WLC 5508 and remote site (DMVPN) Access Points

Similar Messages

• Wlc 5508 and 40 access point 1141n disturbance in the temp response

  Hello,
  i have a wlc 5508 and 40 access point 1141n
  there are 1500 users connected with this controller 5508.
  but when i ping at my gateway  ,there is a disturbance in the temp response .
  Here below a snapshot:
  Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=5 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=2 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=56 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=105 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=433 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=100 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=300 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=466 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=711 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=900 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=55 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=52 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=54 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=200 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=57 ms TTL=55
  Réponse de 172.16.1.1: octets=32 temps=800 ms TTL=55
  anyone help me?
  thx

  Looks to be wither a duplicate address issue or a configuration issue.  Try to test with only using the 2.4ghz and then again with only the 5ghz and see if you see a difference.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• One WLC for Headquarter and Remote Site

  Hi
  I have a question about the WLC remote deployment.
  We have the following design at the moment:
  Headquarter
  - Network 192.168.49.0 /24
  - WLC 4402 Version 4.2.61.0
  -- 3 x LAP1252
  -- Layer 3 LWAPP
  -- SSID wep
  -- SSID wpa
  - Windows PDC with Active Directory, DHCP Server and local Data Storage
  - ACS Version 3.2 for TACACS and RADIUS authentication --> External DB to Active Directory
  Remote Site
  - Network 192.168.50.0 /24
  - 2 x LAP1252
  -- SSID wep
  -- SSID wpa
  - Windows PDC with Active Directory, DHCP Server and local Data Storage
  - ACS Version 3.2 for TACACS and RADIUS authentication --> External DB to Active Directory
  Connection between Headquarter and Remote Site
  - 2 Mbit ADSL
  The problem is, that the wireless clients on the remote site get an ip address out of the headquarter DHCP Range 192.168.49.0 /24. The users on the remote site
  most of the time only use the local data server in the remote office. With the actual design the hole traffic is switched over the 2 Mbit ADSL connection the the
  WLC in the headquarter and back to the remote site. That works but it is not that performant.
  The problem could be solved with HREAP, but what I think is, that it is not possible to have the same SSID at headquarter and remote site with different VLANs.
  How can I achieve, that the clients on the remote site connect to the same SSID (wep or wpa), get an ip address from the remote site DHCP server (192.168.50.0)
  and the traffic is switched localy.
  I hope you understand what the problem is.
  Thanks in advance for your help!

  Yes, putting the remote AP's in HREAP mode will allow the same WLANs to be available on the AP's but the traffic would be locally switched at the AP instead of being tunneled back to the controller. After you put the AP in HREAP mode you then would configure which VLAN you want traffic for each WLAN to be dumped onto for that AP.

• WLC 5508 AND AP 1141N disturbance in the temp response

  i have a wlc 5508 and 40 access point 1141n
  there are 1500 users connected with this controller 5508.
  but when i ping at my gateway  ,there is a disturbance in the temp response .
  Here below a snapshot:
  Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=5 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=2 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=56 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=105 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=433 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=100 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=300 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=466 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=711 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=900 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=55 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=52 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=54 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=200 ms TTL=55
  Réponse de 172.16.1.1 : octets=32 temps=57 ms TTL=55
  Réponse de 172.16.1.1: octets=32 temps=800 ms TTL=55
  anyone help me
  THX

  Looks to be wither a duplicate address issue or a configuration issue.  Try to test with only using the 2.4ghz and then again with only the 5ghz and see if you see a difference.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• WLC 5508 and LAP1310 - Not syncing up!

  As the title states I have a WLC 5508 and a LAP1310 that will not sync up.
  The error stated in the traps log is "AP with MAC (xxxx.xxxx.xxxx.xxxx) is unknown."
  WLC software release is : 7.2.103.0
  IOS on the AP is : 12.4(18a)JA2
  Upon some investigation I found that the "AP with MAC is unknown" error usually points to one of two things:
  A.  WLC firmware needs to be updated
  B.  AP needs to be updated.
  C. The AP is not compatible with the WLC.
  I am leaning toward solution C and I am looking for a conformation or a correction, if anyone could help out that would be greatly appreciated!
  I've tried reading the compatibility matrix released by Cisco, but I found it mildly confusing as to what is and isn't supported by each software release.
  Sources - http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml#lap1250
  Problem 11: 1250 LAP Not Able to Join WLC
  The setup consists of a 2106 WLC that runs version 4.1.185.0. A Cisco 1250 AP is not able to join the controller.
  The log on the WLC shows this:
  Mon Jun 2 21:19:37 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Mon Jun 2 21:19:37 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x 
  Mon Jun 2 21:19:26 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
  Mon Jun 2 21:19:20 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Mon Jun 2 21:19:20 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x 
  Mon Jun 2 21:19:09 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
  Mon Jun 2 21:19:03 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Solution: This is because the Cisco 1250 series LAP is not supported on version 4.1. The Cisco Aironet 1250 Series AP is supported from controller versions 4.2.61 and later. In order to fix this issue, upgrade the controller software to 4.2.61.0 or later.
  Problem 16: 1000 series LAPs not able to join the Wireless LAN controller, WLC runs version 5.0
  This is because WLC software release 5.0.148.0 or later is not compatible with Cisco Aironet 1000 series APs. If you have a Cisco 1000 series LAP in a network, which runs WLC versions 5.0.48.0, the 1000 series LAP does not join the controller and you see this trap message on the WLC.
  "AP with MAC xx:xx:xx:xx:xx:xx is unkown"

  videoaudiojack
  What version of Premiere Elements are you using and on what computer operating system is it running?
  What are the properties of this .mp4 video import (video and audio compressions, frame size, frame rate, interlaced or progressive, pixel aspect ratio)?
  If you have any information about the video bitrate and audio bitrate of the file, that would be good to know.
  What is the audio - stereo 2 channel or 5.1 channel?
  What are you (manually) or the project automatically setting as the project preset to match the properties of your source video?
  Let us start here and then decide what next.
  Thank you.
  ATR

• Help with local and remote site setups

  i've always use dreamweaver to point directly to the dev server files and edit them, save them, and run them. i was the only developer for some time but now we have other developers onboard and we started experimenting with using subversion.
  i need to understand how i can leverage the local site and remote sites with subversion so that we arent editing the remote files directly. ive played around with the setting and i think i need to GET the files and have it copy to my local site. however i cannot RUN the files since i dont have Coldfusion on my local machine its only on the DEV server. I used to make a change, press F12 to run the file and could see my changes. can anyone point me in the right direction?

  First, move the styles from the form generator to the <head> of your document.  Otherwise there is a possibility browsers could ignore the invalid code.
  Then move your form div inside the banner div and set the attribute float:right; in your CSS for the form div.  Then you should be good to go.

• When you expand to show local and remote sites, in DW CS6 how do I get the local to be on the left?

  When you expand to show local and remote sites, in the previous verions of DW, the files type (local or remote) selected when not seeing both, automatically came up on the left.  I liked local when I am editing and when I am ready to upload I expand to see both local in remote.  Before, the one you had selected, in my case local, was always displayed on the left.  Now in CS6 when I have local selected before I expand, the local is on the right and remote on the left. For me that is not correct.  I find that having local on the left works best for me like reading, left to right, I want the local on the LEFT so I can put the updated from left to the remote on the right. 
  -->In DW CS6 how do I get the local to be on the left?

  Thank you so much!  That did it! 

• WLC 5508 and associated AP's

  Hi,
  I have a problem with a poor signal. I have two WLC 5508 and 10 ap's 3502. So, that I have two wlc on the network I decided to divide this 10 ap's.
  WLC 5508 has 7.0.98 software version.
  The 5 first ap was associated to one wlc and the other 5 to second controller.
  Two problems was observed, first that some clients which try connect to AP associated  to second controller have problem to obtain IP address from DHCP pool on first wlc.
  The second problem is that on this two WLC was configured two DHCP pool. One controller assigns address for a dedicated WLAN and the second wlc assigns address for a second WLAN.
  This two WLAN's is broadcast on two wlc.
  Kamil

  Hi Nicolas,
  The APs are 3502I model and now are located on the lower ceiling.
  From Thursday all APs are associated to only one WLC the second one is just only as a backup and from this time there are not any problems with a signal. This information is directly from clients.
  The DHCP pool is located on the first WLC now.
  Also, I considered to use switch or other machine as a DHCP pool but it's problematic to deploy now.
  Kamil

• WLC 5508 And Third Party SSL for Web Authenticaiton

  Hello,
  We are using WLC 5508 and currently the authentication process is via Customized WebAuth. As you know that with the WebAuth the authentication process won't work unless you launch Web Browser and you will be redirected to the Authentication Page where you type your username and password. This is a bit fuzzy for most of the users and what I'm thinking is to use different authentication mechanism where the user will automatically be prompted upon connecting to any SSID. I have read that Public/Thrid Party certificate will do this and any client can accept the public certificate.
  Anyone can elaborate on this approach?
  Regards, 

  With machines that are not part of the domain, typicall if you still want to secure them usin 802.1x, you would leverage a radius server and users would be told of the SSID to connect to and enter their AD credentials.  Of course, if you use AD credentials, users will now join all their other devices to that SSID. This is where ISE comes in and you can profile devices. Even though the WLC with v7.6 can profile, it's not a full fledge profiler.  Depending on how well you know radius, you can leverage a portal page also and depending on the AD group a user is a member of, you can out them is a specific Vlan or if you leverage interface groups.  You can do many things, but you need to really know radius and client types to figure out what can and work well in your environment. Radius alone to someone who hasn't played with it, can take days to setup without help. 
  Every client I setup radius for is different and it comes down to how their users are setup in AD, what devices they have and the requirements. 
  Scott

• An issue with WLC 5508 and 7921 phone

  Hello all!
  I have a system with WLC 5508 and some 1242 APs. And I use a lot of 7921 phones.
  One of 7921 phones was in trouble. It loses registration, disconnect conversations...
  I installed the trial WLC and run voice diagnostics.
  I  saw some of "Potentially degraded QoS in downlink direction because of  incorrect packet classification" messages and one "Fair upstream packet  loss ratio: 1,2%, which is less than threshold 2.5%"
  As I understand all of 7921 phones in these area are affected.
  what  does it mean? I set up Platinum QoS for voice WLAN. I don't have any qos  configuration string for AP and WLC ports on switches...
  any ideas?
  thanx in advance

  Sergey:
  There is one application called "WLC Config analyzer". You save your "show run-config" from your WLC in a text file and import it by this application. it will analyze the file for you and tell you what recommendations for voice are missing so you improve them.
  When importing a config file you choose what voice clinets you are using, so you need to choose cisco 7921 to it tells you what config improvemetns is needed based on 7921 needs.
  Here is the link to download the application:
  https://supportforums.cisco.com/docs/DOC-1373
  download the latest versoin.
  BTW, how many voice/data clients are connected to one AP in that area? if I remember correctly if you are utilizing voice then the max number of clients connected to one AP should not exceed 17. If you have more than this number per AP try to minimize the number of users concurrently connected to the AP then try again.
  Hope you'll find the config analyzer useful.
  If useful please don't forget to rate.
  Amjad

• Port channel WLC 5508 and 3750

  Hi All,
  I want to configure Port channel for WLC 5508 and cisco 3750 Stack Switch. What changes I need to make on WLC and where?
  Thanks
  Jagdev

  Thanks Chris,
  LAG is enable on WLC, and Port channel is configured on 3750, Please see the configration and Port channel status below:-
  (Cisco Controller) >show lag summary
  LAG Enabled
  interface Port-channel14
  description Port Channel to WLC001
  switchport trunk encapsulation dot1q
  switchport mode trunk
  end
  sh etherchannel 14 summary
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      f - failed to allocate aggregator
          M - not in use, minimum links not met
          u - unsuitable for bundling
          w - waiting to be aggregated
          d - default port
  Number of channel-groups in use: 14
  Number of aggregators:           14
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  14     Po14(SD)        LACP      Gi1/0/22(I) Gi2/0/22(I)
  sh run int g1/0/22
  Building configuration...
  Current configuration : 209 bytes
  interface GigabitEthernet1/0/22
  description Trunk to WLC001 DistPort1
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 254
  switchport mode trunk
  channel-group 14 mode active
  end
  sh run int g2/0/22
  Building configuration...
  Current configuration : 209 bytes
  interface GigabitEthernet2/0/22
  description Trunk to WLC001 DistPort2
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 254
  switchport mode trunk
  channel-group 14 mode active
  end

• Integration between WLC 5508 and Microsoft NPS 2008

  Hi guys,
  Any of you, have working guidance for WLC 5508 and Microsoft NPS 2008 integration?
  I managed to configure Wireless 802.1x feature (PEAP) but it failed. I'm running software ver. 7.0.116.0.
  Is there any bug related 802.1x on this software version?
  thanks in advance.
  BR
  shendy

  Hi Shendy,
  I am not aware about any bug related to this. I think you better check all configuration and make sure it is fine.
  Logs from NPS and WLC (and possibly from the supplicant) may guide you where the problem resides.
  What does the NPS logs tell about the reason of the authentication failure?
  What does the WLC logs say about the failure (check show msglog and show traplog).
  - Make sure the Radius server added correctly with correct IP and correct shared secret on WLC.
  - Make sure that the radius is configured correctly to allow PEAP-MSCHAPv2.
  - Make sure WLC is added successfully to WLC with correct IP address and correct shared secret.
  - Make sure the clients are correctly configured and the server's (NPS) certificate is trusted on the clients.
  HTH
  Amjad

• What is the spec of WLC 5508 and 4402, CPU and MEM? Thanks.

  I cant found any information about WLC 5508 and 4402s' spec of what type of CPU and size of MEM. Thanks.

  4402 is having 512MB memory where as 5508 is having 1GB (based on "show memory statistics" output)
  Also during bootup it will show (here is 4402 as example)
  System will now restart!
  Bootloader 7.0.116.0 (Apr 13 2011 - 14:30:45)
  Motorola PowerPC ProcessorID=00000000 Rev. PVR=80200020
  CPU: 833 MHz
  CCB: 333 MHz
  DDR: 166 MHz
  LBC: 41 MHz
  L1 D-cache 32KB, L1 I-cache 32KB enabled.
  I2C: ready
  DTT: 1 is 33 C
  DRAM: DDR module detected, total size:512MB.
  512 MB
  8540 in PCI Host Mode.
  8540 is the PCI Arbiter.
  Memory Test PASS
  FLASH:
  Flash Bank 0: portsize = 2, size = 8 MB in 142 Sectors
  8 MB
  L2 cache enabled: 256KB
  Card Id: 1540
  Card Revision Id: 1
  Card CPU Id: 1287
  Number of MAC Addresses: 32
  Number of Slots Supported: 4
  Serial Number: FOC1229F08U
  Unknown command Id: 0xa5
  Unknown command Id: 0xa4
  Unknown command Id: 0xa3
  Manufacturers ID: 30464
  Board Maintenance Level: 00
  Number of supported APs: 12
  In: serial
  Out: serial
  Err: serial
  HTH
  Rasika
  **** Pls rate all useful responses ****

• WLC 5508 and Multiple DHCP servers in different sites?

  Hi
  I work for health authority in our region and we just purchased a Cisco wlc 5508 controller along with 25 3500 AP's. We have multiple sites with different IP subnets in each, all connected by a frame relay (owned by ISP). Each site has its own DHCP server. I have the controller in our main site. So when I take an AP to a remote site, the Ap gets an DHCP address from local DHCP server (which is great) and contacts controller and joins controller. Everything is good. BUT, when a client joins at the remote site, it gets an address from a previous site which will not work because the client is now on a different subnet. We dont use Vlans as they dont transvers the frame relay. I need those clients to obtain DHCP from the local DHCP server from the site they are on. Is that possible??
  I have updated the controller to latest version as well.
  Thanks
  Bryan Yaciuk, CCNA
  Parkland Regional Health Authority

  We call this as HREAP LOCAL SWITCHING!! but here is the catch.. everytime the AP joins the new site.. we need to configure the VLAN mapping and this wil do it for you!! Here is the link which will resolve ur issue..
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml#ll
  Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
  Regards
  Surendra

• WLC 5508 and mobility groups

  Hi,
  We are using 2 WLC 5508 running 7.0.98.0 sw (AP's are 1142) at our primary site. They are hosting 3 different WLAN/SSID's, one for guest and the
  other 2 are for corporate access. We have put the WLC's in a mobility group, say "AAAA".
  Now we have the need for our UK peer site to publish a corp WLAN that exists in UK - at our site, and when trying to configure for that (following the c70cg.pdf) - I put the WLC's for UK in a new mobility group, say "BBBB". But i can't add our WLC's into that mobilty group
  (i get a duplicate mac address message).
  What's the correct way of configuring this, does all WLCs need to be in the same mobility group?
  Is there some reason why we can't have 2 mobility groups? Is there any upside/downside to configuring 2 mob. groups?
  Any clearification would be greatly appreciated
  BR
  //Mikael

  I think you are misunderstanding , so far what you did on your local swedish site is correct. Your two swedish WLCs have to be in their own same mobility group so you can give seamless roaming to your wireless users across your swedish area without interruption.
  On a WLC mobility group config page, you can have only one entry  per WLC, this is why you are getting the duplicate error message.
  WEBGUI - CONTROLLER - MOBILITY MANAGEMENT - MOBILITY GROUPS
  If you want to put your 4 WLCs so they exchange mobility messages, the following has to happen on all 4 WLCs.
  xx:xx:xx:xx:xx:xx  192.168.1.1  uk
  yy:yy:yy:yy:yy:yy 192.168.1.2 uk
  zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
  aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
  Note when you add WLC on the mobility section, the WLC start sending messages to each like, hey i have this client and you have that client and so on. But this has nothing to do with what you are trying to achieve.
  With regards to the execs that are coming, yes, replicate the SSID and point it to the Radius Server they have in UK, add your swedish WLC(s) as a NAS on the Radius Server and it should work as if they were in UK. that should be enough and i advise you to do the following for mobility groups config.
  on the two UK WLCs
  xx:xx:xx:xx:xx:xx  192.168.1.1  uk
  yy:yy:yy:yy:yy:yy 192.168.1.2 uk
  on the two Swedish WLCs
  zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
  aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
  hope i cleared it out for you. greeting from cold Belgium tonight :-) and hope the execs will enjoy Sweden!