Cisco :: AIR-CT5508-50-K9 - WIPS Deployment Over WAN / HREAP
Jun 28, 2010
I have this Wireless deployment :
Main Site: WLC AIR-CT5508-50-K9
WCS 6.x for 50 APs
(32 ) AP 1140
02 Remote Sites : 03 AP 1140 using H-REAP
Now, my company is considering to implement a wIPS solution, so i planned to install in the Main Site a MSE3300 and (01) AP 3500e as a wIPS AP Monitor in the remote sites,
Need to confirm:
A) Can an AP3500 work with HREAP and as wIPS monitor AP at the same time? or in other words, if it is possible to have an AP wIPS monitor far away from the WLC (over the WAN)?
B) What are the requirements of WAN link if I want to install a Centralized MSE 330 Engine,which perform the wIPS solution in all the network.
View 2 Replies
ADVERTISEMENT
Jan 28, 2013
Whether we can configure HA between AIR-CT5508-100-K9 and AIR-CT5508-25-K9. Or we should require this AIR-CT5508-HA-K9 ?
View 6 Replies
View Related
Oct 4, 2011
I have followed these guides for setting and have enabled this feature. Works great too. The only issue I have is the last step to in the deployment guide is to disable the controller based IDS signatures. I would like to be able to do this via a template in WCS. I have found where to do this via WCS controller webpage and also the controlller itself, but I'm looking for a way to push this change all at once. I have 26 wlcs so it would be nice to just do it once and apply to all of them. [URL]
View 2 Replies
View Related
Aug 1, 2012
I have around six number of Cisco 1252 Access Points on HReap mode and wIPS submode in one particular location. This was implemented more than six months and it was working fine. Suddenly, I faced Network conjestion and more bandwidth utilization in that location in particular. But, after disabling the wIPS in the AP, The bandwidth got stable and working fine. Not sure, if wIPS will utilize more bandwidth..
Does this will be anywhere related to the RF Heat maps that Cisco NCS will generate? As there is no map uploaded for that location, Will this cause an issue?
View 2 Replies
View Related
Oct 4, 2012
I have a T1 connection to one of my sites, I am running HREAP with 4 AP's. I have been noticing a spike in traffic from my AP's to the WLC. Even when no one is on the wireless. When you use encryption (DTLS) should this cause spikes on the T1 ?
View 2 Replies
View Related
Nov 20, 2011
I have a new deployment of 44 3502i AP's in 3 buildings at one of my campus'.The 5508 wlc is running latest 7.0.116.0 code.I have some users who take their work with them as they go from location to location on this campus.They need to be able to smoothly switch from AP to AP without having to reauthenticate each time the next AP takes over in the handoff.On the ssid in question we run 802.1x back to 1 auth server; there is no failover auth server.All APs are in one AP Group.My thought is to add all 44 of the APs to one HREAP Group.
View 4 Replies
View Related
Mar 1, 2012
I have a wireless network with two WLC 5508 controllers and 220 LWAPs in the same location as the controllers. All APs are currently in local mode. I run a few guest networks as well as some other client networks. One client in particular uses their network to connect mobile machines to their VLAN. The only issue is that the machines do not have wireless adapters. Instead, the manufacturer put inside the chassis, a D-Link WGB, which has an ethernet cable, you then have to plug into the ethernet port. These devices cannot seem to connect to the network. I have found, the WGBs do associate on the network, but the wired client behind it cannot pass traffic onto the VLAN. I have also tried connecting PCs with different SOHO style WGBs from different manufacturers with the same result.
After going through Cisco's documentation, I found that using 1230s in WGB mode can resolve this issue since they use IAPP to communicate the MAC table of the wired side clients they service back to the controller. I have configured a 1230, and used it as the WGB for the client machine instead of the D-Link and it does seem to work, but this would mean configuring a considerable number of 1230s to hand over to the client.
The first question would be, Is there something I am missing that I would need to do in order to allow SOHO style WGBs to forward wired side client traffic onto the network while LWAPs are in local mode? Or would the WGB NEED to support IAPP?
The second question is that, I may have found another solution to this already, but would like some input prior to committing.
This client also uses these same machines with the same WGBs inside the chassis at another location where the client operates the network themselves. They also use the same WLC model with the same version, and same APs. The only difference is that they use H-REAP mode with local switching.
I also tested this idea, and it seemed to work. With the AP in H-REAP mode, and the client's WLAN set to local switching, the machine and WGB connected with no problem.
So the question with this, would be; would there be any disadvantages in running all 220 APs at this location in H-REAP mode? What would I be losing if anything? Also, I would like to keep all other WLANs centrally switched.
I understand what the difference would be for this client's WLAN if I ran in H-REAP mode with local switching, but what would the difference be in the other guest WLANs if I set them to be centrally switched? (Is there any difference between running APs in local mode vs running APs in H-REAP with central switching?)
View 2 Replies
View Related
Aug 9, 2011
How many AP in h-reap mode recommend with WAN link 512k ?,i have read in document it show h-reap mode must requirement minimum link is 128k for connect to wlc but i don't know this requirement for 1 ap or all ap to connect across WAN to register and send traffic across WAN. Because now i have 2 site HQ -> Branch (link 512k) it can use for this solution.
View 4 Replies
View Related
Mar 20, 2011
I have two sites.Main site (local) has two Vlans: Vlan1 and Vlan2. Each has its own IP address range.VLAN 1 is the default Vlan and is used for CORPorate traffic. IP range 10.33.4.*VLAN 2 is for guest access to the internet IP range 10.10.10.*I have a WLC4402 on the this site with 2 WLANs: CORP on Vlan1 and GUEST on Vlan2.
Branch site (remote) which has 2 Vlans: Vlan1 and Vlan2. Each has its own IP address range.VLAN 1 is the default Vlan and is used for CORPorate traffic. IP range 10.125.15.*VLAN 2 is for guest access to the internet IP range 10.10.11.*I have an 1141 on this site using HREAP.
Locally, if you connect to CORP, you get a CORP ip address and access to CORP network. If you connect to GUEST, you get a guest ip address and guest access to the guest network. Simple so far....
Remotely, if you connect to CORP, you get a CORP ip address 10.125.15.x and access to CORP network (great). If you connect to GUEST, you get a CORP ip address 10.125.15.x and access to CORP network (not great). This is with the HREAP native vlan ID for the access point set to 2 on the controller.If I set the native vlan ID to 1 on the controller, I can not get an IP address at all.If I do not set the native vlan ID on the controller, I can not get an IP address at all.
View 2 Replies
View Related
Sep 25, 2011
I want to change the management IP of our wireless controller, I have 5 LAP1142N connected to this controller.
I have a few questions before I will do this task.
1. If I change the management IP, will the controller need a reboot?
2. Will the AP's automatically sync with the new management IP?
3. Do I need additional configuration on the AP's?
4. What else do I need to consider.
View 9 Replies
View Related
Dec 6, 2011
Trying to implement HREAP over WAN between main and remote site. The WLC4402 is on main site. There will be a secondary DHCP at the remote site. Does the switch at the remote site any preparation?
View 4 Replies
View Related
Apr 8, 2013
I have quick question about wlc software version upgrade : currect version of 5500 WLC : 7.0.220.0,However i am planning to upgrade to version 7.2.110.0,currectly all remote site AP's are connected to this WLC , nearly 150 AP's all are in H-reap mode however once i upgrade to 7.2.110.0 version , all default should come into Flexconnect mode.Do i need to make any configuration or any changes in AP's to get Flexconnect mode or will it be default mode as Flexconnect mode in new version of WLC ?
View 1 Replies
View Related
Feb 23, 2012
We have standart wireless deployment with 24 APs (1240G model) and wireless controller 4402-25 placed on same site.Most of clients (WMS RF terminals ) works with one WLAN (WPA2-PSK) and constantly roam over warehouse , and that works great.
But for better survivability(when controller dies) we are trying to configure HREAP on our APs with local swicthed local auth WLAN. And that also work , but client roaming occur much more slowly and RDP connection to WMS APP server sometimes stuck for 2-5 sec.Disabling "local switching" checkbox for WLAN make roaming almost momental.
And slow roaming are price for controllerless HREAP design ? And for fast roaming and survivability we must use N+1 wlc?
View 3 Replies
View Related
May 22, 2013
I have been having an issue with random AP3602I's in HREAP mode disassociating from the 5508 controller. These AP's are in remote offices with 70Mb WAN back to the controller. Randomly one or two AP's disassociate from the controller and I have to bounce the switchport to bring them back online. The WLC is running 7.2. Again this only occurs to one or two AP's not all of the AP's.
View 8 Replies
View Related
Apr 25, 2013
Is it possible to have a license loaded on an AIR-CT5508-HA-K9 in order to have it working as a stand alone controller?
View 4 Replies
View Related
Mar 11, 2012
we do have a site where we need to deploy AIR-LAP1142N-E-K9 and AIR-LAP1242G-E-K9 APs. We have two AIR-CT5508-K9 controllers with SW version 6.0.188.0.AIR-LAP1142N-E-K9s work okay, as expected, we do not have any problems with them.However AIR-LAP1242G-E-K9s do not, there is a problem with establishing CAPWAP tunnel with the controller.The AP is seen on the controller for a while, with 0 time up-time, cannot change any settings on the AP via controller, and after a while it disapears from the controller, apears again and this repeats.
The APs and controllers are connected to the LAN campus.Controllers via two 1G links configured as Etherchannel to WS-C6506-E VSS switch with s72033-ipservicesk9_wan-z.122-33.SXI1.bin on it.APs to WS-C3750G-48PS with c3750-ipbasek9-mz.122-50.SE2.bin on it. 3750 is connected to the C6505 via two 1G links configured as Etherchannel.Below I copied the log I captured on 1242 and the controller. Highlighted ones are the ones which I think might bring a clue.
I performed some troubleshooting steps.
- As we have some other controllers available over WAN, I tested the 1242 AP with 2100, 4400 and also with the same model AIR-CT5508-K9 with SW version 6.0.188.0 over WAN and this worked always okay.
- I wanted to be sure that I eliminate any kind of out of sequence packet issue, so I brought down all redundancy L2 links so that the L2 path from the AP to the controller was only through one leg links.
- I also brought the second controller down to eliminate potential issue with having two of them up.
- The AP gets its IP from DHCP configured on the C6506 switch, I am always able to ssh to AP, so the IP connectivity does not seem to be an issue.
- I have more 1242s, all behave in the same way. I also connected them to some other 3750 switches we have in the campus, always the same.
- As this seems to be maybe a kind of ssl issue, I tried to play with controller settings, like enabling Accept... options under Security/AP Policy,but this did not work.
- I also tried to reboot the controller, no improvement.
- The APs came from the factory, so in the beginning everything was factory default in them. They were always able to download the image from the controller in the very initial phase. I still do have some of them untouched, so I can perform any troubleshooting steps with the fresh one.I can reproduce this, can also send debugging logs if needed.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This Discussion has been converted into document:- [URL]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
AIR-LAP1242G-E-K9 10.0.13.28 log
*Mar 1 00:00:05.922: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:07.536: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot1 1Radio 0
*Mar 1 00:00:07.672: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 304 messages)
[code]....
View 13 Replies
View Related
Nov 28, 2011
I've two wlc model CT5508 version 7.0.116.0. They are working fine except for the RF grouping part. When I look at the RF Group members part in the configuration, I can see only one wlc (the one I'm connected to). If I connect to the second one, in the same part, I've just one controller (so the second one..). I tried to restart the algorithm but no change. Each controller is configured with Group Mode set to auto, and their respective role are auto-leader...I tried to change the RF group name on both wlcs, but it didn't fix the problem. When I look at the logs, there is one which appear quite often:
*emWeb: Nov 29 10:32:07.764: %LOG-6-Q_IND: dtl_arp.c:2581 ARP input q exceeds limit. Current val = 50 [...It occurred 38 times.!]
View 2 Replies
View Related
Jun 11, 2012
Q: a client has a network with 60 AP's controlled by a AIR-CT5508-50-K9 (+ L-LIC-CT5508-25A) with a redundant power supply. Can he get full redundancy by purchasing a second controller? If he purchases one, can he bring it into the network? What about the extra license for 25 extra AP's installed on the first controller?
View 4 Replies
View Related
Nov 23, 2009
I have a tale of woe for you who may be considering Hybrid REAP with local switching.
My client has a varied configuration, but the requirements basically screamed HREAP with local switching. They have 15 sites, had already purchased a single WLC 4404 and they needed between 4 and 24 APs at each of the sites. Each of these locations are connected by a WAN link of good quality, but only a single link so there is no assurance of availability; the client has local resources so it would be useful if wireless stayed working during an outage.
So I setup the WLC for HREAP local switching. I setup AP Groups VLANs, but I noticed it had no effect on the VLAN allocation for HREAP. This was unfortunate, because not every site has the same VLAN configuration - some sites had a L3 switch and others only a L2 switch. But I suffered through this and configured each AP manually with the appropriate VLAN mappings.
The infuriating thing, is now that they have bought a second WLC 4404 (they expect to increase the number of APs beyond 100) all these VLAN mappings are messed up when APs connect to the second WLC. I've been going through them one by one again - it is really unfortunate that the AP Groups VLAN mappings don't apply to HREAP local switching.
I'm going to get back to the next 80 APs - but if some of you have a system for handling the VLAN mappings of a large number of APs.
View 4 Replies
View Related
Oct 3, 2012
I have issue about Wireless controler , i have 2x WS-C3750G-24WS and 1x AIR-CT5508-50-K9 , i have max 50 access point license and i can't upgrading because WS-C3750G-24WS is and of life , can i use AIR-CT5508-50-K9 with 3750G to work together? , mobility and everything....
View 1 Replies
View Related
May 6, 2013
i received access point types AIR-LAP1252AG-E-K9, which i want to connect to my wlan controller AIR-CT5508-K9. Update from IOS etc. is working fine. Also all access points are recognized by the controller.We got the AIR-LAP1252AG-E-K9 with two antenna versions.
View 1 Replies
View Related
Nov 7, 2012
I’m having a problem of joining new Aps( Ari-ap1242G-E-k9 ) to the following wireless LAN controller. WLC details as follows,
Model No - AIR-CT5508-K9
Software Version - 7.0.116.0
AP Model - ARI-AP1242G-E-K9
AP console logs attached in Error.jpg file
View 5 Replies
View Related
Apr 17, 2012
What is the operating and/or peak power consumption (in kW) of a 5508 WLC with redundant power supplies?
The below power details are from the 5508 datasheet which lists 115 W as the maximum draw (0.115 kW) however this seems a bit low, is this right?
Input power: 100 to 240 VAC; 50/60 Hz; 1.05 A at 110 VAC, 115 W Maximum; 0.523 A at 220 VAC, 115 W Maximum; Test Conditions: Redundant Power Supplies, 40C, Full Traffic. Heat Dissipation: 392 BTU/hour at 110/220 VAC Maximum Cisco 5500 Series Wireless Controllers Data Sheet: [URL]
View 1 Replies
View Related
Jan 28, 2013
Basically I need to upgrade the license for Base-AP count to add 100 more AP's however my vendor has provided hardcopy of license as below:
-LIC-CT5508-UPG
-AIR-CAS-3KC-K9
-AIR-WIPS-AP-5
-L-NCS-1.0-100-ADD
My understanding is rigister LIC-CT5508-UPG/PAK number on cisco site and get .lic file however what is the use of other PAK where do i register this files with? Moreover , we do have NCS , MSE in place which is centralised devices.
View 2 Replies
View Related
Oct 30, 2011
Some of my Lightweight Access Points lose connection every 10 minutes now, it worked without problems before.
I'm using an AIR-CT5508-K9 Controller with Version 7.0.116.0 and AP are all AIR-LAP1242AG-E-K9.
In the log I find informations about my node changing his parent and then reseting the radio interface.
I checked my configuration, but perhaps I missed something.
7Mon Oct 31 14:35:11 2011AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:00:3a:99:90:55:c0 Cause=Radio interface reset. Status:NA8Mon Oct 31 14:35:11 2011AP's Interface:0(802.11b) Operation State Down: Base Radio
[Code]......
View 9 Replies
View Related
Aug 8, 2012
I'm configuring AP in Hreap mode. Objective for me is th have a "plug & play" installation method for HREAP. I configure on HREAP AP, Native VLAN set to 1 and the WLAN and Vlan mapping for the current wlan is set to 1 too. WLC version is 7.0.230.0 and AP version is 12.4(23c)JA4
on my cisco switch (WS-C3560-24PS with 12.2(55)SE1), the port configuration is as below:
switchport trunk encapsulation dot1q
switchport trunk native vlan 45
switchport trunk allowed vlan 45,74
switchport mode trunk
no logging event link-status
no logging event power-inline-status
no snmp trap link-status
spanning-tree portfast trunk
spanning-tree bpduguard enable
AP receives a DHCP IP in Vlan 45 and users connected in vlan 45 too. I would like to undestand why the AP is working properly because normally vlan 1 is not configured as allowed vlan on my switch and the native vlan is dedicated only to untagged ethernet packet.
View 1 Replies
View Related
May 22, 2013
I have one cisco wlc 2112 with ios 7.0.230.0 with license to support 12 access points. My access points are nine (9) lap1231ag and one (1) lap1310.I just have one wlan (ssid). My scenario of deployment is in layer 3. I have one interface management and ap manager in the WLC. All my Access Points have differents ip address that WLC. I need to configure a unique ssid to associate my six (6) dynamics interfaces (each dymanic interface with different vlan subnet).Each wlan profile (ssid) should have the same security in phase 2 (wpa2/psk). My cisco access points don't support hreap. My wlc support only (4) interface into an interface group, and i need six (6) dynamics interfaces.
View 6 Replies
View Related
Apr 1, 2012
i have setup of following AIR-CT5508-K9 controller and around 20 AP spread all over the place, two SSID one guest and one for my employees.
the one for guest has web authentication, using Iphone every 2 to 3 minutes it time out and i have to reenter the credentails for web authentication.
View 3 Replies
View Related
Mar 11, 2013
I am running big wireless network, with 20no of 5500 with 7.0.116.0 version. I have more than 20,000 AP's. If i add some config in primary controller or do some changes or reboot all the AP's are moving to backup controller. this doesn’t have any problem, but many AP's which moved to backup controller are losing VLAN mapping. This happens every time. Primary --> backup, backup --> primary. Both controllers have same vern...same config etc..
AP model: AIR-LAP1252AG-A-K9
Controler model: AIR-CT5508-K9
View 15 Replies
View Related
Sep 4, 2011
I get the following error message at startup.
---
Error (2048) found in fsck check - attempt to repair.---
What is the implication of the error message 106007? Do I have no problem continuing to be left out of this error?
View 4 Replies
View Related
Feb 24, 2011
I want to confirm if the access point (AIR-AP1141N-E-K9) can work with the Wireless LAN Controller (AIR-CT5508-25-k9)
View 2 Replies
View Related
Jul 30, 2012
When a client connecting to a specific AP (example AP01), after every 1800 sec uptime it will reconnect and join other unit AP (example AP02)Both AP physically installed distance is around 6 meters from each other. I conduct the testing where i get myself sitting in middle between these two APs.
01. If i disable settsion timeout this feature, or setting the seconds become higher value, what's the performance and security impact? Is it recomend to change the default 1800 seconds session timeout?
02. Is there anyway i can tweak on WLC controller to prevent the client after session timeout then associate with another AP. This will lead major performance impact as the client woudl possibility connect to the weak signal AP and effect on the performance.
These are the details for reference:Client detail
- Dell DW1520 wireless-N WLAN card, with firmware version 5.100.235.12
- CCX version 4 supported
- Layer 2 security is WPA2 personal with PSK.
- wireless radio an
Controller detail:
model is AIR-CT5508-K9
software version is 7.2.110.0
View 4 Replies
View Related
Jul 30, 2012
I have a Cisco 5508 setup at a host site with 3 other sites connected using hreap on 1252APs. When doing testing of network speed I find that the throughput from the wireless to wired network is at about 18mbps yet the same test on wired side is 85-100mbps and wireless to wireless is 18mbps
View 4 Replies
View Related
