WLC 5508 DNS discovery fails. After a ping it works!

Similar Messages

• DNS Lokup fails after waking from sleep

  Since the recent update, whenever my computer wakes from sleep the DNS Lookup fails and I cannot connect to the internet for 30sec-1minute. I've never experienced this problem before. Any thoughts?

  FWIW, I never sleep my machines or their HDs, just their displays and never have an issue waking up the displays, usually run 24/7. Give that a shot.

• Some CNAME DNS queries fail after latest 10.6.5 update

  Right after rebooting from the latest MacOS X update I noticed some DNS queries are failing. These happen to be DNS queries for CNAME records. Other computers in the same network are not affected by this problem, including Mac's to wich the update was not yet installed.
  Here are the simple diagnostic steps:
  snowboard:~ pmsjt$ nslookup imap.texair.net.
  Server: 192.168.0.14
  Address: 192.168.0.14#53
  imap.texair.net canonical name = taz.warner.local.
  Name: taz.warner.local
  Address: 192.168.0.12
  snowboard:~ pmsjt$ ping imap.texair.net
  ping: cannot resolve imap.texair.net: Unknown host
  snowboard:~ pmsjt$
  snowboard:~ pmsjt$ ping taz.warner.local
  PING taz.warner.local (192.168.0.12): 56 data bytes
  64 bytes from 192.168.0.12: icmp_seq=0 ttl=64 time=2.818 ms
  64 bytes from 192.168.0.12: icmp_seq=1 ttl=64 time=2.211 ms
  64 bytes from 192.168.0.12: icmp_seq=2 ttl=64 time=1.425 ms
  64 bytes from 192.168.0.12: icmp_seq=3 ttl=64 time=2.242 ms
  64 bytes from 192.168.0.12: icmp_seq=4 ttl=64 time=4.882 ms
  64 bytes from 192.168.0.12: icmp_seq=5 ttl=64 time=3.190 ms
  ^C
  --- taz.warner.local ping statistics ---
  6 packets transmitted, 6 packets received, 0.0% packet loss
  round-trip min/avg/max/stddev = 1.425/2.795/4.882/1.083 ms
  snowboard:~ pmsjt$

  Just as a sanity check, the second portion of the clause from the KB article doesn't apply in your situation, does it?
  Additionally, Mac OS X v10.6 automatically detects when the local network operator has set up a name server that will answer name requests for a domain ending in ".local". It does this by checking to see if there is a Start Of Authority (SOA) record for the top level domain "local", which is how a DNS server indicates that it claims to have authority over a part of the DNS namespace. As long as the DNS server is properly configured with the required SOA record, Mac OS X v10.6 will detect this SOA record and automatically use this server to look up all host names in the domain.
  Also, if you have time, you might want to check what mDNSResponder is actually doing by enabling logging; the man page describes the process in more detail:
  LOGGING
  There are several methods with which to examine mDNSResponder's internal state for debugging and
  diagnostic purposes. The syslog(1) logging levels map as follows:
  Error - Error messages
  Warning - Client-initiated operations
  Notice - Sleep proxy operations
  Info - Informational messages
  By default, only log level Error is logged.
  A SIGUSR1 signal toggles additional logging, with Warning and Notice enabled by default:
  % sudo killall -USR1 mDNSResponder
  Once this logging is enabled, users can additionally use syslog(1) to change the log filter for the
  process. For example, to enable log levels Emergency - Debug:
  % sudo syslog -c mDNSResponder -d
  A SIGUSR2 signal toggles packet logging:
  % sudo killall -USR2 mDNSResponder
  A SIGINFO signal will dump a snapshot summary of the internal state to /var/log/system.log:
  % sudo killall -INFO mDNSResponder
  http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/ man8/mDNSResponder.8.html
  I suspect in this case packet logging might be most informative.

• Wlc 5508 radius authentication fail

  I am trying to setup a wireless lan for the first time using 5508, all is working to a point, until i try to setup client authentication using the following
  so settings are:
  Layer Wlan settings:
  Layer 2 security:WPA+WPA2
  AES
  Auth Key mgmt:802.1x
  We have the authentication server enabled:
  Ip an port are correct
  AAA overide not enabled
  Order for authentication, radius only
  Advanced: dafault settings
  Radius authentication servers:
  Call Station ID Type: IP address
  MAC Delimiter: Colon
  Network User
  Management
  Server Index
  Server Address
  Port
  IPSec
  Admin Status
  Server Index
  Server Address
  Shared Secret Format
                   ASCII                 Hex              
  Shared Secret
  Confirm Shared Secret
  Key Wrap
    (Designed for FIPS customers and requires a key wrap compliant RADIUS server)
  Port Number
  Server Status
                   Enabled                  Disabled              
  Support for RFC 3576
                   Enabled                  Disabled              
  Server Timeout
    seconds
  Network User
  Enable
  Management
  Enable
  IPSec
  Enable
  *radiusTransportThread: Dec 21 12:07:46.488: %AAA-4-RADIUS_RESPONSE_FAILED: radius_db.c:412 RADIUS server X.X.X.X:1812 failed to respond to request(ID 115) for STA 00:19:d2:b9:d5:e1 / user 'unknownUser'
  *radiusTransportThread: Dec 21 12:07:46.012: %AAA-4-RADIUS_RESPONSE_FAILED: radius_db.c:412 RADIUS server X.X.X.X:1812 failed to respond to request(ID 114) for STA 00:19:d2:b9:d5:e1 / user 'unknownUser'
  *Dot1x_NW_MsgTask_1: Dec 21 12:07:29.811: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:3028 Max EAP identity request retries (3) exceeded for client 00:19:d2:b9:d5:e1
  *Dot1x_NW_MsgTask_1: Dec 21 12:07:29.811: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication aborted for client 00:19:d2:b9:d5:e1
  *radiusTransportThread: Dec 21 12:07:16.412: %AAA-4-RADIUS_RESPONSE_FAILED: radius_db.c:412 RADIUS server X.X.X.X:1812 failed to respond to request(ID 113) for STA 00:19:d2:b9:d5:e1 / user 'unknownUser'
  *Dot1x_NW_MsgTask_1: Dec 21 12:06:59.741: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:3028 Max EAP identity request retries (3) exceeded for client 00:19:d2:b9:d5:e1
  Radius server occasionally sees attempts from user "XXZZYY"

  Osvaldo,
  Your observation is correct and this should be documented on the WLC help tab if you search for keyword network user under radius auth.
  Quote:
  Network User—Network user authentication check box. If this option is enabled, this entry is considered as the network user RADIUS authenticating server entry. If you did not set the RADIUS server entry on the WLAN configuration (WLANs > Edit > Security > AAA Servers), you must enable this option for networkusers.
  Management—Management authentication check box. If this option is enabled, this entry is considered as the management RADIUS authenticating server entry. If you enable this option, authentication requests go to the RADIUS server
  AAA server defined on WLAN takes precedence over global.

• WLC 5508 7.3.112.0 System Crash

  hi i got this situation.
  model : wlc 5508
  verstion : 7.3.112.0
  our controllers working WLC1-active, WLC2-active, suddenly WLC1 went down and up (two times).
  and normally working now. I cant figure out.
  crash info
  ==============================================================================
  Number of files present is: 5
  Beginning of Crash File: mwar_dump2.crash
  Dumping registers
  CPU Registers:
  $ 0   : 00000000 1000cce1 00000002 00000000
  $ 4   : ffffffff 00000001 00000001 00000000
  $ 8   : 00000000 12800f70 12800f70 4b263328
  $12   : 00000000 80000010 8117d240 10a1cfa8
  $16   : 481596f8 4b263350 00000001 00000005
  $20   : 4b263328 4b26332c 00010000 00000000
  $24   : 00000070 11d53520                 
  $28   : 131d1ce8 4b2632f0 1013c078 1013cb58
  Hi    : 0000001f
  Lo    : 33333362
  Stack :
          00000000 00000001 00000000 48159848
          00000000 00000001 00000000 00000000
          00000004 00000000 000001a7 00000001
          4b4520f1 00000002 00000004 0025a6b5
          315ebc72 b1d6aebd 010d0000 00000000
          00000000 00000000 48159848 481597e0
          481598b0 48159918 48159980 481599e8
          48159a50 48159ab8 48159b20 48159b88
          48159bf0 48159c58 48159cc0 48159d28
          48159d90 48159df8 00000000 3381c438
          00000000 00000001 00000003 4b263320
          13201ce8 131f1ce8 131e1ce8 131d1ce8
          131f1ce8 131d1ce8 131e1ce8 131d1ce8
          13201ce8 131d1ce8 00000000 d8a5a096
          00000000 481596f8 00000000 00000001
          00000000 14114854 00000000 4b263a5c
  *             Start Cisco Crash Handler                *
  Sys Name:           Controller#1
  Model:              AIR-CT5508-K9
  Version:            7.3.112.0
  Timestamp:          Tue Jan 28 20:43:09 2014
  SystemUpTime:           351 days 19 hrs 6 mins 8 secs
  signal:             11
  pid:                1075
  TID:                1260798800
  Task Name:          apfRogueTask_3
  Reason:           System Crash
  si_signo:           11
  si_errno:           0
  si_code:            1
  si_addr:            0x779
  timer tcb:            0xa1f
  timer cb:             0x10588ab0 ('rrmTimerInit+592')
  timer arg1:           0x1bbd0530
  timer arg2:           0x0
  Long time taken timer call back inforamtion:
  Time Stamp:           Tue Jan 28 20:43:09 2014
  timer cb  :           10588ab0p('rrmTimerInit+592')
  Duration  : 768804 usecs, cbCount= 2
  Analysis of Failure:
    Software Failed on instruction at :
  pc = 0x1013cc14 (DebugPrintRogueRRMneighbor+8480), ra = 0x1013cb58 (DebugPrintRogueRRMneighbor+8480)
    Software Failed while accessing the data located at :0x779
  =============================================================================
  anyone can know about failed reason?  now we processing in rma. we going to change hardware 5days away.

  Hi
  Only Cisco TAC can analysis this & tells you exact reason of this reload. It looks like a software related crash..
  I would suggest to move onto a later code (like 7.4.121.0) rather staying in 7.3 code when you get the new hardware.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• WLC 5508- GUI Cert Error

  I tried installing chained certificate in for the https access in wlc 5508. It failed and later i came to know it will only accept unchained cert for management access. But now the problem is i could not get GUI access. It shows error like "This server security certificate is revoked "
  What should i do now..?

  Amjad,
  Do you mean this link for unchained certs ?
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• WLC 5508 - WLANs disabled after reboot

  Hi,
  I'm running 3 WLC 5508, 2 of them running image AIR-CT5500-K9-7-0-116-0.aes, one AIR-CT5500-LDPE-K9-7-0-116-0.aes.
  On the 5508 running the LDPE-image, I have 9 WLANs (170,171,180,181,190,191,281,282,283), all defined with admin status "ENABLED".
  WLANs 180,181,281 belong to a defined AP-group, WLAN 190,191,282 belong to a different AP-group.
  WLANs 180,181,190,191 are defined as H-REAP. The H-REAP APs registers without any problems at the backup WLC and switches back successfully to the primary controller after recovering from reboot.
  Unfortunately the WLANs 180,181,190,191 show status "DISABLED" every time the primary controller comes back and I have to enable them manually.
  Doing exactly the same procedure with one of the other WLC, running AIR-CT5500-K9-7-0-116-0, I never face this problem.
  Has anyone faced something similar ? Any hints or tipps are very much appreciated

  I would like to pick up the discussion again. I had to upgrade the 2 WLC's involved in the scenarion and the WLANs are staying enabled. The APs are registering in a perfect time at the secondary 5508 and so do the clients.
  After the primary 5508 comes back the LWAPPs are registering back to that WLC seemless and so do the clients but sometimes (not always) not without loosing the connections for about 15 secs, which is unacceptable since the applications will drop.
  We also get the following error-msg:
  *Sep 12 13:39:05.598: %AAA-3-BADSERVERTYPEERROR: Cannot process authentication server type radius (UNKNOWN)
  *Sep 12 13:39:05.598: %DOT11-7-AUTH_FAILED: Station 0026.c730.88ae Authentication failed
  Hass anyone faced something similar ?

• Wlc 5508 inaccessible after upgrade to version 8

  dear all,
  I have a problem after upgrading wlc 5508, 
  at first after upgrade everything works fine, but while waiting for APs to rejoin, wlc suddenly inaccessible either via SSH, telnet or console
  I have restart the wlc with no luck
  LED indicator for SYS and ALR are off
  any suggestion will be highly appreciated
  thanks
  regards

  If the appliance failed in the first month after delivery, you might be able to squeeze off an RMA. 
  If the appliance failed in the first year after delivery, I don't care what is written in the "warranty", you can't do anything until you have a valid Service Contract.

• WLC 5508 - Failed to connect from LMS 3.2

  Hello.
  I am trying to include a WLC 5508 in our LMS 3.2.
  I have defined the device and credentials, but the LMS server cannot get access to it.
  If I try to check de device credentials from the Device Center I get a "failed to connect", but if I a try a telnet session, also from Device Center, I get a connection.
  I checked the credentails are OK.
  Thank you.

  Hi,
  You need to download and install the last package : WLC.RME431.v2-1.zip : http://www.cisco.com/cisco/software/cart.html?imageGuId=E3A42793DA29A1B6AC3024C088F9FBC2B324EC8B&i=rs
  You must install : MDF 1.37
  You must install packages before WLC.RME431.v2-1.zip:
  SharedSwimWLC.RME431.v1-2.zip
  SharedDcmaWLC.RME431.v1-1.zip
  SharedSwimIOS.RME431.v2-5-4.zip
  LibSwim.RME431.v2-5-3.zip
  LibCommon.RME431.v2-4-2.zip
  Elisabeth
  WLC.RME431.v2-1.readme:
  Supported Devices
  =================
  Device Type : Cisco 5500 Series Wireless LAN Controllers
         Cisco 3750 Switch with Wireless LAN Controller
  Devices/Modules Supported :
  Cisco 5508 Wireless LAN Controller : 1.3.6.1.4.1.9.1.1069
  Cisco 3750 24+2 port 10/100/1000 Switch with integrated Cisco 4402 Wireless Controller: 1.3.6.1.4.1.9.1.747
  Features Supported:
  Inventory Manager : Yes
  Syslog Analyzer : Yes
  Config.Mgmt  : Yes
  Software Mgmt : Yes
  Minimum Software : 6.0.188.0
  Hardware and Software Requirements
  ==================================
  Hardware and software requirements are the same as those needed for Resource Manager
  Essentials 4.3.1 installation.
  You must install Resource Manager Essentials 4.3.1 and MDF 1.37 before installing the
  device package.
  For a detailed list of requirements, as well as instructions for installing Resource
  Manager Essentials 4.3.1, go to Cisco.com.
  For documentation on Resource Manager Essentials, see:
  http://www.cisco.com/en/US/products/sw/cscowork/ps2073/tsd_products_support_series_home.html
  Package Dependencies
  ====================
  To install the WLC Package, you must install the
  following dependent packages:
  SharedSwimWLC.RME431.v1-2.zip
  SharedDcmaWLC.RME431.v1-1.zip
  SharedSwimIOS.RME431.v2-5-4.zip
  LibSwim.RME431.v2-5-3.zip
  LibCommon.RME431.v2-4-2.zip

• WLC 5508, DHCP Problem after Update Cisco ASA(DHCP-Server)

  Hello,
  our Problem is, our Apple Devices get no ip adress from our Cisco ASA Cluster(ASA 9.1.2) over Wireless(Cisco WLC 5508). All other devices(Windows, Android,...) work correct, without problems. Our WLC is in HA-Mode.
  Does anybody have an Idea?
  Thank you very much and Best regards,
  Stefan

  Hello again,
  I hope this case is the solution.
  https://supportforums.cisco.com/message/3942112#3942112
  I will let you know after downgrade.
  Best regards,
  Stefan

• Some C1242 Radios are disabled after WLC 5508 upgrade to 7.3.101.0

            One week ago I use a WLC 5508 to place and replace another WLC 5508 with version 6.0.199.4, when I conect the new WLC all AP´s works OK only 10 dont work and not are recognizes from the WLC with version 7.3.101.0. The fail is the radios stay disabled. All ap´s are AIR-AP1242G-AK9 . See the image below, the only difference this ten AP´s are conected in switches cisco all the rest are connected in switches of ohter vendor.  
  If possible some command in the configuration is not neccesary and make the bad function?
  This is tipically config apllied by the customer in they cisco switches
  interface   GigabitEthernet0/22
  description PB-RS-A22
  switchport access vlan 5
  switchport mode access
  switchport port-security
  switchport port-security aging time 2
  switchport port-security violation restrict
  switchport port-security aging type   inactivity
  macro description cisco-desktop
  spanning-tree portfast
  spanning-tree bpduguard enable
  I reed some documents but i don´t found the right solution can any help me?
  Thank

  Are the APs being powered through POE or perhaps an injector (if injector, do you have the injector override enabled for joined APs with their radios down?)  What's the disparity of the models; are all 1242s in this "down radio" state, or only the 1242s plugged in to the Cisco Switches?
  When you say the 10 don't work and are not "recognized" by the WLC, are you indicating that they have not re-joined the newer WLC or are they joined but their radios are not operationally up?  Please clarify the state of these APs.
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn73.html#wp965532
  Please note that a version prior to 7.0.98.0 cannot be upgraded directly to 7.3.101.0 from the WLC perspective, but it's possible your 1242 AP's image (used from the 6.0.199.4 release) is not able to properly join and download code for the 7.3.101.0 WLC that was put in to place.  The 1242 APs in your scenario would still be running the old 6.0.199.4 image.
  I'm curious what all is or isn't happening from the questions above, but you may need to load a newer recovery release on the 1242s to have them join properly - or - downgrade the WLC to a version that allows a direct upgrade from 6.0.199.4 such as 7.0.240.0.  Let the APs join the downgraded WLC and finish up any image downloads and re-join, then upgrade the WLC back to 7.3.101.0 (would recommend latest 7.3.112.0 instead) and see if they rejoin and radios are online.

• MSE NMSP status inactive after WLC 5508 HA failover

  I have a customer who has a Prime Infrastructure 2.0 server and MSE 7.4 server for Context Aware Services.   The MSE also has the AeroScout Tag Engine for Tracking the AeroScout RFID tags it has deployed.    They have a WLC 5508 HA pair running version 7.4 at their main campus, and two other standalone WLC 5508s at 2 other smaller campuses.   The issue they are having is that when a failover of the WLC5508 HA pair occurs at their main campus, they lose tracking of the WiFi and AeroScout clients.   The other WLCs are not affected.
  When this happens, the Prime Infrastructure show the NMSP status of the WLC5508 HA pair as inactive.   The PI gives the message that the time of the WLC is before the MSE.  But the PI, MSE, and WLCs are all synched to the same Campus NTP server, and the time shows the same time down to the second.   I can get the WLC communicating to the MSE again by removing the Assignment of the WLC to the MSE, then re-adding it to the MSE a few minutes later. 
  We are not sure why the WLC 5508 HA pair occasionally fails over to the standby or back to the primary.  We have not seen any cause for the HA pair failover.   Is there something we need to do to the WLC HA pair so that the NMSP still works if a failover of the WLC occurs.  The customer is planning on converting one of their other Standalone WLCs to a HA Pair also.

  That is what I have been doing.  But the problem is that the I have had to do this about 3 times in the last 6 weeks.  Each time correlates with a failover of the WLC 5508 pair.   Will this have to be done each time there is a failover, or is there some setting on the WLCs, MSE, or Prime Infrastructure that can prevent  having manually to un-assign, then re-assign the WLC to the MSE.

• WLC-5508 Authorization failed to create SSID

  Hi All,
  I have two WLC-5508 for 50 AP's deployed. One is primary controller & other is secondary.
  Recently noticed an unknown "authorization failed, no sufficient privileges for user" message poping up while making configuration changes
  in WLC. Specificly when trying to create an new SSID. WLC Authentication is local. This message poped up earlier once or twice but it didnt prevent
  from making changes that time.
  How to troubleshoot ?
  Regards
  Gautam

  Do you have any radius configured on the WLC by chance. If so can you make sure you don't have management checked there. I have not seen that issues with the 5508 and any of the 7.x code as of yet.
  Sent from Cisco Technical Support iPhone App

• WLC 5508 reboots itself after upgrading to 7.5.102.0

  Hello all.
  We have two WLC 5508 and we upgraded both to software release 7.5.102.0 two weeks ago. We also upgrade the FUS to version 1.7.
  Since then both WLC reboot randomly once or twice a day with no obvious reason.
  Is anyone else facing the same issue?
  Many thanks.

  Ok, in that case it is very difficult to pin-point the cause for these sorts reboots. It may be due to a unknown bug. Go through below 7.5.102.0 release notes and see any unresolved caveats related to your issue
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn75.html#wp1030058
  Have you configure syslog on your WLC ?  If so see what is the last syslog message sent by WLC before reloading, it may indicate something.
  Do more observation & see whetehr controller reboot every time it hit 1k client limit. Try to narrow down the criteria to identify under what conditions this will trigger.
  In my controller I do not have that many clients & cannot comment if it is related.
  HTH
  Rasika

• WLC 5508 Discovery in Prime Infrastructure

  I have newly deployed a Prime Infrastructure (PI) in my network, and i want to add my wirless controller in it.
  I get an error SNMP time out whenever i add my controller to PI through SNMP.
  There are default SNMP configurations in the controller and i am simply adding them in PI with their private/public SNMP string.
  Is there something i am missing?
  WLC 5508 is connected to my core switch and PI is connected to another switch which is directly connected to core switch via Layer 3.
  Is there any configuration required to be done on the switch side.?                  

  Hello,
  Please go through the below link, it may help you to add WLC in Prime Infrastructure (PI)
  https://supportforums.cisco.com/docs/DOC-29006