WLC 5508: LAG with not stacked switches

Similar Messages

• WLC 5508 issue with 4 ports in portchannel

  Hi,
  We have one WLC 5508 and LAG is enabled on it but when we connect 4 cables to a distribution switch only 3 links are sending and receiving traffic and the 4th one is up with outgoing traffic from the distribution switch to WLC but nothing incoming.
  Some APs went down and refuse to be registered back to the WLC. when we shut down the 4th port everything is back to normal.
  the etherchannel config is identical and I can see all ports are active and not suspended :
  interface GigabitEthernet2/2/1
  description PortChannel-WLC1-Port1
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 60-67,2808,2922,2923,2932
   switchport mode trunk
   channel-group 99 mode on
  interface GigabitEthernet2/2/2
  description PortChannel-WLC1-Port2
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 60-67,2808,2922,2923,2932
   switchport mode trunk
   channel-group 99 mode on
  interface GigabitEthernet2/2/3
  description PortChannel-WLC1-Port3
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 60-67,2808,2922,2923,2932
   switchport mode trunk
   channel-group 99 mode on
  interface GigabitEthernet2/2/4
  description PortChannel-WLC1-Port4
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 60-67,2808,2922,2923,2932
   switchport mode trunk
   channel-group 99 mode on

  sh etherchannel 99 sum
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      N - not in use, no aggregation
          f - failed to allocate aggregator
          M - not in use, no aggregation due to minimum links not met
          m - not in use, port not aggregated due to minimum links not met
          u - unsuitable for bundling
          d - default port
          w - waiting to be aggregated
  Number of channel-groups in use: 38
  Number of aggregators:           38
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  99     Po99(SU)         -        Gi2/2/1(P)     Gi2/2/2(P)     Gi2/2/3(D)     
                                   Gi2/2/4(P)     
  Last applied Hash Distribution Algorithm: Fixed
  Gi2/2/3 is down becasue we had to shut down the interface because when it is up many APs refuse to register.

• WLC 5508 Problem with #DOT1X-3-INVALID_REPLAY_CTR

  Hi all,
  I have WLC 5508 with version 7.4.110.0 and with 13 AccessPoints.So 12 of this AP are  AIR-LAP1142N-E-K9 and 1 is AIR-CAP3602I-E-K9.
  Logs of my WLC are:
  *Dot1x_NW_MsgTask_1: Jan 11 01:15:05.167: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 90:c1:15:c6:c3:49 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_4: Jan 11 01:09:41.015: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 5c:0a:5b:c1:16:34 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_3: Jan 11 01:03:32.269: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 40:b3:95:13:da:cb - got 00 00 00 00 00 00 00 03, expected 00 00 00 00 00 00 00 04
  *Dot1x_NW_MsgTask_3: Jan 11 01:03:32.266: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 40:b3:95:13:da:cb - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 04
  *Dot1x_NW_MsgTask_0: Jan 11 01:03:31.648: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 24:77:03:67:01:48 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_5: Jan 11 01:03:31.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:da:c1:cd - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_2: Jan 11 01:03:31.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client cc:78:5f:29:cc:82 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_4: Jan 11 01:03:31.633: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 08:11:96:55:81:c4 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_0: Jan 11 01:03:31.631: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 84:3a:4b:56:36:50 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_1: Jan 11 01:03:31.630: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:e2:d4:91 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_0: Jan 11 00:59:52.593: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client a0:88:b4:60:20:f8 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *apfRogueTask_3: Jan 11 00:59:32.168: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 2, Requested containment level 4
  *apfRogueTask_3: Jan 11 00:58:38.635: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 1, Requested containment level 4
  *Dot1x_NW_MsgTask_0: Jan 11 00:50:06.885: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 10:68:3f:46:4e:e8 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_0: Jan 11 00:50:06.883: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 10:68:3f:46:4e:e8 - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 02
  *dot1xMsgTask: Jan 11 00:49:05.842: #DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:618 Client c8:e0:eb:19:2a:97 may be using an incorrect PSK
  *apfRogueTask_3: Jan 11 00:40:42.576: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 3, Requested containment level 4
  *Dot1x_NW_MsgTask_3: Jan 11 00:40:17.471: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client c4:43:8f:f1:8c:8b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  *Dot1x_NW_MsgTask_4: Jan 11 00:40:03.368: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client f0:d1:a9:8e:1a:dc - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
  *Dot1x_NW_MsgTask_1: Jan 11 00:39:30.528: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:d8:84:09 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
  I already go to this link to check the Description of errors-
  http://www.cisco.com/en/US/docs/wireless/controller/message/guide/msgs4.html#wp1000139
  Appreciate all feedback. Thank you.

  Hi Ruben,
  a) After successful dot1x authentication, session keys are derived from pairwise master key.
  b) When the AP transmits a key to a station by default, it expects a response back within a set timeframe.
  c) If the station does not respond, the AP increments the counter and retransmits the key.
  d) If the AP receives a response to first message just after the retransmission of the key, a mismatch occurs in the counter.
  This in most of the cases will be a client driver problem.
  Solution :
  1) try to increase the EAPOL-Key Timeout ( config advanced eap ).
  2) Upgrade the client driver.
  *****Help out other by using the rating system and marking answered questions as "Answered"*****

• WLC 5508 and LAP1310 - Not syncing up!

  As the title states I have a WLC 5508 and a LAP1310 that will not sync up.
  The error stated in the traps log is "AP with MAC (xxxx.xxxx.xxxx.xxxx) is unknown."
  WLC software release is : 7.2.103.0
  IOS on the AP is : 12.4(18a)JA2
  Upon some investigation I found that the "AP with MAC is unknown" error usually points to one of two things:
  A.  WLC firmware needs to be updated
  B.  AP needs to be updated.
  C. The AP is not compatible with the WLC.
  I am leaning toward solution C and I am looking for a conformation or a correction, if anyone could help out that would be greatly appreciated!
  I've tried reading the compatibility matrix released by Cisco, but I found it mildly confusing as to what is and isn't supported by each software release.
  Sources - http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml#lap1250
  Problem 11: 1250 LAP Not Able to Join WLC
  The setup consists of a 2106 WLC that runs version 4.1.185.0. A Cisco 1250 AP is not able to join the controller.
  The log on the WLC shows this:
  Mon Jun 2 21:19:37 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Mon Jun 2 21:19:37 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x 
  Mon Jun 2 21:19:26 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
  Mon Jun 2 21:19:20 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Mon Jun 2 21:19:20 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x 
  Mon Jun 2 21:19:09 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
  Mon Jun 2 21:19:03 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Solution: This is because the Cisco 1250 series LAP is not supported on version 4.1. The Cisco Aironet 1250 Series AP is supported from controller versions 4.2.61 and later. In order to fix this issue, upgrade the controller software to 4.2.61.0 or later.
  Problem 16: 1000 series LAPs not able to join the Wireless LAN controller, WLC runs version 5.0
  This is because WLC software release 5.0.148.0 or later is not compatible with Cisco Aironet 1000 series APs. If you have a Cisco 1000 series LAP in a network, which runs WLC versions 5.0.48.0, the 1000 series LAP does not join the controller and you see this trap message on the WLC.
  "AP with MAC xx:xx:xx:xx:xx:xx is unkown"

  videoaudiojack
  What version of Premiere Elements are you using and on what computer operating system is it running?
  What are the properties of this .mp4 video import (video and audio compressions, frame size, frame rate, interlaced or progressive, pixel aspect ratio)?
  If you have any information about the video bitrate and audio bitrate of the file, that would be good to know.
  What is the audio - stereo 2 channel or 5.1 channel?
  What are you (manually) or the project automatically setting as the project preset to match the properties of your source video?
  Let us start here and then decide what next.
  Thank you.
  ATR

• Need Information of cisco WLC 5508 LAG Interface

  HI
  We have cisco WLC 5508 in our network and right now ,this WLC is connected to two ports of each core switches.Both CORP and GUEST SSID are configured on this WLC.
  Now we want to segregate the trafffic og GUEST to on core switches from WLC. SO my question is ,how can we achieve this without using guest anchor controller ?
  Can i use one interfcae cisco WLC 5508 and connect it to the firewall or any device ?
  Thanks
  Puneet

  Hi
  Thanks ...I am using WLC as a DHCP server for Guest.
  So  i want to know ,is there any requirement that GUEST subnet should be pingable from WLC management IP address.
  my topology is here...
  Corp network and management network are reachable however management metwork is not pinagble from guest netowrk.

• HELP! Macbook Pro lag with automatic graphics switching

  Hi people,
  My macbook pro (2010 edition) recently got laggy. I have no idea whether it is because I installed too many applications or if a hidden application is eating into my RAM. When I turn off the automatics graphics switching to the more powerful Nvidia graphics card, the lagging disappears completely. However, with the switching turned on, lagging occurs in just about every function I use, whether it is to check Microsoft Entourage email, surf safari, or scroll along my dock. The lag is not significant, but many less than a half second of freezing and then resuming. Videos streamed online become more laggy.
  This did not happen before, although I vaguely remember having the automatic graphics switching turned on perpetually when I first bought my MBP as an energy saving measure.
  Does anyone experience this same problem with the graphics switching. Looking for serious help. If not, I think I might try restoring my MBP to its factory settings and see if that helps.
  I updated all software on OS X, running on 4gig ram. I am not sure if it is a memory problem because of the graphic switching situation I mentioned earlier.
  Somebody help me.

  Thanks Clinton,
  I had a funny feeling that would be my only option. It becomes very difficult in my part of the world to get to an Apple store (the nearest one is nearly 2 hours away).
  I would love to find out what the cause is and possible remedies.
  Although far from convenient this maybe my only option.
  Thanks for you help.
  If anyone else has experienced similar issues and already received advice after a trip to the Apple store I would be interested to know more about your experiences / possible solutions.
  Regards,
  Phil

• WLC 5508 integration with fortigate and Guest Vlan

  Hi
  I have 5508 Cisco WLC and i want to connect my wlc one port to fortigate (FW) for direct internet.
  And other port in WLC i will connect on Cisco Core Switch for other SSID's and for management. Now the question is how to divide port in WLC 5508, how to point layer 3 traffic if don't configure switch port as trunk.
  Kindly what will be best solution.

  sh etherchannel 99 sum
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      N - not in use, no aggregation
          f - failed to allocate aggregator
          M - not in use, no aggregation due to minimum links not met
          m - not in use, port not aggregated due to minimum links not met
          u - unsuitable for bundling
          d - default port
          w - waiting to be aggregated
  Number of channel-groups in use: 38
  Number of aggregators:           38
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  99     Po99(SU)         -        Gi2/2/1(P)     Gi2/2/2(P)     Gi2/2/3(D)     
                                   Gi2/2/4(P)     
  Last applied Hash Distribution Algorithm: Fixed
  Gi2/2/3 is down becasue we had to shut down the interface because when it is up many APs refuse to register.

• WLC 5508 LAG and CAt 3750 cross stack

  Hello,
  I would like to use the LAG feature on my 5508 WLCs and connect each of them to two different port of a 3750 stack using cross stack. Do you think it will work?
  Cisco suggests not to connect different LAG ports of a WLC to different CAT3750 but it's not clear if it was referred to different standalone 3750s or to a stackwise of 3750s.
  Tnks all
  Johnny

  The HA kicks in when the primary looses gateway, do a small test, keep a continuous ping to WLC  from its gateway as source and break one of the link in the LAG and see if you drop any packet ?

• WLC 2504 LAG is not working?

  Hi All,
  Yesterday i configured LAG on my New WLC using following configuration:
  Enable LAG on controller > General
  then reboot
  On Neighbor Switch:
  Interface range GigabitEthernet <Interfce ID>
  Channel-group <id> mode on
  no sh
  Interface port-channel <id>
  switchport trunk allowed vlan <id>
  switchport mode trunk
  no sh
  i can see on switch trunk is established.
  I also tag the LAG to my management vlan.
  But still not working, can any one help me to find what going wrong.
  I have HA device i configure same on that it worked. But not working on my primary
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 8.0.110.0
  Bootloader Version............................... 1.0.20
  Field Recovery Image Version..................... 7.6.101.1
  Firmware Version................................. PIC 16.0
  Build Type....................................... DATA + WPS
  System Name......................................
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 
  IP Address.......................................
  IPv6 Address..................................... ::
  Last Reset....................................... Software reset
  System Up Time................................... 0 days 0 hrs 21 mins 0 secs
  System Timezone Location.........................
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  --More-- or (q)uit
  Configured Country............................... 
  Operating Environment............................ Commercial (0 to 40 C)
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +28 C
  External Temperature............................. +33 C
  Fan Status....................................... 4300 rpm
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 1
  Number of Active Clients......................... 0
  Burned-in MAC Address............................ 
  Maximum number of APs supported.................. 75
  System Nas-Id....................................
  WLC MIC Certificate Types........................ SHA1

  Try to delete the config on  switch and try this.
  Switch config :
  interface range <>
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport trunk allowed vlan X,Y,Z
  Channel-group <> mode on
  Still not working then check if WLC is reachable via ssh or telnet!
  if you have access via ash or telnet then reboot WLC by using "reset system" command .
  hope it helps.
  Regards
  Dont forget to rate helpful posts

• WLC 5508 LAG setup

  Hi,
  I'm trying to setup a 5508 to put multiple management ports into LAG configuration for Etherchannel to the connected switch. I have not found where to configure that in the GUI. Is that a CLI-only command?
  Thanks.

  Following are the information
  You can Find LAG option under genereal option in controller , GUI.
  and to verify
  Verifying Link Aggregation Settings (CLI)
  To verify your LAG settings, enter this command:
  show lag summary
  Information similar to the following appears:
  LAG Enabled
  Configuring Neighbor Devices to Support Link Aggregation
  The controller's neighbor devices must also be properly configured to support LAG. 
  •Each neighbor port to which the controller is connected should be configured as follows:
  interface GigabitEthernet <interface id>

• WLC 5508 - Issue- Will not start NCS

                     After a powerloss and reboot the unit will not start NCS. The running configuration file apears to be intact. Any suggestions would be apreciated. Currently generation failure logs.
  Thanks in advance
  John D.

  Hi John:
  Power cycling a 5508 wireless LAN controller shouldn't have any impact on NCS.  The best source of accurate information will be the logs.zip file that would come from running the command
  backup-logs 06282013 repository
  That's going to cause all the logs for NCS to be backed and zipped up, and the copy put over on the repository.  Once you have that, you can unzip it, and the place to start would be the hm-0-0.log file.  That's the log of the Health Monitor service that watches over everything and tells the other services like the database, FTP/TFTP servers and such to kick off, and logs what those services do when told to kick off.  Based on which service isn't behaving, you'd check the log for that service for more details of why that service isn't behaving.

• Port channel WLC 5508 and 3750

  Hi All,
  I want to configure Port channel for WLC 5508 and cisco 3750 Stack Switch. What changes I need to make on WLC and where?
  Thanks
  Jagdev

  Thanks Chris,
  LAG is enable on WLC, and Port channel is configured on 3750, Please see the configration and Port channel status below:-
  (Cisco Controller) >show lag summary
  LAG Enabled
  interface Port-channel14
  description Port Channel to WLC001
  switchport trunk encapsulation dot1q
  switchport mode trunk
  end
  sh etherchannel 14 summary
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      f - failed to allocate aggregator
          M - not in use, minimum links not met
          u - unsuitable for bundling
          w - waiting to be aggregated
          d - default port
  Number of channel-groups in use: 14
  Number of aggregators:           14
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  14     Po14(SD)        LACP      Gi1/0/22(I) Gi2/0/22(I)
  sh run int g1/0/22
  Building configuration...
  Current configuration : 209 bytes
  interface GigabitEthernet1/0/22
  description Trunk to WLC001 DistPort1
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 254
  switchport mode trunk
  channel-group 14 mode active
  end
  sh run int g2/0/22
  Building configuration...
  Current configuration : 209 bytes
  interface GigabitEthernet2/0/22
  description Trunk to WLC001 DistPort2
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 254
  switchport mode trunk
  channel-group 14 mode active
  end

• WLC 5508 software version working with ISE1.1.2

  Hi,
  My understanding is that for fully WLC 5508 integration with ISE 1.1.2, it needs Version 7.2.103.0.  Question is if customer has 5508 with either 7.0.230 or 7.0.98, and ISE 1.1.2, can AAA part work?  what part will not work, any potential issue if they don't upgrade 5508 to 7.2.103?
  Thanks in advance!
  Tina

  Please check the below Table:
  Table 1 Supported Network Access Devices
  Device
  Minimum OS Version
  MAB
  802.1X
  Web Auth
  Session CoA
  VLAN
  DACL
  SGA
  IOS Sensor
  CWA
  LWA
  Wireless LAN Controller (WLC) 2500, 5500
  7.2.103.0
  No6
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  Yes
  No
  Ref. Link: http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html#wp55038

• Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users

  Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
  I've been given a fantastic "opportunity" by my boss to use our existing wireless infrastructure to provide internet access to potentially upto 2000 VIP guests arriving with BYOD devices, in a very densely populated area for a 3 day event. We are talking an area of approx 200m x 15m. Think of it as an awards ceremony/concert. The solution will also be mobile so we will be using internet breakout from different telcos as it will move to approx 20 countries. The area is also incredibly densely populated with other wifi APs. I did a brief site survey and AirMagnet could detect over 2500 other 'rogue' APs from where I was stood! I hope CleanAir works!
  We need a simple authentication method for them to connect with zero admin from our side. We don't want to just offer up a rolling daily PSK as that's a bit amateur and we don't really want the VIP guests sharing the PSK with others during their stay. Ideally they could self-provision by providing an email address.
  I know the WLC can handle webauth for local users but I don't think it scales very well. ie I don't think I can offer the account to several hundred people.
  Cisco ISE looks a very expansive (and expensive) product but I don't think we need all it's capabilities (do I?). It would be nice to just ask a potential user for their email address and grant them access and email them next year. I've seen Cisco NAC but that looks over the top too for just guest users who will only be accessing a shared internet connection.
  I've seen 3rd party supposed software solutions from Kiosk Antamedia etc do they work with Cisco Enterprise WLC solutions?
  We'd like to limit users to a certain (low) bandwidth and block (say) torrent traffic to keep the general user experience worthwhile.
  Does anybody have any case study documents or experience of such a project? As well as the authentication it's how well the APs will handle the dense potential number of clients trying to connect in such a confined space. 
  Any suggestions would be gratefully appreciated from the knowledgeable community.
  Cheers,
  Mike

  Hi Rasika,
  We are having WLC 5508 model with software version running 7.4.121.0. AP Models are AIR-CAP2602I.
  Normally our WAN links are good even while the issue pertains. We are connected to remote offices over ipsec site to site vpn for WAN. The link latency in WLC between the AP and the controller shows  <1ms.
  currently the Guest network is using WPA2-PSK auth given in the controller. we are trying to find a option to make the Guest wireless auth local to the office, and see if this solves the problem. 
  any suggestions,
  Thank you,
  Arjun

• Mapping Multiple VLANs to Multiple SSIDs as one-one in WLC 5508 via H-REAP?

  Hi All,
  Can anyone please show me how to map a SSID/WLAN ID to a local vlan of a LAP in WLC 5508 using H-REAP local switched? The reason of doing this is to separate Data subnet/traffic from Voice as currently all 7925 handsets using same SSID as PCs. I would like to create two VLANs on APs and map them to two SSIDs. I could not see any option in WLC5508 to do this. Also when I change the AP mode from H-REAP to local and configuring sub interface using dot1q on the interface Gi0 then unable write running-config to startup-config because I get NVRAM Verification Failed as WLC protects any local changes on any registered LAP at NVRAM.
  Your help is much appreciated.

  Mehdi:
  I am talking about HREAP groups, not AP groups.
  You can not achieve what you want if you are using the same SSID on same AP with only a WLC (same AP with same SSID is mapped to different VLANs). You may need a radius server to dynamically assign a VLAN to the clients if you are using same SSID for data and voice.
  If you are using different SSIDs for voice and data, you can map each SSID to its corresponding VLAN on the remote site using the VLAN mapping option under HREAP tab in the AP config page.
  You can not configure the AP from its console. Lightweight APs can only be configured from the controller. (a few exceptions are available that do not apply here) .
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"