WLC 5508 HA Anchor DHCP issue

Hi Cisco Support Community,
I am currently notice some issues within my WiFi infrastructure.
Our infrastructure is setup with a 8510 WLC high availability cluster (AP SSO) and a 5508 WLC high availability cluster (AP SSO) as mobility anchor within the DMZ zone.
The issue I noticed is that if there is a switchover on the 5508 WLC high availability cluster the users wont be able to receive a DHCP IP address.
I already read some of the other threads regarding this topic. (About Mobility Anchor: Policy Manager State = DHCP_REQD) (DHCP Anchor controller problem.)
But unfortunately I was unable to find any solution for my issue.
We currently have three SSID´s with anchoring active and I have noticed that only the SSID´s with layer 3 security enabled are affected by this issue.
The one SSID with PSK and MAC Auth are not affected by this issue.
I already checked the configuration for the SSID´s between the main controller and the anchor controller the SSID´s are configured the same except the breakout interface.
Even the described SSID with PSK and MAC Auth configured uses the same breakout interface as one of our layer 3 security enabled SSID´s.
The configuration works so far only in case of failover the clients connected to one of the SSID´s with layer 3 security enabled are unable to receive a IP address by the DHCP server.
I also performed some troubleshooting for the client on the anchor side.
I added part oft the troubleshooting outputs as workingssid.txt and notworkingssid.txt to this thread.
Maybe one of you guys have some advice for me to address the issue.
Thanks for your support in advance
With kind regards
Benedikt

As far as your L3 roaming is concerned ,Make sure your using latest and most stable firmware for WLC,
Make sure Mobility group are same and config on WLCs before switchover happens. Make sure if DHCP is out the network then option 43 is set and you are able to get ip from both WLC manually and able to ping. Make sure AP-manager interface virtual ip is set. Make sure SSO is enabled on both controller.
Check the following link also.
https://supportforums.cisco.com/discussion/11662541/layer-3-roaming-and-dhcp
Please confirm and mark it correct answer if your issue resolved.

Similar Messages

WLC 5508 and Multiple DHCP servers in different sites?

Hi
I work for health authority in our region and we just purchased a Cisco wlc 5508 controller along with 25 3500 AP's. We have multiple sites with different IP subnets in each, all connected by a frame relay (owned by ISP). Each site has its own DHCP server. I have the controller in our main site. So when I take an AP to a remote site, the Ap gets an DHCP address from local DHCP server (which is great) and contacts controller and joins controller. Everything is good. BUT, when a client joins at the remote site, it gets an address from a previous site which will not work because the client is now on a different subnet. We dont use Vlans as they dont transvers the frame relay. I need those clients to obtain DHCP from the local DHCP server from the site they are on. Is that possible??
I have updated the controller to latest version as well.
Thanks
Bryan Yaciuk, CCNA
Parkland Regional Health Authority

We call this as HREAP LOCAL SWITCHING!! but here is the catch.. everytime the AP joins the new site.. we need to configure the VLAN mapping and this wil do it for you!! Here is the link which will resolve ur issue..
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml#ll
Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
Regards
Surendra

WLC 5508 , AP client dhcp address different from WLAN interface VLAN subnet?

Hope the title makes sense, here's my situation: I have multiple businesses on 1 WLC 5508, there's a LAG to my core switch with seperate interfaces for each, broken up by vlans.
My question is: if i have a WLAN setup to use interface "Company A" which is vlan 10 with an ip of 10.0.1.5 which then points to 10.0.1.10 for dhcp.
Can the WLAN client connecting to the Company A WLAN use an IP in a different IP range?(192.168.1.10?) can the wlc route? from the perspective of the DHCP server where doers the request come from? (10.0.1.5?)
Can the DHCP server 10.0.10.10 on vlan 10 respond back with and ip on a different subnet to assign to the client to use and still be fully fonctioning? would the default gateway for the client need to be 10.0.1.5? So the clients ip would be 192.168.1.10 /24 with a gateway of 10.0.1.5 (ip adress fo vlan10 interface on WLC) And if multiple clients on the same subnet wanted to talk to each other woudl the WLC know how to route them to each other without passing through the default gateway?
Sorry if this is confusing I'm having a bit of a hard time explaining it in works, i can try and draw somethign up if it makes more sense.
thanks
Eric

I think if you want these clients to stick to a WLAN configured on a VLAN that has a different IP addressing you could configure your VLAN with the normal IP addressing then add on the SVI the 2nd IP_Class_default_gateway.
E.G.
Vlan 10
interface vlan 10
ip address 10.0.10.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0 secondary
Clients that receive IP address from 192.168.1.0/24 network will be able to reach 192.168.1.1 and all traffic will pass right.

WLC 5508 and Anchor/GuestNet rate limit traffic?

Running WLCs 5508s 7.0.116.0 with GuestNet and Anchor setup, how can I limit the bandwidth on the GuestNet SSDI to 2 Mbps, etc?
The DMZ WLC (Anchor) runs thru a ASA 5508 7x, can I rate limit traffic via ASA?

That's really a matter of preference. This document describes things to keep in mind when altering these QoS profile configurations, FYI.
http://www.cisco.com/en/US/partner/docs/wireless/controller/7.0MR1/configuration/guide/cg_controller_setting.html#wp1254532
It really depends on how many guests, what type of traffic, etc, to make a judgement call as to where you should set these. I'm sorry but I don't have any examples from existing configurations, but hopefully the document explains how to best alter these settings.

DMZ Anchor DHCP Issue

Hello,
I recently configured a DMZ Anchor controller and both control and data paths are showing 'up'. When a user connects the the WLAN they are receiving an IP address from the foreign controller interface rather than the DMZ anchor which is configured for an internal DHCP server. I have the guest WLAN configured with the management interface which has the controller's IP as the DHCP server.
Any ideas?
Thank you,
Scott

Could you please try enabling DHCP Proxy on Anchor Controller:-
Controller > Advanced > DHCP > Enable DHCP Proxy
When DHCP proxy is enabled on the Cisco WLC, the Cisco WLC unicasts DHCP requests from the client to the configured servers. Consequently, at least one DHCP server must be configured on either the interface associated with the WLAN or the WLAN itself.

Two WLC 5508 Anchor High Availability

Hello.
It's possible use 2 WLC 5508 en ANCHOR MODE in a Active-Active scenario?.
For example, if one WLC get down of service, the other one keep provide service to the anchor clients?.
In this moment we have just one WLC 5508 in Anchor Mode. What i need to configure a ANCHOR high Availability.
Thanks A lot!!!

This is confusing to me:
If we install a second Anchor WLC, what you recommend about the DHCP server in a failover event, because this second ANCHOR WLC will have the same configuration of the firts anchor wlc.
What do you mean the two will have the same configuration? The hostname and ip should be different.... or are you just stating that the WLAN and DHCP will be the same? I don't want to tell you something and break your environment, so just trying to clear things up.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"

Guest enrollment (self-service) on WLC 5508

Hi folks,
My desired setup is to integrate wlc 5508 (guest anchor) into cisco ise or nac server for guest authentication.
And then, ise or nac will connect to an SMS gateway to deliver credentials to mobile phones.
But I am looking into something unique where guests that enter into our facility can do self-enrollment. (i.e. guest connects to ssid and redirected to web authentication that asks for user information like name, email, mobile, etc).
After this process, guest will receive an sms for the credentials.
Does anyone here know a reliable third party software for the said enrolment that will work fine with my setup.
Your response are highly appreciated.

Hi Saurav,
Now it is supported on 1.3
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/upgrade_guide/b_ise_upgrade_guide_13/b_ise_upgrade_guide_13_chapter_0101.html

One WLC 5508, Multiple Sites/Networks

So I'm trying to think this design out in my head. Here is what I have:
Corp Office with a WLC 5508 configured with a management port and a guest WLAN port for guest wireless etc to the corp Layer 3 switch in a wireless VLAN, using 802.1q trunk of course. The WLC is configured to be a DHCP server for the Guest WLAN.
(Side note: the sites are connected using WAN routers at each location configured with bundled T3's and all routes are setup and each network successfully traverses to the other)
First phase will be to install 30 APs. 5 at the corporate office and 25 and two other sites. I'm using a class A network but have subnetted the networks so to speak to make each site have multiple VLANs using class C networks. I want to be able to implement the WLC 5508 at the corporate office and manage the APs centrally at all locations. The APs are already configured for lightweight mode and I have successfully configured 5 of them and connected.
My question is if I install the other 25 APs at the other 2 offsite locations and connect them to the network, will it automatically contact the WLC and get a DHCP address from the Corporate WLAN DHCP even though it is at another site? Am I overlooking a step or configuration method for this type of implementation?
Thanks for all contributions!

Ok so I have configured my environment as suggested. I can see the new IP Address lease to the AP at my remote site on
the DHCP Server (Windows Server DHCP at the remote site). I can ping that IP from the Central office to the remote site however the WIreless Controller is not associating the AP at all. Although I can ping the AP from the WLC. I checked the logs and I dont see any association attempt from that IP or MACt. So here is what I have:
Central Site-
     WLC 5508 With Internal DHCP for local APs
     APs associating successfully
Remote Site
     Windows DHCP with Option 43 Configured per Cisco AP Option 43 Whitepaper
     AP 1142-Light-Weight attached to switchport (Wireless Vlan configured) and reachable via ping through all of network.
     AP obtained IP from Windows DHCP from Wireless Scope I configured successfully.
So it doesn't seem the CAPWAP tunnel was built successfully. I do have an ASA 5520 in the environment but all traffic to remote sites is wide open as I do not block any ports so CAPWAP traffic should flow well.
Mission a step?
Dee

WLC 5508 Internal DHCP server issues

Hi,
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
- I have an LWAP connected to the WLC in HREAP mode.
- WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
- Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
(Cisco Controller) >show interface summary
Interface Name                   Port Vlan Id IP Address         Type        Ap Mgr        Gu
est
guest                                        1    301      10.255.255.30    Dynamic   No              No
management                          1    100      172.17.1.30        Static          Yes            No
service-port                              N/A N/A      192.168.0.1       Static         No               No
virtual                                        N/A   N/A      10.0.0.1              Static         No               No
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 4
WLAN ID WLAN Profile Name / SSID               Status    Interface Name
1        LAN                                    Enabled   management
2        Internet                               Enabled   management
3        Managment Assets          Enabled   management
4        Guest                                  Enabled   guest
(Cisco Controller) >show dhcp detailed guest
Scope: guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 10.255.255.31
Pool End......................................... 10.255.255.254
Network.......................................... 10.255.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 10.255.255.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 8.8.8.8 8.8.4.4 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... e8:b7:48:9b:84:20
IP Address....................................... 172.17.1.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.17.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.30.50.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show interface detailed guest
Interface Name................................... guest
MAC Address...................................... e8:b7:48:9b:84:24
IP Address....................................... 10.255.255.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.255.255.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 301
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show dhcp leases
       MAC                IP         Lease Time Remaining
00:21:6a:9c:03:04    10.255.255.46    23 hours 52 minutes 42 seconds        <<<<<<< lease remains even when the client is disconnected.
*********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
(Cisco Controller) >show client detail 00:21:6a:9c:03:04
Client MAC Address............................... 00:21:6a:9c:03:04
Client Username ................................. N/A
AP MAC Address................................... a0:cf:5b:00:49:c0
AP Name.......................................... mel
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2                 <<<<<<<<   'Internet' SSID
BSSID............................................ a0:cf:5b:00:49:ce
Connected For ................................... 319 secs
Channel.......................................... 36
IP Address....................................... 10.255.255.46      <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
Power Save....................................... OFF
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
H-REAP Data Switching............................ Central       <<<<<<<<<
H-REAP Authentication............................ Central       <<<<<<<<<<
Interface........................................ management
VLAN............................................. 100           <<<<<<<<<<< right Vlan
Quarantine VLAN.................................. 0
Access VLAN...................................... 100

Hi All,
I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
Thanks,
Raj Sandhu

Deployment of WLC-5508 with 2702i-D have performance issue.

Hi Team,
We have centrally deployed WLC-5508 with 50 AP licence along with HA scenario. we have 3 locations.
1- HQ. have 26 AP with POWINJ5.
2- Branch location A- 8 AP with POWINJ5.
3. Branch location B have 8 AP with POWINJ4.
my exception is to achieve that single SSID with dynamic VLAN from group police (NPS). MY HO have 26 AP and those are working in local mode.
and branches are connected through flexconnect mode. and all are working with different-2 NPS.
Now i am facing a problem with this deployment are following.
1- branch A have performance issue.
2- HQ have performance issue.
3- i don't want to go with dedicated NPS for every location.
In order to achieve this deployment i want only single SSID with primary and secondary NPS at my HQ with dynamic VLAN for respective departmental users vlans..
above is my problem and concern. otherwise i am successfully achieving this solution with dedicated NPS with single group policy. but when i am going forward to achieve my expectation that time i am facing authentication issue at my HQ and sometimes am not able to get proper VLAN IPs. at my HQ.
kindly help me in that to understand where I am doing wrong things to achieve my expectation.
Thanks.
Nalin

I am facing 2 different problems.
1st issue- in existing setup we have throughput issue. (while downloading or uploading any data from the internet or Intranet, that time wireless clients are facing slowness of the Speed. and same time when i am trying from LAN i am not facing any issue)
2nd Issue- I want to achieve only single SSID with primary and secondary NPS (AD group is bind with vlan Attributes) with dynamic VLAN for respective departmental users.
for Issue no 2 i have created SSID to achieve the single ssid parameter for every location. in order to achieve i have change all access points mode local to Flexconnect mode after that i have created AP groups location wise and then create flexconnect Groups where i have mapped all the vlan through AAA VLAN-ACL mapping. created interface group and mapped all the vlans in that group.
for more understanding please go through the below mentioned CLI view.
Cisco Controller) >show wlan apgroups
Total Number of AP Groups........................ 4
Site Name........................................ GURGAON-AP-GROUP
Site Description................................. GURGAON-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Pol icy
3 gurgaon-interface Disabled None
--More-- or (q)uit
4 gurgaon-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
GUR-AP-01 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:e4 default location 1 IN 1
GUR-AP-05 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b5:18 default location 1 IN 1
GUR-AP-03 2 AIR-CAP2702I-D-K9 bc:16:65:13:71:00 default location 1 IN 1
GUR-AP-07 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:f8 default location 1 IN 1
GUR-AP-06 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:e0 default location 1 IN 1
GUR-AP-08 2 AIR-CAP2702I-D-K9 f4:4e:05:45:78:98 default location 1 IN 1
GUR-AP-02 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:2c default location 1 IN 1
GUR-AP-04 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:64 default location 1 IN 1
GUR-AP-09 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b4:44 default location 1 IN 1
Site Name........................................ MUMBAI-AP-GROUP
Site Description................................. MUMBAI-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
--More-- or (q)uit
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-7-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:d8 7th Floor 1 IN 3
--More-- or (q)uit
FAL-7-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:18 7th Floor 1 IN 1
FAL-7-AP14 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ad:e8 7th Floor 1 IN 1
FAL-7-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:4c 7th Floor 1 IN 1
FAL-7-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:bc 7th Floor 1 IN 1
FAL-7-AP13 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:80 7th Floor 1 IN 1
FAL-7-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:94 7th Floor 1 IN 1
FAL-7-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:e8 7th Floor 1 IN 1
FAL-7-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:f0 7th Floor 1 IN 3
FAL-7-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:e4 7th Floor 1 IN 1
FAL-7-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:84 7th Floor 1 IN 3
FAL-7-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:14 7th Floor 1 IN 1
FAL-7-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:c8 7th Floor 1 IN 3
FAL-7-AP11 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:08 7th Floor 1 IN 1
Site Name........................................ MUMBAI-THIRD-FLOOR-AP
Site Description................................. MUMBAI-THIRD-FLOOR-AP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
--More-- or (q)uit
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-3-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:a4 3rd Floor 1 IN 3
FAL-3-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:94 3rd Floor 1 IN 3
FAL-3-AP11 2 AIR-CAP2702I-D-K9 f4:0f:1b:73:00:74 3rd Floor- Eurek 1 IN 3
FAL-3-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:d0 3rd Floor 1 IN 3
--More-- or (q)uit
FAL-3-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b5:88 3rd Floor 1 IN 3
FAL-3-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:9c 3rd Floor 1 IN 3
FAL-3-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:af:a0 3rd Floor 1 IN 1
FAL-3-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:fc 3rd Floor- Eurek 1 IN 3
FAL-3-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:28 3rd Floor 1 IN 3
FAL-3-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:f4 3rd Floor 1 IN 3
FAL-3-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:8c 3rd Floor 1 IN 2
FAL-3-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:f4 3rd Floor 1 IN 3
Site Name........................................ RAHEJA-AP-GROUP
Site Description................................. RAHEJA-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
--More-- or (q)uit
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
5 raheja-interface Disabled None
2 raheja-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-RAHEJA-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:1c Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:37:3c Confrennce Room 1 IN 3
FAL-RAHEJA-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:48 Near Confrence R 1 IN 3
FAL-RAHEJA-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:c0 Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:a0 Near Server Room 1 IN 3
FAL-RAHEJA-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:20 Reception Area 1 IN 3
FAL-RAHEJA-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:68 USER BAY ROAD si 1 IN 1
FAL-RAHEJA-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:d4 Training Room 1 IN 1
--More-- or (q)uit
Site Name........................................ default-group
Site Description................................. <none>
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
3 gurgaon-interface Disabled None
4 gurgaon-guest Disabled None
5 raheja-interface Disabled None
6 test Disabled None
Cisco Controller) >show flexconnect group summary
FlexConnect Group Summary: Count: 4
Group Name # Aps
Gurgaon-AP 9
HQ-3RD-FLR-AP-GROUP 12
HQ-7THFLR-AP-GROUP 14
Raheja-AP-Group 8
(Cisco Controller) >show flexconnect group detail Gurgaon-AP
Number of AP's in Group: 9
bc:16:65:13:71:00 GUR-AP-03 Joined Flexconnect
f4:4e:05:45:78:98 GUR-AP-08 Joined Flexconnect
f4:4e:05:78:ae:64 GUR-AP-04 Joined Flexconnect
f4:4e:05:78:ae:e4 GUR-AP-01 Joined Flexconnect
f4:4e:05:80:b3:2c GUR-AP-02 Joined Flexconnect
f4:4e:05:80:b3:e0 GUR-AP-06 Joined Flexconnect
f4:4e:05:80:b3:f8 GUR-AP-07 Joined Flexconnect
f4:4e:05:80:b4:44 GUR-AP-09 Joined Flexconnect
f4:4e:05:80:b5:18 GUR-AP-05 Joined Flexconnect
Efficient AP Image Upgrade ..... Disabled
Master-AP-Mac Master-AP-Name Model Manual
Group Radius Servers Settings:
Type Server Address Port
Primary Unconfigured Unconfigured
Secondary Unconfigured Unconfigured
--More-- or (q)uit
Group Radius AP Settings:
AP RADIUS server............ Disabled
EAP-FAST Auth............... Disabled
LEAP Auth................... Disabled
EAP-TLS Auth................ Disabled
EAP-TLS CERT Download....... Disabled
PEAP Auth................... Disabled
Server Key Auto Generated... No
Server Key.................. <hidden>
Authority ID................ 436973636f0000000000000000000000
Authority Info.............. Cisco A_ID
PAC Timeout................. 0
Multicast on Overridden interface config: Disabled
DHCP Broadcast Overridden interface config: Disabled
Number of User's in Group: 0
Vlan :........................................... 203
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 205
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 204
--More-- or (q)uit
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 206
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 207
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 208
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 209
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 210
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 211
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 212
Ingress ACL :................................... None
Egress ACL :.................................... None
--More-- or (q)uit
Vlan :........................................... 216
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 217
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 218
Ingress ACL :................................... None
Egress ACL :.................................... None
Group-Specific FlexConnect Wlan-Vlan Mapping:
WLAN ID Vlan ID
WLAN ID SSID Central-Dhcp Dns-Override Nat-Pat
(Cisco Controller) >
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 6
WLAN ID WLAN Profile Name / SSID Status Interface Name PMIPv6 Mobility
1 FRACTAL-EMP-MUMBAI / FRACTAL Enabled group for mumbai none
2 FRACTAL-GUEST / FRACTAL-GUEST Enabled guest wifi none
3 FRACTAL-EMP-GURGAON / FRACTAL-GURGAON Enabled gurgaon-interface none
4 GURGAON-GUEST / FRACTAL-GUEST-GURGAON Enabled gurgaon-guest none
5 RAHEJA-EMP-WIRELESS / FRACTAL-R Enabled raheja-interface none
6 TEST-SSID / TEST-SSID Enabled test none
hope this will give you proper understanding.

WLC 5508, vlan select, reserved address in external DHCP server

Hi guys,
I have a deploy with a WLC 5508 version 7.0.116.0, APs mode local and vlan select feature enable. The issue is that the reserved IP address in external DHCP server not work. The DHCP contains a reserved IP address associates with mac address, but the assignement of IP is not match with de policies in DHCP. All others services operate normally.
This reserved assignment operate previusly to modificate the WLAN to vlan select feature. Help me to improve this situation.
Thanks.-
Best regards

Hello Abhishek, thanks for you quick answer....
the link was a document used for the deploy, but not especifict nothing about the reserved IP address for particular host. In other words, the reserved IP address (through MAC address) in external DHCP server not work when "vlan select" its enable.

Anchor mobility configuration getting lost in wlc 5508 ios code 7.4.100.0

It is observed that in WLC 5508 , ios 7.4.100.0 , mobility anchor configuration on wlan is getting lost . we configure anchor ip address on guest wlan > mobility anchor > Switch IP Address (Anchor).
We have configured the template on NCS 2.0 to push the anchor mobility ip address on all WLC
Has anyone oberved this behavoiur. We have more than 100 WLC , and everyweek mobility anchor configuration is lost on some WLC having code 7.4.100.0.

I am having this exact same problem. I am running 7.3 on 5508 WLC. My remote site LAP's are using Flex (HREAP). The initial access point that my laptop associates to connects with no problem, as soon as I wander out of range of the initial LAP and into the area of another access point, I lose data connectivity. The was validated like the original post as I start a constant ping on the LAN and watch as the ping latency increases and then ping replies stop. The only way to correct the problem is resetting of the wireless adapter on the laptop. Side note my DroidX has no problem wandering from AP to AP.
Laptop: Windows 7 32bit
I then returned to my home site and test where I have a secondary controller and the LAP's are configured for local mode, no problems roaming from access point to access point. Validated with constant ping test. The pings drop for a second and re-
continues as the laptop reconnects.
**Edit: I am going to try the removing the DHCP Addr. Assignment required option, and report that back to the TAC engineer.
Message was edited by: Michael Dunki-Jacobs
**Edit Solved:***
The problem is in deed solved by turning the "DHCP Address Required" but why?

DHCP on WLC 5508 - 7.4.100.0 - with HA

Hi All,
I'm just looking for some ideas on a problem we've encountered the last few days with DHCP on certain SSID's. To give you an idea, we have a wireless network with 13 SSID's being managed by a WLC 5508 pair configured as high availability (52 AIR-CAP3502I). Yesterday we encountered an issue with DHCP on a few of the SSID's but not all, and as a last resort a reboot of the controller fixed the problem. Statically assigning addressing allows for traffic to traverse the network out to the web and back so I don't think it's a VLAN configuration issue on the wired side. It's worth mentioning however that the controllers are configured for a LAG to HP switches. DHCP is being handled by an external windows DHCP server and the primary server address points to the gateway which has a relay configuration pointing to the windows server on the other side of it. Again, rebooting the controller fixed the problem and the web traffic traverses fine if statically assigning addressing. Any ideas or suggestions would be appreciated.
Thanks,
Keith

Well to determine if its a LAG issue with the HP, just connect one port. This will help determine if its an HA issue or not. I don't know the HP platform, but the WLC uses src-dst-IP for load balancing across the LAG. Maybe the HP is sending the traffic back on a different port. So just having one port connected should eliminate if its a LAG issue or not.
Sent from Cisco Technical Support iPhone App

WLC 5508 8.0.100 AP dropout anf fallback issue

After WLC upgrade to 8.0.100 [ not in HA mode], the AP seem to be dropping out and reconnect using the fallback to IP- inspite of the statically configured IP on the AP
Running Outdoor mesh AIR-CAP1552E-N-K9 on WLC 5508
(Cisco Controller) >show boot
Primary Boot Image............................... 8.0.100.0 (default) (active)
Backup Boot Image................................ 7.6.101.2
=========
Last AP disconnect details
- Reason for last AP connection failure.................... The AP has been reset by the controller
- Last AP disconnect reason................................ Unknown failure reason
Last join error summary
- Type of error that occurred last......................... Lwapp join request rejected
- Reason for error that occurred last...................... No Mwar payload found in join request
- Time at which the last join error occurred............... Dec 03 00:05:26.114
AP disconnect details
- Reason for last AP connection failure.................... The AP has been reset by the controller

We downgraded the WLC to 7.4.121.0 and finally got rid of the DHCP problem
But encountered a new issue
The WGB once connected to the mesh AP does not reconnect to the network , auth failure- AIR-SAP1602E-Z-K9 running - ap1g2-k9w7-mx.152-2.JB2
Local EAP auth configured for WGB client on the WLC
Looks more like the WGB stuck in a state , unable to negotiate its credentials
Controller log
*dot1xMsgTask: Mar 24 10:33:52.737: #DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1404 Unable to send EAPOL-key msg - invalid WPA state (0) - client f4:0f:1b:23:03:37
Attached is the debug and client status from WLC
Any idea what is going on
Thanks

Wlc 5508 webauth subnet mask change issue

Recenly l changed the network subnet for a particular wlc interface and scope and also an upstream router and for some reason it would only allow me to use a /24 Host mask as my plan was to go to a /22 mask to allow for over 1000 hosts within this scope.
The Upstream Router which is a ( RV042 ) had the following original config :
     192.168.1.1
     255.255.255.0
I have noticed this device will not let me change the mask from a /24 to a /22 as you can only change from a pre-defined list of masks and you cannot manually add any either..
New Config
     10.10.0.10
     255.255.255.0
WLC 5508 Controller Interface
     Original Config
      192.168.1.25
     255.255.255.0
     192.168.1.1
     New Config
     10.10.0.25
     255.255.252.0
     Scope
     Range : 10.10.1.10 - 10.10.3.254
     Mask : 255.255.252.0
     Network : 10.0.0.0
     Router : 10.10.0.10
When l reconfigure to this addressing the wireless clients connect and get the new dhcp scope details but following this the webauth screen doesn't appear not allowing them to connect meaning there is no routing of traffic / internet access.
If l modify the above interface and scope masks back to a /24 - 255.255.255.0 the the wireless clients connect and webauth appears to prompt them to accept the terms and conditions and connect thus giving them internet access.
It looks like an issue with the mask ? The main reason l am trying to change the subnet addressing is because the standard /24 mask is not providing enough dhcp addresses and we have had times were the scope has been exhausted due to the public connecting and disconnecting as the lease perod of 2 hours holds onto the address before expiring meaning there is not enough available addresses for people to connect.
I would of thought that the upstream router ( RV042 ) even though it is only a /24 mask would still route the traffic coming from a WLC Controller interface with a /22 mask ?
Hopefully someone can suggest a solution ?
Thanks Simon

Hey Scott just getting back to this issue..   If for instance l can modify the wlc interface and Scope to have a /22 mask ( 1022 Hosts ) and my upstream Router ( Cisco RV042 ) can only provide a /24 or higher mask then does that mean l am still limited to a range of 254 hosts ( /24 Mask ) ? Would this mean l need to look into replacing my upstream Cisco RV042 VPN Router ?

WLC 5508 HA Anchor DHCP issue

Similar Messages

Maybe you are looking for