WLC 4402 Ethernet Connections?

Hello All,
What type of Mini-GBICS should I used for RJ45 ethernet connections for my 4402 Wireles Lan Controller? Should I use the GLC-T SFP? Is it the right one? aAso is Mini-Gbics a industry standard which means I can use any brand of Mini-GBIC for this Connection like Dell Brand Dlink or Others.

GLC-T is what you want to use. I don't know if other brands work but I bet it's not supported.
Sent from Cisco Technical Support iPhone App

Similar Messages

  • WLC 4402 LAG connection to 2 different chassis of 6509 VSS switch system

    Hi,
    I have inherited a 6509 VSS switch system as the network core and have the task of ensuring proper redundancy and redesign of the directly connected data center devices.  One of the connected devices (WLC 4402) physically appears to be connected to both switches - the WLC is in the same rack as VSS-Chassis1 so I can trace the fiber from WLC port 1 to gi1/1/22, the other fiber from the WLC port 2 goes into the floor and presumably over to VSS-Chassis2 gi2/1/22 (there is fiber connected there, I have link lights on both sides, and the port channel, Po200, on the VSS switch which is configured on gi1/1/22 is also configured on gi2/1/22).  My question pertains to the CDP neighbor output I get on the VSS switch: (truncated to include just the WLC)
    NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 Gig 0/0/2
    NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 LAGInterface0/3/1
    NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 Gig 0/0/1
    It looks like both WLC ports are physically connected to Gi1/1/22, which they are quite obviously not.
    This is confirmed on the WLC's sho cdp entry all output:
    (Cisco Controller) >show cdp entry all
    Device ID: ncmec-vsscoresw1.ncmec.org
    Entry address(es): 100.1.0.254
    Platform: cisco WS-C6509-E,  Capabilities: Router Switch IGMP
    Interface: LAGInterface0/3/1,  Port ID (outgoing port): GigabitEthernet1/1/22
    Holdtime : 160 sec
    I believe that the multi chassis etherchannel is set up correctly on the VSS:
    vsscoresw1#sho run int gi1/1/22             
    interface GigabitEthernet1/1/22
    description WLC-Management
    switchport
    switchport trunk encapsulation dot1q
    switchport mode trunk
    switchport nonegotiate
    channel-group 200 mode on
    end
    vsscoresw1#sho run int gi2/1/22
    interface GigabitEthernet2/1/22
    description WLC-Management
    switchport
    switchport trunk encapsulation dot1q
    switchport mode trunk
    switchport nonegotiate
    channel-group 200 mode on
    end
    vsscoresw1#sho run int po200
    interface Port-channel200
    description WLC-Management
    switchport
    switchport trunk encapsulation dot1q
    switchport mode trunk
    switchport nonegotiate
    end
    And yet when I show the details of port channel 200, I expect to see "mode on" but get instead see LACP which is unsupported on the WLC:
    vsscoresw1#sho etherchannel 200 detail
    Group state = L2
    Ports: 2   Maxports = 8
    Port-channels: 1 Max Port-channels = 1
    Protocol:    -
    Minimum Links: 0
                    Ports in the group:
    Port: Gi1/1/22
    Port state    = Up Mstr In-Bndl
    Channel group = 200         Mode = On      Gcchange = -
    Port-channel  = Po200       GC   =   -         Pseudo port-channel = Po200
    Port index    = 0           Load = 0xFF        Protocol =    -
    Mode = LACP
    Age of the port in the current state: 180d:19h:47m:01s
    Port: Gi2/1/22
    Port state    = Up Mstr In-Bndl
    Channel group = 200         Mode = On      Gcchange = -
    Port-channel  = Po200       GC   =   -         Pseudo port-channel = Po200
    Port index    = 1           Load = 0xFF        Protocol =    -
    Mode = LACP
    Age of the port in the current state: 180d:19h:47m:02s
                    Port-channels in the group:
    Port-channel: Po200
    Age of the Port-channel   = 354d:12h:47m:27s
    Logical slot/port   = 46/19          Number of ports = 2
    GC                  = 0x00000000      HotStandBy port = null
    Port state          = Port-channel Ag-Inuse
    Protocol            =    -
    Fast-switchover     = disabled
    Load share deferral = disabled  
    Ports in the Port-channel:
    Index   Load      Port          EC state       No of bits
    ------+------+------------+------------------+-----------
    0      FF       Gi1/1/22                 On   8
    1      FF       Gi2/1/22                 On   8
    Time since last port bundled:    173d:17h:06m:34s    Gi2/1/22
    Time since last port Un-bundled: 173d:17h:06m:34s    Gi2/1/22
    Last applied Hash Distribution Algorithm: Fixed
    >>>  So my question, arising at least partly from the apparently misleading CDP information, is this:  How can I confirm that the WLC is correctly dual homed to both core switches? (short of tracing the cable)  I ask because there are several other devices (not WLCs) that need to have the dual homed connections confirmed.
    I tried a layer 2 trace route but for all macs associated with the WLC, the trace abborts with the error "Device has Multiple CDP neighbours on destination port."
    Thanks in advance!
    Sue

    PS:  It is critical that I confirm the redundancy, since as a part of the data center redesign we will be moving the second VSS chassis to the same rack with the first to simplify the dual connections.  I need to verify all the redundant connections before I take it offline and move it.  Thanks!

  • WLC 4402 - clients connection to AP problem

    Hi, have a problem with clients connection to AP. On WLC can see status Probing, sometimes associated but no IP received. It was working for a month but stopped for some reason. Am slightly not sure on the steps how it all works ? First authentication takes the place and then IP assignment by DHCP, correct ? Could you please help in pinpointing the problem ? Radius reachable from WLC, AP's have IP's assigned by DHCP server from another subnet

    Hi,
    You can turn off the client exclusion and aironetIE under the wireless lan setting.
    You can also set to allow longer time out:
    config advanced eap eapol-key-timeout 5
    config advanced eap eapol-key-retries 4
    Below is the Reason code Meaning
    0 Reserved
    1 Unspecified reason
    2 Previous authentication no longer valid
    3 Deauthenticated because sending STA is leaving (or has left) IBSS or ESS
    4 Disassociated due to inactivity
    5 Disassociated because AP is unable to handle all currently associated STAs
    6 Class 2 frame received from nonauthenticated STA
    7 Class 3 frame received from nonassociated STA
    8 Disassociated because sending STA is leaving (or has left) BSS
    9 STA requesting (re)association is not authenticated with responding STA
    10 Disassociated because the information in the Power Capability element is unacceptable
    11 Disassociated because the information in the Supported Channels element is unacceptable
    12 Reserved
    13 Invalid information element, i.e., an information element defined in this standard for
    which the content does not meet the specifications in Clause 7
    14 Message integrity code (MIC) failure
    15 4-Way Handshake timeout
    16 Group Key Handshake timeout
    17 Information element in 4-Way Handshake different from (Re)Association Request/Probe
    Response/Beacon frame
    18 Invalid group cipher
    19 Invalid pairwise cipher
    20 Invalid AKMP
    21 Unsupported RSN information element version
    22 Invalid RSN information element capabilities
    23 IEEE 802.1X authentication failed
    24 Cipher suite rejected because of the security policy
    25-31 Reserved
    32 Disassociated for unspecified, QoS-related reason
    33 Disassociated because QoS AP lacks sufficient bandwidth for this QoS STA
    34 Disassociated because excessive number of frames need to be acknowledged, but are not
    acknowledged due to AP transmissions and/or poor channel conditions
    35 Disassociated because STA is transmitting outside the limits of its TXOPs
    36 Requested from peer STA as the STA is leaving the BSS (or resetting)
    37 Requested from peer STA as it does not want to use the mechanism
    38 Requested from peer STA as the STA received frames using the mechanism for which a
    setup is required
    39 Requested from peer STA due to timeout
    45 Peer STA does not support the requested cipher suite
    46-65535 Reserved

  • Bonjour / iChat working across wlc 4402

    I have a L3 switched LAN (Cat4510 at the core with 3560 to the edge), and a WLC 4402 [s/w 4.0.217.0] providing wireless access. There is a multitude a PC's and MACs that sit on the wired and wireless network.
    I currently am having issues getting a Apple tool called Bonjour working across the wireless network.
    I have done some reading and from what I can gather it uses mdns (which uses udp 5353 / 5354). I have enabled Multicast Routing on the Cat4510 and enabled on the WLC 4402 Ethernet Multicast Mode with a group address of 224.0.0.1, however still cannot get Bonjour clients talking.
    Admittedly the blogs I have read and Tech pages on Apple do not give up anymore info than this. Has anyone had experience or come across this before?

    Found something interesting on this.
    Apparently, apples do not like multicast using IANA Administratively Scoped Block range of 239.0.0.0-239.255.255.255.
    I was using 239.0.1.100 and nothing was connecting, I then changed it to 235.0.0.1 and all is well.
    Go figure.
    ref: http://www.cisco.com/en/US/tech/tk828/technologies_white_paper09186a00802d4643.shtml#wp1011111

  • Need Information For Connecting Access point to WLC 4402

    Hi Friends
    I need Some information for Connecting  my New Access point ( Cisco AIRLAP 1242AG) with WLC(4402) Controller
    In our network set up we have two WLC(4402) we needs to Connect this New Accesspoint To one of our WLC
    My Access point is brand New. I need to Know what all i have to do inorder to connect this AP to the controller (from Acesspoint perspective & WLC perspective)
    I need to Know  what I need to do in AP to connect to the Controller
    Do i need to Assign Static IP Address forAP or after connecting to the switch it automatically gets ip from DHCP and regsiter with controller??
    Do i Need to Configure my AP with default gateway(the switch to which is connected ?) & DO i need to configure the AP with  Controller Ip address ??
    Pls Assist
    Regards
    Safwan

    Hi Scot...
    We tried Connecting the Access Point yesterday, but it failed....
    We are using Cisco 3500 Access point ...
    when we connected , first it automatically got an ip address using DHCP but following error occurred
    P70ca.9bd5.77c6#
    AP70ca.9bd5.77c6#
    AP70ca.9bd5.77c6#
    Not in Bound state.
    *Mar  1 00:13:56.539: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination
    *Mar  1 00:13:56.555: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne
    d DHCP address 10.50.11.26, mask 255.255.0.0, hostname AP70ca.9bd5.77c6
    *Mar  1 00:14:04.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
    .182.0 on WLC USSTLController01
    *Mar  1 00:14:14.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
    .182.0 on WLC USSTLController01
    *Mar  1 00:14:24.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported
    version 6.0
    .182.0
    version 6.0
    .182.0
    on WLC USSTLController01
    version 6.0
    .182.0
    Then I COnfigured Ap with  Static ip address & default gateway & controller Ip but tht too didnt work...
    .182.0 on WLC USSTLController01
    AP70ca.9bd5.77c6>
    AP70ca.9bd5.77c6>
    AP70ca.9bd5.77c6>
    AP70ca.9bd5.77c6>
    *Mar  1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
    3750X-48P (e05f.b907.9a20)
    AP70ca.9bd5.77c6>
    AP70ca.9bd5.77c6>
    AP70ca.9bd5.77c6>en
    Password:
    AP70ca.9bd5.77c6#
    *Mar  1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
    . Renewing DHCP IP.
    AP70ca.9bd5.77c6#
    AP70ca.9bd5.77c6#
    AP70ca.9bd5.77c6#
    P70ca.9bd5.77c6>
    *Mar  1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
    3750X-48P (e05f.b907.9a20)
    AP70ca.9bd5.77c6>
    AP70ca.9bd5.77c6>
    AP70ca.9bd5.77c6>en
    Password:
    AP70ca.9bd5.77c6#
    *Mar  1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
    . Renewing DHCP IP.
    I also  Need to Know Cisco Access point 3500 can be associated with WLC 4402 ( version 6.0.182.0) ??
    Pls Advice How to proceed further

  • WiFi Devices not connecting to WLC 4402

    Hi All,
    I have a WLC 4402 running on s/w version 7.0.240.0. Currently devices are reluctant to join the controller.
    I am getting continuous log shown below
     %DHCP-3-SEND_OFFER_FAIL,
    %DOT1X-3-MAX_EAPOL_KEY_RETRANS:
    and  Decrypt errors occurred for client
    Could't find a proper solution anywhere. Pls suggest...

    Need more info than that... can you post your show wlan <wlan id>
    Make sure that if your using WPA, that you only either use WPA/TKIP or WPA2/AES, not both or a mix of one or the other.

  • Cisco AIR-LAP1041N-E-K9 not working with WLC 4402 version 7.0.116.0

    Hi All,
    appreciate your support for a problem i started facing today. i have a Cisco WLC 4402 running version 7.0.116.0 and it is working great with 25 Cisco 1252 APs. we have recieved a new 20 Cisco 1041N APs today and i installed one in our site but it doesn't work. it worked fine and loaded the image from flash and got the WLC ip address through DHCP option and started showing the below error:
    *Mar  1 00:00:10.021: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
    *Mar  1 00:00:10.033: *** CRASH_LOG = YES
    *Mar  1 00:00:10.333: Port 1 is not presentSecurity Core found.
    Base Ethernet MAC address: C8:9C:1D:53:57:5E
    *Mar  1 00:00:11.373: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
    *Mar  1 00:00:11.465: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1088 messages)
    *Mar  1 00:00:11.494:  status of voice_diag_test from WLC is false
    *Mar  1 00:00:12.526: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
    *Mar  1 00:00:13.594: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
    *Mar  1 00:00:13.647: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C1040 Software (C1140-K9W8-M), Version 12.4(23c)JA2, RELEASE SOFTWARE (fc3)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2011 by Cisco Systems, Inc.
    Compiled Wed 13-Apr-11 12:50 by prod_rel_team
    *Mar  1 00:00:13.647: %SNMP-5-COLDSTART: SNMP agent on host APc89c.1d53.575e is undergoing a cold start
    *Mar  1 00:08:59.062: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Mar  1 00:08:59.062: bsnInitRcbSlot: slot 1 has NO radio
    *Mar  1 00:08:59.138: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:08:59.837: %SSH-5-ENABLED: SSH 2.0 has been enabled
    *Mar  1 00:09:00.145: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Mar  1 00:09:09.136: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 172.16.26.81, mask 255.255.255.0, hostname APc89c.1d53.575e
    *Mar  1 00:09:17.912: %PARSER-4-BADCFG: Unexpected end of configuration file.
    *Mar  1 00:09:17.912:  status of voice_diag_test from WLC is false
    *Mar  1 00:09:17.984: Logging LWAPP message to 255.255.255.255.
    *Mar  1 00:09:19.865: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
    *Mar  1 00:09:19.886: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:09:20.873: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:09:20.874: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
    Translating "CISCO-CAPWAP-CONTROLLER.atheertele.com"...domain server (172.16.40.240)
    *Mar  1 00:09:29.029: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.100.102 obtained through DHCP
    *May 25 08:27:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
    *May 25 08:27:02.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
    *May 25 08:27:03.175: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
    *May 25 08:27:03.177: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
    *May 25 08:27:03.177: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *May 25 08:27:03.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
    *May 25 08:27:03.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
    *May 25 08:27:03.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
    *May 25 08:27:03.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
    *May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *May 25 08:27:03.378: bsnInitRcbSlot: slot 1 has NO radio
    *May 25 08:27:03.448:  status of voice_diag_test from WLC is false
    *May 25 08:27:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
    *May 25 08:27:14.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
    *May 25 08:27:15.185: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
    *May 25 08:27:15.186: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
    *May 25 08:27:15.186: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *May 25 08:27:15.330: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
    *May 25 08:27:15.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
    *May 25 08:27:15.334: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
    *May 25 08:27:15.334: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
    *May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *May 25 08:27:15.379: bsnInitRcbSlot: slot 1 has NO radio
    *May 25 08:27:15.450:  status of voice_diag_test from WLC is false
    *May 25 08:27:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
    *May 25 08:27:26.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
    *May 25 08:27:27.182: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
    *May 25 08:27:27.183: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
    *May 25 08:27:27.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *May 25 08:27:27.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
    *May 25 08:27:27.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
    *May 25 08:27:27.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
    *May 25 08:27:27.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
    *May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *May 25 08:27:27.377: bsnInitRcbSlot: slot 1 has NO radio
    *May 25 08:27:27.433: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *May 25 08:27:27.446: %PARSER-4-BADCFG: Unexpected end of configuration file.
    *May 25 08:27:27.447:  status of voice_diag_test from WLC is false
    *May 25 08:27:27.448: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *May 25 08:27:27.456: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *May 25 08:27:38.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
    *May 25 08:27:38.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
    *May 25 08:27:39.183: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
    *May 25 08:27:39.184: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
    *May 25 08:27:39.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *May 25 08:27:39.326: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
    *May 25 08:27:39.329: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
    *May 25 08:27:39.329: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
    *May 25 08:27:39.330: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
    *May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *May 25 08:27:39.375: bsnInitRcbSlot: slot 1 has NO radio
    *May 25 08:27:39.446:  status of voice_diag_test from WLC is false
    *May 25 08:27:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
    *May 25 08:27:49.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
    *May 25 08:27:50.179: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
    *May 25 08:27:50.180: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
    *May 25 08:27:50.180: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *May 25 08:27:50.323: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
    *May 25 08:27:50.326: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
    *May 25 08:27:50.326: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
    *May 25 08:27:50.326: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
    *May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *May 25 08:27:50.370: bsnInitRcbSlot: slot 1 has NO radio
    *May 25 08:27:50.425: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *May 25 08:27:50.438: %PARSER-4-BADCFG: Unexpected end of configuration file.
    i searched for the regulatory domains difference between  AIR-LAP1041N-E-K9 and  AIR-LAP1041N-A-K9 and didn't find any difference that may affect the operation of this AP.
    just to mention that our configuration in WLC for regulatory domains is:
    Configured Country Code(s) AR 
    Regulatory Domain  802.11a:  -A
                                 802.11bg: -A
    My question is, should i only include my country in the WLC (IQ) to add the requlatry domain (-E) to solve this problem? or changing the country will affect the operation of all working APs??
    Appreciate your kind support,
    Wisam Q.

    Hi Ramon,
    thank you for the reply but as shown in the below link:
    http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html#wp233793
    the WLC in version 7.0.116.0 supports Cisco 1040 seiries APs.
    Thanks,
    Wisam Q.

  • WLC-4402+AIR-LAP1142N problem

    Hello all,
    I've got a following problem with bringing up simple wireless configuration. There is a WLC-4402 controller and several remote locations (I am testing one so far). Two WLAN configured (one for employee and the other for guest access - no mobility anchoring used, guest is just mapper to VLAN restricted on the firewall). WLC serves DHCP pools for wireless clients. Problem I am experiencing at the moment is that user with laptop is able to connect to guest WLAN, got an IP but can communicate (ping) only its own IP, the controller IP in guest subnet and default gateway (which is the firewall interface). Traffic to any other destinations never hit gateway (I am running tcpdump on it to confirm). I double checked controller config but no luck so far. Could that be caused by missconfigured tunnel? No ACL or restriction set on WLC - see attached config.
    Thank you in advance,
    Peter

    Is this an open network or have you enabled layer 3 security? Web Auth? I can see you have created a lobby admin account so expect that you use this for guest account creation with web auth..
    When you associate/receieve IP address to the open guest network have you then opened a web browser and authenticated? Until you enter your login details created on the WLC I would imagine that you wouldn't be able to send any data.
    If you have authenticated already, can you check on the WLC that the client is associated/authenticated and is the Corp network ok? Also what is the topology between the WLC/Firewall/Remote sites.
    Cheers
    Mat

  • WLC 4402 + 4 1130AP's.

    Has anyone setup a WLC 4402 and few 1130AP's on their network? Here's the scenario we have VLAN's setup on our network. We want to be able an employee can connect to the internal network and public connect to a DSL Internet. I got the internal employee access the internal network but I couldn't get the DSL users connect to the Internet. Internal network uses DHCP server and DSL users uses Linksys DHCP server. Can someone point me to the right setup/config on 1130AP's to connect to DSL using WLC 4402?

    Make sure you can get the VLAN to the internet before you setup the WLAN. 1st off I would test the VLAN that you have setup to go to DSL on a switcport on your core switch and work the DHCP issues out there and then work on the WLAN. can you ping your DSL router intface from your switch. If you can my guess is that the IP helper address is not set right.
    You will then need to point the WLAN to VLAN you setup for the DSL.

  • WLC 4402-50 with ACS 3.3

    Hi,
    We want to use ACS to authenticate an ssh or http connection to a WLC 4403-50 4.2.99 using TACACS+. On our ACS 4.2 test server it works fine. Configured identically on an ACS 3.3 appliance we are not able to log in although we do see a successful login in the Passed Authentications report withing ACS.
    Is there an incompatability between the WLC 4402-50 with ACS 3.3?
    thanks
    Bob

    The Cisco Secure Access Control Server (ACS) provides authentication, authorization, and accounting (AAA) services for users of the wireless network.
    It is also possible to employ a WLC controller strategy that uses an N+1 approach. When using N+1 architecture, each WLC is configured with a WLC that is designated as a backup WLC in the event of a failure. This controller is not used until there is a failure event upon which all APs using the failed controller switch to the backup WLC. This cost-effective approach provides a high level of availability in the event of a single WLC failure scenario.

  • Windows XP Home on WLC 4402

    Hi,
    I have a WLC 4402 Wireless LAN Controller with multiple 1231 AP on LWAPP. WLAN has security setting on WPA+WPA2 with PSK share key. All computers in domain are fine, wireless connections are steady. I have a group of students use Netbook on Windows XP Home SP3 got connection and drop situation. Event ID on XP has continuous 4201 and 4202 cases, and on WLC log I have also continuous log as
    *Apr 19 10:35:44.046: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client 00:26:5e:eb:fd:0a
    I understand XP Home has no certificate from Domain environment therefore I didn't setup any AAA server service. How can this problem be resolved? Keep trying on security combination, but no luck. Please Help. Thanks.
    Attachment is WLC configuration file without encryption.

    Hi, Kayle
    Thanks for quick reply. Its not ASUS EeePC but ASUS s10e. The wireless LAN device is Broadcom 802.11g. I check with Lenono System Update, no newer driver available. Thanks.

  • Help Needed - complete newbie - WLC 4402

    I am trying to set up a basic wireless network, completely seperate from our internal network, just utlizing the external internet bandwidth. It will mainly be used for meeting rooms and visitors requiring internet access.
    There should be no need for VLans on the Wireless network.
    The External 7204 router is plugged into a 12 port 2950 switch, which has a connection to the external side of our firewall.The ip address of the router is a public address, so if possible I do not want to give the WLC management ip a public address. The WLC will be plugged into the Cisco 2950 switch.
    I am a complete newbie at setting up the Cisco wireless. I imagine it is down to routing - do I have to purchase another router or is the WLC capable of doing simplified routing?
    Any advice would be greatly apprciated.
    Cisco WLC 4402 - version 5.1.151.0
    Cisco 3750 24 Port Switch
    External Router 7204 VXR Router
    Internal DHCP on WLC range - 192.168.60.100 -> .150
    Management Ip address: 192.168.60.2
    AP ip address: 192.168.60.3
    Virtual ip address: 1.1.1.1
    External Router ip address: 194.*.*.1

    Hi dennischolmes,
    Thanks for your reply, i have tried to create an interface on the controller as you suggested. however I get the following error " Error in setting VLAN and port. Cannot have multiple untagged dynamic interface on the same port" was ondering if you could shed any light on that error.
    Trying to setup the Trunk port on the 2950 switch, it won't allow me to set the encapsulation dot1q - is this down to the software version of the switch?

  • Hellp on Nokia E61i associating with Cisco WLC 4402

    I met some problem with associate Nokia's dual mode mobile phone E61i with Cisco WLC 4402, hope someone can help me on it:
    I setup a VOICE WLAN in 4402(v5.0.148), Layer2 security is WPA1+WPA2, Key management using 802.1x, WPA1 policy enable both TKIP and AES, Radius server using ACS engine(v4.1.1.23)(enable PEAP-MSCHAPv2);
    I can use my laptop to join this WLAN(my laptop configure with PEAP/MSCHAPv2, WPA-TKIP, not validate server certificate), but can't let E61i join it, each time it will remind me “unable to connect, WPA authenticate failed).
    In E61i, I select WPA/WPA2 as WLAN security mode, enable EAP-PEAP, under EAP-PEAP, I enable EAP-MSCHAPv2; however under Cipher, there's a lot of options such as “RSA,3EDS,SHA”, “RSA,AES,SHA”, but there's no TKIP, I have tried to enable all of them and tried only enable those items which include AES, but I failed each time with the same reminder “unable to connect, WPA authenticate failed”. I checked ACS's failed log, there's no record; In 4402, there also have no record.
    If I change the security to open or static WEP for VOICE WLAN, then the E61i can connect to the WLAN.
    I think the problem maybe relate to encryption or certificate, right now I just do the test in lab, not in customer's real environment, so I use ACS to generate a self signed certificate and installed it in ACS.
    Pls. help to point me what I need to adjust to make it work. Thanks!

    Hello,
    CCKM Key Management mode on Nokia E61i phone can be used
    against Cisco LWAPP AP's with TKIP encryption
    Nokia E61i (and other E-series WLAN enabled phones) are supporting CCKM key management method with both dynamic WEP and TKIP ciphers.
    On the phone configuration, 802.1X security mode needs to be in use in order to enable CCKM support. WPA/WPA2 security mode on the phone is dedicated to standards based WPA and WPA2 methods and it does not allow usage of proprietary CCKM key management method.
    Phone's 802.1X security mode does not mean that phone would only support dynamic WEP encryption method in this mode although in contexts term "802.1X" may be attached to pure dynamic WEP (legacy / pre WPA era)security methods.
     802.1X security mode can be seen on Nokia Eseries phones as sort of an "everything with EAP based authentication is allowed" mode, meaning that following key management and cipher configurations are supported:
    - WPA-Enterprise  = WPA Key Management (EAP based authentication) with TKIP encryption
    - WPA2-Enterprise = WPA2 Key Management (EAP based authentication) with AES encryption
    - Mixed WPA/WPA2-Enterprise = I.e. WPA/WPA2 Mode Migration WPA2 Key Management (EAP based authentication) with AES (for unicast data) and TKIP (for multicast data) ciphers
    - 802.1X dynamic WEP = legacy (pre-WPA era) 802.1X based dynamic WEP (EAP based authentication with dynamic WEP encryption)
    Supported:
    - CCKM with WEP = CCKM Key Management (EAP based authentication) with dynamic WEP encryption
    - CCKM with TKIP = CCKM Key Management (EAP based authentication) with TKIP encryption
    Not supported:
    - CCKM with AES = CCKM Key Management (EAP based authentication) with AES encryption
    Please note that CCKM-AES mode (CCKM Key Management with AES cipher) is not working properly due to some incompatibilities between Cisco and Nokia implementations thus it must not be listed as a supported combination on the current Nokia E-series devices. We are also seeing CCKM-Fast
    Re-authentication failures with Cisco autonomous AP's when AES encryption is used although initial authentication to autonomous AP's is successful. Nokia is currently working with Cisco to get CCKM-AES based authentications and roaming working properly with both LWAPP and autonomous Cisco AP's.
     Also note that Nokia E-Series does not support Cisco proprietary CKIP/CMIC encryption/data integrity methods. CKIP/CMIC is supported at least by Cisco autonomous AP's and it seems to be available also
    at least on LWAPP AP version 4.1.171.0.
     CCKM on E-Series devices has been tested against Cisco LWAPP (ver. 4.1.171.0) and it works when TKIP encryption is in use (WPA Policy + TKIP encryption in Cisco LWAPP configuration terms).
    In practice this means Cisco LWAPP is configured in a following manner: WLAN -> Edit -> Security-> 
    Layer 2 Security = WPA+WPA2
    WPA+WPA2 Parameters:
    -WPA Policy = enabled
    -WPA Encryption = TKIP enabled, AES disabled
    -WPA2 policy = disabled
    -Auth.Key Mgmt = CCKM
    Br,
    -Pasi-

  • Rolling upgrade of WLC 4402 controllers and APs

    In need to upgrade the software on two WLC 4402 controller in a hospital.   Both WLCs have the same config and one is primary (has all APs connected) and the other backup (no APs connected.)  The APs are placed so there is still coverage if one goes down in an area.    My question - is it possible to do a rolling upgrade to have no downtime for the wireless clients?  My plan would be to upgrade the backup WLC then selectively move APs to it.  If I swap the primary and secondary controllers in the high availability tab on each AP, do I need to do a reset (General - Hardware Reset) or will it automatically reboot and connect to the upgraded backup controller?   When I'm done, I'd upgrade the primary controller and now call that backup.   Does this make sense? 

    I've done this same sort of thing on a slightly larger scale about 5 times now at the hospital I work at.  Quick answer is "Yes, it is possible to do a rolling upgrade and have no downtime for wireless clients."
    I've got 5 WLC's, and I use the high availability tab to move all the AP's off one, upgrade it, and move all the AP's from the next WLC over to it, upgrade that one, etc.
    The thing you need to be careful of is your timing and your choice of APs to move.
    It generally takes about a minute to move an AP between WLCs running the same version.  But if there's a version change that makes the AP upgrade, you're looking at about 6 minutes.
    I do them one at a time, and when they show up in the WLC as being up, running and happy for 1 minute, I do the next one.  And so on.  Takes me about 3 days to go through all 5 WLCs and 375 APs.  Not once have I had a user notice the move.
    Also, in order to test, after I do the first upgrade, I move just one area's APs into that WLC for a day and then test the various flavors of gear we have (phones, infusion pumps, laptops, etc.) to confirm that the new version doesn't have any trouble.  Sometimes it does and I work with TAC to get things resolved before I do the whole hospital.
    jh

  • WLC 4402 IP Error

    Hi,
        I configured a WLC 4402 and the access point are 1420, when I connect to the wireless it always sends me a message about a IP Conflict but I also have one Cisco Aironet 1402 in Autonomus and If I connect to that one I dont have the IP Conflict even if the laptop gets from de DHCP the same IP address mark as conflict in the WLC.
         Do you know how to solve this?

    Sorry for answer until now,
    Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Gu
    est
    ap-manager                       LAG  untagged 172.16.8.21     Static  Yes    No
    intvoz                                LAG  2             10.31.17.3      Dynamic No     No
    management                      LAG  1            10.16.44.10     Static  No     No
    service-port                        N/A  N/A          192.168.1.1     Static  No     No
    virtual                                N/A  N/A           1.1.1.1         Static  No     No
    the Intvoz we use it for the voiceip phones and the one that is making conflict is the management this is in the vlan 1 and the AP that are autonomus has no vlan assigned.

Maybe you are looking for