WLC 8500 and converged wireless

Similar Messages

• Best practices for network design on WLC 2504 and 5508

  Dear all:
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Maximum amount of AP per port
  The scenario when to use all ports in both WLC
  Maximum number of clients(users) per port
  Bandwidth comsumption of  management vs data in order to assign one port for management
  I've just found this:
  Cisco 5508 controllers have eight Gigabit Ethernet distribution system ports, through which the controller can manage multiple access points. The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller. Cisco 5508 controllers have no restrictions on the number of access points per port. However, Cisco recommends using link aggregation (LAG) or configuring dynamic AP-manager interfaces on each Gigabit Ethernet port to automatically balance the load. If more than 100 access points are connected to the 5500 series controller, make sure that more than one gigabit Ethernet interface is connected to the upstream switch.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/6-0/configuration/guide/Controller60CG/c60mint.html
  Thanks for your help.

  The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller.
  This is an old document.  5508 can now support up to 500 APs if you run firmware 7.X.  2504 can support up to 75 APs if you run firmware 7.4.X.
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Best practice and recommendation is to LAG all ports so you will be able to form a link redundancy.  If one link goes down, you have other link to push traffic. 

• WLC 8500 SSO HA not working

  Hi there,
  We're running AireOS 8.0 in a  WLC 8500 series and we're getting problems trying to enable HA scenario. These are the scenarios we have tested:
  management interface tagged + switchport trunk tagged + HA tagged + switchport trunk tagged = SSO not working
  management interface tagged + switchport trunk tagged + HA tagged + switchport access = SSO not working
  management interface untagged + switchport trunk native vlan + HA untagged + switchport access = SSO not working
  No scenario is working and in cases 1 and 2 we are lossing the associated APs and we only recover them in case 3.
  In parallel, after enabling tagged interface in management, the "show ip arp" of the switch shows the IP through the HA interface and the ping is lost outwards WLC and inwards.
  Any suggestion?
  Regards.

  Try to delete the config on  switch and try this.
  Switch config :
  interface range <>
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport trunk allowed vlan X,Y,Z
  Channel-group <> mode on
  Still not working then check if WLC is reachable via ssh or telnet!
  if you have access via ash or telnet then reboot WLC by using "reset system" command .
  hope it helps.
  Regards
  Dont forget to rate helpful posts

• WLC 5508 and remote site (DMVPN) Access Points

  Hi All,
  We just purchased a WLC 5508 and would like to know if it will control remote VPN site Access Points.  Here are the details:
  The 5508 will live at our home office.  We have multiple remote sites that are connected via Cisco's DMVPN.  Each site has one Cisco 1131 Access Point hanging off of either a Cisco 1841 or a 2811 that is using DMVPN back to the home office 2811.  Can the 5508 manage the remote Access Points?
  Thanks for your help guys!

  Are you are talking about OfficeExtend?
  Cisco OfficeExtend
  https://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns430/solution_overview_c22-523307_ns348_Networking_Solution_Solution_Overview.html
  OfficeExtend supports 1130 & 1140 as long as you have the Wireless PLUS (WPLUS) Software.
  OfficeExtend Access Point
  http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0apcfg.html#wp1069890

• WLC 5508 and LAP1310 - Not syncing up!

  As the title states I have a WLC 5508 and a LAP1310 that will not sync up.
  The error stated in the traps log is "AP with MAC (xxxx.xxxx.xxxx.xxxx) is unknown."
  WLC software release is : 7.2.103.0
  IOS on the AP is : 12.4(18a)JA2
  Upon some investigation I found that the "AP with MAC is unknown" error usually points to one of two things:
  A.  WLC firmware needs to be updated
  B.  AP needs to be updated.
  C. The AP is not compatible with the WLC.
  I am leaning toward solution C and I am looking for a conformation or a correction, if anyone could help out that would be greatly appreciated!
  I've tried reading the compatibility matrix released by Cisco, but I found it mildly confusing as to what is and isn't supported by each software release.
  Sources - http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml#lap1250
  Problem 11: 1250 LAP Not Able to Join WLC
  The setup consists of a 2106 WLC that runs version 4.1.185.0. A Cisco 1250 AP is not able to join the controller.
  The log on the WLC shows this:
  Mon Jun 2 21:19:37 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Mon Jun 2 21:19:37 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x 
  Mon Jun 2 21:19:26 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
  Mon Jun 2 21:19:20 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Mon Jun 2 21:19:20 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x 
  Mon Jun 2 21:19:09 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
  Mon Jun 2 21:19:03 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
  Solution: This is because the Cisco 1250 series LAP is not supported on version 4.1. The Cisco Aironet 1250 Series AP is supported from controller versions 4.2.61 and later. In order to fix this issue, upgrade the controller software to 4.2.61.0 or later.
  Problem 16: 1000 series LAPs not able to join the Wireless LAN controller, WLC runs version 5.0
  This is because WLC software release 5.0.148.0 or later is not compatible with Cisco Aironet 1000 series APs. If you have a Cisco 1000 series LAP in a network, which runs WLC versions 5.0.48.0, the 1000 series LAP does not join the controller and you see this trap message on the WLC.
  "AP with MAC xx:xx:xx:xx:xx:xx is unkown"

  videoaudiojack
  What version of Premiere Elements are you using and on what computer operating system is it running?
  What are the properties of this .mp4 video import (video and audio compressions, frame size, frame rate, interlaced or progressive, pixel aspect ratio)?
  If you have any information about the video bitrate and audio bitrate of the file, that would be good to know.
  What is the audio - stereo 2 channel or 5.1 channel?
  What are you (manually) or the project automatically setting as the project preset to match the properties of your source video?
  Let us start here and then decide what next.
  Thank you.
  ATR

• Anchor mobility between WLC 5508 and Aruba/Clearpass

  Hello. I have a question regarding the abiltiy to configure anchor mobility between a 5508 WLC and an Aruba controller. To date, my understanding is it has never been possible and I have never found any documentation that says it can be done.
  Scenario: My organization and a partner organization co-own a hospital. We coexist on a large campus, with each org having a number of buildings that the owning org maintains the network presence in. We also maintain back-to-back firewalls between us and do not hand-off any direct layer 2 interfaces to each other. However, the two orgs do partner to provide each others business SSID's in each other's WiFi networks using anchor mobility. Our current solution utilizes an A/M tunnel between my org's 5508 controllers and the partner orgs 2504 controller and we explicitly permit the tunnel traffic between partner controllers for A/M to work. Last year, the partner org retired some old WiSM's and changed their wireless solution to Aruba and recently implemented Clearpass. In order to maintain A/M with us they left a 4404 operational, but due to the newer code we were running they were forced to purchase a 2504. So now they are only maintaining a limited footprint in their network with a few Cisco AP's and the rest of their coverage areas use Aruba AP's and they have indicated that they want to completely retire their Cisco WLC's. Because we host some of their SSID's on our controllers and can tunnel them to their 2504, they get all of their WiFi traffic coming from our network, however my org can only connect to our SSIDs on their campus in certain areas.
  The solution I have been asked to provide is to find a way to continue providing some sort of anchor mobility services between our WLC's and their Aruba controllers. My org maintains that we do not want to simply hand them a layer 2 interface for security reasons, but they want our SSIDs to be available in all areas of the partner org's campus and vice versa. So far I have stalled the partner org's plans to retire their WLC's by telling them that retiring their WLC's will completely break WiFi between orgs, but they are adamant that some sort of A/M solution must be found.
  Is there any way to do some sort of A/M between a WLC and Aruba controller and if so, is there any documentation showing configuration examples etc?
  Thanks,
  John

  Hi John,
  I do not think it will work. Even if it get working somehow, it will be operation nightmare to troubleshoot & fix a issue since both vendor will say it is NOT supported solution.
  What about if you ask them to advertise your SSID (assuming it is dot1x) on their APs as another SSID on their network, but pointing it to your RADIUS & DHCP for IP connectivity (you do not have layer 2 requiremnt for this & can do this as long as you have L3 communication between each other)
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Integration between WLC 5508 and Microsoft NPS 2008

  Hi guys,
  Any of you, have working guidance for WLC 5508 and Microsoft NPS 2008 integration?
  I managed to configure Wireless 802.1x feature (PEAP) but it failed. I'm running software ver. 7.0.116.0.
  Is there any bug related 802.1x on this software version?
  thanks in advance.
  BR
  shendy

  Hi Shendy,
  I am not aware about any bug related to this. I think you better check all configuration and make sure it is fine.
  Logs from NPS and WLC (and possibly from the supplicant) may guide you where the problem resides.
  What does the NPS logs tell about the reason of the authentication failure?
  What does the WLC logs say about the failure (check show msglog and show traplog).
  - Make sure the Radius server added correctly with correct IP and correct shared secret on WLC.
  - Make sure that the radius is configured correctly to allow PEAP-MSCHAPv2.
  - Make sure WLC is added successfully to WLC with correct IP address and correct shared secret.
  - Make sure the clients are correctly configured and the server's (NPS) certificate is trusted on the clients.
  HTH
  Amjad

• Cisco WLC 2504 and ways to authenticate users

  Hi All,
       What is the ways to make user authenticate to WLC 2504 and what is the best and simple way and what is the differences btw each method _i mean for example need radius server or something else to be exist_ ?
       and any one can give me case study for this issue
  System consist of Cisco 2504 and Cisco LAP 1140
  Thanks

  To implement radius based authentication is the best practice for the small & enterprise environment.
  Information About RADIUS
  Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides centralized security for users attempting to gain management access to a network. It serves as a backend database similar to local and TACACS+ and provides authentication and accounting services:
  •Authentication—The process of verifying users when they attempt to log into the controller.
  Users must enter a valid username and password in order for the controller to authenticate users to the RADIUS server. If multiple databases are configured, you can specify the sequence in which the backend database must be tired.
  •Accounting—The process of recording user actions and changes.
  Whenever a user successfully executes an action, the RADIUS accounting server logs the changed attributes, the user ID of the person who made the change, the remote host where the user is logged in, the date and time when the command was executed, the authorization level of the user, and a description of the action performed and the values provided. If the RADIUS accounting server becomes unreachable, users are able to continue their sessions uninterrupted.
  RADIUS uses User Datagram Protocol (UDP) for its transport. It maintains a database and listens on UDP port 1812 for incoming authentication requests and UDP port 1813 for incoming accounting requests. The controller, which requires access control, acts as the client and requests AAA services from the server. The traffic between the controller and the server is encrypted by an algorithm defined in the protocol and a shared secret key configured on both devices.
  You can configure multiple RADIUS accounting and authentication servers.For example, you may want to have one central RADIUS authentication server but several RADIUS accounting servers in different regions. If you configure multiple servers of the same type and the first one fails or becomes unreachable, the controller automatically tries the second one, then the third one if necessary, and so on. 
  For more Information : http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_security_sol.html#wp2149947

• WLC 4400 and multiple authentication servers e.g. RADIUS, ACS

  WLC 4400 and multiple authentication servers e.g. RADIUS, ACS
  Can the WCL 4400 be set up to use multiple RADIUS servers? The user accounts for accessing wireless would use a RADIUS server. The administrative accounts for the WLC would reside on an ACS server.

  Yes, that is correct. You can set acs to use both radius and tacacs.
  For this you need to add WLC twice in acs-->network configuration. But you need to keep host name different.
  eg 1) Host name WLC --->IP x.x.x.x -->Auth using -->radius
  2) Host name WLC1--->IP x.x.x.x --->Auth using -->Tacacs.
  You need to set up tacacs commands on WLC along with radius commands.
  Regards,
  ~JG
  Please rate helpful posts

• WLC 2106 and Linksys Bridge WET610N works with 7.0.116.0 release?

  Hi all,
  i'm having troubles with WLC 2106 controller and several wireless bridges, so i'd like to know if i can fix it in some way.
  My environment is as follows:
  1 WLC 2106 with 2 Aironet 1240G
  I have a production appliance that needs an ethernet port to work, so i bought a Linksys Bridge WET610N to make it works via wireless.
  The Linksys bridge connects to the 1240G as a client and works well, but the appliance connected to the ethernet port of the bridge is unreachable.
  Searching for the problem, i found that the wlc act as a proxy arp for the wireless clients and being the ethernet appliance a "passive" client, the controller isn't aware of it.
  My WLC is running the 7.0.98.0 firmware. In the release notes for the 7.0.116.0, in the "Non-Cisco WGB Support" seems to state that now also non cisco bridges can work using the passive client feature. I've already enabled it on my controller but this didn't solve my problem.
  Can anyone tell me if the upgrade to the 7.0.116.0 can fix it?
  Thanks in advance
  Riccardo Coppola

  I'm not sure what (cheap) devices can do the wgb feature that is inter-brand compatible.
  The thing is that the WLC enforces the rule "1 wireless client = 1 client". Meaning you can't bridge multiple clients behind a wireless clients, that just screws up roaming mechanisms etc ...
  Cisco WGBs have the IAPP protocol to tell the WLC "listen, I'm a WGB wireless client and those are the wired clients connected to me, allow them on the network".
  What does "universal WGB" feature does is that the WGB forwards the traffic of the client (only 1 client supported in this case !) to the infrastructure AP but the WGB never sends anything with its own mac address. It uses the client mac address as source.
  This means that the WLC has no way of knowing that there is more than 1 device. It just thinks that your wired client is a wireless client.
  So it's more than mac cloning since the WgB has to be the one authenticating to the infrastructure (Wpa/wpa2 whatsoever) by spoofing the client mac. The WGB is still in charge of roaming decisions and so on and so on...
  I hope it clarifies the situation ?

• WLC 4400 and WLC 5500

  We have a site with a WLC 4400 and we would like to setup a Controller failover. The WLC 4400 is EOS/EOL and the replacement available is WLC 5508. Can someone advice me on how to configure these units in Primary /Secondary mode so that if any of the Controllers fail, the other one can take over?
  Thanks,

  Hi Akil,
  You are most welcome
  Yes, you can configure 4400's and 5500's in a redundant configuration, but both should be runningthe
  same code version. I believe the latest version that is compatible for both is 7.0.220.0. 
  this is the last version that supports the 4400 series.
  Here's a note that reflects the support;
  Note
  Controllers  do not have to be of the same model to be a member of a mobility group.  Mobility groups can be comprised of any combination of controller  platforms.
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mobil.html
  Cheers!
  Rob
  "Show a little faith, there's magic in the night" - Springsteen

• HP OfficeJet 8500 and Mobile Broadband

  Has anyone used OfficeJet Wireless 8500 and Mobile Broadband?  If so, what router did you use or would recommend.  Small Office, less than 15 feet in any direction.  Could not get a simple G router to work.  Thanks!

  Did a help desk ever ask you to check specific UDP or TCPIP ports in your firewall to ensure HP communication paths?
  They are not usually open in XPSP3 or W7SP1 even after you load the drivers or web mail.  In the updates they even state you must connect to update the device using USB even if you have LAN wired share with a static IP.
  I  have three W7 devices (OEM W7, refurbished W7 with updates from WXP (32 bit) and single license W7 on 64 bit hardware) and each of those have had rejections and failures on trying to load the print drivers and the solution center (version 14.0).

• Differences Between WLC 2000 and 4400 series

  Besides the supported number of access points, what are the differences in features between the WLC 2000 and 4400 series?

  On the 2006, you have 4 ports on the back, that can support up to 3 AP's being directly connected, and the other port as your connection to the network, and it does not support LAG (Link AGgregation). The ports are 10/100M, and it can not be an anchor for a mobility group.
  On the 4400, you either have a 4402 or a 4404,the 2 has 2 Gig interfaces, and the 4404 has 4 Gig interfaces, you can not connect AP's directly to a 4400. Both 4400's will support LAG, and they can be used as anchors in a mobility group. Those are the big differences in them. They configure up the same, and interact with the wired and wireless networks the same.

• WLC, WCS and WCS Navigator

  I would like to know what is the difference between the Wireless Lan Controller and the Wireless Controller System.
  Need I WLC if I want deploy WCS.
  Can I use WCS without Wireless LAN Controllers?.
  What is the diference between WCS and WCS Navigator?

  You don't need a WCS server however you will require WLC's to control your Wireless WAP's. The WCS allows you to add multiple WLC's into one view along with floor plans and floor layouts and alerts. Without a WCS server you would have to manually login to each WLC controller to see what the WAP's are doing. It really depends on how big your site is and how many WAP's you have to deploy after a site survey is done.

• How do i run an external monitor with my macbook and change settings so that when i close the lid the signal to the monitor is not lost and i can continue using the mac with a mouse and a wireless keyboard?

  How do i run an external monitor with my macbook and change settings so that when i close the lid the signal to the monitor is not lost and i can continue using the mac with a mouse and a wireless keyboard?

  No, nothing will prevent the computer from going to sleep when you close its display except third-party hacks that are designed to do exactly that. I strongly advise against using any of those, as they may interfere with successful entry into clamshell mode (and they carry other downside risks as well). Just wait until the computer is asleep (with its sleep light pulsing), then press any key on the keyboard. It sounds as though your setup is working as it's designed to do.