Cisco :: 5508 - How Many AP Groups Can Be Created By One Controller
Mar 15, 2011Did any know that how many AP Groups can be created by one Controller? (5508) May I have 100 AP Groups?
View 3 Replies
ADVERTISEMENT
Cisco Wireless :: 5508 - Mobility Groups / Sync Controller Configuration
Jul 7, 2011I have 2 5508 controllers in a mobility group. Any good way to keep the configuration between the 2 controllers synched up?
I thought about copying the config from my primary controller to the secondary controller, but I would think there is a more elegant way to make this happen.
Cisco Wireless :: 5508 Assign Single Ssid To Multiple Interface Groups By Assigning Ssid To Multiple AP Groups
Aug 26, 2012Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
5508 controller
7.2.110.0 code
6 buildings
6 interface groups
1 ssid
Cisco Wireless :: 1250 AP - How Many SSID Can Be Created In 4404 Controller
Jul 7, 2011How many SSID can be create in a 4404 controller and also in standalone 1250 AP? How many VLANs can be created in eac one?
View 2 Replies View RelatedCisco Wireless :: APs Not Joining 5508 On Dynamic Ports Created Manually
Mar 7, 2012i have a problem with our new 5508 wireless controller (7.0.116.0).
Port 1 is the system default "management" (Port 2 is backup). Dynamic AP Management is disabled. Port 3 is a new dynamic interface "ap-manager 2" with Dynamic AP Management enabled and has a ip in a seperated VLAN which is not routed.
When i am connecting the AP (1260 series) to the "ap-manager 2" interface, then it will not join and i get an error message on the WLC:
*spamApTask1: Mar 05 14:52:12.783: %CAPWAP- -DISC_INTF_ERR1:capwap_ac_sm.c:1453 Ignoring discovery request received on non-managementinterface (3) from AP
When i am connecting the AP to the "management2 interface, then it is working fine. But i don't want the APs in the Management LAN. I want them in the separated no routed LAN explicit for the APs.
Cisco :: How Many AP Will Wlc 5508 Support In HREAP Groups
Nov 20, 2011I have a new deployment of 44 3502i AP's in 3 buildings at one of my campus'.The 5508 wlc is running latest 7.0.116.0 code.I have some users who take their work with them as they go from location to location on this campus.They need to be able to smoothly switch from AP to AP without having to reauthenticate each time the next AP takes over in the handoff.On the ssid in question we run 802.1x back to 1 auth server; there is no failover auth server.All APs are in one AP Group.My thought is to add all 44 of the APs to one HREAP Group.
View 4 Replies View RelatedCisco Wireless :: 5508 Mobility Groups
Sep 1, 20121) Is it possible for 2 WLCs installed in seperate data centres with L3 seperation to be joined in a mobility group? We will have aps in the branch offices split between controllers so we want to make sure roaming work ok. Also all guest access should be anchored to data centre 2.
2) in flexconnect local switching mode, do I need to create flexconnect groups if I'm only using radius servers in the data centre with no requirement to use local radius as a backup?
Cisco Wireless :: 4404 Guest Anchor Controller With 5508 Foreign Controller?
Aug 12, 2012I know that the 3600 series APs are not supported on the 4404 WLC. However, would the following scenario be supported? I would like to use the 4404 (software rel. 7.0) as a guest anchor with a 5508 (software release 7.2) as the foreign controller supporting series 3600 APs. I ask because the APs do not need to join the guest anchor.
View 7 Replies View RelatedCisco Wireless :: 5508 Foreign Controller And 4400 Anchor Controller?
Jun 2, 2013We have a customer that have 2 5508 as primary and backup controller and a 4400 as an anchor controller. We plan to upgrade the 5508 to 7.3.112.0 and the 4400 is already 7.0.116.0. Will there be any issue if the anchor controller is not the same code as the foreign controller? Do I also have to upgrade the acnhor controller to 7.0.240.0?
View 2 Replies View RelatedCisco :: WLC 4404 / 5508 Web Authentication By AD Security Groups
May 3, 2012web authenticate users within a specific Active Directory Security Group. I tried to authenticate over Radius with Cisco Secure ACS and Network Access Restrictions. But NAR only works with Layer 2 authentication. And Web Authentication over LDAP can only be used with User Objects.
View 5 Replies View RelatedCisco :: WLC 5508 Mobility Groups And Internal DHCP
May 6, 2012How do Mobility Groups work with internal DHCP scopes on a WLC 5508?We have a WLC 5508 with two internal DHCP scopes which redirect to captive portals for authentication. I am looking at putting in a second WLC in a mobility group setup to provide some WLC redundancy. The LWAPs will be setup so that every second AP is on the has the second WLC as its primary controller. If the primary WLC fails we want the secondary to be able to take over and issue IP's from the internal scope. How do you set this up with a Mobility group so the second WLC does not act as a rouge DHCP server while the primary WLC is still active?
View 6 Replies View RelatedCisco Wireless :: H-Reap Vlan Mapping Groups On WLC 5508
Feb 29, 2012Im configuring a WLC 5508 ( version 7 ) with h-reap local switching.All is working , yet i wonder if the vlan mapping can be done better.Currently i need to go into each Lightweight Access point , enable h-reap, then set the native vlan , with the final step to map the vlan. This needs to be done for each AP. In an environment of 100's of APs i would take forever. ( i thought one of the main points of the WLC is centralized management).
View 1 Replies View RelatedCisco :: 5508 - Failover For Multiple WLCs And Mobility Groups
Feb 14, 2013We are in a warehouse type setting and have data centers on each side of warehouse with 5508 WLC's in each data center. Each side is on its own subnet with routing in between and a different set of SSID's for each set of WLC’s. Are goal is to have the ability to failover in the event that if one data center goes down AP’s will move to the controllers in the other DC and the clients will still be able to operate.
Our thought was to implement mobility groups between the controllers. While I saw documentation on setting this up when the controllers are on the same vlan, I didnt see any setup config when controllers are in different vlans. So I am wondering if mobility groups are even an option for what we want to accomplish. For the most part clients stay on their respected sides of the warehouse and so we are not necessarily needing roaming for clients between controllers in DC1 and DC2. But that does raise another question in that we do have a planned voice wlan that we would like to have the ability to roam between each side of the warehouse. But we have seen ip issues with this. In the past we have had both SSID's setup on each side and ran to issues with clients not renewing their IP address when moving to the controllers on the different subnets.
Can we setup mobility groups between controllers on different vlans/subnets? For failover purposes will mobility groups assist in our setup with 2 DC’s and different subnets/vlans? If the answer is yes we can setup mobility groups between different subnets, is there a way to setup the SSID's on all controllers and have the ability for clients to roam and renew their IP’s when moving to a different controller on a different subnet?
Cisco :: LMS 4.1 No User Defined Groups Shown In Fault Notification Groups?
Dec 12, 2011I created some User Defined Groups in LMS 4.1, now I want to apply certain fault notification groups to Event Sets.
Unfortunately the Groups I configured are not in the Group Selector of the Fault Notification Group: Admin > Network > Notification and Action Settings > Fault Notification Group
Cisco :: Use A 5508 WLC As Anchor Controller?
Apr 21, 2013I want to use a 5508 as an anchor controller for a wireless guest deployment....but the client has internal 4402's controllers, with software version 7.0.235.0...is it possible tu mix these two controllers for a Wireless Guest Access Deployment??
View 3 Replies View RelatedCisco :: 5508 Controller & AES Encryption?
Oct 2, 2012A wlan on my controller is configured for WPA2, AES encryption and a PSK. A vendor will supply me with a wireless device for this wlan. The vendor asks if we use AES 128 or AES 256. I had always believed we use AES256 but I can't verify this. How can I verify this to the vendor?
View 1 Replies View RelatedCisco :: WCS Not Adding 5508 Controller
Mar 21, 2011Seems that all solutions are null and void for us because we are not using SNMP v3 or H.
We are using SNMP v2, We have upgraded our WCS to latest version as well as the controllers. I have 6 controllers currently added although they are on WiSM blades.
We are unable to add the 5508 Controllers, we keep recieving this error -
No response from device, check SNMP communities, version or network for issues.
I have confirmed all connectivity is working, even with a debug on the controller you can see it sending SNMP packets to the WCS, although still same error.
Cisco :: 5508 - SSH And HTTPS On Controller Interface?
Jan 9, 2013I have a wireless controller 5508 and all my interfaces can be accessed via https or ssh from a wireless client. Management access from a wireless client is disabled so I don't understand why this is happening.
View 10 Replies View RelatedCisco :: Allowing Only Static IPs On 5508 Controller?
Nov 29, 2012We have a customer that is looking to allow only static IP addresses onto the wireless network via the new 5508 we are putting into place. I can see where to require DHCP but not the opposite.
View 4 Replies View RelatedCisco :: Block P2P Traffic On 5508 Controller?
Aug 16, 2012Is it possible to block outside P2P traffic on a guest wireless network using an ACL on the controller? I know we can do it our firewall
View 6 Replies View RelatedCisco :: Lap 1121N Can't Join 5508 Controller
Sep 12, 2012i'am trying to configure an AP1121g on my controller wlc5508 7.2 but i'am facing a compatibility issue.
View 5 Replies View RelatedCisco Wireless :: 5508 / AP On Different Vlan Than Controller?
Sep 30, 2011I have a 5508 controller at our headquarters and am installing some 3502 AP's at a remote branch. Unfortunatly, the remote branch has a different Vlan setup for some reason and the vlan that is used for the WLC (90) is designated for telephony at this branch. Can I put the AP's on a different VLAN (10) without having any issues? I will still use DHCP option 43 to point them back to the controller. Below are the configs for the WLC interfaces and what I am proposing for the AP interfaces:
WLC Config
interface GigabitEthernet1/1/38
description WLC01
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 90
switchport trunk allowed vlan 1,10,50,90,91,390,410-413,610-613,800,810,811
switchport mode trunk
[code]......
Cisco :: 5508 Uploaded Via FTP To Controller Successfully
Mar 29, 2012Web Auth on 5508 running 7.2.103.0.
Issue 1: I have been trying to configured Webauth bundle however it seems that is not working.
1. login.tar created use picozip contains 3 files: login.html, terms.html, and logo.jpg.
2, uploaded via FTP to controller successfully..
3, no issue when i tried to preview on the controller
However users unable to see the login page when connected to guest wifi. when the user tried to connect cisco.com, on the browser address shows that the page redirected to url... however internet explorer / firefox display "Connection reset error".During this time, if i ask the user to type url... they can see the default login page, so no issue on connectivity to the service port.
Issue 2: Since i couldnt make that work, i have use default webauth internal. its all good. then when i tried to upload customlogo.jpg (18k size). User able to see the login page however not the logo. it shows broken image icon on the web browser. --> i can see the logo when i did preview on the controller.
Issue 3: last resort if i couldnt get the answer by sunday, how do i delete or remove the customlogo ?? so by monday users will not be seeing any errors on the page.
Cisco Wireless :: Setting UP 5508 LAN Controller
Nov 13, 2012Cisco 5508 Series Wireless Controller for up to 100 APs 802.11a/g/n Ctrlr-based AP w/CleanAir; Ext Ant; E Reg Domain..For Mobility i want to settup the device such that the SSID would be the same with thesame security key and in different subnet.
View 5 Replies View RelatedCisco :: Air 3602i Not Registering With 5508 Controller
Mar 6, 2012I can not get our 3602i AP's to register with our 5508 controller which is running 7.2.103.0 code. We keep seeing an error in the log on the WLC "AAA Authentication Failure for UserName:c46413c08e92 User Type: WLAN USER" and on the Access Point we are seeing [code]
I entered the CAPWAP ap controller ip address directly into the AP so it shouldn't be an option 43 DHCP issue
Cisco Wireless :: WLC 5508 / Rejoin To Different Controller
Feb 10, 2013I use WLC 5508 (ver 7.0.116.0) with aironet 1140. I need to connect my APs to different controller .After log in via ssh to AP i am trying to do:
capwap ap controller ip add x.x.x.x
reset
But after reload, AP is still joined to the old WLC. So another idea was to log to that WLC and put:
config ap primary-base WLC2 AP_NAME x.x.x.x
and after that:
config ap reset AP_NAME
But still nothing, it's joined to another controller although "show ap client config" shows that primary-base switch is x.x.x.x ?How can i force it to join to other controller?
Cisco Wireless :: Upgrade 5508 Controller From 7.0.98.0 To 7.0.220.0
Jan 29, 2012We are looking to upgrade our 5508 wireless controller from 7.0.98.0 to 7.0.220.0. Reason being, we have experienced a lot of access points disassociating from the controller as well as client authentication issues. Upgraded from 7.0.98.0 to 7.0.220.0 and any issues during the upgrade or after the upgrade?
View 3 Replies View RelatedCisco Wireless :: 5508 Anchor Controller In DMZ
Nov 26, 2012We have a WLC (5508) in our main office in Brisbane that is hosting two WLANs. One provides wireless access to our internal network and the second provides wireless guest access. The guest WLAN is anchored to a controller sitting in the DMZ at our Data Centre.
In the DMZ the anchor controller has a management interface and an interface in the DMZ for the wireless guest access. I am using the DHCP server on the anchor DMZ to provide IPs etc to wireless guest clients. The default gateway is 10.8.144.1 which is a VIP or a pair of firewalls.
Initially everything works fine. Guests connect to the guest network, have to authenticate via a web portal (Cisco ISE server) and then can go on an use the internet. Works perfectly until the firewalls fail over and the secondary firewall takes over the VIP address. All access to the internet is lost at that point. If I try to disconnect and then reconnect a wireless client it connects, as in it will get an IP address, but DNS resolution stops and I do not get redirected to the web auth portal. If the firewalls are failed back to the primary then everything works again, no issues. However, if I reboot the WLC while the secondary firewall has the VIP IP everything will work fine as it did on the primary. If the firewalls now fail over to the primary again everything goes to ****. Until either the firewalls are failed back or the anchor WLC is rebooted.
Initially I thought this was an issue on the firewall, but this doesn't appear to be the case. When the firewall fails over it sends out a gratuitous ARP advising of the change in MAC address for the 10.8.144.1 IP address. The WLC seems to update its ARP table because if I run the command "show arp switch" it has the 10.8.144.1 IP address with the MAC address of the active firewall. From the client perspective I have run a wireshark and captured packets on the wireless interface when trying to connect. The laptop is continuously send ARP requests for 10.8.144.1 but gets not reply. Without this the client cannot send an ethernet frame to the gateway and hence get to the DNS server and WEB portal. Internet access breaks. Doing a TCP dump on the active firewall shows it receiving and then sending a reply to the ARP request. It just never gets to the wireless client. Debugging ARP packets on the anchor WLC seems to indicate that the controller is receiving the ARP replies from the firewall. So I'm at a loss as to why things should break when the firewalls fail over.
I have a 3750 switch in the DMZ with SVI of 10.8.144.4. I thought I could get a work around where I would make this the default gateway. The theory being that this interface MAC address would never change. However I was wrong. Even with this IP set as the gateway address for the wireless clients I see the exact same bahaviour when the firewalls fail over. I can't explain it other than to say that the gratuitous ARP sent by the firewalls seems to kill the ability of ARP replies to be sent back to the wireless client.
Cisco :: Controller 5508 With RADIUS Authentication
May 6, 2013I'm a trainee in Network and Telecommunication, and I have to do a "model" with a controller, an AP, and a RADIUS server. Communication and configuration of the lightweight AP has been done.
I use an autonomous access point 1220 as the RADIUS server (no considering it as an AP), and I'm a beginner in RADIUS configuration. I get a "Processing AAA Error 'No Server' (-7) for mobile 00:24:d6:8f:2c:7e" when I launch a debug targetting my PC, connecting to the LAP.
Precursory : 10.137.125.71 is the IP address of the ap1220, working as the RADIUS server 10.137.125.15 is the IP address of the controller. 00:24:d6:8f:2c:7e is the MAC address of my PC, connecting to the Wi-Fi. ping works to the RADIUS, to the controller. Each devices are connected by a layer 3 Switch, and ping each others. The Wi-Fi works when I don't use 802.1X (or when I don't use RADIUS authentication at all)
What I did on the RADIUS server (ap1220 autonomous) :
aaa new-model
radius-server local
nas 10.137.125.15 key password
[Code]......
Cisco :: 5508 - Eap-Fast PAC On Secondary Controller
Oct 15, 2012Have a controller based depolyment with (2) 5508s and an 1121 ACS appliance running 5.1 code. Controllers are setup identically and we are radius authenticating users to AD via the ACS. Everything works great on the primary controller, but when I test failover to the secondary controller, my authentication fails and I get the following error message in my ACS logs:
12126 EAP-FAST cryptobinding verification passed
12147 Machine Authentication is disabled
12161 Cannot provision Authorization PAC when the stateless session resume is disabled
12106 EAP-FAST authentication phase finished successfully
11503 Prepared EAP-Success
Cisco Wireless :: 5508 - VPN / GRE Don't Show Up In Controller
Mar 6, 2012Just replaced a 2106(ver 5.1) with a 5508 (ver.7.2)...Everything was OK.. AP's got on 5508 and we shut the 2106. (AP's are on L2 with controller)During some investigation of why new LAP's from a location via VPN/GRE don't show up in controller, i type the following command on 5508: test ap pmtu enable all....All AP's on 5508 is now in Not Joined state..Have powered up the old 2106 and put AP's on that .. This is OK ....Have rebooted/downgraded/upgraded the 5508 controller but with same result.....No AP's can join this controller (exept from a oeap600)
View 8 Replies View RelatedCisco :: Getting 5508 Wireless Controller Configuration
Sep 15, 2011So we have a Cisco 5508 controller that is managing 15 AP's in one of our buildings.I am running 2 wlans, one is internal access via (wpa) radius, peap and domain login...that works well now
The other is a guest lan, that is only allowed to surf the web.
The question from our security group, is there a way to restrict wireless access to ONLY a corporate approved list of devices.
As it stands right now, we only support Blackberry's as our mobility device. All local data is encrypted. The issue here is our testing shows that with an Iphone (not approved) it is very easy to connect to the WPA network if a user knows how to enter in their domain credentials. From there they can browse our internal web servers and download corporate data to a non approved, non encrypted device such as the iphone.
Cisco Wireless :: 5508 - APs Not Joining Controller
Jul 28, 2011I upgraded a controller yesterday 5508 it went from a low code version 6.x to 6.0.196.0 then to 7.0.116.0. However although all the access points joined code 6.0.196.0 they refused to join 7.0.116.0. The aps are all 1242s.
The country codes etc were all fine so I do not understand what was going on.
*spamApTask0: Jun 26 16:07:44.734: 00:3a:99:db:f3:20 Discovery Request from 10.0.0.183:55065
*spamApTask0: Jun 26 16:07:44.734: 00:3a:99:db:f3:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0*spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Discovery Response sent to 10.0.0.183:55065
[code] ......