WLC - 4402/4 - Vlan Interface Addressing

I currently have 7 WLCs with the same Vlan interfaces defined across all 7 controllers. Does anyone know the best practice for addressing these interfaces on each of the WLCs. I currently have each unique Vlan interface assigned with the same IP address across all 7 WLCs. This is working. Should I leave it this way or should I assign each controller with a different address for the Vlan interface?

The controllers, assuming you have it configured as such, act as dhcp relay agents. Presumably, if the router got the wrong mac address in its arp entry, the dhcp message would be lost.
Clients could have taken a while before getting a dhcp addr (race condition for router arp entry) and not been able to work if dhcp was required.
That said, I've seen the controllers work with the dhcp server set to 255.255.255.255 so the ip helper addresses on the routers would pick up the requests.

Similar Messages

WLC 4402 vlan questions

I am trying to implement a Cisco Wireless solution. I have some Cisco knowledge, but it is limited. I did successfully configure the WLC 4402 with 1200 series APs. Created two WLANs, each with its own SSID. SSID ?guest? uses WEP, and gets addresses via the internal DHCP server. The DCHP range I chose exists within out current network, something I need to change according to the documentation I have read. This network should not see our network, but can browse the internet. SSID ?secure? uses WPA with MAC authentication. I can connect to either SSID and access all network resources. However this only works with two caveats.
1) I have to use the management interface
2) The DHCP range for the guest network needs to fall within our network
Trying to implement any kind of security for the ?guest? network has not gone so well. I have problems just about at every point. After reading some documents, I decided I needed to add 2 interfaces for the 2 WLANs. My interface info is below.
Interface Name Mgr Port Vlan Id IP Address Type Ap
ap-manager LAG untagged 10.1.104.154 Static Yes
guest LAG 10 192.168.10.10 Dynamic No
management LAG untagged 10.1.104.153 Static No
production LAG 20 192.168.20.20 Dynamic No
service-port N/A N/A 192.168.1.1 Static No
virtual N/A N/A 1.1.1.1 Static No
My intention was to apply an access list the guest VLAN so as to limit its traffic. If I apply the guest interface ?VLAN 10 (instead of the management-VLAN 0) it doesn?t work. I found a doc that addresses this so I added trunking to the interface the WLC is attached to on our 6509 (CatOS)switch.
MySwitch (enable) set trunk 2/6 on dot1q
Trunking is enabled, but no dice. I thought this might be a routing issue between my switch and my gateway. So I changed the VLAN on the management interface. I thought this would at the very least allow me to ping the switch, but I was wrong. I changed that back and added this entry into our gateway
interface Vlan10
ip address 192.168.20.1 255.255.255.0
I thought that way the wireless controller would be able to see the IP address, on the router, but it didn?t work.
Also I cannot use the new DHCP range I chose (192.168.10.x), I assume because it is not 10.1.x.x, so it can?t find it.
I would really appreciate some help from someone who has done this. I am very confused.

Hi
Okay number of things here.
Firstly you are correct about needing a trunk interface between the WLC and your switch. Make sure that all the vlans you have created are allowed on the trunk link.
On the 6509 run
"sh int trunk" and confirm that the status is up.
You will need to create vlan interfaces for each of your WLC vlans on the 6500. You say you have created vlan 10 interface on the 6500.
What is the default gateway on the WLC set to ?
For DHCP addressing to work you will need to us eth "ip helper-address "DHCP IP address" under the vlan interface eg
vlan 10
ip address 192.168.20.1 255.255.255.0
ip helper-address "DHCP server address"
You need to do this for all vlan interfaces you want to pick IP addresses up for clients.
HTH
Jon

WLC-4402+AIR-LAP1142N problem

Hello all,
I've got a following problem with bringing up simple wireless configuration. There is a WLC-4402 controller and several remote locations (I am testing one so far). Two WLAN configured (one for employee and the other for guest access - no mobility anchoring used, guest is just mapper to VLAN restricted on the firewall). WLC serves DHCP pools for wireless clients. Problem I am experiencing at the moment is that user with laptop is able to connect to guest WLAN, got an IP but can communicate (ping) only its own IP, the controller IP in guest subnet and default gateway (which is the firewall interface). Traffic to any other destinations never hit gateway (I am running tcpdump on it to confirm). I double checked controller config but no luck so far. Could that be caused by missconfigured tunnel? No ACL or restriction set on WLC - see attached config.
Thank you in advance,
Peter

Is this an open network or have you enabled layer 3 security? Web Auth? I can see you have created a lobby admin account so expect that you use this for guest account creation with web auth..
When you associate/receieve IP address to the open guest network have you then opened a web browser and authenticated? Until you enter your login details created on the WLC I would imagine that you wouldn't be able to send any data.
If you have authenticated already, can you check on the WLC that the client is associated/authenticated and is the Corp network ok? Also what is the topology between the WLC/Firewall/Remote sites.
Cheers
Mat

Help Needed - complete newbie - WLC 4402

I am trying to set up a basic wireless network, completely seperate from our internal network, just utlizing the external internet bandwidth. It will mainly be used for meeting rooms and visitors requiring internet access.
There should be no need for VLans on the Wireless network.
The External 7204 router is plugged into a 12 port 2950 switch, which has a connection to the external side of our firewall.The ip address of the router is a public address, so if possible I do not want to give the WLC management ip a public address. The WLC will be plugged into the Cisco 2950 switch.
I am a complete newbie at setting up the Cisco wireless. I imagine it is down to routing - do I have to purchase another router or is the WLC capable of doing simplified routing?
Any advice would be greatly apprciated.
Cisco WLC 4402 - version 5.1.151.0
Cisco 3750 24 Port Switch
External Router 7204 VXR Router
Internal DHCP on WLC range - 192.168.60.100 -> .150
Management Ip address: 192.168.60.2
AP ip address: 192.168.60.3
Virtual ip address: 1.1.1.1
External Router ip address: 194.*.*.1

Hi dennischolmes,
Thanks for your reply, i have tried to create an interface on the controller as you suggested. however I get the following error " Error in setting VLAN and port. Cannot have multiple untagged dynamic interface on the same port" was ondering if you could shed any light on that error.
Trying to setup the Trunk port on the 2950 switch, it won't allow me to set the encapsulation dot1q - is this down to the software version of the switch?

WLC 4402 IP Error

Hi,
    I configured a WLC 4402 and the access point are 1420, when I connect to the wireless it always sends me a message about a IP Conflict but I also have one Cisco Aironet 1402 in Autonomus and If I connect to that one I dont have the IP Conflict even if the laptop gets from de DHCP the same IP address mark as conflict in the WLC.
     Do you know how to solve this?

Sorry for answer until now,
Interface Name                   Port Vlan Id IP Address      Type    Ap Mgr Gu
est
ap-manager                       LAG untagged 172.16.8.21     Static Yes    No
intvoz                                LAG 2             10.31.17.3      Dynamic No     No
management                      LAG 1            10.16.44.10     Static No     No
service-port                        N/A N/A          192.168.1.1     Static No     No
virtual                                N/A N/A           1.1.1.1         Static No     No
the Intvoz we use it for the voiceip phones and the one that is making conflict is the management this is in the vlan 1 and the AP that are autonomus has no vlan assigned.

Wlc 4402 and 1010 Aps

Hi,
I have 2 vlans (wired-side) in my corporation: the first one for Data (vlan 1, native) and the second one for voice (vlan 2). We've just get a wlc 4402 with 1010 Aps and I would like to know one thing:
Could I create 2 Ssids(one for voice and another for Data) and map each one to its wired Vlan?.
Does the 1010 Ap support 802.1q?
Thanks in advance for your help

The 1010 aps connect to the switches as hosts
(switchport mode access; switchport access vlan ...)
The controller has 2 ports that connect to the network as trunks. You can connect them as port 1 and 2, or put them in a lag group [aka etherchannel)
All the vlan trunking is done at the controller port to switch port. The AP sends the info down to the controller over the vlan specified for the aps
In your case, you should create another vlan for the APS.
The 4402 controller mgmt interface would sit in the same vlan as the APs. You would then create dynamic interfaces on the controller that have a vlan id and ip address for the desired network per your needs. You would then create a wlan on the controller and then bind it to the dynamic interface you just created.
I am oversimplfying this process quite a bit, but it should get you started. There is now a good bit of info on cisco.com for the wireless products

WLC 4402 with Ap 1131Ag Urgent

Hi,
Im trying this frist time and gone through the documenet during the installtion.
I have configured the WLC 4402 as below
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type
ap manager 1 2 52.234.57.132 Dynamic
management 1 untagged 52.234.57.8 Static
service-port N/A N/A 192.168.1.1 Static
virtual N/A N/A 1.1.1.1 Static
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... 00:21:a0:38:69:80
IP Address....................................... 52.234.57.8
IP Netmask....................................... 255.255.255.128
IP Gateway....................................... 52.234.57.3
VLAN............................................. untagged
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 52.225.1.2
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
But after onnecting my APs im getting an error...
*Mar 1 00:18:48.839: LWAPP_CLIENT_ERROR: lwapp_name_lookup - Could Not
resolve
CISCO-LWAPP-CONTROLLER.hyderabad2.XXXX.com
Translating "CISCO-LWAPP-CONTROLLER.hyderabad2.XXXX.com"...domain
server (52.2
24.13.1) (52.225.1.2)...
Can you please help me .. to solve this

Hi,
Can you tell me what will be the best way to configure my WLAN setup.
Our set up is
1. 2 Cores switch 4506 with HSRP 52.234.57.3/25 (MNGMT VLAN 1)
2. 52.234.57.128/26 (For WLANusers VLAN 2)
3. C 3750 PWR in Access 52.234.58.0/24 USER1 (VLAN4)
4. C 3750 PWR in Access 52.234.59.0/24 USER2 (VLAN5)
Our DNS and DHCP server sits in HO with IP adrs 52.225.1.2 and 52.234.15.12.
I have did the basic WLC configuration.
and when i connected the LAP in my access i found the error of NOT able to resolve with DNS server. i.e CISCO-LWAPP-CONTROLLER.hyderabad2.XXXXX.com.
I'm getting this error when try both L2 and L3 setup.
We are using C4402 WLC and 1131 AG LAP
Please advice how to overcome this.
Thanks in advance...
Vj

Problem to register upgraded AP 1242 to WLC 4402

Hi,
I am running a small Cisco WLAN with about 20 APs (all 1242) that are managed by two WLC 4402 (running v4.0.155.0).
WLCs are in Mobility group, serveral WLANs/VLANs are configured (including 802.1x, guest access with WebAuthentication etc.). All APs are configured for the same WLC as primary and the other as secondary. Everthing was working fine until I tried to upgrade another AP from IOS to LWAPP using the Cisco Upgrade tool.
After the AP was flashed and rebooted it started to discover a WLC but fails. The console messages look like this:
*Mar 1 00:00:05.962: %CDP_PD-4-POWER_OK: Full power - AC_ADAPTOR inline power source
*Mar 1 00:00:06.952: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:00:07.952: %LINEPROTO-5-UPDOWN:
ap> Line protocol on Interface FastEthernet0, changed state to up
*Mar 1 00:00:25.960: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
Translating "CISCO-LWAPP-CONTROLLER.xxx.yyy"...domain server (10.x.y.z)
*Mar 1 00:00:35.348: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.x.y.z, mask 255.255.254.0, hostname AP0019.3076.fe30
*Mar 1 00:00:36.349: LWAPP_CLIENT_ERROR: lwapp_name_lookup - Could Not resolve CISCO-LWAPP-CONTROLLER.xxx.yyy
*Mar 1 00:00:46.398: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
*Mar 1 00:00:54.397: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the Join response
*Mar 1 00:00:54.397: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.
*Mar 1 00:00:54.397: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.
*Mar 1 00:00:54.398: %LWAPP-5-CHANGED: LWAPP changed state to DOWN
The switchport of the AP is configured for the same VLAN as the management and ap-management interface of the controller (not native VLAN), the primary controller is set to master controller mode and I see no other error messages (e. g. on the WLC).
Does anyone know how to fix this problem?
(even adding a "CISCO-LWAPP-CONTROLLER" host in the DNS does not help!!!)

Hi Ankur,
here the output of "dir flash:"
dir flash:
Directory of flash:/
2 -rwx 1048 Aug 14 2007 14:29:38 +00:00 private-multiple-fs
3 -rwx 314 Mar 1 2002 00:00:57 +00:00 env_vars
156 drwx 128 Aug 14 2007 14:29:32 +00:00 c1240-rcvk9w8-mx
10 drwx 256 Aug 15 2007 07:15:47 +00:00 c1240-k9w8-mx.123-11.JX
15998976 bytes total (11196416 bytes free)
AP0019.3076.fe30#
Is there something wrong?
Kind regards,
Hagen

Cisco AIR-LAP1041N-E-K9 not working with WLC 4402 version 7.0.116.0

Hi All,
appreciate your support for a problem i started facing today. i have a Cisco WLC 4402 running version 7.0.116.0 and it is working great with 25 Cisco 1252 APs. we have recieved a new 20 Cisco 1041N APs today and i installed one in our site but it doesn't work. it worked fine and loaded the image from flash and got the WLC ip address through DHCP option and started showing the below error:
*Mar 1 00:00:10.021: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:10.033: *** CRASH_LOG = YES
*Mar 1 00:00:10.333: Port 1 is not presentSecurity Core found.
Base Ethernet MAC address: C8:9C:1D:53:57:5E
*Mar 1 00:00:11.373: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:11.465: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1088 messages)
*Mar 1 00:00:11.494: status of voice_diag_test from WLC is false
*Mar 1 00:00:12.526: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.594: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.647: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-K9W8-M), Version 12.4(23c)JA2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 13-Apr-11 12:50 by prod_rel_team
*Mar 1 00:00:13.647: %SNMP-5-COLDSTART: SNMP agent on host APc89c.1d53.575e is undergoing a cold start
*Mar 1 00:08:59.062: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:08:59.062: bsnInitRcbSlot: slot 1 has NO radio
*Mar 1 00:08:59.138: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:08:59.837: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:09:00.145: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:09:09.136: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 172.16.26.81, mask 255.255.255.0, hostname APc89c.1d53.575e
*Mar 1 00:09:17.912: %PARSER-4-BADCFG: Unexpected end of configuration file.
*Mar 1 00:09:17.912: status of voice_diag_test from WLC is false
*Mar 1 00:09:17.984: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:09:19.865: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:09:19.886: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.873: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.874: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
Translating "CISCO-CAPWAP-CONTROLLER.atheertele.com"...domain server (172.16.40.240)
*Mar 1 00:09:29.029: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.100.102 obtained through DHCP
*May 25 08:27:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:02.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:03.175: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:03.177: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:03.177: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:03.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:03.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:03.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:03.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:03.448: status of voice_diag_test from WLC is false
*May 25 08:27:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:14.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:15.185: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:15.186: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:15.186: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:15.330: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:15.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:15.334: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:15.334: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:15.450: status of voice_diag_test from WLC is false
*May 25 08:27:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:26.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:27.182: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:27.183: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:27.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:27.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:27.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:27.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:27.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:27.433: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:27.446: %PARSER-4-BADCFG: Unexpected end of configuration file.
*May 25 08:27:27.447: status of voice_diag_test from WLC is false
*May 25 08:27:27.448: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*May 25 08:27:27.456: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 25 08:27:38.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:38.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:39.183: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:39.184: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:39.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:39.326: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:39.329: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:39.329: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:39.330: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:39.446: status of voice_diag_test from WLC is false
*May 25 08:27:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:49.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:50.179: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:50.180: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:50.180: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:50.323: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:50.326: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:50.326: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:50.326: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:50.425: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:50.438: %PARSER-4-BADCFG: Unexpected end of configuration file.
i searched for the regulatory domains difference between AIR-LAP1041N-E-K9 and AIR-LAP1041N-A-K9 and didn't find any difference that may affect the operation of this AP.
just to mention that our configuration in WLC for regulatory domains is:
Configured Country Code(s) AR
Regulatory Domain 802.11a: -A
802.11bg: -A
My question is, should i only include my country in the WLC (IQ) to add the requlatry domain (-E) to solve this problem? or changing the country will affect the operation of all working APs??
Appreciate your kind support,
Wisam Q.

Hi Ramon,
thank you for the reply but as shown in the below link:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html#wp233793
the WLC in version 7.0.116.0 supports Cisco 1040 seiries APs.
Thanks,
Wisam Q.

WLC 4402 + 4 1130AP's.

Has anyone setup a WLC 4402 and few 1130AP's on their network? Here's the scenario we have VLAN's setup on our network. We want to be able an employee can connect to the internal network and public connect to a DSL Internet. I got the internal employee access the internal network but I couldn't get the DSL users connect to the Internet. Internal network uses DHCP server and DSL users uses Linksys DHCP server. Can someone point me to the right setup/config on 1130AP's to connect to DSL using WLC 4402?

Make sure you can get the VLAN to the internet before you setup the WLAN. 1st off I would test the VLAN that you have setup to go to DSL on a switcport on your core switch and work the DHCP issues out there and then work on the WLAN. can you ping your DSL router intface from your switch. If you can my guess is that the IP helper address is not set right.
You will then need to point the WLAN to VLAN you setup for the DSL.

Need Information For Connecting Access point to WLC 4402

Hi Friends
I need Some information for Connecting my New Access point ( Cisco AIRLAP 1242AG) with WLC(4402) Controller
In our network set up we have two WLC(4402) we needs to Connect this New Accesspoint To one of our WLC
My Access point is brand New. I need to Know what all i have to do inorder to connect this AP to the controller (from Acesspoint perspective & WLC perspective)
I need to Know what I need to do in AP to connect to the Controller
Do i need to Assign Static IP Address forAP or after connecting to the switch it automatically gets ip from DHCP and regsiter with controller??
Do i Need to Configure my AP with default gateway(the switch to which is connected ?) & DO i need to configure the AP with Controller Ip address ??
Pls Assist
Regards
Safwan

Hi Scot...
We tried Connecting the Access Point yesterday, but it failed....
We are using Cisco 3500 Access point ...
when we connected , first it automatically got an ip address using DHCP but following error occurred
P70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
Not in Bound state.
*Mar 1 00:13:56.539: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination
*Mar 1 00:13:56.555: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne
d DHCP address 10.50.11.26, mask 255.255.0.0, hostname AP70ca.9bd5.77c6
*Mar 1 00:14:04.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
.182.0 on WLC USSTLController01
*Mar 1 00:14:14.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
.182.0 on WLC USSTLController01
*Mar 1 00:14:24.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported
version 6.0
.182.0
version 6.0
.182.0
on WLC USSTLController01
version 6.0
.182.0
Then I COnfigured Ap with Static ip address & default gateway & controller Ip but tht too didnt work...
.182.0 on WLC USSTLController01
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
*Mar 1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
3750X-48P (e05f.b907.9a20)
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>en
Password:
AP70ca.9bd5.77c6#
*Mar 1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
P70ca.9bd5.77c6>
*Mar 1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
3750X-48P (e05f.b907.9a20)
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>en
Password:
AP70ca.9bd5.77c6#
*Mar 1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
I also Need to Know Cisco Access point 3500 can be associated with WLC 4402 ( version 6.0.182.0) ??
Pls Advice How to proceed further

1131 LWAP not join WLC 4402

I am deploying WLC 4402 with LWAP 1131 but AP fail to join the WLC .The resone that I dont have DNS server.The error message in the AP is :
AP001d.451f.8582>
*Mar 1 00:00:38.005: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned D
HCP address 172.26.5.12, mask 255.255.255.0, hostname AP001d.451f.8582
Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:00:49.371: LWAPP_CLIENT_ERROR: lwapp_name_lookup - Could Not resolve
I tried to configure the Controller address in LAP but I fail ,The error when I tried to configure AP is below:
AP001d.451f.8582#lwapp ap controller ip address 172.26.5.10
ERROR!!! Command is disabled.
my question is :
is it possible to make LAP join WLC with out DNS,if yes how ?

Hi Yhab,
There are other ways besides DNS to help in the AP and WLC Discovery process. Have a look in this good doc;
Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml#topic2
For the Static entry problem;
If this AP was ever registered you can use this command from the LAP CLI to clear the LWAPP configuration on the LAP:
clear lwapp private-config
This allows you to use the AP LWAPP static configuration commands again.
Here is an example:
Enable (enter password)
AP1240#clear lwapp private-config
AP1240#lwapp ap hostname AP1240
AP1240#lwapp ap ip address 10.77.244.199 255.255.255.224
AP1240#lwapp ap ip default-gateway 10.77.244.220
AP1240#lwapp ap controller ip address 172.16.1.50
Note: You cannot use the clear lwapp private-config command when the LAP is registered with the controller.
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml#t2
Hope this helps!
Rob

WLC 4402 & 1131AG - "grouping" ap's for different radio standards?

Hi!
I've just bought a WLC 4402 Wireless controller and 20 APs running WLAPP.
I'm not sure how to define my question, so I'm serving you the whole story.
I work as an IT-apprentice on a school, and this school is located more or less nearby other institutions and private buildings, all running their private WLANs.
My plan is to deploy 1131AG ap's over a larger area. In some places, it's allready crowded with private ap's running on 802.11b/g. In those areas, my plan is to use only 802.11a for my ap's.
But some places, it would also be usefull having both, or only 802.11g (and maybe 802.11b).
I've just used the 4402 and ap's for about a week, so I'm no expert yet.
I can create different WLANS, and limit those wlans to different radio standards, but then I'll have to use different SSID's.
Now, i'm running two Wlans, sending out each their Vlan over two different SSID's. This works perfectly.
So my problem now is: how to make for instance a separate group of AP's (i.e. in a specific building) to run only on 802.11a without having to use a third SSID.
Is this possible, and if so, how?
Please awnser quickly, because I need this to work within monday :P
(I'm sorry for my bad english).
-John-

Hi John,
For the specified AP's why don't you set only the appropriate Data rates for the A Radio to enabled, and disabled for all the b/g Data rates?
Have a look;
Configuring Radio Data Rates
You use the data rate settings to choose the data rates the wireless device uses for data transmission. The rates are expressed in megabits per second. The wireless device always attempts to transmit at the highest data rate set to Basic, also called Require on the browser-based interface. If there are obstacles or interference, the wireless device steps down to the highest rate that allows data transmission. You can set each data rate to one of three states:
Basic Allows transmission at this rate for all packets, both unicast and multicast. At least one of the wireless device's data rates must be set to Basic.
Enabled The wireless device transmits only unicast packets at this rate; multicast packets are sent at one of the data rates set to Basic.
Disabled The wireless device does not transmit data at this rate.
Note At least one data rate must be set to basic.
You can use the Data Rate settings to set an access point to serve client devices operating at specific data rates. For example, to set the 2.4-GHz radio for 11 megabits per second (Mbps) service only, set the 11-Mbps rate to Basic and set the other data rates to Disabled. To set the wireless device to serve only client devices operating at 1 and 2 Mbps, set 1 and 2 to Basic and set the rest of the data rates to Disabled. To set the 2.4-GHz, 802.11g radio to serve only 802.11g client devices, set any Orthogonal Frequency Division Multiplexing (OFDM) data rate (6, 9, 12, 18, 24, 36, 48, 54) to Basic. To set the 5-GHz radio for 54 Mbps service only, set the 54-Mbps rate to Basic and set the other data rates to Disabled.
Hope this helps!
Rob
Please remember to rate helpful posts.......

WLC 4402 LAG connection to 2 different chassis of 6509 VSS switch system

Hi,
I have inherited a 6509 VSS switch system as the network core and have the task of ensuring proper redundancy and redesign of the directly connected data center devices. One of the connected devices (WLC 4402) physically appears to be connected to both switches - the WLC is in the same rack as VSS-Chassis1 so I can trace the fiber from WLC port 1 to gi1/1/22, the other fiber from the WLC port 2 goes into the floor and presumably over to VSS-Chassis2 gi2/1/22 (there is fiber connected there, I have link lights on both sides, and the port channel, Po200, on the VSS switch which is configured on gi1/1/22 is also configured on gi2/1/22). My question pertains to the CDP neighbor output I get on the VSS switch: (truncated to include just the WLC)
NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 Gig 0/0/2
NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 LAGInterface0/3/1
NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 Gig 0/0/1
It looks like both WLC ports are physically connected to Gi1/1/22, which they are quite obviously not.
This is confirmed on the WLC's sho cdp entry all output:
(Cisco Controller) >show cdp entry all
Device ID: ncmec-vsscoresw1.ncmec.org
Entry address(es): 100.1.0.254
Platform: cisco WS-C6509-E, Capabilities: Router Switch IGMP
Interface: LAGInterface0/3/1, Port ID (outgoing port): GigabitEthernet1/1/22
Holdtime : 160 sec
I believe that the multi chassis etherchannel is set up correctly on the VSS:
vsscoresw1#sho run int gi1/1/22
interface GigabitEthernet1/1/22
description WLC-Management
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 200 mode on
end
vsscoresw1#sho run int gi2/1/22
interface GigabitEthernet2/1/22
description WLC-Management
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 200 mode on
end
vsscoresw1#sho run int po200
interface Port-channel200
description WLC-Management
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
end
And yet when I show the details of port channel 200, I expect to see "mode on" but get instead see LACP which is unsupported on the WLC:
vsscoresw1#sho etherchannel 200 detail
Group state = L2
Ports: 2   Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol:    -
Minimum Links: 0
                Ports in the group:
Port: Gi1/1/22
Port state    = Up Mstr In-Bndl
Channel group = 200         Mode = On      Gcchange = -
Port-channel = Po200       GC   =   -         Pseudo port-channel = Po200
Port index    = 0           Load = 0xFF        Protocol =    -
Mode = LACP
Age of the port in the current state: 180d:19h:47m:01s
Port: Gi2/1/22
Port state    = Up Mstr In-Bndl
Channel group = 200         Mode = On      Gcchange = -
Port-channel = Po200       GC   =   -         Pseudo port-channel = Po200
Port index    = 1           Load = 0xFF        Protocol =    -
Mode = LACP
Age of the port in the current state: 180d:19h:47m:02s
                Port-channels in the group:
Port-channel: Po200
Age of the Port-channel   = 354d:12h:47m:27s
Logical slot/port   = 46/19          Number of ports = 2
GC                  = 0x00000000      HotStandBy port = null
Port state          = Port-channel Ag-Inuse
Protocol            =    -
Fast-switchover     = disabled
Load share deferral = disabled
Ports in the Port-channel:
Index   Load      Port          EC state       No of bits
------+------+------------+------------------+-----------
0      FF       Gi1/1/22                 On   8
1      FF       Gi2/1/22                 On   8
Time since last port bundled:    173d:17h:06m:34s    Gi2/1/22
Time since last port Un-bundled: 173d:17h:06m:34s    Gi2/1/22
Last applied Hash Distribution Algorithm: Fixed
>>> So my question, arising at least partly from the apparently misleading CDP information, is this: How can I confirm that the WLC is correctly dual homed to both core switches? (short of tracing the cable) I ask because there are several other devices (not WLCs) that need to have the dual homed connections confirmed.
I tried a layer 2 trace route but for all macs associated with the WLC, the trace abborts with the error "Device has Multiple CDP neighbours on destination port."
Thanks in advance!
Sue

PS: It is critical that I confirm the redundancy, since as a part of the data center redesign we will be moving the second VSS chassis to the same rack with the first to simplify the dual connections. I need to verify all the redundant connections before I take it offline and move it. Thanks!

Netflow on 6509 in Native Mode from Vlan Interface

I'm trying to get a 6509-E, running Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.
2(33)SXI9, RELEASE SOFTWARE (fc2), to send netflow traffic from a vlan interface to a Solarwinds server.
The server is not seeing all the vlan traffic, but does see all the traffic on the layer 2 ports (not netflow).
I've seen that a command, ip flow ingress layer2-switched vlan, needs to be enabled, but the OS I have does not support that command.
Or could it be that MLS is not configured except for a couple commands:
mls netflow interface
mls cef error action reset
netflow setup:
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
    Source(1)       10.31.101.1 (Vlan52)
    Destination(1) 10.30.2.196 (2055)
Version 5 flow records
14927339 flows exported in 615072 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
0 export packets were dropped enqueuing for the RP
0 export packets were dropped due to IPC rate limiting
0 export packets were dropped due to Card not being able to export
interface:
interface Vlan52
description AN.VDI.stu
ip address 10.31.101.1 255.255.255.0
ip helper-address 10.31.149.200
no ip redirects
ip flow ingress
ip flow egress
ip pim neighbor-filter 98
ip pim sparse-dense-mode
ip cgmp

Enabling MLS was the fix.
mls netflow interface
mls flow ip interface-full
mls nde sender version 5
mls cef error action reset

WLC - 4402/4 - Vlan Interface Addressing

Similar Messages

Maybe you are looking for