I am using Cisco Wireless LAN software revision 7 on an AIR5508. I am sure that I read somewhere that the controller will not allow 2 w lans to talk to each other but trawling back through my books I can't find the information again. Essentially, I am looking to find out if there is a feature (other than on the default gateway which is a layer 3 switch) that will say that if WLAN1 tries to talk to WLAN2 via the default gateway, the controller will not allow it.
I remember from what I read that I think this is the case but just cant find where I read it.
I'm running 3 WLC 5508, 2 of them running image AIR-CT5500-K9-7-0-116-0.aes, one AIR-CT5500-LDPE-K9-7-0-116-0.aes.
On the 5508 running the LDPE-image, I have 9 WLANs (170,171,180,181,190,191,281,282,283), all defined with admin status "ENABLED". WLANs 180,181,281 belong to a defined AP-group, WLAN 190,191,282 belong to a different AP-group.
WLANs 180,181,190,191 are defined as H-REAP. The H-REAP APs registers without any problems at the backup WLC and switches back successfully to the primary controller after recovering from reboot. Unfortunately the WLANs 180,181,190,191 show status "DISABLED" every time the primary controller comes back and I have to enable them manually.
Doing exactly the same procedure with one of the other WLC, running AIR-CT5500-K9-7-0-116-0, I never face this problem.
I didn't design the job, but is pretty straight forward, except the following, the design has a single wlc 5508 with 2 physical connection between two non cisco switches. There are 2 initial WLANs to be created. I am ok with most of the wlc config execpt the following:
Now from my understanding of everything I have read recently, you can't use LAG on the 2 physical connections if they connect to 2 seperate switches, unless, although not offically supported, the 2 connections are on either 2 3750s in the same stack or a pair of 6500s running VSS. So I believe that in my case 2 seperate connections from the wlc to 2 non cisco switches will not work with LAG. Is my understanding of this correct?
Is there a way to maintain the 2 physical connections from the wlc to the 2 non cisco switches to maintain redundancy?The wlc will have a management interface obviously, but from what I have read, the 2 WLANs that are going to be created have to have their own interface on the WLC. Which I understand as the managment int and each of the 2 WLANs are on different subnets.
If I don't use a single uplink to one of the non cisco switches (either 1 or 2 physical connections) using LAG, it appears to me that each of the interfaces ( management, wlan1 and wlan2) need to have a physical connection from the WLC to the switch, with each interface mapped to a physical port on the WLC, so correct me please if I am wrong, but this would mean I need 3 physical connections between the wlc and the swtich?
We created a VLAN interface and a WLAN on the wireless controller (5508) and using it for Guest Wireless (Web auth), can we use the same VLAN and WLAN s for Wired Guests also?
I would like to create multi-WLAN for personal communications, and gaming purposes. Each WLAN (is located in seperate house) and consists of a wireless AP wirely- connected to wireless router. The computers in each of these WLANs are connected wirelessly to the router. The houses (containing the WLANs) are locates within the region of a central wireless internet AP tower antenna.
I managed to utilize this central AP to make the connection, and make multiplayer gaming on two computers (in different houses and without using the internet services), each computer is connected to the central AP by a USB witrless adapter.My question is what are the necessary configurations that I need to make on the routers and APs? I have a number of different TP-Link routers (wr1043, wr743, wr543), micronet APs. Wr743 and 543 have AP client mode that can be used to simultaneously connecting wirelessly to central AP and to attaced computers.
There are 8 existing W LAN's in our WISM controller & it is working fine without any problem. Now the problem is any new W LAN's are not broadcasting from WISM to APs, I am able to create & enable it in WLC but it these W LAN's are not reflecting in associated APs.
FYI: WISM controller is in 6500 switch & FWSM module also in the same switch, earlier there was rule with any any traffic in the FWSM but recently we have removed the FWSM & all rules moved to checkpoint. We have check the in firewall there is traffic is blocking.
I want to run 2 separate wireless networks from the same appliance (Linksys E2000). Not just separate BSIDs or SSIDs, I want to run an N-only AP and a G-only AP. My wife's laptop is the only wireless N device and I want to ensure that she's getting true wireless N speeds. From what I could tell, I could set up a different VLAN for 2 separate WLANs, but they'll both still both follow the 1 wireless standard (either G or N). Is this even possible or do I need to run two separate wireless APs?
We have inherited a 5508 controller running 7.0 code and WCS running 7.0 code. This site did not have a backup controller. So we have installed a wism as a backup controller. The problem is no one can seem to remember the pre shared keys for the wlans on the primary controller. Can I use WCS to duplicate the wlans to the secondary controller and have the psk copied?
I have a WLC 2106 which is configured and working as follows: [code] how do i get the AP at Site B to use the local server (10.0.28.x) to hand out DHCP leases?
What is the maximum number of WLANs/SSIDs that can be configured on a H-REAP access point? I have a network with 3502i AP's, centralised WLC's in the data centre running 7.0.116.0, and WCS version 7.0.172.0.
I was successfully running 2 SSID's at a remote site, one SSID was configured for H-REAP local switching, dropping out to the local site VLAN X, and the other SSID was a central switching guest WLAN anchored to a WLC in a DMZ.I configured a third SSID at the local site running H-REAP local switching, and now I cannot see the guest SSID anymore, it does not appear to be broadcasting.Is there a maximum of 2 WLANs/SSIDs when operating in H-REAP mode?
I have two WLC5508 controllers configured with multiple SSIDs and a VLAN associated to each of them. Now I am deploying a pilot for Web-Authentication and everything seems to be fine except for the LDAP authentication part. I have done all the steps for enabling anonymous bind on Active Directory (AD) and the configuration on the controller is properly in place. I know the configuration is working fine because I have isolated the problem to some sort of routing or communication problem:
AD is on Vlan 2 (Student Interface range)Each interface has its own IP in a different IP range.
If there is an IP address configured on the Vlan2 interface, LDAP wont work. If there isnt an IP address on the Vlan 2 Interface LDAP works!So you may think I just should not configure an IP for that particular Vlan, but if do this, the controller wont allow to associate any WLAN to that particular Vlan interface and unfortunately I am using it.
I think the Controller uses the Management interface to send traffic to the LDAP server and it gets confused of getting a reply from a device which belongs to the Vlan 2 Interface IP range (AD is on Vlan 2).
I know the controller is a Layer 2 device, so I am not sure why it should need an IP address to be configured for each interface, I read it is used just for roaming purposes but it seems to be somehow related to LDAP communication process as well.
The strange thing is that I can access the management interface IP from the Vlan 2 range and there is not problem at all.
Fairly intriguing project I am working on that requires some interesting out of the box thinking. I have a 5508 Wireless LAN Controller. This is still preliminary design so the version of code can be whatever. The 5508 has Cisco 1552 Wireless MESH Access Points. Connecting to the MESH Access Points are Cisco 1262 MESH APs which can I am hoping can be bridged to utilize the ether port to connect to a Layer 3 switch. This layer 3 switch, I need to run EIGRP so that the network behind it can be separate from the MESH network and route accordingly. I know it sounds odd but was hoping for some feedback as to if this is even possible. Basically, the network is extremely mobile and trying to cut down on the broadcast domain and segment this out a bit.
We have implemented VSS on Cisco 6504-E switches using the 10GE links on the Sup-720-10GE. Two Cisco WLC 5508 controllers are planned to be connected in a LAG configuration, (consisting of eight links per LAG bundle) to each of the 6504-E chassis( Total of four WLC, two for the primary location and two for secondary location). WLC HA feature may be implemented on the primary and secondary WLC controllers using the 7.3 latest code release.
In this scenario, i would like to seek clarification on some of the design /configuration requirements on the 6504E switches:
1. VLAN 100 - 200 is configured for the Active Primary 6504-E switch and VLAN 200-300 for the Standby 6504-E switch. The IP scopes for the VLAN are defined in the 172.16.x.x range on the Primary and 172.17.x.x on the secondary. As there no cross links(Multichassis LAG) from the WLC controllers to the 6504-E switches, is it better off implementing a single common VLAN range on a single subnet block for the VSS, which in the event of say Primary switch failure, the Wireless APs do not have to re-associate with a different IP range on the secondary? What is the best design practise in this case?
2. What is the best practise for implementing a single management loopback address for the VSS domain- is this implemented using a port channel (Layer 3 MEC) as below? and is the loopback IP address on a totally different IP range reference to point 1 above?
Can the VLAN IP ranges on the 6504-E VSS be assigned in two different subnets say 172.16/12(100-200) and 17.17/12(300-400) and the common loopback (lo0) in 172.18.x.x/32 or is it better to have one common 172.16/12 subnet spanning the entire VLAN range (100-400). Cisco documentation describes creating port channels from the line card card physical ports as opposed to just creating lo0 and advertising this into the IGP.
int g1/x/1 desc VSS Management channel-group mode 101 active int gi2/x/1 channel-group mode 101 active int po101 desc VSS Management ip ad 172.18.x.x/32
I have a strange behavior between a WLC 5508 (version 7.0.116.0) and NEXUS7010.
WLC The WLC is configured in DHCP Bridging Mode (it sends DHCP requests without change)
Nexus The VLAN interface is configured as follows
interface Vlan501 ip access-group acl-int-vlan501-in-1 in no ip redirects ip address 10.12.56.4/21 ip ospf network broadcast ip router ospf 100 area 10.23.0.0 hsrp 51
Clients can not obtain an IP address intermittently. If I deactivates the ACL when the problem appears(when the client can not obtain an IP@) the probleme is resolved
Note: Before the WLC was connected to Catalyst 6500 and worked properly for 2 years (with same configuration)
I saw this note about differences between DHCP relay on the NEXUS7000/NXOS an Ip helper one the 6500/IOS URL. Do you think the problem may come from the DHCP relay or ACL on the NEXUS.
upgrade from 7.0.235 to 7.0.240? I can't go any higher right because we are still using WCS. I read the white papers but as far as I can tell there are no new features..
I am trying to SSH into my controller after upgrading to 7.0.103 and I get the username prompt but it seems to be disconnecting as soon as I do. Is there something different about this version of code as opposed to the older ones?
i have 2 ssid with the same comfiguration (diff only in name) in one ipsec ssid vpn (l2tp over ipsec with natt ) works fine, in another after phase 2 is completed no traffic is forwarded and vpn session is dropped. There are no access lists on equipment.
I found in documentation that need to activate L3 security and set it to vpn pass-through, but in drop-down menu only one item "none". What is the reason to drop ipsec traffic ?
I had to re-IP this WLC onto another management vlan. Prior to the IP change and code upgrade I removed the WLC from NCS.When attempting to re-add the WLC to NCS, I finally found the it in Configure>Unknown Devices. Now NCS is showing the Device Type as Unknown, and Inventory Status Detail as Unsupported device, and reachable.
I have a customer with an ACS for Windows version 3.3. I know the ACS is End-of-support, but if I could do Authentication for a WLAN with a Controller 5508 Softwareversion 7.0.116.0 and how?
Since the SW upgrade to version 7.3.101.0 (wlc 5508) i have the following issue. We have a W LAN with 802.1x (WPA2/AES) secured. Before the update the users need to enter user/ PW every time when they reconnect (W LAN switch off/ on again) to the W LAN. Now the users don`t need to enter user/ PW when they reconnect to the WLAN.
I could not find any setting on wlc to clear this issue.
Cisco WLC 5508 Software Version: 7.4.100.0 Windows Server 2008R2
I've got everything setup on the Windows Server 2008 side of things (certificates, radius clients, etc). I added the radius server on the WLC, and configured a new W LAN to use it. Both are on the same sub net. When trying to connect to the W LAN it kept failing. I installed wire shark on the server to monitor the radius traffic, and to my surprise there was no radius traffic showing up on the server. The radius statistics on the WLC are at 0 as well, so it's like the WLC isn't even attempting Radius.
I re verified that the server was enabled on both the security tab and the W LAN itself on the WLC. Rebooted the controller and the server, all to no avail. I used a radius test client, and can successfully send radius commands to the server using that utility. Frustrated, I just kept trying to reconnect on my wireless device, and after about the 15th try, finally I saw radius activity on wire shark. It rejected my access, but at least I saw activity. It also registered radius statistics on the WLC as well.
So now if I keep trying to connect repeatedly, about every dozen or so times the WLC actually will send a radius request to the server.