WLC 5508 and mobility groups

Similar Messages

• WLC 5508 * 2 & Mobility Group

  What I am trying to configure is Mobility Groups.
  My understanding is that this will allow AP to successfully register and fail over over seamlessly if any of the WLC had to fail ?
  It could be I am confusing two things into one :( & I am totally confused and not understanding the benefits of mobility group mentioned above.
  Also when a AP starts up and registers with the WLC ......I click on a registered AP > High Availability ( Primary / Sec / Tertiary ) all fields are blank...
  Initially I also thought that once my SSO is all setup and working than those options "AP > High Availability" will get populated automatically but clearly not unless something is not working.
  My current config is as follows:-
  WLC 5508 * 2
  WLC 1 - Primary
  WLC 2 - HA SKU (Secondary )
  Redundancy = SSO (Both AP and Client SSO)
  =============
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.6.130.0
  Bootloader Version............................... 1.0.20
  Field Recovery Image Version..................... 7.6.101.1
  Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
  Build Type....................................... DATA + WPS
  System Name...................................... WLC5508
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  Redundancy Mode.................................. SSO (Both AP and Client SSO)
  IP Address....................................... 10.31.66.21
  Last Reset....................................... Software reset
  System Up Time................................... 0 days 22 hrs 39 mins 57 secs
  System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  Configured Country............................... GB  - United Kingdom
  Operating Environment............................ Commercial (0 to 40 C)
  --More-- or (q)uit
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +38 C
  External Temperature............................. +21 C
  Fan Status....................................... OK
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 1
  Number of Active Clients......................... 0
  Burned-in MAC Address............................ F8:72:EA:EE:5B:B2
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Absent
  Maximum number of APs supported.................. 500
  ============================================
  TA

  TA,
  Mobility and mobility groups are used for the wireless users roaming. What we know that a wireless users can roam between different APs within the same WLC, but when the SSID is used within multiple WLCs, and the client wanted to roam to an AP joined to another WLC, you would need to configure WLC mobility to maintain seamless roaming. For more info:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001101.html
  Now, I understand that your purpose is to have high availability for your APs. No this is done traditionally from the AP page, under HA tab, where you configure the WLCs names and IPs there. This can be done manually on each AP (you can use CLI to make it easier) or you can push a configuration template using a management server (WCS/NCS/CPI).
  Configuring HA on the AP:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110000.html
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110001.html
  Using CPI to push AP configuration templates:
  http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-0/configuration/guide/pi_20_cg/temp.html
  Now mobility may play a role in this, as if you have already configured mobility for your WLCs, then you won't need to configure a "name" for the WLCs when you add them under the HA tab in AP configuration page. That's it.
  BR, Ala

• WLC 5508 to WLC 5508 for Mobility Group

  Hi
  I have 5508 WLC (Running 7.2) in seperate buildings. I have created ACL's on both Controllers and the only thing that is failing is the Mobility Control Function. The ACL on WLC B is the Exactly the same except with some IP's being reversed. I have allowed EoIP and Mobility Traffic on both Controllers. The Data Path is Fine but the Control Path is stating down. I apologize in advance if I have been to vague. Any help would be appreciated.
  Thank You
  Bill

  Well for mping, that is upd 16666/16667.  So in your rule, your rule you shoulod have something like this:
  17 16666-16666 16666-16666 Any Permit
  17 16667-16667 16667-16667 Any Permit
  What is the ip of the WLC's? YOur counters are all zero also.
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080a7c988.shtml#t4
  Take a look at your show rules output without the ACL and then witht he ACL.

• WLC 5508 and AP Groups?

  I have 240 cisco ap's throughout my campus.  Most are located in a main building.  I have been asked to enable dynamic channel and power assignment.  I really don't want to unleash the change on the entire campus at one time.  Can anybody advise me how to do small sections at a time?  I have looked at ap groups and I don't really see how that would help me.  I am using a cisco 5508 controller.  Code is 7.0.116.0.  TIA                 

  Use RFprofiles feature from 7.2 code on 5500 wlc to accomplish the same.
  http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_wlan.html#wp1615390

• WLC 5508 And Third Party SSL for Web Authenticaiton

  Hello,
  We are using WLC 5508 and currently the authentication process is via Customized WebAuth. As you know that with the WebAuth the authentication process won't work unless you launch Web Browser and you will be redirected to the Authentication Page where you type your username and password. This is a bit fuzzy for most of the users and what I'm thinking is to use different authentication mechanism where the user will automatically be prompted upon connecting to any SSID. I have read that Public/Thrid Party certificate will do this and any client can accept the public certificate.
  Anyone can elaborate on this approach?
  Regards, 

  With machines that are not part of the domain, typicall if you still want to secure them usin 802.1x, you would leverage a radius server and users would be told of the SSID to connect to and enter their AD credentials.  Of course, if you use AD credentials, users will now join all their other devices to that SSID. This is where ISE comes in and you can profile devices. Even though the WLC with v7.6 can profile, it's not a full fledge profiler.  Depending on how well you know radius, you can leverage a portal page also and depending on the AD group a user is a member of, you can out them is a specific Vlan or if you leverage interface groups.  You can do many things, but you need to really know radius and client types to figure out what can and work well in your environment. Radius alone to someone who hasn't played with it, can take days to setup without help. 
  Every client I setup radius for is different and it comes down to how their users are setup in AD, what devices they have and the requirements. 
  Scott

• Port channel WLC 5508 and 3750

  Hi All,
  I want to configure Port channel for WLC 5508 and cisco 3750 Stack Switch. What changes I need to make on WLC and where?
  Thanks
  Jagdev

  Thanks Chris,
  LAG is enable on WLC, and Port channel is configured on 3750, Please see the configration and Port channel status below:-
  (Cisco Controller) >show lag summary
  LAG Enabled
  interface Port-channel14
  description Port Channel to WLC001
  switchport trunk encapsulation dot1q
  switchport mode trunk
  end
  sh etherchannel 14 summary
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      f - failed to allocate aggregator
          M - not in use, minimum links not met
          u - unsuitable for bundling
          w - waiting to be aggregated
          d - default port
  Number of channel-groups in use: 14
  Number of aggregators:           14
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  14     Po14(SD)        LACP      Gi1/0/22(I) Gi2/0/22(I)
  sh run int g1/0/22
  Building configuration...
  Current configuration : 209 bytes
  interface GigabitEthernet1/0/22
  description Trunk to WLC001 DistPort1
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 254
  switchport mode trunk
  channel-group 14 mode active
  end
  sh run int g2/0/22
  Building configuration...
  Current configuration : 209 bytes
  interface GigabitEthernet2/0/22
  description Trunk to WLC001 DistPort2
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 254
  switchport mode trunk
  channel-group 14 mode active
  end

• WLC 5508 and associated AP's

  Hi,
  I have a problem with a poor signal. I have two WLC 5508 and 10 ap's 3502. So, that I have two wlc on the network I decided to divide this 10 ap's.
  WLC 5508 has 7.0.98 software version.
  The 5 first ap was associated to one wlc and the other 5 to second controller.
  Two problems was observed, first that some clients which try connect to AP associated  to second controller have problem to obtain IP address from DHCP pool on first wlc.
  The second problem is that on this two WLC was configured two DHCP pool. One controller assigns address for a dedicated WLAN and the second wlc assigns address for a second WLAN.
  This two WLAN's is broadcast on two wlc.
  Kamil

  Hi Nicolas,
  The APs are 3502I model and now are located on the lower ceiling.
  From Thursday all APs are associated to only one WLC the second one is just only as a backup and from this time there are not any problems with a signal. This information is directly from clients.
  The DHCP pool is located on the first WLC now.
  Also, I considered to use switch or other machine as a DHCP pool but it's problematic to deploy now.
  Kamil

• WLC 5508 and remote site (DMVPN) Access Points

  Hi All,
  We just purchased a WLC 5508 and would like to know if it will control remote VPN site Access Points.  Here are the details:
  The 5508 will live at our home office.  We have multiple remote sites that are connected via Cisco's DMVPN.  Each site has one Cisco 1131 Access Point hanging off of either a Cisco 1841 or a 2811 that is using DMVPN back to the home office 2811.  Can the 5508 manage the remote Access Points?
  Thanks for your help guys!

  Are you are talking about OfficeExtend?
  Cisco OfficeExtend
  https://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns430/solution_overview_c22-523307_ns348_Networking_Solution_Solution_Overview.html
  OfficeExtend supports 1130 & 1140 as long as you have the Wireless PLUS (WPLUS) Software.
  OfficeExtend Access Point
  http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0apcfg.html#wp1069890

• Wlc 5508 and 40 access point 1141n disturbance in the temp response

  Hello,
  i have a wlc 5508 and 40 access point 1141n
  there are 1500 users connected with this controller 5508.
  but when i ping at my gateway  ,there is a disturbance in the temp response .
  Here below a snapshot:
  Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=5 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=2 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=56 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=105 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=433 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=100 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=300 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=466 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=711 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=900 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=55 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=52 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=54 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=200 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=57 ms TTL=55
  Réponse de 172.16.1.1: octets=32 temps=800 ms TTL=55
  anyone help me?
  thx

  Looks to be wither a duplicate address issue or a configuration issue.  Try to test with only using the 2.4ghz and then again with only the 5ghz and see if you see a difference.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• WLC 5508 AND AP 1141N disturbance in the temp response

  i have a wlc 5508 and 40 access point 1141n
  there are 1500 users connected with this controller 5508.
  but when i ping at my gateway  ,there is a disturbance in the temp response .
  Here below a snapshot:
  Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=5 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=2 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=56 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=105 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=433 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=100 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=300 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=466 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=711 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=900 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=55 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=52 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=54 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=200 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=57 ms TTL=55
  Réponse de 172.16.1.1: octets=32 temps=800 ms TTL=55
  anyone help me
  THX

  Looks to be wither a duplicate address issue or a configuration issue.  Try to test with only using the 2.4ghz and then again with only the 5ghz and see if you see a difference.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• WLC 5508 and LAP1310 - Not syncing up!

  As the title states I have a WLC 5508 and a LAP1310 that will not sync up.
  The error stated in the traps log is "AP with MAC (xxxx.xxxx.xxxx.xxxx) is unknown."
  WLC software release is : 7.2.103.0
  IOS on the AP is : 12.4(18a)JA2
  Upon some investigation I found that the "AP with MAC is unknown" error usually points to one of two things:
  A.  WLC firmware needs to be updated
  B.  AP needs to be updated.
  C. The AP is not compatible with the WLC.
  I am leaning toward solution C and I am looking for a conformation or a correction, if anyone could help out that would be greatly appreciated!
  I've tried reading the compatibility matrix released by Cisco, but I found it mildly confusing as to what is and isn't supported by each software release.
  Sources - http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml#lap1250
  Problem 11: 1250 LAP Not Able to Join WLC
  The setup consists of a 2106 WLC that runs version 4.1.185.0. A Cisco 1250 AP is not able to join the controller.
  The log on the WLC shows this:
  Mon Jun 2 21:19:37 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Mon Jun 2 21:19:37 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x 
  Mon Jun 2 21:19:26 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
  Mon Jun 2 21:19:20 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Mon Jun 2 21:19:20 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x 
  Mon Jun 2 21:19:09 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
  Mon Jun 2 21:19:03 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Solution: This is because the Cisco 1250 series LAP is not supported on version 4.1. The Cisco Aironet 1250 Series AP is supported from controller versions 4.2.61 and later. In order to fix this issue, upgrade the controller software to 4.2.61.0 or later.
  Problem 16: 1000 series LAPs not able to join the Wireless LAN controller, WLC runs version 5.0
  This is because WLC software release 5.0.148.0 or later is not compatible with Cisco Aironet 1000 series APs. If you have a Cisco 1000 series LAP in a network, which runs WLC versions 5.0.48.0, the 1000 series LAP does not join the controller and you see this trap message on the WLC.
  "AP with MAC xx:xx:xx:xx:xx:xx is unkown"

  videoaudiojack
  What version of Premiere Elements are you using and on what computer operating system is it running?
  What are the properties of this .mp4 video import (video and audio compressions, frame size, frame rate, interlaced or progressive, pixel aspect ratio)?
  If you have any information about the video bitrate and audio bitrate of the file, that would be good to know.
  What is the audio - stereo 2 channel or 5.1 channel?
  What are you (manually) or the project automatically setting as the project preset to match the properties of your source video?
  Let us start here and then decide what next.
  Thank you.
  ATR

• An issue with WLC 5508 and 7921 phone

  Hello all!
  I have a system with WLC 5508 and some 1242 APs. And I use a lot of 7921 phones.
  One of 7921 phones was in trouble. It loses registration, disconnect conversations...
  I installed the trial WLC and run voice diagnostics.
  I  saw some of "Potentially degraded QoS in downlink direction because of  incorrect packet classification" messages and one "Fair upstream packet  loss ratio: 1,2%, which is less than threshold 2.5%"
  As I understand all of 7921 phones in these area are affected.
  what  does it mean? I set up Platinum QoS for voice WLAN. I don't have any qos  configuration string for AP and WLC ports on switches...
  any ideas?
  thanx in advance

  Sergey:
  There is one application called "WLC Config analyzer". You save your "show run-config" from your WLC in a text file and import it by this application. it will analyze the file for you and tell you what recommendations for voice are missing so you improve them.
  When importing a config file you choose what voice clinets you are using, so you need to choose cisco 7921 to it tells you what config improvemetns is needed based on 7921 needs.
  Here is the link to download the application:
  https://supportforums.cisco.com/docs/DOC-1373
  download the latest versoin.
  BTW, how many voice/data clients are connected to one AP in that area? if I remember correctly if you are utilizing voice then the max number of clients connected to one AP should not exceed 17. If you have more than this number per AP try to minimize the number of users concurrently connected to the AP then try again.
  Hope you'll find the config analyzer useful.
  If useful please don't forget to rate.
  Amjad

• Integration between WLC 5508 and Microsoft NPS 2008

  Hi guys,
  Any of you, have working guidance for WLC 5508 and Microsoft NPS 2008 integration?
  I managed to configure Wireless 802.1x feature (PEAP) but it failed. I'm running software ver. 7.0.116.0.
  Is there any bug related 802.1x on this software version?
  thanks in advance.
  BR
  shendy

  Hi Shendy,
  I am not aware about any bug related to this. I think you better check all configuration and make sure it is fine.
  Logs from NPS and WLC (and possibly from the supplicant) may guide you where the problem resides.
  What does the NPS logs tell about the reason of the authentication failure?
  What does the WLC logs say about the failure (check show msglog and show traplog).
  - Make sure the Radius server added correctly with correct IP and correct shared secret on WLC.
  - Make sure that the radius is configured correctly to allow PEAP-MSCHAPv2.
  - Make sure WLC is added successfully to WLC with correct IP address and correct shared secret.
  - Make sure the clients are correctly configured and the server's (NPS) certificate is trusted on the clients.
  HTH
  Amjad

• What is the spec of WLC 5508 and 4402, CPU and MEM? Thanks.

  I cant found any information about WLC 5508 and 4402s' spec of what type of CPU and size of MEM. Thanks.

  4402 is having 512MB memory where as 5508 is having 1GB (based on "show memory statistics" output)
  Also during bootup it will show (here is 4402 as example)
  System will now restart!
  Bootloader 7.0.116.0 (Apr 13 2011 - 14:30:45)
  Motorola PowerPC ProcessorID=00000000 Rev. PVR=80200020
  CPU: 833 MHz
  CCB: 333 MHz
  DDR: 166 MHz
  LBC: 41 MHz
  L1 D-cache 32KB, L1 I-cache 32KB enabled.
  I2C: ready
  DTT: 1 is 33 C
  DRAM: DDR module detected, total size:512MB.
  512 MB
  8540 in PCI Host Mode.
  8540 is the PCI Arbiter.
  Memory Test PASS
  FLASH:
  Flash Bank 0: portsize = 2, size = 8 MB in 142 Sectors
  8 MB
  L2 cache enabled: 256KB
  Card Id: 1540
  Card Revision Id: 1
  Card CPU Id: 1287
  Number of MAC Addresses: 32
  Number of Slots Supported: 4
  Serial Number: FOC1229F08U
  Unknown command Id: 0xa5
  Unknown command Id: 0xa4
  Unknown command Id: 0xa3
  Manufacturers ID: 30464
  Board Maintenance Level: 00
  Number of supported APs: 12
  In: serial
  Out: serial
  Err: serial
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Anchor mobility between WLC 5508 and Aruba/Clearpass

  Hello. I have a question regarding the abiltiy to configure anchor mobility between a 5508 WLC and an Aruba controller. To date, my understanding is it has never been possible and I have never found any documentation that says it can be done.
  Scenario: My organization and a partner organization co-own a hospital. We coexist on a large campus, with each org having a number of buildings that the owning org maintains the network presence in. We also maintain back-to-back firewalls between us and do not hand-off any direct layer 2 interfaces to each other. However, the two orgs do partner to provide each others business SSID's in each other's WiFi networks using anchor mobility. Our current solution utilizes an A/M tunnel between my org's 5508 controllers and the partner orgs 2504 controller and we explicitly permit the tunnel traffic between partner controllers for A/M to work. Last year, the partner org retired some old WiSM's and changed their wireless solution to Aruba and recently implemented Clearpass. In order to maintain A/M with us they left a 4404 operational, but due to the newer code we were running they were forced to purchase a 2504. So now they are only maintaining a limited footprint in their network with a few Cisco AP's and the rest of their coverage areas use Aruba AP's and they have indicated that they want to completely retire their Cisco WLC's. Because we host some of their SSID's on our controllers and can tunnel them to their 2504, they get all of their WiFi traffic coming from our network, however my org can only connect to our SSIDs on their campus in certain areas.
  The solution I have been asked to provide is to find a way to continue providing some sort of anchor mobility services between our WLC's and their Aruba controllers. My org maintains that we do not want to simply hand them a layer 2 interface for security reasons, but they want our SSIDs to be available in all areas of the partner org's campus and vice versa. So far I have stalled the partner org's plans to retire their WLC's by telling them that retiring their WLC's will completely break WiFi between orgs, but they are adamant that some sort of A/M solution must be found.
  Is there any way to do some sort of A/M between a WLC and Aruba controller and if so, is there any documentation showing configuration examples etc?
  Thanks,
  John

  Hi John,
  I do not think it will work. Even if it get working somehow, it will be operation nightmare to troubleshoot & fix a issue since both vendor will say it is NOT supported solution.
  What about if you ask them to advertise your SSID (assuming it is dot1x) on their APs as another SSID on their network, but pointing it to your RADIUS & DHCP for IP connectivity (you do not have layer 2 requiremnt for this & can do this as long as you have L3 communication between each other)
  HTH
  Rasika
  **** Pls rate all useful responses ****