Cisco :: 50APs / 4400 - Distribution Of APs On Both Ports Of WLC?
Mar 1, 2013
I have Wireless LAN Controller 4400 running. Currently all 50 APs are running at one port of WLC. I have studied on Cisco site, that its best to run 24 APs per port of WLC and total 48 in total. My all APs are running at one port. is there any issue if i run all 50APs on one port and is this any bottleneck?Also if i want to shift half APs to second port, What will be configuration for WLC?
We tried to distribute the softwer ( 12.4.23 ) via LMS 4.1 but we got the following message:Device is locked for exclusive access.The supported protocols for image transfer are: TFTP
SWIM1001: The input parameters to the Image Distribution/Image Import/Image Activate are invalid. You may have used incorrect Device Data for this task. Check the application log file for more details.
Device Upgrade Result : Failed End Time:Mon Mar 05 15:53:17 CET 2012
Earlier we used LMS 3.2 and it gave same messages,The hardver is cisco 2620XM and actually used IOS is c2600-advipservicesk9-mz.124-3.bin ,We need to upgrade large number of devices via LMS.
I'm currently unable to upgrade certain devices since Cisco Prime incorrect believes there is not enough room in the flash partition.For example.
Getting the following error messsage trying to upgrade some Cisco 871 routers: "Catastrophic - SWIM1200: Selected Flash partition requires minimum (28 MB) to upgrade selected software/image."The images are around 18 MB in size. Why does Cisco Prime thinks its 28 MB in size? Bug?
I opened a discussion a while ago and had some great feedback but I am still racking my brains to figure this out,I have 2 routers each with a dedicated connection to the same ISP. I am using MED to influence my advertisements to the provider,I have 2 core switches (6509) with multiple vlans, each vlan has an HSRP address of .10 shared by the switches
My routers and switches are using iBGP to communicate. Both routers connect to vlan 1 on the core switches,I want to influence my traffic from the vlans to go to specific routers, so that I utilize both routes at all times (when possible), ensuring symmetric routing at the same time.
I think I have the following options
- PBR, I'd set this on the routers fastethernet interfaces and match based an two different ACLs set the next hop as the ISP router 1 when matching ACL 1 set the next hop as the ISP router 2 when matching ACL 2 My concern is if I lose a link (say to ISP router 1), all traffic matched by ACL 1 is blackholed
- HSRP was suggested to me. configure 2 standby groups on the routers with different priorities allocate different HSRP addresses matching each vlan (to act as a core switch default gateway) My concern here is I'd need the routers HSRP virtual IP addresses as the BGP neighbors on the core switches?
I have Westell Ultraline series3 modem/router , the problem is i can only connect to the router/internet if i enter the IP address and DNS manually , which is not much of a problem except I have a vonage phone and can't type the ip address in it , so here's how the settings looks like , let me know what i should be changing
I have been able to get EIGRP working successfully in the lab like I want.
Attached is the network overview:
We have a Data Center and Corporate office connected via Point to Point Fiber link, eventually we will have two of theseTwo 4948E switches in the Data center acting as cores setup with GLBPCorporate Office has a 3750X acting as a coreCurrently two 4948E's are connected to each other via Port Channel and a L2 trunkTwo set of ASA 5520's one acting as a firewall and for Cisco Any Connect and second for site to site VPN What is the best way/pratice that I can distribute this DMZ via EIGRP? Should I just leave it static on the core like this?
in RME->Software Management-> Software Distribution -> By Devices [advanced], what is the file format we should have here, when we try to deploy many IOS images at once?
i am using Cisco ASA5510 Firewall on my network at the distrubution Layer . The Private IP Address is in the network for Users and PAT is use.I have a client who has configured the RDP on port2000. when the Users behind the Firewall in my Network tried RDP it does not work it shows configuring remote Desktop only. i am able to telnet the Client said server with port 2000 but unable RDP.Is any changes required on my firewall as a tesult the RDP works.
I am having a strange issue deploying universalk9-150-2.SE2 to our 2960S. All the switches are stand alones.LMS gives an error when asking to upgrade the image but the fact is that the new software wents through - if I manually reload the switch everything is fine.why is RME showing an error if the new image seems to have been deployed?
We currently support multiple companies' infrastructure on a single Prime Infrastructure 1.2 server. We are using lifecycle licenses. Is it possible to assign licenses to various Businesses? For example, can I upload 100 licenses for Company-X and 100 licenses for Company-Y and when adding devices into Prime, tell it which licenses pool to pull from? Could something like this be accomplished with virtual domains?
using the 55xx as a L3 Distribution switch or even as a Core. By enabling the L3 features does it allow you enabled L3 SVI's for VLAN interfaces or are there interfaces on the daughter card that are used for routing instead?
We are using CISCO Catalyst 6500 switches as collapsed core/distribution switches (2 layer architecture). I want to connect approximatly 10 application servers to the network. Can I connect the servers directly to the catalyst 6500 switches using WS-X6148E-GE-TX line cards? The other option is to use access switchs and then connect the servers to the catalyst 6500 through access switch(Catalyst 3750).
We have 4507 distribution switch in our network.I am trying to enable ssh in those switches but seems that ssh command is not supporting. IOS version - cat4500e-universal.SPA.03.03.00.SG.151-1.SG.bin
Imagine I am designing a small network with a C2900 router running OSPF and in the future BGP with service provider. Please see attached diagram.The router is connected to (2) C3750 Layer 3 distribution switches. Then one C3560 layer 2 switch to serve future IP phone users and desktops.
Question:
a)If I connect the router interface to the (2) 3750 switches, if I make the router interface fa0/0 and fa0/1 as a trunk to accomodate VLAN 200 and other future VLANs, don't I have a problem with overlapping networks between router interface fa0/0 and fa0/1?
b)Alternatively, I could make the Router1 fa0/0 and fa0/1 configured with IP addresses and advertised in OSPF. Then the SW1 fa0/24 and and SW2 fa0/24 I could make as 'no switchport and create a routed interface port' with IP addresses, also running OSPF. Question is, from a scalable design perspectie, would you create 2 management networks and use those when assigning the IP addresses for Router1 fa0/1 and fa0/2? Because again Router1 fa0/1 and fa0/2 obviously need to be placed on different networks to avoid overlapping. So my question is more about proper network planning design to make this scalable to accomodate future VLANs in the future.Using trunks between the Router1 and SW1 option:
Router1 int fa0/0 description connection to SW1 no ip add int fa0/0.200
I have been working on redesign of our network which was very challenging but almost there.We have a limited budget of around £20k(32k Dollor) Max. The cabling has been done before my time and it is very messy and cheap so you can not do a proper cisco hierarchical model at all.I can not have multiple links from each access layer switch to the core/distribution and as a result i had to connect some access switches together to introduces redundancy in a nutshell,we have two buildings, main building which has the server room in it and the other building which is just bunch of office. i have introduced a partial mesh on the normal building and have tried to introduce full mesh on the main building .
The two stacked Cisco 3750G Access switches on a particular floor in my coy just lost connectivity to the distribution Switch this morning. This meant that all Users connected to it couldnt connect to the Internet nor access local network resources.I couldn't ping the Switch IP, I couldn't also access the Switch via Console port. Each time I tried to gain access via the console port, I keep getting "Authentication Failed" message.What should I do next? How do I gain access to the Switch?
This is existing network diagram and find attached file for configuration of Router and L3 Switch:ISP provided 6 Mbps internet access link with ethernet Handoff which is terminated over Cisco 1841.ISP also provided pool of 30 Public ip's 125.63.74.33 /27 , range from 125.63.74.34 to 125.63.74.62.In my current setup, all Inside to ouside traffic going out through 125.63.74.34 public ip because this public-ip NAT overload with Router F0/1 interface.
1) I want to divide 6 Mbps link physically into three parts 2Mbps, 2Mbps, 2Mbps for three VLANs.
2) I want to also configure each vlan IN/OUT traffic with different Public ip. is it possible or not ?
Vlan2 = 172.25.162.0 /24 => Inside to outside / Outside to inside traffic through 125.63.74.40 Vlan3 = 172.25.163.0 /24 => Inside to outside / Outside to inside traffic through 125.63.74.41 Vlan4 = 172.25 164.0 /24 => Inside to outside / Outside to inside traffic through 125.63.74.42
How can i configure above desired setup with CBWFQ
I had a lot of questions when I began planning a pair of Nexus 7000 switches as a replacement for our 6500. How to publish my design and config. This is a medium sized network. I would have loved to see somone's configs for a similar implementation.
I have some questions in regards to network equipment I want re-utilize for my distribution layer in one of my buildings.The choices at the moment are:
OPTION 1.) 2x WS-3550-12G's (HSRP)
OPTION 2.) 1x WS-6509 with cards:
What option would be better from a performance aspect? We want to have network, voice, and wireless data go through this distribution layer switch(es).This is exisiting equipment I already have and can not buy anything else at the moment.
To setup SG300-20 as CORE switch and SF100-48 as Distribution switch.SG300-20 will have 2 VLAN(DATA and VOICE)
-192.168.14.1/24 DATA -172.168.0.1/24 VOICE
SF100-48 will also have 2 VLAN(DATA and VOICE)
-192.168.14.1/24 Desktop/Laptops -172.168.0.1/24 IP phones
Problem is when I tried to assign IP to any VLAN's the switch will just hang and loose my connection the light will stop blinking it will steady and i unable to access the switch until i turn off again?
We have an ASA 5505. 5505 comes with two default vlans 1&2 with each of them marked as inside & outside respectively.My query is , if i do not want to use vlans on 5505 and only want to use the Ethernet ports as pure physical layer 3 ports, is it possible?i.e. i want to assign a layer 3 ip address on eth0/0 and eth0/1 and make them as the inside & outside interfaces rather than vlans. is it possible to do away with vlans in 5505 & will it work otherwise?
Is there a way to associate spare firewall ports with another port that is being used..For example...int gi 0/2 is being used currently for my web dmz. Its ip is 192.168.10.1..Is there a way for me to associate gi 0/3 with the same layer 2 as gi 0/2 ?
In my webdmz I use 2 ACE 4710 proxys in FT mode. I used a layer 2 switch to connect firewall and proxys together.
I would like to eliminate this switch if possible..and connect both 4710's (layer 2) direct to firewall.If I could make gi0/2 - 4 part of the same vlan, then I would be good to go.
How many of the 881 switch interface ports can be used as router ports, have used the 877 etc where i can use 2 but need a low cost router that supports 3 for routing. (needs to be physical ports)
One of techs accidentally connected two access ports from different switches together. Since then, LMS is alerting them as being Link ports down. I tried to default the config and set them to access ports without any success. what I should do in LMS to recognize them as access ports?
I found [URL] that it's possible to create IPSec between WLC and MS IAS server. Is it possible to use ACS 5.2 instead of IAS and establish IPsec between WLC and ACS?
We have a Cisco 4400 series WLAN controller.When I go to the clients and view who is connected; I can also filter it. However it only lets me filter by mac address, ap, wlan profile, etc.
It does not have IP filtering. Is there a way to filter using IP? Basically I want to find a particular client with a certain IP that's connected to our WLAN.Also how do we block the client? If we deemed that person should not get access.
We have a single 4404 that was setup long before I arrived with Guest networks that timeout and other such tweaks. Is there a document somewhere that shows a way to migrate the old settings to a new 5508 that we are purchasing? By the time the 5508 arrives I will have a very small window to setup the unit before a new wing goes live. I need the new unit as we have reached our limit of licensed AP's on the old 4404. It seems like everyone keeps talking about an easy way but no one says how to do it.
I have never setup one of these units before from scratch so I don't know how long it will take.
I am configuring an old WLC4400 with V4.2.130.0. I added a new sub-interface for VLAN 50 with proper IP for the subnet and then add the Radius server(Windows server 2008 with NPS) onto WLC4400. I then created new WLAN with WPA+WPA2 Encryption and 802.1x key management and selected the Radius server under AAA for authentication.
Configured the test XP with WPA-Enterprise and PEAP as EAP method. I purposely configured computer to prompt for username and password.
When I try to connect, I did get prompt for username and password. However after that nothing happens. It seems like laptop just keep trying to authenticate.
I checked windows event log and do not see anything under NPS. I know this windows server NPS setup works as it is also the authentication server for our remotevpn.
is there any special option I need to turn on for WLC in order for Radius authentication work? Or is there any known bug with V4.2.130.