WLC 5508 with LAP-1142n - Several Errors
Hello all,
I had installed a WLC 5508 with 7 LAP 1142n and 2 converted AP 1131abg.
I am seeing some errors relating 2 issues.
1st- One particular AP 1142 is disassociating and reseting the radios.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Thu Oct 28 11:50:49 2010
AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:1(802.11a) Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface reset. Status:NA
Thu Oct 28 11:50:49 2010
AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio interface reset. Status:NA
Thu Oct 28 11:50:46 2010
AP's Interface:1(802.11a) Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio reset due to Init. Status:NA
Thu Oct 28 11:50:46 2010
AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:e8:04:62:23:ac:e0 Cause=Radio reset due to Init. Status:NA
Thu Oct 28 11:50:46 2010
AP 'AP3', MAC: e8:04:62:23:ac:e0 disassociated previously due to AP Reset. Uptime: 1 days, 10 h 24 m 23 s . Last reset reason: operator changed 11g mode.
Thu Oct 28 11:50:35 2010
AP Disassociated. Base Radio MAC:e8:04:62:23:ac:e0
Thu Oct 28 11:50:35 2010
AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=New Discovery Status:NA
Thu Oct 28 11:50:35 2010
AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:e8:04:62:23:ac:e0 Cause=New Discovery Status:NA
I had some search, and the new discovery cause, might be that the AP didnt know what WLC do associate, in a multi-controller environment. This is not the case. I only have one WLC in the same management vlan.
2st-The Radius server is beeing related in the logs as been deactivated. I raise the server time-out on Radius configuration option, but it still continues to do it.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Thu Oct 28 10:24:41 2010
RADIUS server 10.67.128.36:1812 deactivated in global list
Thu Oct 28 10:24:41 2010
RADIUS server 10.67.128.36:1812 failed to respond to request (ID 172) for client e8:06:88:51:c0:2b / user 'unknown'
Is this meaning the WLC stop sending request to the Radius Server ? We dont have BackUp Radius.
As far as i know, its always the same mac-address client that is associated to that error, maybe a iphone.
I had so many clients in that SSID and they are all working good.
The Radius server is a NPS from windows Server 2008
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
, and the client says that the medium response time is 0,02 sec, so im wondering why the controller is not getting response from Radius for a particular client?! My client also says, that didnt found any log related to that mac-address client ... what is weird...
WLC with last software available 7.0.164
Hope some one help me here.
Best Regards,
Bruno Petrónio
Thanks Scott,
I understand what you are mentioning, and i really didnt do it yet.
I realize that the primary controller was not configured on the
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Wireless –> All APs –> High Availability tab, and did it only to the AP that is taking this beahviour.
Is this mandatory for a 1 controller only ?
No mather what the manual say, after that the AP is rebooting 2 mins in 2 mins... with the same kind of messages.
The interface on the switch is getting a few input errors and the same numbers of crc... but are so few...
Next step ... i will change it to another one's place/pathing cable.
Regarding the Radius messages... any ideas ?
I'm already on 30 sec's of server timeout.
Best Regards,
Bruno Petrónio
Similar Messages
-
Low Bandwith, WLC 5508 and LAP 1142N, please help !
Hello Everyone
For the Environment:
- I have a WLC 5508 With a license up to 100 AP, at the Point there are 39 AP connected.
- The WLC is connected with 8x 1Gbit/s, as a Trunk ==> 2 Members of 3750 Switches Stack ( 4gig and 4 gig)
- The AP are connected to diferent 2960s with an Uplink ( 3 Gbit/s) to the 3750 Switches
- There are max. 12 AP on each 2960s
- The AP are powered over Ethernet
The AP:
- it runs a/b/g/n and on 2,4 Ghz i schould have 300 mbit/s as for the 5 Ghz it schould also run 300mbit /s
- the Ap has an uplink of 1 Gbit/s
The clients:
- have a intel Wifi link 5300 AGN Card
To the Problem:
- if i connect to one AP, and the Signal strength is High, i get an upload rate of max. 6-8Mbyte/s.
and i am the only Person uploading.
if i upload from 3 clients the same data from the same spot to the same target i get 2-3 Mbyte/s per client.
if connect to the same target and run over ethernet cable fom the same spot, i get an upload of 70 -85 Mbyte/s.
Question:
- Why am i having these Bandwith problems ??Thanks Scott,
I understand what you are mentioning, and i really didnt do it yet.
I realize that the primary controller was not configured on the
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Wireless –> All APs –> High Availability tab, and did it only to the AP that is taking this beahviour.
Is this mandatory for a 1 controller only ?
No mather what the manual say, after that the AP is rebooting 2 mins in 2 mins... with the same kind of messages.
The interface on the switch is getting a few input errors and the same numbers of crc... but are so few...
Next step ... i will change it to another one's place/pathing cable.
Regarding the Radius messages... any ideas ?
I'm already on 30 sec's of server timeout.
Best Regards,
Bruno Petrónio -
Cisco WLC 5508 with Nexus 5048 CDP error
Hello,
We got cisco WLC 5508 running 74.121.0
The WLC is connected to Nexus 5548 with dual-homed.
We receive CDP duplex mismatch from the Nexus switches.
Any ideas?Can you check the duplex info. of the neighbor using
router#show cdp neighbors detail -
Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
I've been given a fantastic "opportunity" by my boss to use our existing wireless infrastructure to provide internet access to potentially upto 2000 VIP guests arriving with BYOD devices, in a very densely populated area for a 3 day event. We are talking an area of approx 200m x 15m. Think of it as an awards ceremony/concert. The solution will also be mobile so we will be using internet breakout from different telcos as it will move to approx 20 countries. The area is also incredibly densely populated with other wifi APs. I did a brief site survey and AirMagnet could detect over 2500 other 'rogue' APs from where I was stood! I hope CleanAir works!
We need a simple authentication method for them to connect with zero admin from our side. We don't want to just offer up a rolling daily PSK as that's a bit amateur and we don't really want the VIP guests sharing the PSK with others during their stay. Ideally they could self-provision by providing an email address.
I know the WLC can handle webauth for local users but I don't think it scales very well. ie I don't think I can offer the account to several hundred people.
Cisco ISE looks a very expansive (and expensive) product but I don't think we need all it's capabilities (do I?). It would be nice to just ask a potential user for their email address and grant them access and email them next year. I've seen Cisco NAC but that looks over the top too for just guest users who will only be accessing a shared internet connection.
I've seen 3rd party supposed software solutions from Kiosk Antamedia etc do they work with Cisco Enterprise WLC solutions?
We'd like to limit users to a certain (low) bandwidth and block (say) torrent traffic to keep the general user experience worthwhile.
Does anybody have any case study documents or experience of such a project? As well as the authentication it's how well the APs will handle the dense potential number of clients trying to connect in such a confined space.
Any suggestions would be gratefully appreciated from the knowledgeable community.
Cheers,
MikeHi Rasika,
We are having WLC 5508 model with software version running 7.4.121.0. AP Models are AIR-CAP2602I.
Normally our WAN links are good even while the issue pertains. We are connected to remote offices over ipsec site to site vpn for WAN. The link latency in WLC between the AP and the controller shows <1ms.
currently the Guest network is using WPA2-PSK auth given in the controller. we are trying to find a option to make the Guest wireless auth local to the office, and see if this solves the problem.
any suggestions,
Thank you,
Arjun -
Deployment of WLC-5508 with 2702i-D have performance issue.
Hi Team,
We have centrally deployed WLC-5508 with 50 AP licence along with HA scenario. we have 3 locations.
1- HQ. have 26 AP with POWINJ5.
2- Branch location A- 8 AP with POWINJ5.
3. Branch location B have 8 AP with POWINJ4.
my exception is to achieve that single SSID with dynamic VLAN from group police (NPS). MY HO have 26 AP and those are working in local mode.
and branches are connected through flexconnect mode. and all are working with different-2 NPS.
Now i am facing a problem with this deployment are following.
1- branch A have performance issue.
2- HQ have performance issue.
3- i don't want to go with dedicated NPS for every location.
In order to achieve this deployment i want only single SSID with primary and secondary NPS at my HQ with dynamic VLAN for respective departmental users vlans..
above is my problem and concern. otherwise i am successfully achieving this solution with dedicated NPS with single group policy. but when i am going forward to achieve my expectation that time i am facing authentication issue at my HQ and sometimes am not able to get proper VLAN IPs. at my HQ.
kindly help me in that to understand where I am doing wrong things to achieve my expectation.
Thanks.
NalinI am facing 2 different problems.
1st issue- in existing setup we have throughput issue. (while downloading or uploading any data from the internet or Intranet, that time wireless clients are facing slowness of the Speed. and same time when i am trying from LAN i am not facing any issue)
2nd Issue- I want to achieve only single SSID with primary and secondary NPS (AD group is bind with vlan Attributes) with dynamic VLAN for respective departmental users.
for Issue no 2 i have created SSID to achieve the single ssid parameter for every location. in order to achieve i have change all access points mode local to Flexconnect mode after that i have created AP groups location wise and then create flexconnect Groups where i have mapped all the vlan through AAA VLAN-ACL mapping. created interface group and mapped all the vlans in that group.
for more understanding please go through the below mentioned CLI view.
Cisco Controller) >show wlan apgroups
Total Number of AP Groups........................ 4
Site Name........................................ GURGAON-AP-GROUP
Site Description................................. GURGAON-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Pol icy
3 gurgaon-interface Disabled None
--More-- or (q)uit
4 gurgaon-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
GUR-AP-01 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:e4 default location 1 IN 1
GUR-AP-05 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b5:18 default location 1 IN 1
GUR-AP-03 2 AIR-CAP2702I-D-K9 bc:16:65:13:71:00 default location 1 IN 1
GUR-AP-07 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:f8 default location 1 IN 1
GUR-AP-06 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:e0 default location 1 IN 1
GUR-AP-08 2 AIR-CAP2702I-D-K9 f4:4e:05:45:78:98 default location 1 IN 1
GUR-AP-02 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:2c default location 1 IN 1
GUR-AP-04 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:64 default location 1 IN 1
GUR-AP-09 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b4:44 default location 1 IN 1
Site Name........................................ MUMBAI-AP-GROUP
Site Description................................. MUMBAI-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
--More-- or (q)uit
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-7-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:d8 7th Floor 1 IN 3
--More-- or (q)uit
FAL-7-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:18 7th Floor 1 IN 1
FAL-7-AP14 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ad:e8 7th Floor 1 IN 1
FAL-7-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:4c 7th Floor 1 IN 1
FAL-7-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:bc 7th Floor 1 IN 1
FAL-7-AP13 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:80 7th Floor 1 IN 1
FAL-7-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:94 7th Floor 1 IN 1
FAL-7-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:e8 7th Floor 1 IN 1
FAL-7-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:f0 7th Floor 1 IN 3
FAL-7-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:e4 7th Floor 1 IN 1
FAL-7-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:84 7th Floor 1 IN 3
FAL-7-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:14 7th Floor 1 IN 1
FAL-7-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:c8 7th Floor 1 IN 3
FAL-7-AP11 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:08 7th Floor 1 IN 1
Site Name........................................ MUMBAI-THIRD-FLOOR-AP
Site Description................................. MUMBAI-THIRD-FLOOR-AP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
--More-- or (q)uit
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-3-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:a4 3rd Floor 1 IN 3
FAL-3-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:94 3rd Floor 1 IN 3
FAL-3-AP11 2 AIR-CAP2702I-D-K9 f4:0f:1b:73:00:74 3rd Floor- Eurek 1 IN 3
FAL-3-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:d0 3rd Floor 1 IN 3
--More-- or (q)uit
FAL-3-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b5:88 3rd Floor 1 IN 3
FAL-3-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:9c 3rd Floor 1 IN 3
FAL-3-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:af:a0 3rd Floor 1 IN 1
FAL-3-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:fc 3rd Floor- Eurek 1 IN 3
FAL-3-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:28 3rd Floor 1 IN 3
FAL-3-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:f4 3rd Floor 1 IN 3
FAL-3-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:8c 3rd Floor 1 IN 2
FAL-3-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:f4 3rd Floor 1 IN 3
Site Name........................................ RAHEJA-AP-GROUP
Site Description................................. RAHEJA-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
--More-- or (q)uit
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
5 raheja-interface Disabled None
2 raheja-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-RAHEJA-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:1c Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:37:3c Confrennce Room 1 IN 3
FAL-RAHEJA-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:48 Near Confrence R 1 IN 3
FAL-RAHEJA-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:c0 Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:a0 Near Server Room 1 IN 3
FAL-RAHEJA-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:20 Reception Area 1 IN 3
FAL-RAHEJA-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:68 USER BAY ROAD si 1 IN 1
FAL-RAHEJA-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:d4 Training Room 1 IN 1
--More-- or (q)uit
Site Name........................................ default-group
Site Description................................. <none>
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
3 gurgaon-interface Disabled None
4 gurgaon-guest Disabled None
5 raheja-interface Disabled None
6 test Disabled None
Cisco Controller) >show flexconnect group summary
FlexConnect Group Summary: Count: 4
Group Name # Aps
Gurgaon-AP 9
HQ-3RD-FLR-AP-GROUP 12
HQ-7THFLR-AP-GROUP 14
Raheja-AP-Group 8
(Cisco Controller) >show flexconnect group detail Gurgaon-AP
Number of AP's in Group: 9
bc:16:65:13:71:00 GUR-AP-03 Joined Flexconnect
f4:4e:05:45:78:98 GUR-AP-08 Joined Flexconnect
f4:4e:05:78:ae:64 GUR-AP-04 Joined Flexconnect
f4:4e:05:78:ae:e4 GUR-AP-01 Joined Flexconnect
f4:4e:05:80:b3:2c GUR-AP-02 Joined Flexconnect
f4:4e:05:80:b3:e0 GUR-AP-06 Joined Flexconnect
f4:4e:05:80:b3:f8 GUR-AP-07 Joined Flexconnect
f4:4e:05:80:b4:44 GUR-AP-09 Joined Flexconnect
f4:4e:05:80:b5:18 GUR-AP-05 Joined Flexconnect
Efficient AP Image Upgrade ..... Disabled
Master-AP-Mac Master-AP-Name Model Manual
Group Radius Servers Settings:
Type Server Address Port
Primary Unconfigured Unconfigured
Secondary Unconfigured Unconfigured
--More-- or (q)uit
Group Radius AP Settings:
AP RADIUS server............ Disabled
EAP-FAST Auth............... Disabled
LEAP Auth................... Disabled
EAP-TLS Auth................ Disabled
EAP-TLS CERT Download....... Disabled
PEAP Auth................... Disabled
Server Key Auto Generated... No
Server Key.................. <hidden>
Authority ID................ 436973636f0000000000000000000000
Authority Info.............. Cisco A_ID
PAC Timeout................. 0
Multicast on Overridden interface config: Disabled
DHCP Broadcast Overridden interface config: Disabled
Number of User's in Group: 0
Vlan :........................................... 203
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 205
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 204
--More-- or (q)uit
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 206
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 207
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 208
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 209
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 210
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 211
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 212
Ingress ACL :................................... None
Egress ACL :.................................... None
--More-- or (q)uit
Vlan :........................................... 216
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 217
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 218
Ingress ACL :................................... None
Egress ACL :.................................... None
Group-Specific FlexConnect Wlan-Vlan Mapping:
WLAN ID Vlan ID
WLAN ID SSID Central-Dhcp Dns-Override Nat-Pat
(Cisco Controller) >
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 6
WLAN ID WLAN Profile Name / SSID Status Interface Name PMIPv6 Mobility
1 FRACTAL-EMP-MUMBAI / FRACTAL Enabled group for mumbai none
2 FRACTAL-GUEST / FRACTAL-GUEST Enabled guest wifi none
3 FRACTAL-EMP-GURGAON / FRACTAL-GURGAON Enabled gurgaon-interface none
4 GURGAON-GUEST / FRACTAL-GUEST-GURGAON Enabled gurgaon-guest none
5 RAHEJA-EMP-WIRELESS / FRACTAL-R Enabled raheja-interface none
6 TEST-SSID / TEST-SSID Enabled test none
hope this will give you proper understanding. -
WLC 5508 with version 7.0.98.0 and AIR-LAP1242ag
hi, recently i have deployed wlc 5508 with ap 1262. initially i had trouble with the existing version on the wlc (6..0.199.0) which AIR-LAP1262N-E-K9 was not registering with wlc. i have upgraded the wlc to 6.0.199.4 ver still it was not registering. finally i have upgraded to 7.0.98.0 and all the 40 AP's ( AIR-LAP1262N-E-K9 ) are addedd and its working fine.
Now my issue is, at the same site i have 12 nos of AIR-LAP1242ag autnomous AP's which i need to convert to lightweight ap and register with wlc. where i am stuck currently. after loading the recovery image (c1240-rcvk9w8-tar.123-7.JX9.tar) the ap reboots and can see it register with wlc within seconds contollers pushed the new image and once the ap reboots, never register again.
does anyone has any idea?After adding the country codes GB and RU.. in my test setup 1242 is registered...i will have it run for couple hours and see the result
ref: below
(Cisco Controller) >show ap uptime
Number of APs.................................... 2
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Ethernet MAC AP Up Time Association Up Time
AP1cdf.0f66.79ca 1c:df:0f:66:79:ca 0 days, 00 h 43 m 35 s 0 days, 00 h 42 m 36 s
AP001e.be27.a7e6 00:1e:be:27:a7:e6 0 days, 00 h 16 m 56 s 0 days, 00 h 07 m 15
This issue sorted...thanks -
Hi Guys.
we are trying to configure WLC 2112 with LAP 1042 but getting following erros on LAP1042.
It show the Ap is not supported in controller version 6.0.199.4
*Jan 5 16:52:13.397: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.2.101 peer_port: 5246
*Jan 5 16:52:13.398: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.2.101
*Jan 5 16:52:13.399: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Jan 5 16:52:13.410: %CAPWAP-3-ERRORLOG: This AP is not supported in controller version 6.0.199.4
*Jan 5 16:52:13.495: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Jan 5 16:52:13.496: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.2.101:5246
*Jan 5 16:52:13.497: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jan 5 16:52:13.498: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jan 5 16:52:19.552: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.
*Jan 5 16:52:29.551: %CAPWAP-3-ERRORLOG: Go join a capwap controller
WLC 2112 software version 6.0.199.4
LAP 1042 image version 7.0.94.21
If any one can help me out then it wolud be great.
Thanks in advance for all.You should upgrade your controller to 7.0.116.0 or 7.0.220.0
Sent from Cisco Technical Support iPhone App -
ISE 1.2 / WLC 5508 EAP-TLS expired certificate error, but wireless still working
Hi I have a customer that we've deployed ISE 1.2 and WLC 5508s at. Customer is using EAP-TLS with and everything appears to setup properly. Users are able to login to the network and authenticate, however, frequently, I'm getting the following error in ISE authentication logs:
12516 EAP-TLS failed SSL/TLS handshake because of an expired certificate in the client certificates chain
OpenSSL messages are:
SSL alert: code=Ox22D=557 : source=local ; type=fatal : message="X509
certificate ex pi red"'
4 727850450.3616:error.140890B2: SS L
rOYbne s: SSL 3_ G ET _CL IE NT _CE RT IF ICAT E:no ce rtific ate
relurned: s3_ srvr.c: 272 0
I'm not sure if this is cosmetic or if this is something that I should be tracking down. System isn't in full production yet, but every client seems to be working and there is no expired cert in the chain. Any ideas what to check?Hello Dino,
thanks very much for your reply.
The client uses a machine-certificate, the PKI is not a microsoft one, but a third party PKI. The certificate is fresh and valid, the root-cert is installed and checked to be validated against it for the login.
Clock is correct too. The same setup works flawlessly in Windows 7 and XP.
EKU is set on the certificate (1.3.6.1.5.5.7.3.2)
I suspect the cert-setup itself, but don't get a clue where this might stuck...
Björn -
WLC 5508 with 7.4.100.0 software
Hi All,
One of my client has a wireless setup with WLC 5508 and 1142N APs. It was running with a good coverage for access points when WLC was running with 7.0 software version. Last week I upgraded the software to latest 7.4.100.0 version. After that the coverage of APs are very low.
Can someone help me regarding this issue.
Thanks
SadiqI didn't have coverage issues per say, but my 1142 APs kept disassociating randomly
TAC suggested running these commands. Which has stopped the APs leaving the building.
> config 802.11a disable network
> config 802.11a 11nSupport a-mpdu tx priority all disable
> config 802.11a 11nSupport a-mpdu tx scheduler disable
> config 802.11a enable network
> config 802.11b disable network
> config 802.11b 11nSupport a-mpdu tx priority all disable
> config 802.11b 11nSupport a-mpdu tx scheduler disable
> config 802.11b enable network
Aggregation is the process of grouping packet data frames together rather than transmitting them separately. Two aggregation methods are available: Aggregated MAC Protocol Data Unit (A-MPDU) and Aggregated MAC Service Data Unit (A-MSDU). A-MPDU is performed in the software whereas A-MSDU is performed in the hardware.
Disables the 802.11n-5 GHz A-MPDU transmit aggregation scheduler. -
WLC 5508 with AD, NPS but without GPO, how?
Hi,
I didn't found anything related to what I'm trying to do so I though I would create a new discussion...
I would like to setup a new WLAN and to be able to connect, a user will have to enter his username/password that will be confirmed using NPS and Active Directory. The problem is, I don't want to use a GPO, I would like to only verify if the user is a member of a AD group, let's say "wlan_access".
I don't want to install anything ( certificate, GPO, creating a WLAN configuration ) on the user's PC/laptop, only AD validation using NPS as a Radius server.
If a user is part of that AD group, after he enter his credential he will have access to that WLAN.
Is it possible to setup that? How should I configured the WLAN in my WLC 5508 ( running 7.2.110.0 )? How should I configure NPS ( Windows 2008 R2 Enterprise )?
Thanks a lot for your help and answers.
GuillaumeHi guys,
With the info Stephen Rodriguez gave, it looks like I won't be able to do what we want without doing config on the user's devices ( laptop, ipad, etc.. ).
@Joseph Vasanth Louis Yes the message is from the event viewer of the NPS server. In the connection request policies, there's not much config, I let the option "Authentication Methods" in the tab Settings uncheck, so it won't override the settings in the Network Policies.
I though it was possible to have authentication using NPS and Active Directoy without installing anything on the user's devices and still having a secured wireless network ( not like a hotspot ).
The solution I think is the most workable is with the PEAP or PSK, with a certificate but even that...the user will have to create the WLAN profil on his laptop, so I'm not sure we want to go that way. I'll check for the PSK option, to see if the "Web Authentication" could be done using NPS.
Thanks guys for all your time and help. I'll continue my tests and keep you posted. -
Emergency Version for WLC 5508 with 6.0.188
The release notes for 6.0.188 talks abt 5.2.157.0 ER.aes. But 5508 does not like the file AIR-WLC4400-K9-5-2-157-0-ER.aes.
How can I get the boot loader on WLC 5508?
On WLC 5508...
Product Version.................................. 6.0.188.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
On WLC 4404
Product Version.................................. 6.0.188.0
RTOS Version..................................... 6.0.188.0
Bootloader Version............................... 4.2.205.0
Emergency Image Version.......................... N/A ----------> Even though I installed 5-2-157-0-ER.aes it does not show here... Bug???Ok. In the release notes of 6.0.188 they should have seperated for 5508.
On WLC 4404
Product Version.................................. 6.0.188.0
RTOS Version..................................... 6.0.188.0
Bootloader Version............................... 4.2.205.0
Emergency Image Version.......................... N/A
When u say "The n/a issue is a bug but its with the primary image, not the ER image"
Do you mean that because my primary image is 6.0.188 which has bug to not take or show the ER image? -
Hello
i need your help
i want to configure Cisco WLC 5508 whith 03 vlans, 3750 as core swich
- management Vlan
- local-user vlan
- Guest Vlan
i want to know all steps or config to do on WLC
thxHi,
Just check this.
It may help u.
Wireless LAN Controller and Lightweight Access Point Basic Configuration Example
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/69719-wlc-lwap-config.html
http://rscciew.wordpress.com/2014/01/22/configure-dynamic-interface-on-wlc/
Webauth for guest users:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html
http://rscciew.wordpress.com/2014/06/19/wlc-webauth-configuration/
Regards -
Problems with LAP-1142n booting
Hi,
I recently installed about 40 LAP-1142n access points fresh out of the box in a new elementary school. All but 5 of the AP's were able to join the controller and were set to function in H-Reap mode. The AP's that didn't join seem to be stuck in the boot process and the LED is coontinuously blinking green. I can leave them in that state all night and the next day it's still blinking green. Powering it down and bringing it back up has no effect.
All AP's are connected to C3750X POE switches and the switchports are all trunked and have the native vlan set, so all 40 have identical settings. Is it possible that I have 5 that are bad out of the box or is there something that I can do to fix this problem? Has anyone seen this before?
Thanks for any help you may be able to give me.Have the cable vendor check wiring scheme and repunch down the cables at each end.
No need. The APs are connected to 3750X. To verify if you have a potential cable defect one has to run the 3750X's built-in TDR test. Works like a charm (much to the annoyance of the cable people!). -
WLC 5508 / 2602e LAP / Dropped Connections
We are starting to experience some dropped connections while utilizing a 5508 WLC (SW: 7.4.100.0) with 2602e LAP's. The connections seem to drop for 1-2 seconds and then reconnect on their own. Machines and cards are varied. Any thoughts?
Just adding to Leo, and Rasika..
Just check these features
The User Idle Timeout: When a user is idle without any communication with the LAP for the amount of time set as User Idle Timeout, the client is deauthenticated by the WLC. The client has to reauthenticate and reassociate to the WLC. It is used in situations where a client can drop out from its associated LAP without notifying the LAP.
The Session Timeout is the maximum time for a client session with the WLC. After this time, WLC de-authenticates the client, and the client goes through the whole authentication (re-authentication) process again.
This parameter can be accessed from the WLANs > Edit menu.
Hope it helps.
Regards -
Unable to add SNMP server in WLC 5508 with 7.4.110
hi
I am trying to add 0.0.0.0/0 as SNMP address and netmask and i am getting an error saying the netmask is invalid.
is there a different way to set this?Hi Roy,
This is strange.
I do not have a test WLC with this code to test, but command syntax is correct. I have verified it on my test controller in 7.0.116.0 & it is happy to accept it. Even 7.4 config guides does not show any other command syntax for this.
http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_0111.html
One good thing is, this is the default setting once you create a snmp-community. It should have 0.0.0.0/0 as subnet/net mask & you do not require any changes for the default config.
"show snmpcommunity" output should show the config values for your SNMP community.
If you are trying to change it from configured subnet to default value, then as a work around you can re-create the snmp commnuity from fresh (delete & recreate)
If you have Cisco TAC assistance then log a case with them to see why this command is not accepting in your code of WLC
HTH
Rasika
**** Pls rate all useful responses ****
Maybe you are looking for
-
hi friends, I have a report creating a test file. I am also writing the text file. Below is the code and I am successfully getting it. LOOP AT it_outfile. write : / it_outfile. ENDLOOP. the results in th
-
Hi experts , When I try to create a Blanket PO with A/c assignment category U / Item category B & enter all reqd. details , I get stuck at following error message Indicator for Invoice receipt used not allowed How to get rid of this as I need to post
-
Is there a time limit for how long a free form can be used/accessed?
Is there a time limit for how long a free form that is created can be used/accessed, or is it soely dependent upon when the 50 respondent max has been reached? I am creating a form now, that will likely be distributed in early January, and I want it
-
How do you work around code not functioning in loaded SWFs on iOS.
Hi, I came across a post that suggested that in iOS, code does not function in loaded SWFs and a quick test demonstarted that this was true. I'm just wondering if anyone has come up with a workaround for this. I'd appreciate any insight you can give
-
I've never used this API before, so excuse my ignorance. I have a web application that I have been using a properties file to store base app info, such as the backend database, the url for the ldap, etc. This has been working fine, but after reading