Wlc 5508 management interface vlan - access point vlan

Similar Messages

• WLC 5508 Management Interface Connection

  I'm setting up a new 5508.  I've used the config from a 4402, have successfully connected to the Service port to manage the device, but for some reason cannot connect to the Management interface.  In this case, port 1.
  The service port is connected to a Catalyst switch and grabbed an ip address (10.2.x.x subnet) no problem.  I can access the 5508 via https using the SP.  However, port 1 is connected to the same Catalyst switch, but on a different vlan (subnet 10.20.x.x).  Both ends show that the interfaces are up, I can ping the interface from any other host on the network, but when I try to manage the device via https I cannot connect.  We are using WCS and I cannot add the device from the WCS.  About all I can do is ping that interface.
  I've probably overlooked something very basic, but I'm baffled.

  Thanks for the reply.
  No, definitely not that.  I have all of those enabled.  I have the SP connected to another vlan on the same switch and can manage through that port(https, telnet).  I've tried about every combination of trunk port, access port, etc.  I'm beginning to suspect the GBICs (10baseT), but both ends show that I am connected at 1000 and I can ping the ip address of the management interface.

• WLC 5508 management interface

  Hi, I have a particular wireless design that requires one WLC 5508 to be connected to two seperate swithces. Port 1 of WLC is connected trunk to Switch A and Port 2 of WLC is connected to Switch B. Each switch has its own local VLANS. When I connect 1130s LAPs they need to find the management interface initially and then use only AP management interfaces. since there is only one management interface, if I assign management interface on a vlan that is configured on switch A then APs on switch A join fine but those on switch B keep asking for management interface and from capwap debug on WLC it says that join request was received on wrong ineterface ....
  the only work around to this was to make routing between switch A and switch B for the two vlans on which APs reside... but for security purposes - client would like to avoid this
  any help much appreciated ..

  Hi thanks for your reply,
  Yes I agree perfectly with your explanation - On both switches I have UDP forward for 5246 and 5247 and everything works fine.
  You understood exactly what's happening for initial discovery the Guest AP asks for managemnt interface through WLC port 2 but managerment IP is on admin side WLC port 1 and then it drops packet saying that it was received on the wrong port. In fact that is why I put an ACL between the Admin switch and guest switch taht allows only 5426 capwap control - just to allow that initial discovery from guest AP to contact Management interface which can only be assigned to one port and in my case it is on the admin switch side. And that is why I had to make a route between the two independent switches.
  My question is to know if there is any other way with my given design to eliminate this initial discovery to the management inetrface, as my client would like the admin and guest switches to be completely seperated i.e. without the routing. Is there any way that the guest APs can make contact with the AP management interface on their side only skipping the discovery of the management interface ? the guest APs were primed on the admin side so they know the IP. After the initial discovery, if I remove the routing between admin and guest switch, guest APs keep their connectivity without any problems.

• Cisco wlc 5508 with 30 Vlan

  Hello
  i need your help
  i want to configure Cisco WLC 5508 whith 03 vlans, 3750 as core swich
  - management Vlan
  - local-user vlan
  - Guest Vlan
  i want to know all steps or config to do on WLC 
  thx

  Hi,
  Just check this.
  It may help u.
  Wireless LAN Controller and Lightweight Access Point Basic Configuration Example
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/69719-wlc-lwap-config.html
  http://rscciew.wordpress.com/2014/01/22/configure-dynamic-interface-on-wlc/
  Webauth for guest users:
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html
  http://rscciew.wordpress.com/2014/06/19/wlc-webauth-configuration/
  Regards

• WLC 5508 Multiple Interfaces for Multiple SSIDs

  Hello guys,
  I am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
  I have 2 questions:
  1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
  Port 1: Controller management only=> 192.168.x.x /24
  Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing)
  Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing)
  Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth)
  Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
  2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?

  Yes you can... but you have to disable LAG.  Each post will need to be connected to a dot1q trunk and you will only allow the vlan that is required for that port.  Also on the interface, you will define what port is primary and what is backup.  I'm guessing you will not be using the backup port.  For example... port 1 that connects to a trunk port will only allow the management vlan.  Here is a link to setup dhcp on the WLC
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Help with Cisco 5508 management interface

  Hello,
  I'm trying to verify some behaviors I'm seeing with my 5508 controller setup and forgive me for missing anything obvious, I've zero experience with this hardware and clueless on the best practices. With that said... out of the box I ran through the AutoInstall process.
  I gave my service port an IP address on my subnet, 10.10.8.0/24 vlan 100 and gave the management interface the ip address 10.10.30.5/24 vlan 130
  From my host I can ping the management interace 10.10.30.5 and the interface gateway 10.10.30.1
  I cannot connect to the controller via 10.10.30.5 either through the web GUI or telnet
  I can connect to the controller via 10.10.8.200 both through the web interface and telnet
  while connected to the service port, I can ping the management port IP but I cannot ping the 10.10.30.1 gateway.
  We have attached two test 3502I AP's and they found the controller and pulled correct ip addresses, clients can authenticate and access network resources as well as the Internet so for the most part, things are working but it concerns me that the management interface can't ping its own gateway.
  Keep in mind, I did no other configurations besides what got configured in the AutoInstall process. What should I look at to resolve?
  Thanks!
  Mike

  The service port is for out of band management and should not be connected to the network.  If connected tot he network, it should not have connectivity to the management interface of the wlc. 
  You can create an ACL to block the service port ip to the managment vlan if you want.  I normally do not connect the service port to the network.

• Backup Port of WLC 5508 MGMT interface

  Dear All,
  Since WLC5508 MGMT interface is configured a AP-Mgr at the same time, can I set a Backup Port to WLC5508 MGMT interface?
  Refer to WLC configuration Guide:
  In the Backup Port text box, enter the number of the backup port assigned to the management interface. If the primary port for the management interface fails, the interface automatically moves to the backup port.
  NoteDo not define a backup port for an AP-manager interface. Port redundancy is not supported for AP-manager interfaces. If the AP-manager interface fails, all of the access points connected to the controller through that interface are evenly distributed among the other configured AP-manager interfaces
  I am confuse on this. Thus, if I need to configure the backup port for MGMT interface, i need to remove the AP-manager on MGMT interface and create a network dynamic interface for AP-Manager ?
  Thanks all.
  Jeff Chiu

  Jeff:
  You are right. The config guide is confusing.
  The config guide is talking about AP-Manager interfaces you create other than the management one. For the management interface it is called "management" but it acts as an AP-Manager interface as well. When the config guide metnions "AP-Manager interface" it does not mean the management interface but it means AP-Manager interfaces that you create beside the management interface.
  So, for the management interface you can create a backup port and I think if you are not using LAG it is a best practice to define a backup port for management.
  For other AP-Manager interfaces that you create (other than the management interface) you don't need to define the backup port.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• WLC 4402 Management Interface

  I am in the process of installing a 4402-12. It's being connected to a HP Procurve GB PoE switch.  The Management and AP Manager are untagged.  2 VLANS were created 201 (SECURE) and 221 (GUEST).  HP switch has VLAN 1 disabled with no native VLAN being used.  Only VLAN currently being used on HP switch is 201. It was my intention to allow complete access to anyone using SECURE while I would redirect all GUEST traffic onto on HP port to a DMZ.  When I connect the management and both AP mgr ports (LAG) I have a HTTPS connection to the management interface and it can also be pinged.  As soon as I tag or trunk the AP manager interfaces (or physically remove the AP manager cables) the management link drops and I no longer have any access to the 4402?  It's as if the 4402 is using the AP Manager interface to connect to the Management port.  Why?

  Figured it out.  Was thinking that the management port and service port were the same where in reality the management port is virtual and the physical service port has no purpose at this time.

• Need Information of cisco WLC 5508 LAG Interface

  HI
  We have cisco WLC 5508 in our network and right now ,this WLC is connected to two ports of each core switches.Both CORP and GUEST SSID are configured on this WLC.
  Now we want to segregate the trafffic og GUEST to on core switches from WLC. SO my question is ,how can we achieve this without using guest anchor controller ?
  Can i use one interfcae cisco WLC 5508 and connect it to the firewall or any device ?
  Thanks
  Puneet

  Hi
  Thanks ...I am using WLC as a DHCP server for Guest.
  So  i want to know ,is there any requirement that GUEST subnet should be pingable from WLC management IP address.
  my topology is here...
  Corp network and management network are reachable however management metwork is not pinagble from guest netowrk.

• Security and Management of Wireless Access Points

  We have a network of eight (8) Cisco 350 Access Points.
  We would like to enable security through WEP and designating specific MAC (Hardware) addresses.
  Please advise as to the most efficient manner of inputting hardware addresses into all of our access points and managing many access points.

  Hmmm....all these replies, with good information, and no one answered your question!
  You can't cut and paste a list of MACs into a Cisco AP (how come, I don't know). What you need to do is enter one MAC address. Then download a non-default config file out of the AP. Then find the lines that changed, and you have your template for adding MAC address lists in one fell swoop. I made a little excel spreadsheet to let me paste in a list of MACs, then spit out the config file lines that you can add as an "additional configuration file" via the web gui.
  You could also add the list via SNMP.
  There's also an import utility in the cli for the ACS server that will let you suck in MAC addresses.
  Hope this helps.
  Just remembered, the APs for some reason convert the hex format of a MAC into dotted decimal. So, when you paste your list in, you need to convert it from hex to dotted decimal, produce your config lines with those, and then shoot those config lines to the AP. I couldn't find anyone in the TAC that could explain why adding a list of MACs was such a chore.

• WLC 2006 Management interface

  I have my WLC configured as follows:
  management intf - 10.10.254.42
  ap-manager intf - 10.10.254.41
  Both are untagged, and the switch port has the native vlan set to 1.
  However, I am unable to reach either address from any other subnet. What gives?

  Hi Friend,
  Can you ping your gateway from your controller? Can you ping this controller from anywhere in your network if you TAG the interfaces instead on untagg?
  Regards,
  Ankur

• WLC 5508 - management frames without DSCP marking

  hello,
  we are facing an issue that our wireless lan controller (5508 with version 7.6.100) doesn´t mark management frames (e.g. reassociation repsonse - necessary for roaming) with CS6. therefore some of them are dropped leaving the clients not to roam...
  does anybody have an idea? in my view it can only be a biug because it´s noit possible to reconfigure this....
  thx

  we are seeing managemt frames getting marked on Wism. i strongly believe they were marked in the past also on 5508. moreover frames are getting marked when they arinitiated by the AP
  if we trust CoS frames are getting marked because it contains the dot1p tag. the switch generates the dscp-value out of it. but we want to trust dscp. 
  we see also a very strange behaviour when trusting COS that sometimes a reassociation request has dot1p value 2 and the next one has 5. so it seems that the tag is there, but not working properly.
  changing to CoS in general would mean testing the whole infrastructure for voip over wireless lan again. and i don´t want to do that

• Reconfiguring WLC's Management Interface Gateway

  Dears
  I am trying to change gateway which was previously configured wrong.But facing error.Below is command which i am using and error facing.
  configure interface address managent IP-ADDRESS SUBNETMASK GATEWAY
  "Request failed - Active WLAN using interface. Disable WLAN first

  WLANs can be disabled in two ways; CLI or GUI.
  CLI
  config wlan disable
  or GUI
  WLAN tab
  Click a Profile Name
  Uncheck the "Enable" checkbox
  Apply

• WLC: Configuring Global Credentials for Access Points

  Hi,
  I have an WLC 4404 running Software Version 5.0.148.0 with 40 LWAPPs (1242AG, some 1231G). I want to configure global credentials for the LWAPPs. The configuration guide did not mention, if I have to reboot the LWAPPs after setting the credentials.
  So, could I set this option during operation time? Thanks a lot for your help.
  Regards
  Simon

  Hi,
  Configuring the "Override global credentials" option in the GUI does not reboot the AP. It can be done in a production environment, just did it on one of my 1252s to test.
  Hope it helps.
  Jerome

• WLC 5508 and remote site (DMVPN) Access Points

  Hi All,
  We just purchased a WLC 5508 and would like to know if it will control remote VPN site Access Points.  Here are the details:
  The 5508 will live at our home office.  We have multiple remote sites that are connected via Cisco's DMVPN.  Each site has one Cisco 1131 Access Point hanging off of either a Cisco 1841 or a 2811 that is using DMVPN back to the home office 2811.  Can the 5508 manage the remote Access Points?
  Thanks for your help guys!

  Are you are talking about OfficeExtend?
  Cisco OfficeExtend
  https://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns430/solution_overview_c22-523307_ns348_Networking_Solution_Solution_Overview.html
  OfficeExtend supports 1130 & 1140 as long as you have the Wireless PLUS (WPLUS) Software.
  OfficeExtend Access Point
  http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0apcfg.html#wp1069890