WLC 4404 and LAG

Similar Messages

• Wlc 4404 and high avaibility

  If i have 2 WLC 4404 that support 100 Access Points for one and i have installed 110 Access Point, can i you decide when a WLC go down which are the 10 Access Point that must stay down?
  thanks for your help
  fcostalunga

  Let me understand your question.
  You have two WLC and each can support 100 AP. You have 110 APs. If one of the WLC should go down, how can you configure or tell which 10 AP's will be unable to join?
  If this is your question, here are some solutions I can think of.
  1. H-REAP. If you enable H-REAP to all your AP's, when one or ALL of your WLCs should go down, the AP's will be able to operate as if the WLC were up. The exception-to-the-rule is DO NOT reload the AP's and this should be fine.
  2. You can configure, via CLI only, 100 AP's the primary and secondary controller. 10 AP's will have no config so they will go into "limbo".
  Hope this helps.

• WLC 4404 port reset?

  Hi,
  We have a WLC 4404 and had a dodgy Gbic that caused the port to go down, but now we can't get the port to come back up.
  Do you think reloading the firmware will reset everything?
  Thanks

  Removing the GBIC and reloading the controller should help you in this case. Software has not got anything to do since it the problem is with the physical connection.

• WLC mobility group between 4404 and 5508 controllers

  Mobility 'Control and Data Path Down' between 4404 and 5508 WLC's.
  Hello, we have 5 x 4404 WLC's running 7.0.240.0 with mobility configured fine between them.
  We have installed a 5508 with HA running 7.4.110.0, and have tried to add it to the mobility group, however we see 'Control and Data Path Down' between the new 5508 and all the 4404 controllers.
  All controllers have:
  The same virtual address
  Management interfaces are in the same VLAN, and indeed all the controllers connect via the same pair of 3750X stacked switches.
  The default mobility domain name is the same
  4404 output when issung the command 'show mobility summary'
  Symmetric Mobility Tunneling (current) .......... Enabled
  Symmetric Mobility Tunneling (after reboot) ..... Enabled
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... SGH-Mobility
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0xe209
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 6
  Mobility Control Message DSCP Value.............. 0
  5508 ouput when issueing the command 'show mobility summary'
  Mobility Architecture ........................... Flat
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... SGH-Mobility
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0xe209
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 6
  Mobility Control Message DSCP Value.............. 0
  I've spent quite some time double checking all the configurations to no avail.
  Has anybody seen this problem before?
  Kind regards
  Dave Bell

  Thanks Sandeep.
  I am well versed with WLC's and mobility, however trying to add a 5508 to a mobility group with 4404's has come up with a bit of a curve ball.
  All the 4404 controllers all joined the mobility group fine, no problems at all - its only the 5508 I am struggling with.
  In theory its simple, populate the IP address, and MAC addres of the management interface of the remote WLC, as long as the management interfaces are in the same VLAN, and the Default Mobility Domain Name are the same it should come up.
  Interestingly I have found the 5508 reports its own management interface MAC address incorrectly when viewing the Mobility Groups:
  For example:
  {Screen shot WLC1.jpg}
  5508 management address is 10.95.x.x and when viewing the Mobility Management screen it shows its own MAC address as bc:16:65:f9:37:60.
  however!
  From our router is I do an sh arp | i 10.95.x.x (controller management address), I see:f872.eaee.becf.
  {Screen shot wlc2.jpg}
  Hence the WLC reports as: bc:16:65:f9:37:60
  and
  The network reports as: f872.eaee.becf for the same IP address.
  I have changed the other WLC's to the MAC adress seen on the network for the new controller, aka changed from
  bc:16:65:f9:37:60
  to
  f8:72:ea:ee:be:cf
  I now see the controllers reporting the mobility with the new controller as 'Control Path Down', however I am at a loss as to what may be causing this?
  Kind regards
  Dave Bell

• Wlc 4404 strange behaviour

  Hello,
  I have to manage a wlc 4404. According to me he acts strange.
  Only ports 1,2 and 3 are connected. The ap-manager and the management are linked at port 1. So far so good.
  If I look at the wireless-tab I see all AP's are connected at port 3 !!
  All the 3 ports are connected to the same switch and VLAN.
  AP=Cisco Aironet 1130AG with a default config
  Could someone explain me why all AP's are connected on port 3, while the ap-manager is linked at port 1.
  Thanks in advance,
  Carlo

  The Cisco docs clearly state that you can only have 48 APs associated to each ap-manager interface. If you are not running LAG, and I can't think of a good reason not to, then you will need 3 physical interfaces to be configured with unique ap-manager ip addresses in order to register 100 APs. Since the APs point to the management ip (via DNS or DHCP) to get the ap-manager interface, they will automatically load balance.
  Note that unless you are running VERY recent code, there are significant ARP bugs related to the additional ap-manager interfaces responding to ARP requests. The best-practice is to add a static ARP entry in the router/L3 switch that is the ap-manager's default-gateway. This is an artifact of the ap-manager interfaces not responding to any traffic accept LWAPP, including ARP. This has been a serious problem for a lot of enterprise customers because this impacts most CEF switching devices like the Catalyst 6500 since most IOS versions also have a CEF adjacency/ARP timeout bug.

• Differences Between WLC 2000 and 4400 series

  Besides the supported number of access points, what are the differences in features between the WLC 2000 and 4400 series?

  On the 2006, you have 4 ports on the back, that can support up to 3 AP's being directly connected, and the other port as your connection to the network, and it does not support LAG (Link AGgregation). The ports are 10/100M, and it can not be an anchor for a mobility group.
  On the 4400, you either have a 4402 or a 4404,the 2 has 2 Gig interfaces, and the 4404 has 4 Gig interfaces, you can not connect AP's directly to a 4400. Both 4400's will support LAG, and they can be used as anchors in a mobility group. Those are the big differences in them. They configure up the same, and interact with the wired and wireless networks the same.

• Best practices for network design on WLC 2504 and 5508

  Dear all:
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Maximum amount of AP per port
  The scenario when to use all ports in both WLC
  Maximum number of clients(users) per port
  Bandwidth comsumption of  management vs data in order to assign one port for management
  I've just found this:
  Cisco 5508 controllers have eight Gigabit Ethernet distribution system ports, through which the controller can manage multiple access points. The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller. Cisco 5508 controllers have no restrictions on the number of access points per port. However, Cisco recommends using link aggregation (LAG) or configuring dynamic AP-manager interfaces on each Gigabit Ethernet port to automatically balance the load. If more than 100 access points are connected to the 5500 series controller, make sure that more than one gigabit Ethernet interface is connected to the upstream switch.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/6-0/configuration/guide/Controller60CG/c60mint.html
  Thanks for your help.

  The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller.
  This is an old document.  5508 can now support up to 500 APs if you run firmware 7.X.  2504 can support up to 75 APs if you run firmware 7.4.X.
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Best practice and recommendation is to LAG all ports so you will be able to form a link redundancy.  If one link goes down, you have other link to push traffic. 

• What settings need to be set for the fastest roaming on my wlc 4404

  Hi all
  I notice that on my WLC 4404 when walking around with my laptop, I am dropping pings when it roams to another access point, Is there anything on the controller I need to check, and can I optimize these settings for roaming?
  cheers
  carl

  Hello Carl,
  to have romaing working fine you need to be sure of following:
  1) RF designed correctly , and enough overlapping is availble between the AP's.
  in addition for environment to be free from external noise..
  this can be confirmed with spectrum expert site survey
  2) what authentication and encryption used ( WEP , or WPA-PSK no need to check this point ->> skip :-) )
  if you are using any authentication like 802.1x ->> then enable CCKM on the WLAN to make more seamless roaming.
  3) if more than one WLC availble on site , configure mobility group between them,
  so if client roam from one AP in WLC 1 to AP on WLC 2 ->> no disocnnection observed....
  Kind regards
  Talal
  ===========
  please rate answers that you find useful , and mark as answered - when it is :-) - so others can find it easily

• WLC 4404 Wireless users getting disabled

  Currently Being Moderated
  Wireless users getting disabled
  Hi,
  I have WLC 4404 with 7.0.116.0 version. I was getting following messages for particular APs
  *Dec 20 14:11:13.875: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Dec 20 14:11:13.908: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Dec 20 14:11:29.383: %LWAPP-5-RLDP: RLDP stopped on slot 0.
  *Dec 20 14:11:29.674: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
  *Dec 20 14:11:29.678: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Dec 20 14:11:29.700: %LWAPP-5-RLDP: RLDP started on slot 0.
  *Dec 20 14:11:29.707: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Dec 20 14:11:29.752: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
  *Dec 20 14:11:29.757: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Dec 20 14:11:29.790: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Dec 20 14:11:45.396: %LWAPP-5-RLDP: RLDP stopped on slot 0. *Dec 20 14:11:13.875: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  After seeing one of the cisco forum, I have disabled RLDP for that particular APs
  so above messages are rectified.
  But right now we are not able to identify Rogue IP and it is not contained.
  So please give any suggetion so that i can rectify the above messages as well as i can identify the rogue IP.
  Thanks & Regards
  Gaurav Pandya

  Hi Scott,
  You are right i am not able to detect rogue APs because i disabled the RLDP. but when i enable the RLDP for that particular AP. i got the following messages with interface go up and down
  *Dec 20 14:11:13.875: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Dec 20 14:11:13.908: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Dec 20 14:11:29.383: %LWAPP-5-RLDP: RLDP stopped on slot 0.
  *Dec 20 14:11:29.674: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
  *Dec 20 14:11:29.678: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Dec 20 14:11:29.700: %LWAPP-5-RLDP: RLDP started on slot 0.
  So please suggest me the mid way so that i can enable the RLDP (Detect the rogue APs) with out interface going up and down frequently.
  Regards
  Gaurav

• Anchor mobility between WLC 5508 and Aruba/Clearpass

  Hello. I have a question regarding the abiltiy to configure anchor mobility between a 5508 WLC and an Aruba controller. To date, my understanding is it has never been possible and I have never found any documentation that says it can be done.
  Scenario: My organization and a partner organization co-own a hospital. We coexist on a large campus, with each org having a number of buildings that the owning org maintains the network presence in. We also maintain back-to-back firewalls between us and do not hand-off any direct layer 2 interfaces to each other. However, the two orgs do partner to provide each others business SSID's in each other's WiFi networks using anchor mobility. Our current solution utilizes an A/M tunnel between my org's 5508 controllers and the partner orgs 2504 controller and we explicitly permit the tunnel traffic between partner controllers for A/M to work. Last year, the partner org retired some old WiSM's and changed their wireless solution to Aruba and recently implemented Clearpass. In order to maintain A/M with us they left a 4404 operational, but due to the newer code we were running they were forced to purchase a 2504. So now they are only maintaining a limited footprint in their network with a few Cisco AP's and the rest of their coverage areas use Aruba AP's and they have indicated that they want to completely retire their Cisco WLC's. Because we host some of their SSID's on our controllers and can tunnel them to their 2504, they get all of their WiFi traffic coming from our network, however my org can only connect to our SSIDs on their campus in certain areas.
  The solution I have been asked to provide is to find a way to continue providing some sort of anchor mobility services between our WLC's and their Aruba controllers. My org maintains that we do not want to simply hand them a layer 2 interface for security reasons, but they want our SSIDs to be available in all areas of the partner org's campus and vice versa. So far I have stalled the partner org's plans to retire their WLC's by telling them that retiring their WLC's will completely break WiFi between orgs, but they are adamant that some sort of A/M solution must be found.
  Is there any way to do some sort of A/M between a WLC and Aruba controller and if so, is there any documentation showing configuration examples etc?
  Thanks,
  John

  Hi John,
  I do not think it will work. Even if it get working somehow, it will be operation nightmare to troubleshoot & fix a issue since both vendor will say it is NOT supported solution.
  What about if you ask them to advertise your SSID (assuming it is dot1x) on their APs as another SSID on their network, but pointing it to your RADIUS & DHCP for IP connectivity (you do not have layer 2 requiremnt for this & can do this as long as you have L3 communication between each other)
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Port channel WLC 5508 and 3750

  Hi All,
  I want to configure Port channel for WLC 5508 and cisco 3750 Stack Switch. What changes I need to make on WLC and where?
  Thanks
  Jagdev

  Thanks Chris,
  LAG is enable on WLC, and Port channel is configured on 3750, Please see the configration and Port channel status below:-
  (Cisco Controller) >show lag summary
  LAG Enabled
  interface Port-channel14
  description Port Channel to WLC001
  switchport trunk encapsulation dot1q
  switchport mode trunk
  end
  sh etherchannel 14 summary
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      f - failed to allocate aggregator
          M - not in use, minimum links not met
          u - unsuitable for bundling
          w - waiting to be aggregated
          d - default port
  Number of channel-groups in use: 14
  Number of aggregators:           14
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  14     Po14(SD)        LACP      Gi1/0/22(I) Gi2/0/22(I)
  sh run int g1/0/22
  Building configuration...
  Current configuration : 209 bytes
  interface GigabitEthernet1/0/22
  description Trunk to WLC001 DistPort1
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 254
  switchport mode trunk
  channel-group 14 mode active
  end
  sh run int g2/0/22
  Building configuration...
  Current configuration : 209 bytes
  interface GigabitEthernet2/0/22
  description Trunk to WLC001 DistPort2
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 254
  switchport mode trunk
  channel-group 14 mode active
  end

• WLC 4404 %OSAPI-3-FILE_OPEN_FAILED

  the WLC 4404 present this logs:
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/927/stat.(erno 24)
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'gccp_t'
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/926/stat.(erno 24)
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'dot1dTimer'
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/925/stat.(erno 24)
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'dot1dRecv'
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/921/stat.(erno 24)
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'fdbTask'
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/920/stat.(erno 24)
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'nPCSL_timer'
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/916/stat.(erno 24)
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'tFrameReceive'
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/913/stat.(erno 24)
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'tFrameReceive'
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/917/stat.(erno 24)
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'tFrameSend'
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'Gmac Link Task'
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/905/stat.(erno 24)
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'tDapiTxTask'
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/904/stat.(erno 24)
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'RMONTask'
  *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/903/stat.(erno 24)
  when present this loggs the device present those symptoms:
  lost GUI session
  Lost console conection
  Lost SSH and Telnet conecction
  the WLC 4404 not work is stopedd

  Almost looks like it could be defect ID CSCtx02515.  SHows that it's fixed in 7.2.110.0, but if you have a 4404, you can't run 7.2 code.
  Symptom:
  High CPU on webJavaTask
  Alternatively: large number of TCP connections, leading to file descriptor problems like:
  osapi_file.c:370 Failed to open the file : /proc/1054/stat.(erno 24)
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtx02515
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• WLC 4404 - Clearing the Load Balancing Statistics?

  Does anyone know of a way to clear the load balancing statistics from a WLC 4404?  I've looked through the gui and CLI and can't seem to find a way to do it.
  Thanks,
  Rob

  You can do a 'show summary' to see the number of connections that have been sent to each servers.
  You can't see the number of bytes so.
  I would suggest to collect this info on the server.
  Regards,
  Gilles.

• Replacing WLC 4404 with 5508

  Hi Friends,
  I am new to Cisco wireless and would appreicate any help with replacing WLC 4404 with 5508. I mean any link or doc (best practices).
  Thansk,
  Nav
  [email protected]

  Yup, what said Scoot said .. Add the 5508 to the aps high availability. If you have WCS/NCS you can push this to the APs.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Decrypt Errors - WLC 4404

  Hello,
  We recently had a few clients being locked down with countermeasures by our WLC 4404 due to TKIP-MIC errors. After doing some reading on the benefits of AES over TKIP I switched our WLAN security settings to AES, and pushed a new wireless policy to our client machines. Every thing appeared to work well, except now the trap log on the 4404 is showing a LOT of WPA decrypt errors. I've checked a few of the clients that appear to have problems, but they've got the right policy and WPA settings to match what is on the WLC.
  It's not one particular NIC, it's various clients.
  Any thoughts on how I might clear these up?
  Rob

  One reason for that is configuration of two WEP keys on a single WLAN is not supported. Currently WLAN can only take one WEP key.