sec. 52.227-19 and subparagraph
    (c) (1) (ii) of the Rights in Technical Data and Computer
    Software clause at DFARS sec. 252.227-7013.
               cisco Systems, Inc.
               170 West Tasman Drive
               San Jose, California 95134-1706
    Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.3(7)JX8, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2007 by Cisco Systems, Inc.
    Compiled Mon 19-Mar-07 01:42 by hqluong
    Image text-base: 0x00003000, data-base: 0x004051E0
    Initializing flashfs...
    flashfs[1]: 9 files, 3 directories
    flashfs[1]: 0 orphaned files, 0 orphaned directories
    flashfs[1]: Total bytes: 15998976
    flashfs[1]: Bytes used: 5062144
    flashfs[1]: Bytes available: 10936832
    flashfs[1]: flashfs fsck took 4 seconds.
    flashfs[1]: Initialization complete....done Initializing flashfs.
    cisco AIR-LAP1242AG-E-K9   (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
    Processor board ID FCW1411U0FZ
    PowerPCElvis CPU at 266Mhz, revision number 0x0950
    Last reset from power-on
    1 FastEthernet interface
    2 802.11 Radio(s)
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 68:EF:BD:5F:9A:18
    Part Number                          : 73-10256-07
    PCA Assembly Number                  : 800-26918-06
    PCA Revision Number                  : A0
    PCB Serial Number                    : FOC14093XU3
    Top Assembly Part Number             : 800-29152-03
    Top Assembly Serial Number           : FCW1411U0FZ
    Top Revision Number                  : A0
    Product/Model Number                 : AIR-LAP1242AG-E-K9
    Press RETURN to get started!
    *Mar  1 00:00:05.608: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
    *Mar  1 00:00:06.858: %DOT11-2-VERSION_INVALID: Interface Dot11Radio0, unable to find required radio version 581.18
    *Mar  1 00:00:06.858: Interface Dot11Radio0, Accepting as a test version of radio firmware
    *Mar  1 00:00:06.878: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
    *Mar  1 00:00:07.234: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Mar  1 00:00:08.212: %DOT11-2-VERSION_INVALID: Interface Dot11Radio1, unable to find required radio version 581.18
    *Mar  1 00:00:08.212: Interface Dot11Radio1, Accepting as a test version of radio firmware
    *Mar  1 00:00:08.232: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
    *Mar  1 00:00:09.278: %SYS-6-LOGGERSTART: Logger process started
    *Mar  1 00:00:09.326: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.3(7)JX8, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2007 by Cisco Systems, Inc.
    Compiled Mon 19-Mar-07 01:42 by hqluong
    *Mar  1 00:00:09.332: %CDP_PD-4-POWER_OK: Full power - AC_ADAPTOR inline power source
    *Mar  1 00:00:09.388: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 32 seconds
    *Mar  1 00:00:10.271: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
    *Mar  1 00:00:10.332: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Mar  1 00:00:10.332: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Mar  1 00:00:11.271: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
    *Mar  1 00:00:28.331: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
    *Mar  1 00:00:28.361: %DOT11-6-FREQ_USED: Interface Dot11Radio0, frequency 2462 selected
    *Mar  1 00:00:28.362: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
    *Mar  1 00:00:28.363: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:00:28.369: %DOT11-6-FREQ_USED: Interface Dot11Radio1, frequency 5260 selected
    *Mar  1 00:00:28.372: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:00:28.398: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:28.399: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Mar  1 00:00:28.465: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:00:29.398: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:29.465: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    Translating "CISCO-LWAPP-CONTROLLER.ekahospital.com"...domain server (202.134.0.155)
    *Mar  1 00:00:38.351: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 172.31.xxx.xxx, mask 255.255.255.0, hostname AP68ef.bd5f.9a18
    *Mar  1 00:00:38.820: %DOT11-6-FREQ_USED: Interface Dot11Radio0, frequency 2417 selected
    *Mar  1 00:00:38.827: %DOT11-6-FREQ_USED: Interface Dot11Radio1, frequency 5200 selected (203.130.196.5)
    *Mar  1 00:00:49.835: %DOT11-6-FREQ_USED: Interface Dot11Radio0, frequency 2422 selected
    *Mar  1 00:00:49.842: %DOT11-6-FREQ_USED: Interface Dot11Radio1, frequency 5220 selected
    *Mar  1 00:00:49.851: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
    *Mar  1 00:00:49.852: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *Mar  1 00:00:49.852: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
    *Mar  1 00:00:50.852: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Mar  1 00:00:50.852: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Sep 18 07:02:25.504: %LWAPP-5-CHANGED: LWAPP changed state to CFG
    *Sep 18 07:02:29.288: LWAPP_CLIENT_ERROR: lwapp_name_lookup - Could Not resolve CISCO-LWAPP-CONTROLLER.MYDOMAIN.com
    *Sep 18 07:02:30.504: LWAPP_CLIENT_ERROR_DEBUG: spamHandleCfgReqTimer: Did not recieve the Config response
    *Sep 18 07:02:30.551: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET CONFIG RESPONSE.
    *Sep 18 07:02:30.551: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.
    flashfs[0]: 9 files, 3 directories
    flashfs[0]: 0 orphaned files, 0 orphaned directories
    flashfs[0]: Total bytes: 15998976
    flashfs[0]: Bytes used: 5062144
    flashfs[0]: Bytes available: 10936832
    flashfs[0]: flashfs fsck took 26 seconds.
    Base ethernet MAC Address: 68:ef:bd:5f:9a:18
    Initializing ethernet port 0...
    Reset ethernet port 0...
    Reset done!
    and after that i check in my WLC that shows
    AP with Base Radio MAC xx:xx:xx:xx:xx:xx (APxxxx.xxxx.xxxx) is unable to associate.
    The reulatory domain configured on it '-e' does not match the controller's country
    code: USA
    i found that the problem about the region.
    question :
    1. is it possible to change the region in AIRLAP 1242 or in WLC?
    2. if possible how to change it?
    INFO :
    my first AIRLAP Product/Model Number : AIR-LAP1242AG-A-K9 and my new AIRLAP Product/Model Number : AIR-LAP1242AG-E-K9

    WLC GUI >> Wireless >> Country >> Select the country.
    Regards
    Surendra

  • Upgrade WLC 5508 to ver 7.5

    hi,
    I need upgrade a WLC 5508 to ver 7.5.  we have  aironet 1242 AG y 1131 AG  and  I dont see any ver AP to join
    please, are there IOS to do these?
    thanks         
    RAHA
    [email protected]      

    Below AP models supported by WLC 7.5.x software. (see the below release note for detail)
    Cisco 1040, 1130, 1140, 1240, 1250, 1260, 1600, 2600, 3500, 3500p, 3600, Cisco 600 Series OfficeExtend Access Points, 700 Series, AP801, and AP802
    http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn75.html
    AP will get updated image from WLC once you upgrade  controller software to 7.5.x
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Wired guest access on WLC 4400 with SW 7.0.240.0

    Hello,
    after we upgrade our Wlan-controller 4400 from software 7.0.116.0 to 7.0.240.0
    wired guest access don't work anymore.
    All other things works fine, incl. WLAN guest access!
    When we try wired guest access, we get the web-authentication page and can log in.
    On the controller we can see that the Policy Manager State changes from WEBAUTH_REQD
    to RUN.
    But then there is no access to the internet.
    We tried also SW 7.0.250.0, same problem!
    Log Analysis on the WCS:
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :The WLAN to which client is connecting does not require 802 1x authentication.
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client does not have an IP address yet.
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client L3 authentication is required
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client Moved to DHCP Required State.
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Mobility role update request. from Unassociated to Local Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 10.101.200.11
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Mobility role changed. State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :DHCP successful.
    Time :03/12/2014 14:21:26 MEZ Severity :ERROR Controller IP :10.101.200.11 Message :Client got an IP address successfully and the WLAN requires Web Auth or Web Auth pass through.
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client IP address is assigned.
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Webauth user logged in to the network. manni
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :AAA response message sent.
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client has completed Web Auth successfully.
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client has completed Web Auth successfully.
    Trying http://www.google.de .... doesnt work. No Log Entries. Next entries while logging out.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Web auth is being triggered again.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client L2 authentication has been completed successfully.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client Moved to DHCP Required State.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :WebAuth user Logged out from network.
    Has someone a idea how to solve this problem?
    Regards
    Manfred

    Hi
    Yes got it resolved. It turns out that the connection from the wired guest access port to the WLC must be L2. That is the switch that the wired guest acces sport is connected and WLC are connected to must be L2 only. We were using a single switch to do the testing and it was also doing the routing for the test LAN. Even though there was no L3 VLAN interface configured for the VLAN that the guest access port was on for some reason this breaks it. Absolu Didnt have chance to work out the exact limitations of this as we simply made the switch L2 only and configured an 802.1Q trunk to the Internet router and made subinterfaces on the router for the wired and wireless egress ports and it worked then. No config change was needed on the WLC at all.
    The only thing I can think of is that it's something about the way the WLC joins the wired guest access ingress VLAn and egress VLAN. The WLC isn't a reall router it says so in the documentation. I think the packet coming from the wired access port is being bridged to the egress VLAn not routed and this is what screws it up (remeber with a router the source and destination MAC addresses would be changed with a bridge they aren't). Got to be something along those lines. If you have a bigger newtork with a guest anchor WLC handling this function you dont run into this as the traffic is coming over an EOIP tunnle from the remote WLC so the switch with the guest anchor WLC doesnt see the MAC address of the wired guest PC.

  • WLC 4400 and multiple authentication servers e.g. RADIUS, ACS

    WLC 4400 and multiple authentication servers e.g. RADIUS, ACS
    Can the WCL 4400 be set up to use multiple RADIUS servers? The user accounts for accessing wireless would use a RADIUS server. The administrative accounts for the WLC would reside on an ACS server.

    Yes, that is correct. You can set acs to use both radius and tacacs.
    For this you need to add WLC twice in acs-->network configuration. But you need to keep host name different.
    eg 1) Host name WLC --->IP x.x.x.x -->Auth using -->radius
    2) Host name WLC1--->IP x.x.x.x --->Auth using -->Tacacs.
    You need to set up tacacs commands on WLC along with radius commands.
    Regards,
    ~JG
    Please rate helpful posts

  • ISE WLC 4400 configuration

    Up until now, my experience has been with 5500 controllers and ISE.
    My customer is using 4400 controller, on 7.0.240 code.
    I cannot locate any documents referencing 4400 controller configuration for webauth, named ACLs, posturing, etc...
    Does anyone know of any documents, or have experience that can assist with this configuration?

    Michael,
    Depending on the version of ISE software you are running, you may be in luck.  The information below is for 1.1.x.  If you are using v 1.2, you may have to tweak a bit.
    In this first document, you can see the WLC 4400 is supported and Local Web Auth is supported, with the following caveat:  “Wireless (An ISE Inline Posture node is required if the WLC does not support CoA as discussed in Footnote #4. WLCs with the code specified in this table do support CoA without an ISE Inline Posture node)”
    http://www.cisco.com/en/US/docs/security/ise/1.1/compatibility/ise_sdt.html#wp55038
    Of course, with an IPN, your posturing  (and CoA) is handled here.
    DACLs are also supported on the WLC 4400.
    Per User ACLs are covered in the following document:
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808b041e.shtml
    I think you will find that if you substitute the ACS pages with the corresponding ISE interface pages, this can be done.
    Please feel free to ask any additional or follow-up questions.
    Also, please let me know if this fixes your issue.  If it does, please rate this answer and mark your question as Answered.
    Charles Moreton

  • WLC 4400 to 5500 Migration

    We have a single 4404 that was setup long before I arrived with Guest networks that timeout and other such tweaks.  Is there a document somewhere that shows a way to migrate the old settings to a new 5508 that we are purchasing?  By the time the 5508 arrives I will have a very small window to setup the unit before a new wing goes live.  I need the new unit as we have reached our limit of licensed AP's on the old 4404.  It seems like everyone keeps talking about an easy way but no one says how to do it.
    Sorry, I have never setup one of these units before from scratch so I don't know how long it will take.
    Thanks for your input,
    Todd

    #4400 and 5500 are different platforms. At config level you will see different no. of ports, AP-manager, Passive client,.... Backed up config of 4400 should not be uploaded to 5500 and it is not cisco suggested practice.
    http://www.cisco.com/en/US/partner/docs/wireless/controller/7.0MR1/configuration/guide/cg_managing_ctrlr.html#wp1063850
    Configuring the same manually is the best practice.
    If you've more controllers that needs migration then compare the config between 4400 and 5500 that look dissimilar and edit it manually and port it to target 5500 WLC.
    Few Tips:-
    #4400 doesn't support 7.2 while 5500 does, you can use the 7.2.110.x(MR1) which is recently released for 5508.
    #Also, 5508 needs FUS update to avoid critical bug.

  • WLC 4400 and IDS attacks

    Hi,
    I have a WLC 4400 and a WCS 5.2. I'm receiving alarm about flood atacks and desauthentication attacks from a client. These alarms are detected by the IDS system. I'd like to know if there are any way to block this client.
    Thanks a lot.

    Thanks Sschmidt,
    I saw this solution. The problem it's that i must create an entry by any client. If there are any client that capture the wpa key and after chage his mac i couldn't block them. Is that correct? I don't know how easily it's capture authenticantion packets with a WLC.
    Thanks

  • WLC 4400 and WLC 5500

    We have a site with a WLC 4400 and we would like to setup a Controller failover. The WLC 4400 is EOS/EOL and the replacement available is WLC 5508. Can someone advice me on how to configure these units in Primary /Secondary mode so that if any of the Controllers fail, the other one can take over?
    Thanks,

    Hi Akil,
    You are most welcome
    Yes, you can configure 4400's and 5500's in a redundant configuration, but both should be runningthe
    same code version. I believe the latest version that is compatible for both is 7.0.220.0. 
    this is the last version that supports the 4400 series.
    Here's a note that reflects the support;
    Note
    Controllers  do not have to be of the same model to be a member of a mobility group.  Mobility groups can be comprised of any combination of controller  platforms.
    http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mobil.html
    Cheers!
    Rob
    "Show a little faith, there's magic in the night" - Springsteen

  • WLC 4400 : some of the clients are stuck in 802.1x REQD ( Auth - no but status is Associated ) in PEM process

    Hi ,
    I have wlc 4400 with 1010 AP's wireless set-up.
    Everything is working fine but unfortunately , I am coming across with one issue that, clients are not getting authenticated.
    If I see the status of respective client  in WLC :
    status : Associated
    Auth : No
    Policy manager : 802.1X REQD
    I read about PEM ( Policy enforcement Module ) , as it is going through same procedure but policy manager should in " RUN " condition , Unfortunately it is not.
    how do i resolve this issue ?

    Hi Vinod,
    The 802.1X_REQD state would suggest that the client cannot complete L2 authentication.
    If possible, it would be helpful to collect the following debugs from the WLC while trying to connect the client:
    debug client
    debug aaa event enable
    Also, please attach the full text output of the command "show run-config" and let us know the WLAN through which the client should be connecting.
    Regards,
    Fede
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Move AP from WLC 4400 to 2500

    I have wlc 4400 running on 6.0.196.0, get new wlc 2500 with 7.0.220.0, on 4400, 12 AP only one will register onto 2500.
    Both 4400 and 2500 on the same subnet. how to let AP register on 2500 rather than 4400
    AP model:
    on 4400 now:  AIR-AP1242AG-A-K9, AIR-LAP1242AG-A-K9, AIR-LAP1142N-A-K9
    on 2500 is AIR-LAP1242AG-A-K9

    on 4400
    (Cisco Controller) >show interface summary
    Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
    ap-manager                       1    untagged 10.10.1.23      Static  Yes    No  
    management                     1    untagged 10.10.1.22      Static  No     No  
    service-port                      N/A  N/A         10.1.1.10       Static  No     No  
    virtual                               N/A  N/A          1.1.1.1         Static  No     No  
    on 2500
    (Cisco Controller) >show interface summary
    Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
    m2                               2    10       10.10.1.92      Dynamic Yes    No  
    m3                               3    10       10.10.1.93      Dynamic Yes    No  
    m4                               4    10       10.10.1.94      Dynamic Yes    No  
    management                 1    10       10.10.1.90      Static  Yes    No  
    virtual                          N/A  N/A      1.1.1.1         Static  No     No 

  • How to disable Password Recovery in WLC 4400

    Hi All,
    I need your help to disable the password Recovery for the WLC 4400, in case of the hardware stolen or hacking by internal hacker,
    Thanks in advanced for your help,
    Ahmed

    Gee whiz.  This is the second post you've made in regards to disable password-recovery mechanism.  For the WLC, I agree with Nic, it's not possible.   And, for the record, there are ways to bypass a disable-password-recovery mechanism.  This is mainly due to prevent un-authorized use of this mechanism by, for example, a disguntled network administrator from shutting down a network.

  • WLC 4402 upgrade to 7.0.235.3 -- high latency

    Hi All,
    Since we've upgraded the 4402 (from 4-2-176-0) to 7.0.235.3 many client facing very high latency.
    We're having 12 x 1142 APs and they are connected in local mode to WLC.
    Before the upgrade performance was good. Now, when I ping from LAN to WLAN clients it takes from 0.1ms - 20s.
    64 bytes from 10.123.60.210: icmp_seq=58 ttl=127 time=4711 ms
    64 bytes from 10.123.60.210: icmp_seq=59 ttl=127 time=3711 ms
    64 bytes from 10.123.60.210: icmp_seq=60 ttl=127 time=2712 ms
    64 bytes from 10.123.60.210: icmp_seq=61 ttl=127 time=1713 ms
    64 bytes from 10.123.60.210: icmp_seq=62 ttl=127 time=754 ms
    64 bytes from 10.123.60.210: icmp_seq=63 ttl=127 time=3.12 ms
    64 bytes from 10.123.60.210: icmp_seq=64 ttl=127 time=1109 ms
    64 bytes from 10.123.60.210: icmp_seq=65 ttl=127 time=109 ms
    64 bytes from 10.123.60.210: icmp_seq=66 ttl=127 time=0.949 ms
    I cant find any pattern..seems to happen to random clienst at radom time.
    Any ideas..or further checks I can do?
    Thanks a lot,
    Stefan

    All is set to auto.

Maybe you are looking for

  • Freight Calculation in Standard cost Run

    Hi, The requirement is while doing the standard cost calculation through CK11N / CK40N system should show seperately how much is freight plan cost &; how much is duty plan cost.e.g. 100 is material price as per condition PB00 Cost element 355100 10 i

  • How to use db2 function in the HQL

    hello i am newbie to hibernate, now i am choosing a solution for my project, in this project, it use db2 function in the sql clause as follow: insert into idstool.access(userid,node,password) values('userid','nodename',encrypt('password','nodename'))

  • How to set the Availability Status globaly

    Our database will placed in Restricted mode for a major upgrade. How can I set the Availability to a status of Unavailable(Redirect to URL) and add the URL to redirect to for all of our APEX applications without going in one by one? Edited by: Ed Sie

  • Get the no of rows in resultset

    Hi Can any1 tell me how can i get the no of recods in a particular resulset. like ,is there anything like ResultSet.RowCounts() ???

  • Ios7 music sync problems for iPhone 4S

    Like many other folks I made the huge mistake of updating (NOT upgrading) to io7, in my case 7.0.4, then trying to sync musci from iTunes.  I first upgraded (ha!) to iTunes 11.1.3, then found I was lost in the 'waiting for changes' zone.  I've now be