Cisco :: 5508 / 1142 / APs Won't Rejoin After Controller Outage

Sep 22, 2012

We recently had a power outage where most of our AP's were down as well as our controller.  When everything came back up most of the AP's didn't rejoin the controller without me resetting all of them.  It seems as if the AP's might have booted up before the controller was up, but shouldn't they just try to rejoin at a later time?  They didn't rejoin for 48+ hours on there own so I'm assuming that they were not ever going to re-join.  All I had to do to fix it was power them off and back on and everything worked.
 
DHCP is on the local switch where the AP's are powered from so that's not a problem, and they had connectivity to the controller the whole time.
 
5508, and 1142's.Software version 7.2.103.0 on the controller.

View 12 Replies


ADVERTISEMENT

Cisco Wireless :: WLC 5508 / Rejoin To Different Controller

Feb 10, 2013

I use WLC 5508 (ver 7.0.116.0) with aironet 1140. I need to connect my APs to different controller .After log in via ssh to AP i am trying to do:
 
capwap ap controller ip add x.x.x.x
reset
 
But after reload, AP is still joined to the old WLC. So another idea was to log to that WLC and put:
 
config ap primary-base WLC2 AP_NAME x.x.x.x
 
and after that:
 
config ap reset AP_NAME
 
But still nothing, it's joined to another controller although "show ap client config" shows that primary-base switch is x.x.x.x ?How can i force it to join to other controller?

View 3 Replies View Related

Cisco Wireless :: 1142 Aironet Won't Join Controller

Aug 6, 2012

When I check the AP join statistics I  see the following: Reason For Last Unsuccessful Attempt    RADIUS authorization is pending for the AP, I don't run a radius server and don't know how to get around this so that the device can join.

View 4 Replies View Related

Cisco Wireless :: 1142 - Network Not Seemed To Find Controller

Apr 18, 2012

I've noticed that I've had to prime a lot of the 1142 devices.  When attached to the network they not seem to find the controller.  The subnet has the scope option and I have other 1142s working but recent ap's seem to not work unless primed.

View 3 Replies View Related

Cisco Wireless :: 4404 Guest Anchor Controller With 5508 Foreign Controller?

Aug 12, 2012

I know that the 3600 series APs are not supported on the 4404 WLC.  However, would the following scenario be supported? I would like to use the 4404 (software rel. 7.0) as a guest anchor with a 5508 (software release 7.2) as the foreign controller supporting series 3600 APs.  I ask because the APs do not need to join the guest anchor.

View 7 Replies View Related

Cisco Wireless :: 5508 Foreign Controller And 4400 Anchor Controller?

Jun 2, 2013

We have a customer that have 2 5508 as primary and backup controller and a 4400 as an anchor controller.  We plan to upgrade the 5508 to 7.3.112.0 and the 4400 is already 7.0.116.0.  Will there be any issue if the anchor controller is not the same code as the foreign controller?  Do I also have to upgrade the acnhor controller to 7.0.240.0?

View 2 Replies View Related

Cisco Wireless :: 1142 AP Will Not Join Controller Through D-Link POE Switch

Apr 1, 2012

I'm trying to use 1142 APs with a 2504 Wireless Controller through a D-Link 48PT GBIT XSTACK SWITCH (DLI-DGS-3120-48PC/SI).At any rate, the 1142 AP joins with the wireless controller ONLY when I attach it directly to the controller.  When connected directly to the controller the AP functions normally and all is well. When I attach it through the D-Link switch, the AP flashs green several times, indicating that it can't find the controller.  I suspect that there's some setting on the D-Link switch that's preventing the AP from seeing the controller.

View 6 Replies View Related

Cisco Wireless :: 2504 Controller With 3 Aironet 1142 Access Points

Mar 16, 2013

I have installed/setup a cisco 2504 wireless controller and 3 aironet 1142 access points using the basic config on a windows sbs 2008 domain, the problem is that the clients that are connected to the 2504 aint getting the there ip addr from the AD but from the wireless controller, and there cant reach the clients on wifi from the clients that are connected to lan, is there anyway that i cant change this so that a client on lan can see the client on wlan and vice versa.

View 5 Replies View Related

Cisco Wireless :: Training On 2500 Series Controller And 1142 / 1040 AP

Apr 21, 2013

Looking for some training on the 2500 series controller and 1142 or 1040 AP's preferably.

View 10 Replies View Related

Cisco :: 5508 / 1142 - Machine Certificate Will Not Be Recognized

Dec 10, 2010

i have a Setup as Follows
 
- 5508/1142
- heterogenous Client with WZC, XP, SP3, SSO
- ACS 5.2, MS AD
 
Target is Songle Sign On wih Machine Cerificates against AD. For testing purpose we tested with EAP-PEAP/MS Chapv2 and Machine Auth, works fine. Now we installed a Machine cert in the Machine cert Store (no User Cert) and reconfigured the WZC for using certs and Machin Auth. What we see is an Error Message in the System Tray that there is no certificate available. We checked it again, the MMC shows us a Machine cert in the Store.

View 4 Replies View Related

Cisco Wireless :: WLC 5508 / SW 6.0.199.4 / 1142 AP / Clients Getting Dropped?

Apr 14, 2013

We have deployed a WLC 5508 w/ SW version 6.0.199.4, 1142 AP's & open authentication w/ MAC filtering. Clients are randomly getting dropped with "Limited Access" shown in Win 7. In this state, the client machine is unable to ping the gateway and sometimes lose their DHCP assigned IP as well. A manual disconnect/re-connect to the SSID is required everytime.I ran a debug on one the clients stuck in the "Limited Access" state (debug client xx:xx:xx:xx):
 
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Adding mobile on LWAPP AP 3c:ce:73:c5:1e:b0(0)
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station:  (callerId: 23) in 5 seconds
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 apfProcessProbeReq (apf_80211.c:4722) Changing state for mobile e0:91:53:60:1f:e4 on AP 3c:ce:73:c5:1e:b0 from Idle to Probe

[code]....

View 7 Replies View Related

Cisco Wireless :: WLC 5508 / 1142 - Range Coverage

Jul 26, 2012

We did wireless coverage testing using some 1142 units in autonomous mode, and got a satisfactory result, but upon converting these test units to Lightweight and adding them to our WLC5508 controller, the coverage has decreased noticeably. 

Any tips or tricks to getting lightweight 1142 APs to have a range as far as the same hardware with autonomous firmware?

View 3 Replies View Related

Cisco Wireless :: WLC 5508 AP 1142 - SSIDs Segregation

Dec 26, 2012

Doing segregation of SSIDs Base on AP , I have the following scenario:

Head Office :
2 SSIDs (HO_WiFi , Guest) ,  Access Points which are working in connected mode and grouped on the default ap group .

Remote site:
2 SSIDs (Branch_Wifi , Guest) , Access Points working in flex connected mode and locally switching the traffic .
 
As shown above , I will be having Head Office , and other 20 Remote Sites with Access Points working in Flex connected mode.  What is the best way to group AP and segregate SSID base on location.  Above Scenario are build base on WLC 5508 and AP 1142.

View 9 Replies View Related

Cisco Wireless :: 5508 / 1142 / Access Points Resetting?

Sep 2, 2010

Access points 1142 controller 5508 running code 6.0.196.0 When you set the access point port speed with "config ap duplex full speed 1000 all" the access points leave the controlle and do not rejoin. I have had to reset the the access points manually with a power down and hold the reset button.

View 13 Replies View Related

Cisco Wireless :: WLC 5508 / AP 1142 Rapidly Cycling Through Blue / Green And Red

Feb 19, 2013

After the upgrade of the WLC 5508 to version 7.4 the 1142 access-points LED blinking rapidly cycling through blue, green, and red. I found the following information to this behavior: "Access point location command invoked"
 
The configuration didn't change. How can I switch this function?

View 1 Replies View Related

Cisco Wireless :: 1142 / 5508 - User Switching Every Few Minutes Between 2.4ghz And 5ghz?

Aug 20, 2012

This  first started when a user said they were getting disconnected and  reconnected a few times a day to our wireless network.  He is in a  remote office with a 1142 which is set to H-Reap talking back to our  5508.  Our WLC is running 7.0.166 The laptop has an intel ulitmate 6300agn wireless card with the latest 15.x drivers.
 
We are using an SSID with wpa2 and 802.1x auth back to our ACS server using PEAP with our windows credentials.attached is what i am seeing on the wcs troubleshooting page.When i do a debug client on the WLC i see many reauthentications coming from the client on the different radio.
 
*apfMsConnTask_2: Aug 22 12:59:36.762: 00:24:d7:d1:16:6c Reassociation received from mobile on AP 0c:85:25:f3:7d:40
*apfMsConnTask_2:  Aug 22 12:59:36.762: 00:24:d7:d1:16:6c 10.24.8.108 RUN (20) Changing  ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller  apf_policy.c:1621)
*apfMsConnTask_2: Aug 22 12:59:36.762:  00:24:d7:d1:16:6c Applying site-specific IPv6 override for station  00:24:d7:d1:16:6c - vapId 512, site 'VH-GasWorks', interface  'management'
*apfMsConnTask_2: Aug 22 12:59:36.762:  00:24:d7:d1:16:6c Applying IPv6 Interface Policy for station  00:24:d7:d1:16:6c - vlan 2, interface id 0, interface 'management'
*apfMsConnTask_2:  Aug 22 12:59:36.762: 00:24:d7:d1:16:6c Applying site-specific override  for station 00:24:d7:d1:16:6c - vapId 512, site 'VH-GasWorks', interface  'management'
*apfMsConnTask_2: Aug 22 12:59:36.762:  00:24:d7:d1:16:6c 10.24.8.108 RUN (20) Changing ACL 'none' (ACL ID 255)  ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1621)
*apfMsConnTask_2: Aug 22 12:59:36.762: 00:24:d7:d1:16:6c STA - rates (8): 140 18 24 36 48 72 96 108 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Aug 22 12:59:36.762: 00:24:d7:d1:16:6c Processing RSN IE type 48, length 38 for mobile 00:24:d7:d1:16:6c

[code]....
 
Now this may be not be the issue thats causing our dropouts a couple times a day as this is happening every 5 mins.

View 12 Replies View Related

Cisco :: Use A 5508 WLC As Anchor Controller?

Apr 21, 2013

I want to use a 5508 as an anchor controller for a wireless guest deployment....but the client has internal 4402's controllers, with software version 7.0.235.0...is it possible tu mix these two controllers for a Wireless Guest Access Deployment??

View 3 Replies View Related

Cisco :: 5508 Controller & AES Encryption?

Oct 2, 2012

A wlan on my controller is configured for WPA2, AES encryption and a PSK.  A vendor will supply me with a wireless device for this wlan.  The vendor asks if we use AES 128 or AES 256.  I had always believed we use AES256 but I can't verify this.  How can I verify this to the vendor? 

View 1 Replies View Related

Cisco :: WCS Not Adding 5508 Controller

Mar 21, 2011

Seems that all solutions are null and void for us because we are not using SNMP v3 or H.
 
We are using SNMP v2, We have upgraded our WCS to latest version as well as the controllers. I have 6 controllers currently added although they are on WiSM blades.
 
We are unable to add the 5508 Controllers, we keep recieving this error -
 
No response from device, check SNMP communities, version or network for issues.
 
I have confirmed all connectivity is working, even with a debug on the controller you can see it sending SNMP packets to the WCS, although still same error.

View 8 Replies View Related

Cisco :: 5508 - SSH And HTTPS On Controller Interface?

Jan 9, 2013

I have a wireless controller 5508 and all my interfaces can be accessed via https or ssh from a wireless client. Management access from a wireless client is disabled so I don't understand why this is happening.

View 10 Replies View Related

Cisco :: Allowing Only Static IPs On 5508 Controller?

Nov 29, 2012

We have a customer that is looking to allow only static IP addresses onto the wireless network via the new 5508 we are putting into place. I can see where to require DHCP but not the opposite.

View 4 Replies View Related

Cisco :: Block P2P Traffic On 5508 Controller?

Aug 16, 2012

Is it possible to block outside P2P traffic on a guest wireless network using an ACL on the controller?  I know we can do it our firewall

View 6 Replies View Related

Cisco :: Lap 1121N Can't Join 5508 Controller

Sep 12, 2012

i'am trying to configure an AP1121g on my controller wlc5508 7.2 but i'am facing a compatibility issue.

View 5 Replies View Related

Cisco Wireless :: 5508 / AP On Different Vlan Than Controller?

Sep 30, 2011

I have a 5508 controller at our headquarters and am installing some 3502 AP's at a remote branch.  Unfortunatly, the remote branch has a different Vlan setup for some reason and the vlan that is used for the WLC (90) is designated for telephony at this branch.  Can I put the AP's on a different VLAN (10) without having any issues?  I will still use DHCP option 43 to point them back to the controller. Below are the configs for the WLC interfaces and what I am proposing for the AP interfaces:
 
WLC Config
 
interface GigabitEthernet1/1/38
description WLC01
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 90
switchport trunk allowed vlan 1,10,50,90,91,390,410-413,610-613,800,810,811
switchport mode trunk

[code]......

View 3 Replies View Related

Cisco :: 5508 Uploaded Via FTP To Controller Successfully

Mar 29, 2012

Web Auth on 5508 running 7.2.103.0.
 
Issue 1: I have been trying to configured Webauth bundle however it seems that is not working.

1. login.tar created use picozip contains 3 files: login.html, terms.html, and logo.jpg.
2, uploaded via FTP to controller successfully..
3, no issue when i tried to preview on the controller
 
However users unable to see the login page when connected to guest wifi. when the user tried to connect cisco.com, on the browser address shows that the page redirected to url... however internet explorer / firefox display "Connection reset error".During this time, if i ask the user to type url... they can see the default login page, so no issue on connectivity to the service port.
 
Issue 2: Since i couldnt make that work, i have use default webauth internal. its all good. then when i tried to upload customlogo.jpg (18k size). User able to see the login page however not the logo.  it shows broken image icon on the web browser. --> i can see the logo when i did preview on the controller.
 
Issue 3: last resort if i couldnt get the answer by sunday, how do i delete or remove the customlogo ?? so by monday users will not be seeing any errors on the page.

View 7 Replies View Related

Cisco Wireless :: Setting UP 5508 LAN Controller

Nov 13, 2012

Cisco 5508 Series Wireless Controller for up to 100 APs 802.11a/g/n Ctrlr-based AP w/CleanAir; Ext Ant; E Reg Domain..For Mobility i want to settup the device such that the SSID would be the same with thesame security key and in different subnet.

View 5 Replies View Related

Cisco :: Air 3602i Not Registering With 5508 Controller

Mar 6, 2012

I can not get our 3602i AP's to register with our 5508 controller which is running 7.2.103.0 code.  We keep seeing an error in the log on the WLC   "AAA Authentication Failure for UserName:c46413c08e92  User Type: WLAN USER" and on the Access Point we are seeing [code]
 
I entered the CAPWAP ap controller ip address directly into the AP so it shouldn't be an option 43 DHCP issue

View 15 Replies View Related

Cisco Wireless :: Upgrade 5508 Controller From 7.0.98.0 To 7.0.220.0

Jan 29, 2012

We are looking to upgrade our 5508 wireless controller from 7.0.98.0 to 7.0.220.0. Reason being, we have experienced a lot of access points disassociating from the controller as well as client authentication issues. Upgraded from 7.0.98.0 to 7.0.220.0 and any issues during the upgrade or after the upgrade?

View 3 Replies View Related

Cisco Wireless :: 5508 Anchor Controller In DMZ

Nov 26, 2012

We have a WLC (5508) in our main office in Brisbane that is hosting two WLANs. One provides wireless access to our internal network and the second provides wireless guest access. The guest WLAN is anchored to a controller sitting in the DMZ at our Data Centre.
 
In the DMZ the anchor controller has a management interface and an interface in the DMZ for the wireless guest access. I am using the DHCP server on the anchor DMZ to provide IPs etc to wireless guest clients. The default gateway is 10.8.144.1 which is a VIP or a pair of firewalls.
 
Initially everything works fine. Guests connect to the guest network, have to authenticate via a web portal (Cisco ISE server) and then can go on an use the internet. Works perfectly until the firewalls fail over and the secondary firewall takes over the VIP address. All access to the internet is lost at that point. If I try to disconnect and then reconnect a wireless client it connects, as in it will get an IP address, but DNS resolution stops and I do not get redirected to the web auth portal. If the firewalls are failed back to the primary then everything works again, no issues. However, if I reboot the WLC while the secondary firewall has the VIP IP everything will work fine as it did on the primary. If the firewalls now fail over to the primary again everything goes to ****. Until either the firewalls are failed back or the anchor WLC is rebooted.
 
Initially I thought this was an issue on the firewall, but this doesn't appear to be the case. When the firewall fails over it sends out a gratuitous ARP advising of the change in MAC address for the 10.8.144.1 IP address. The WLC seems to update its ARP table because if I run the command "show arp switch" it has the 10.8.144.1 IP address with the MAC address of the active firewall. From the client perspective I have run a wireshark and captured packets on the wireless interface when trying to connect. The laptop is continuously send ARP requests for 10.8.144.1 but gets not reply. Without this the client cannot send an ethernet frame to the gateway and hence get to the DNS server and WEB portal. Internet access breaks. Doing a TCP dump on the active firewall shows it receiving and then sending a reply to the ARP request. It just never gets to the wireless client. Debugging ARP packets on the anchor WLC seems to indicate that the controller is receiving the ARP replies from the firewall. So I'm at a loss as to why things should break when the firewalls fail over.
 
I have a 3750 switch in the DMZ with SVI of 10.8.144.4. I thought I could get a work around where I would make this the default gateway. The theory being that this interface MAC address would never change. However I was wrong. Even with this IP set as the gateway address for the wireless clients I see the exact same bahaviour when the firewalls fail over. I can't explain it other than to say that the gratuitous ARP sent by the firewalls seems to kill the ability of ARP replies to be sent back to the wireless client.

View 3 Replies View Related

Cisco :: Controller 5508 With RADIUS Authentication

May 6, 2013

I'm a trainee in Network and Telecommunication, and I have to do a "model" with a controller, an AP, and a RADIUS server. Communication and configuration of the lightweight AP has been done.
 
I use an autonomous access point 1220 as the RADIUS server (no considering it as an AP), and I'm a beginner in RADIUS configuration. I get a "Processing AAA Error 'No Server' (-7) for mobile 00:24:d6:8f:2c:7e" when I launch a debug targetting my PC, connecting to the LAP.
 
Precursory : 10.137.125.71 is the IP address of the ap1220, working as the RADIUS server 10.137.125.15 is the IP address of the controller. 00:24:d6:8f:2c:7e  is the MAC address of my PC, connecting to the Wi-Fi. ping works to the RADIUS, to the controller. Each devices are connected by a layer 3 Switch, and ping each others. The Wi-Fi works when I don't use 802.1X (or when I don't use RADIUS authentication at all)
 
What I did on the RADIUS server (ap1220 autonomous) :
 
aaa new-model
radius-server local
nas 10.137.125.15 key password

[Code]......

View 5 Replies View Related

Cisco :: 5508 - Eap-Fast PAC On Secondary Controller

Oct 15, 2012

Have a controller based depolyment with (2) 5508s and an 1121 ACS appliance running 5.1 code. Controllers are setup identically and we are radius authenticating users to AD via the ACS. Everything works great on the primary controller, but when I test failover to the secondary controller, my authentication fails and I get the following error message in my ACS logs:
 
12126  EAP-FAST cryptobinding verification passed
12147  Machine Authentication is disabled
12161  Cannot provision Authorization PAC when the stateless session resume is disabled
12106  EAP-FAST authentication phase finished successfully
11503  Prepared EAP-Success

View 1 Replies View Related

Cisco Wireless :: 5508 - VPN / GRE Don't Show Up In Controller

Mar 6, 2012

Just replaced a 2106(ver 5.1) with a 5508 (ver.7.2)...Everything was OK.. AP's got on 5508 and we shut the 2106. (AP's are on L2 with controller)During some investigation of why new LAP's from a location via VPN/GRE don't show up in controller, i type the following command on 5508: test ap pmtu enable all....All AP's on 5508 is now in Not Joined state..Have powered up the old 2106 and put AP's on that .. This is OK  ....Have rebooted/downgraded/upgraded the 5508 controller but with same result.....No AP's can join this controller (exept from a oeap600)

View 8 Replies View Related

Cisco :: Getting 5508 Wireless Controller Configuration

Sep 15, 2011

So we have a Cisco 5508 controller that is managing 15 AP's in one of our buildings.I am running 2 wlans, one is internal access via (wpa) radius, peap and domain login...that works well now
 
The other is a guest lan, that is only allowed to surf the web.
 
The question from our security group, is there a way to restrict wireless access to ONLY a corporate approved list of devices.
 
As it stands right now, we only support Blackberry's as our mobility device. All local data is encrypted. The issue here is our testing shows that with an Iphone (not approved) it is very easy to connect to the WPA network if a user knows how to enter in their domain credentials. From there they can browse our internal web servers and download corporate data to a non approved, non encrypted device such as the iphone.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved