WLC unreachable
We have four WLC 5508, and a PI 2.2. We upgraded WLC one and two without any problems to 8.0.110, but when we upgraded WLC three it became unreachable in PI. Restart of PI and WLC did not fix it. I tried to remove the controller in PI but get the message: Error:Unknown Exception Occurred.
The configuration should be the same on all controllers. WLC three runs ok, it is just that I cant reach it from PI.
If I try to update credentials for WLC three in PI, i get the message: Error while updating SNMP/Telnet credentials
Any ideas??
PI is configured as trap reciever. I was using snmp v2, trying to change credentials to v3 in PI resulted in the same error: Error while updating SNMP/Telnet credentials
Trying to change snmp in controller configuration in PI resulted in the error:
Error:COMMON-1: Some unexpected internal error has occurred. If the problem persists please report to the Tech Support.
Error:Detail: errorId=8 Invalid credential name: DEVICE_PACKAGE_FINGERPRINT.
Similar Messages
-
I have a WLC2000 that was reporting in to WCS but as of 2 weeks ago WCS sees it as unreachable although it is up and connectivity exists between the two?? I was planning on deleting the WLC and attempting to add it back to WCS but am curious as to if anybody had issues with similar issues?
Nah, It's just a problem that Airespace had and subsequently Cisco inherited. The WCS receives updates from the controller databases on a regularly scheduled basis. For whatever reason, everytime we get a new code version, it takes the WCS a while to learn where the controller is and what changes have been made to its database entries. You can usually manually force this by doing a manual refresh of config from the controller in the WCS commands section. If that doesn't work, you have to reboot the controller and it will come back and you can re-add it to the list of controllers IF it still shows as unreachable.
-
WCS 7.0.164.0 - WLCs unreachable
Hi Guys,
For some reason overnight the WCS server can no longer reach the lan controllers.
They are on the same subnet and can ping both ways.
I tried deleting and re-adding but it still cannot find it.
I've tried rebooting everything and still doesnt work.
Anyone have ideas?audit-1] Configuration Sync for device 10.60.43.253 started.
04/15/11 01:00:00.410 INFO [monitor] [audit-2] Configuration Sync for device 10.60.43.254 started.
04/15/11 01:00:14.410 ERROR [communication] [audit-1] [10.60.43.253] Unable to reach the device: 10.60.43.253/161 using SNMP version v2
04/15/11 01:00:14.410 INFO [config] [audit-1] ConfigSyncHelper auditSwitchTree:+controllerObj.getDeviceIpAddress() com.cisco.server.common.errors.DeviceUnreachableException: MEDIATION-2,10.60.43.253/161
04/15/11 01:00:14.410 ERROR [communication] [audit-2] [10.60.43.254] Unable to reach the device: 10.60.43.254/161 using SNMP version v2
04/15/11 01:00:14.410 INFO [config] [audit-2] ConfigSyncHelper auditSwitchTree:+controllerObj.getDeviceIpAddress() com.cisco.server.common.errors.DeviceUnreachableException: MEDIATION-2,10.60.43.254/161
04/15/11 01:00:14.410 ERROR [general] [audit-1] THROW
So it looks like i'll focus on SNMP? -
WLC s/w v4.1 and TACACS unreachable
In,
Cisco WLC_Config Guide_Web & CLI_Release 4.1
it says,
"If the TACACS+ authorization server becomes unreachable or unable to authorize, users are unable to log into the controller."
Does this mean it does not support a fail-safe password like IOS does where the Enable password can be used to get into a router if TACACS+ is unreachable?Hi Mark,
No, the local database is always queried first.
Please read Chapter 5 and the section on configuring TACACS:
"You can specify the order of authentication when multiple databases are configured, click Security > Priority Order > Management User. The Priority Order > Management User page will appear."
It goes on further to explain:
For Authentication Priority, choose either Radius or TACACS+ to specify which server has priority over the other when the controller attempts to authenticate management users. By default, the local database is always queried first. If the username is not found, the controller switches to the TACACS+ server if configured for TACACS+ or to the RADIUS server if configured for Radius. The default setting is local and then Radius."
Hope this helps.
Paul -
Hello everybody
We have 2 5508 in HA SSO (212licenses + 50permanentfor the secondary)
it is not clear what is written in the documentations about the 90-day timer
– If the new WLC has a higher AP count than the previous, the 90-day counter is reset.
– If the new WLC has a lower AP count than the previous, the 90-day counter is not reset.
What about same ap count???
let's assume the primary goes down and the secondary becomes active...
the 90-day timer will start (as reported in the docs) and 212 licenses are inherited from primary unit
now for example after 90 days the secondary controller starts nagging messages and the netadmin notices it, he forces a failover to revert back to the primary controller as the primary has no issues (it was just a failover caused by temporary gateway unreachability)
so the primary becomes the new active with its original licenses
The question is :
what happens to the 90-day timer, does it get reset?
if a new failover occurrs will the ap join the backup controller?
is there any way to show the remaining days for inherited license?
Thank youThank you Scott
hope I did understand correctly...
after 90d you were not able to access the secondary unit anymore... i assume cli was locked too.. so no manual switchover via cli command... (just unplug?)
you did test a new switchover right?... was the wireless infrastructure still working with config synced with the primary unit?
then you did a factory reset... rebuilt the secondary unit and had again the 90-day timer not zeroed? (looks like the primary controller is totally unaware of how much time the standby controller was online as primary)
sorry for the many questions , cisco's documentation about this is really frustrating and I really can't understand why... if I did understand correctly I think this is a really bad behaviour (imho) at least the counter shoud be meant to stop when primary controller comes back online in standby hot state... reboots often happen cause of software failure and someone may never notice a switchover occurred until the timer is over... and we have no way to know how much time is left for the standby controller... -
WLC 4402 Multiple clients can connect to AP but only one gets an IP
I have a 4402 which is connected to a 4506 Switch int Gig 3/1 via a trunk port. The Managment and AP-manger interfaces are on vlan 6
interface GigabitEthernet3/1
description Trunk Port to WLC
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-6
switchport mode trunk
end
I have a 1142N AP also connected to the switch and it pulls a DHCP IP Address and configs etc and registers to the WLC. It too is on Vlan 6 and it is connected to the 4506 on int gig 4/33 which is an access port.
interface GigabitEthernet4/33
description Access port to Cisco LAP 1142
switchport access vlan 6
switchport mode access
end
My router is my dhcp server;
ip dhcp pool wlanmantraffic
network 10.6.0.0 255.255.255.0
default-router 10.6.0.1
dns-server 66.109.38.250 10.7.0.8
option 43 hex f104.3130.2e36.2e30.2e33
interface FastEthernet0/1.6
description Vlan6
encapsulation dot1Q 6
ip address 10.6.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
I am doing local authentication, so i have added users to the WLC
My problem is that the first client that connected was able to get an IP address and connect to anything internal and external.
I then connected another client on another laptop and that client could connect but not get an IP address, it just self assigned.
When i look at the clients i can see the MAC address of both Clients on the WLC, but doing a show mac address-table dynamic i only see the MAC of the client that works properly. The client that doesnt get an IP has no entry in the 4506 switch.
I am stumped, from what I understand, is that the 2nd clients traffic is being trunked to the WLC , hence it has the MAC address. But I dont know why its not getting a DHCP assigned IP address.
Thanks in advance for your help.Here is some of the WLC config,
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "4400 Series WLAN Controller:25 APs"
PID: AIR-WLC4402-25-K9, VID: V02, SN: FOCblankedbyme
Burned-in MAC Address............................ 00:07:0E:55:FA:C0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.235.3
RTOS Version..................................... 7.0.235.3
Bootloader Version............................... 7.0.235.3
Emergency Image Version.......................... 7.0.235.3
Build Type....................................... DATA + WPS
System Name...................................... CISCO-LWAPP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 10.6.0.3
System Up Time................................... 0 days 21 hrs 7 mins 20 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US a
nd Canada)
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
--More or (q)uit current module or to abort
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 3
Burned-in MAC Address............................ 00:07:0E:55:FA:C0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
AP Bundle Information
Primary AP Image Size
ap3g1 6672
ap801 5180
ap802 5220
c1100 3092
c1130 4960
c1140 4980
c1200 3360
c1240 4800
c1250 5500
c1310 3132
c1520 6400
c3201 4312
c602i 3712
Secondary AP Image Size
ap801 4952
c1100 3040
--More or (q)uit current module or to abort
c1130 4880
c1140 4492
c1200 3312
c1240 4712
c1250 5060
c1310 3080
c1520 5240
c3201 4260
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Strong Password Check Features:
case-check ...........Enabled
consecutive-check ....Enabled
default-check .......Enabled
username-check ......Enabled
Press Enter to continue or to abort
Network Information
RF-Network Name............................. RFMobile
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
--More or (q)uit current module or to abort
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
Apple Talk ................................. Disable
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Fast SSID Change ........................... Disabled
802.3 Bridging ............................. Disable
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link Mcast
Pr Type Stat Mode Mode Status Status Trap Appliance POE
1 Normal Forw Enable Auto 1000 Full Up Enable Enable N/A
2 Normal Forw Enable Auto 1000 Full Up Enable Enable N/A
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
NOSC-N-B1917-AP01 2 AIR-LAP1142N-A-K9 00:22:bd:1b:34:5a Route
23B 1 US 1
AP Tcp-Mss-Adjust Info
AP Name TCP State MSS Size
NOSC-N-B1917-AP01 disabled -
Press Enter to continue or to abort
AP Location
Total Number of AP Groups........................ 0
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control Radio Pol
icy
1 management Disabled None
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
NOSC-N-B1917-AP01 2 AIR-LAP1142N-A-K9 00:22:bd:1b:34:5a Route
23B 1 US 1
Press Enter to continue or to abort
AP Config
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... NOSC-N-B1917-AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:22:bd:1b:34:5a
IP Address Configuration......................... DHCP
IP Address....................................... 10.6.0.26
Gateway IP Addr.................................. 10.6.0.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Enabled
Cisco AP Location................................ Route 23B
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or to abort... Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.3
Boot Version ................................... 12.4.18.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1142N-A-K9
AP Image......................................... C1140-K9W8-M
IOS Version...................................... 12.4(23c)JA6
--More or (q)uit current module or to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX1337SA7D
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 6
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... CUSTOMIZED
AP User Name..................................... danielott
AP Dot1x User Mode............................... CUSTOMIZED
AP Dot1x User Name............................... danielott
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 19 h 22 m 53 s
AP LWAPP Up Time................................. 0 days, 01 h 08 m 46 s
Join Date and Time............................... Mon Nov 5 16:17:51 2012
Join Taken Time.................................. 0 days, 00 h 00 m 12 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211n-2.4
--More or (q)uit current module or to abort
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:27:0d:07:cb:e0
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
6000 Kilo Bits........................... SUPPORTED
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... SUPPORTED
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... SUPPORTED
36000 Kilo Bits.......................... SUPPORTED
--More or (q)uit current module or to abort
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
--More or (q)uit current module or to abort
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
TI Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... AUTOMATIC
Legacy Tx Beamforming ..................... DISABLED
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
A....................................... ENABLED
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
--More or (q)uit current module or to abort
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... NOSC-N-B1917-AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:22:bd:1b:34:5a
IP Address Configuration......................... DHCP
IP Address....................................... 10.6.0.26
Gateway IP Addr.................................. 10.6.0.1
--More or (q)uit current module or to abort
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Enabled
Cisco AP Location................................ Route 23B
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address...............Secondary Cisco Switch Name.......
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.3
Boot Version ................................... 12.4.18.0
Mini IOS Version ................................ 3.0.51.0
--More or (q)uit current module or to abort
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1142N-A-K9
AP Image......................................... C1140-K9W8-M
IOS Version...................................... 12.4(23c)JA6
Reset Button..................................... Enabled
AP Serial Number................................. FTX1337SA7D
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 6
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... CUSTOMIZED
AP User Name..................................... danielott
AP Dot1x User Mode............................... CUSTOMIZED
AP Dot1x User Name............................... danielott
--More or (q)uit current module or to abort
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 19 h 22 m 53 s
AP LWAPP Up Time................................. 0 days, 01 h 08 m 46 s
Join Date and Time............................... Mon Nov 5 16:17:51 2012
Join Taken Time.................................. 0 days, 00 h 00 m 12 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211n-5
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:27:0d:07:cb:e0
Operation Rate Set
--More or (q)uit current module or to abort
6000 Kilo Bits........................... MANDATORY
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
--More or (q)uit current module or to abort
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 21
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 17 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
--More or (q)uit current module or to abort
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 161
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161,165
TI Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... AUTOMATIC
Legacy Tx Beamforming ..................... DISABLED
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
A....................................... ENABLED
--More or (q)uit current module or to abort
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No -
ISE 1.1/WLC 7.2 Wireless MAB and Profiling
I am trying to set up wireless MAB with CWA so that when devices connect to the open guest network they are profiled and if they match a device type (iphone, android) they are allowed access to the internet without AUP or Authentication and all other device type (including unknown) is redirected to the guest portal for authentication. My configuration works when devices are correctly profiled, the issue is that it appears that the RADIUS probes are the only profiling components working on the guest side. Devices are being correctly profiled on the corp network segment. The key profiling components I need to get a match on iphone is DHCP and HTTP user agent. Without those all iphones are categorized as an apple device and not iphone. I suspect this is because they are matching the MAC OUI from the RADIUS probe and MAC filtering with NAC RADIUS on the WLC. The ISE is on a seperate LAN from the guest and right now I am only allowing DNS and 8443 through the ASA. I also believe DHCP profiling is not working because the guest DHCP is running on the WLC internal DHCP and is not forwarding requests to the ISE for inspection because it will not relay the request to 2 servers, it just uses a secondary if the primary is unreachable.
Can someone point me in the right direction? I believe my Authentication, Authorization, and Identity Source Sequence, etc configuration is correct, but can post additional details if necessary. My main issue is the profiling probes and getting them working correctly on the guest LAN.What we did to get around this was to adjust the profiler policy for Apple-Device to take network scan action when MAC:OUI contains Apple. So basically the device connects to the wireless network, MAC filtering on the WLC identifies the OUI to belong to Apple and initiates an NMAP scan that properly identifies the OS of the iDevice. This allows iPhones to connect and other Apple devices like iPads to be redirected to the login portal.
We can also make similar adjustments to Android and other devices that require profiling to properly identify the device type. In this case, allowing SmartPhones to connect directly to the internet and all other devices to be redirected to the portal.
Hope that helps. -
Deleted WLC from its folder under the Device work center of Cisco prime 1.2
I kindly need your help as regarding cisco prime infrastructure.
I added the wireless LAN controller to the prime. I later had to troubleshoot the WLC because the reachability status showed UNREACHABLE.
Due to my troubleshooting, I synched the WLC a couples of times and the collection status has been showing SYNCHING since then.
I also tried deleting the WLC from its folder under device work center and it deleted but it still reflects under the ALL folder.
Please would I have to wait for the SYNCHRONIZATION of the WLC to stop before I can completely delete it and re-add??
Also I noticed that after deploying ''Interface Health'' under Monitoring Configurations, the CPU and memory utilization did not reflect for the devices cisco
prime is managing.
What have I missed out?
Kindly help.Prime Infrastructure won't support those legacy models.
-
Hi all,
Recently I have replaced 2 4400 WLC by 5508 wlc's.
I have also replaced both 4400 in LMS by those new 5508. They have the same ip's, so I have removed the old 4400's from LMS and created 2 new devices.
When checking the device center, LMS tells me Data collection, User tracking, Inventory and Fault discovery has succeeded.
When I check the Reachability status in device center it is ok for ping, telnet, SSH, SNMPV2 read, SNMPV2 write. However I am not able to open the configuration through Config editor. He gives me the pop-up "CEDT0042: No latest configuration file exists for the device in Archive."
When I go and check the archive summary report, I can see for both devices the log below:
NMP: Failed to establish SNMP connection to x.x.x.x - Cause: Device is Unreachable. Check the ReadOnly community string. SNMP: Failed to establish SNMP connection to x.x.x.x - Cause: Device is Unreachable. Check the ReadOnly community string.
Any ideas,
Thanks,
JorisHello,
I think I have found the problem. WLC 5508 is not compatible with LMS 4.2.2.
I can find this in the release notes:
Cisco Unified Wireless Network Solution Components
The following components are part of the Cisco UWN Solution and are compatible in this release:
Note For more information on the compatibility of wireless software components across releases, see the Cisco Wireless Solutions Software Compatibility Matrix.
•Cisco IOS Release 15.2(2)JB
•Cisco Prime Infrastructure 1.3
•Mobility Services Engine (MSE) 7.4.100.0 software release and context-aware software
Apparently only Prime 1.3 can manage this device.
Joris -
Upgrade WLC HA pair 7.4.110.0 to 7.6.130.0
Hi
I'll be upgrading a HA pair of 5508's from 7.4.110.0 to 7.6.130.0. The documentation suggests that I just need to upgrade the active and this code is copied to the standby. Then simply reboot. After this verify that the active is not the standby HA WLC. Verify all AP's have rejoined and upgraded.
I also need to want to upgrade the FUS image after this.
Has anyone had any issues with upgrading HA pairs?
Or would it be better to break HA and upgrade each of them seperately then recreate the HA pair (not something I really want to have to do).
Any other suggestions\precautions to reduce the risk of issues?
I plan to create backups before and after.
I'll also use "show ap cdp nei all" to get a list of AP's and where they are connected to verify they all rejoin the WLC and upgrade.
Thanks in advanceThanks Leo,
But according to this document its not required break HA do the FUS upgrade?
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html#pgfId-43571
"The FUS image can be upgraded while the controllers have HA enabled. The secondary controller will get upgraded just like it does when upgrading the regular code. However, when you initiate the reboot on the primary controller both controllers will be unreachable until the FUS upgrade completes on both the active and the standby in the HA pair. This process will take around 30 to 40 minutes to complete just like in a non-HA FUS upgrade."
I have a maintainence window for the activity so having both down during the FUS upgrade is not an issue. My only concern is that if something goes wrong to both WLC's during the FUS upgrade I might have 2 dead WLC's and no backup plan !
Thanks -
WLC 5508 & Forefront Threat Management Gateway.
We are trying to implement a Guest wireless network on a new WLC 5508 which connects to the Internet via a Windows 2008R2 server running Forefront Threat Management Gateway beyond which there's a ASA and then the Internet. The Windows server also provides DHCP and DNS to the WLAN clients.
The problem we're having is that the TMG server will not return packets to a wireless client. We booth the wireless client, it picks up a DHCP address (from the TMG server), we open a browser and try and access the Internet, result; nothing. If we run Wireshark on the client we can see the DHCP request and response, we see the DNS request but no reply comes back. On the TMG server in the TMG live log we can see that it is dropping the packets to the client with the following error message:
A packet was dropped because its destination IP address is unreachable.
We've tried attaching a wired PC to the same VLAN and it can obtain an IP address from the TMG server, get DNS resolution from the TMG server and access the Internet so we know the problem must lie beteen the TMG server and the WLC 5508 but we can't determine whether it's something the WLC is doing which "masks" the client from the TMG server or something in the TMG server which is preventing it from communicating with the client.
If we open a browser on the client and enter http://1.1.1.1/login.html we get the login page and can authenticate (we have no DNS Host Name on the Virtual Interface, we've tried it with and without, no difference either way) but after that, nothing. We can see the client making repeated DNS requests and the return packets for each one are dropped by the TMG server with the message above.
Any advice would be much appreciated.
The WLC is running Software Version 7.3.112.0.We are trying to implement a Guest wireless network on a new WLC 5508 which connects to the Internet via a Windows 2008R2 server running Forefront Threat Management Gateway beyond which there's a ASA and then the Internet. The Windows server also provides DHCP and DNS to the WLAN clients.
The problem we're having is that the TMG server will not return packets to a wireless client. We booth the wireless client, it picks up a DHCP address (from the TMG server), we open a browser and try and access the Internet, result; nothing. If we run Wireshark on the client we can see the DHCP request and response, we see the DNS request but no reply comes back. On the TMG server in the TMG live log we can see that it is dropping the packets to the client with the following error message:
A packet was dropped because its destination IP address is unreachable.
We've tried attaching a wired PC to the same VLAN and it can obtain an IP address from the TMG server, get DNS resolution from the TMG server and access the Internet so we know the problem must lie beteen the TMG server and the WLC 5508 but we can't determine whether it's something the WLC is doing which "masks" the client from the TMG server or something in the TMG server which is preventing it from communicating with the client.
If we open a browser on the client and enter http://1.1.1.1/login.html we get the login page and can authenticate (we have no DNS Host Name on the Virtual Interface, we've tried it with and without, no difference either way) but after that, nothing. We can see the client making repeated DNS requests and the return packets for each one are dropped by the TMG server with the message above.
Any advice would be much appreciated.
The WLC is running Software Version 7.3.112.0. -
Wlc 5508 not responing even in console
Hi everyone,
We have a Cisco wlc 5508 (with 50 LAP) running perfectly until yesterday when the wlc suddently stopped working completly.
When we reboot the wlc, only ps1/ps2 led are on (alm led is off).
We tried to reset the wlc but the wlc is unreachable even with the console port or with the usb.
I would appreciate any kind of help on this.
Thanks in advance.No unfortunately not. But i have not had a single 5508 or 2504 that has been stable on 8.0.x (except for the ones i use i my lab).
I think it has something to do with webauth being enabled, but Im not quite sure.
It seems that under load (and this does not involve a lot of clients 100+), the WLCs starts to reboot constantly (2 to 4 hours between reboots). And then after a couple of days of this then the WLCs just die completely.
Some of my other colleagues (from other partners) have experienced the same problems.
The only bugID i have found with a description matching my problem (reboots, not controller dying completely) is : CSCus36055
My WLC looks like this when it is not responding to anything : https://www.dropbox.com/s/p1scxlcibl2kjkc/5508-NoBoot-NothingInConsole.mp4?dl=0 -
Hi folks,
I have a pair of wlc 5508, configured as a HA pair. I want to upgrade the FUS to ver 1.9.
Is it necessary to break the HA pair, and upgrade each wlc individually?Ref : http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html
>...
The FUS image can be upgraded while the controllers have HA enabled. The secondary controller will get upgraded just like it does when upgrading the regular code. However, when you initiate the reboot on the primary controller both controllers will be unreachable until the FUS upgrade completes on both the active and the standby in the HA pair. This process will take around 30 to 40 minutes to complete just like in a non-HA FUS upgrade.
M. -
Update WCS inventory with a replacement WLC
Hi,
We are running WCS Version 6.0.181.0 and had a 5508 WLC fail that was connected to this WCS. The WLC was replaced and is running the same config and Software Version 6.0.196.0.
In WCS the old controller shows up as unreachable which you would expect, but with the new WLC online it does not see it at all. Is there somewhere that I need to change the MAC address or something for WCS to accept the new WLC?
Thanks
TonyThanks for that, this worked OK for me. Should you not be able to just update/audit the new one if it is called the same and has the same IP address therefore allowing you to push out the master config from WCS?
Tony -
CANNOT ADD WLC 5508 HA MODE IN PRIME INFRASTRUCTURE 2
I have two 5508 7.5.102 in HA mode and i am trying to add theme in cisco prime infrastructure 2 but i am taking back unreachable. Controller can ping the prime. I adding the controller using the management ip address of controller. Have anyone meat thise issue ? I also have problem when adding switches in stack mode (WS-C2960S-48TD-L)
Hello!
Check, that the service-port of the wlc is not in the same subnet, as Prime ip address
Maybe you are looking for
-
I have never had trouble opening attachments in Yahoo mail only since updating Firefox. They open fine when using IE
-
I have a report that was developed in version 6i, I am presenting this report on the web, with a parameter form. Both fields on the parameter form have list of values associated with them. When I run the report, the fields display okay - with the dro
-
Use shared variables with FPGA device on Host PC
Hi all I am having a frustrating problem. I am trying to use shared variables linked to a cRIO 9012. The shared variables were created and then written to in a RT vi. is there any way I can assign locations to these not within a RT vi. I altimately n
-
First gen Macbook pro will not turn back on after grey screen of death
Hi, i have a first generation Macbook Pro. As i was browsing the web, my computer all the sudden froze and the "grey screen of death" appeared and shut of my computer. After, it tried to restart, but it wont get past the CD rom or hard drive noise i
-
The site is using a custom Wordpress theme. There are options to add different types of video for different browsers, and I've added webm for Firefox and MP4 for other browsers. The MP4 videos play great on all other browsers, but the webm doesn't se