We have some remote H-READ APs at a branch office and a 7921 phone which drops calls/loses audio when roaming between APs.We are just using WPA2 without any 802.1x or CCKM/PKC.
Do we absolutely have to set up a radius server/8021.x/EAP to enable fast roaming?We had 2 AP's autonomous with WPA2 before and roaming didn't seem to be an issue. We now have 4 APs over WLC in the same office and the phone calls are very unstable.
I'm trying to figure out if it is possible to configure in one site a wireless setup that goes like this:
One WLC (5508), multiple LAP's in H-REAP mode.
AP's will be splitted in multiple VLAN's belonging to different departments but with the same SSID.Each VLAN will have it's own DHCP scope. All AP's are located in the same site and I need to know if it is possible to roam between AP's that belong to different departments?
We just installed MSE with CAS (7.0.201.204 software) and everything works fine and clients are shown on WCS floor maps except for Cisco 7921 wireless phones which dont appear in the WCS map.
View 3 Replies View RelatedI'm getting high utilizatiom from a 7921 ip phone and call quality is getting very low sometimes. What can cause this high utilization?802.11 Mode 802.11a Scan Mode Auto Restricted Data Rates False Call Power Save Mode U-APSD/PS-POLL BSSID xxxAccess Point xxxTx Power 15 dBm Channel 44 RSSI -57 Channel Utilization 153 DTIM period (ms) 2 Security Mode Shared+WEP Encryption WEP Key Management Shared
Load Information
Load Profile................................. PASSED
Receive Utilization.......................... 0 %
Transmit Utilization......................... 0 %
Channel Utilization.......................... 69 %
Attached Clients............................. 4 clients
I have configured a cisco UC520 with inbound called coming in on FXO port 0 and have configured it as a co-line. I have 4 phones set up on the system including the wireless 7921 phone, the problem is that if i answer the call on the 7921 it does not give me the option to hold or transfer the call however the other phones do (7931).
View 1 Replies View RelatedWe have a new deployment where we have 5 total 7921G wifi phones connected via 2 AP541n access points, one connected to a ESW520p switch and then to the UC540 and the other connected directly to the UC540. The wifi phones are intermittently giving no audio when calling each other, however, calls to the PSTN consistently do have 2 way audio. Is this a security issue perhaps? We are running the latest CCA software pack as this is a brand new deployment, also the AP's were upgraded to the latest firmware.
View 14 Replies View Relatedhave configured Cisco IPPhone 7925G with EAP-TLS setting. (With manufacture installed and Userinstalled certificate). My issue is while roaming from 1 AccessPoint to another AccessPoint the call getting droped. I need to restart the IPPhone to reauthentiate again. In ACS am agging the authentication time-out error. (I had changed the time out value for EAP-TLS to 20 in WLC as per recommendation.)
If am using static web key there is no issue in roaming.
What is the reommended setting inorder for the EAP-TLS to work properly.
I'm trying to test fast roaming using a Cisco 2100 Series controller and 2 1140 APs. The initial authentication succeeds fine and the wireless connection works ok using WPA2+CCKM and LEAP with a Cisco ACS radius server.The problem is that the client does not attempt to preauthenticate with the other AP because the RSN Capabilities IE in the AP beacons and probe responses do not set the RSN Preauthentication capable bit. I can't figure out what it takes to get the APs to indicate to clients that it can do preauthentication. I'm been crawling through all the documentation I can find, to no avail.
View 1 Replies View Relatedrecently we have deployed a Two APs in branch office warehouse and I have one wifi phone 7925 used over there. the problem is every time when phone roaming from one AP to another, 2 or 3 packets dropped, following is result of the 'debug client ':
--More or (q)uit current module or <ctrl-z> to abort*apfMsConnTask_7: Jun 27 09:52:25.496: 88:43:e1:4f:ab:39 Association received from mobile on AP a0:cf:5b:c3:a8:90*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39 10.107.38.121 RUN (20) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1621)*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39 Applying site-specific IPv6 override for station 88:43:e1:4f:ab:39 - vapId 14, site 'AKL-AP-GP', interface 'management'*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39 Applying IPv6 Interface Policy for station 88:43:e1:4f:ab:39 - vlan 38, interface id 0, interface 'management'*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39
[code]....
I am trying to install a digi cert on a 7921 and I get the message on import of "certificate verification failed".as there does not seem to be much documentation with the above error message.
View 2 Replies View RelatedI just recieved new 7921 phones. I cannot get them to pick up a dhcp address
I keep getting DHCP "Timeout's" and " Configuring IP" . The ould 7921's and the new 7925's work just fine. I have tried removing and reconfiguring the WLAN and Interface on the Controllers. I even removed and reconfigured the DHCP scope in Infoblox.
We have two different entities we support and both are set up as autonomouse wireless groups. The SSID is the same though so they can use their 7921's between floors and buildings. The problem we have had is that the phones on the first floor were getting the IP's of the organization on the second floor. When you view the AP's on the phone the ap directly next to it on the first floor (the one its suppose to talk to) is listed first, The strange thing is that shows it is connected to the right AP (the first floor one). The AP on the second floor is also listed but its about third down. After the phone sits it will actually change IP's but not all of them. Their were a few phones that took about a half a day to get the correct IP.
My question is how do these phones grab their ip's? I know how DHCP works but I am needing to know specifically how the radio works on the 7921's. What is the boot up process? It appears that it must cycle through each channel starting with the highest and loop through a process in descending order: compare ssid's and then authenticate if possible. I am assuming it is seeing the second floor first because initially they all get the second floor ip. The second floor is on channel 60 and the one it should connect to is on channel 36 (We are using 802.11a). That's how I came up with my descending channel theory.
One of my 7921 phones disconnect ten time an hour and during conversations. Sometimes, people who call on this phone are redirected to the answer message.This phone is connected through WIFI network and Cisco Callmanager 4.2 manage all phones (we have about 80 phones on the network). I thought it was a problem with the phone but I exchange with another one and it's exactely the same problem. The problem is just for a line in particular. All the 7921g phones in my company are configured from mac address in the call manager. This problem occured after a storm but I'm not really sure that it's related to.
View 2 Replies View RelatedWe use LAP 1042's as our main AP's, and we set those in H-REAP (with Local Switching) in order to let them work properly. This is because our WLC is not located in the AP's local network. This is something that, sadly, cannot change, so this has to stay the way it is now.We also use a freeradius server to authenticate users on our wireless network. In our previous situation, before using Cisco appliances, we would just set our web auth page to a certain URL and make sure that the URL was granted access before authentication. We obviously found out that Cisco implemented this by using a Pre-Auth ACL. As a result we've added the IP adres of that web login page to a ACL and added that ACL to the pre-auth for the WLAN that will use Radius Web Auth. The WLAN also has the Radius servers added to the AAA page, so those are in place.
Now comes the problem though. When I connect to the WLAN that will have to use Radius, and try to open a page it will start trying to load the virtual interface (1.1.1.1) and then it will try to redirect to the web-page that I defined in the External Server. Like I stated, I've added the webpage's IP adres (after resolving it) to the pre-Auth ACL, and when I look at the counters I see that go up every time I try to load a page. Yet the browser on the computer gives me a time-out trying to load the external web-server web auth page.
When I disable Web-Auth all-together, I get internet straight away, so the problem obviously is located in the web-auth settings or ACL settings somewhere, but at this point I just don't know where to look anymore.
Is there is is any posibility to run WLC4402 and 104x family in H-REAP mode.
View 8 Replies View RelatedI'm reading up on H-REAP in the Deploying and troubleshooting Cisco Wireless LAN Controllers book (Chapter 13) and I would like some clarification on the except below.:"Also notice that, as part of the WLAN configuration, no mention was made of choosing and interface for the WLAN. Unless you will have APs in local mode servicing a WLAN configured for local switching in conjunction with H-REAP APs, the controller interface is irrelevant because the controller will not bridge the client traffic on the network.The H-REAP performs that function. Even if you will not be using any local mode APs, you must choose an interface to be associated with your WLAN. In this case, you could use the management interface or create a quarantine VLAN interface, for example if you do not want client traffic to be bridged by the controller if the client traffic is no longer locally switched."Our corporate office has 2 5508 controllers and 150+ APs in local mode. I'm preparing to deploy a couple of H-REAP APs to a remote site to test. Is this saying you have to choose an interface when creating a WLAN, but if the WLAN will only be used by H-REAP APs w/ local switching it does not matter which interface is used when creating the WLAN. If there are APs in local mode using the same WLAN, the interface the WLAN associates with needs to be on the same subnet as the devices connecting the the WLAN?
View 3 Replies View RelatedIm configuring a WLC 5508 ( version 7 ) with h-reap local switching.All is working , yet i wonder if the vlan mapping can be done better.Currently i need to go into each Lightweight Access point , enable h-reap, then set the native vlan , with the final step to map the vlan. This needs to be done for each AP. In an environment of 100's of APs i would take forever. ( i thought one of the main points of the WLC is centralized management).
View 1 Replies View RelatedJust trying to figure out how LAP manage clients in a h-reap setup.Have a setup with native vlan on 144 (switch and AP) and ssid tagging in other vlan... Got this on switch:
Jan 12 10:31:43.121: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0811.9695.9b04 on port FastEthernet0/42.
Jan 12 10:31:43.121: %PORT_SECURITY-2-PSECURE_VIOLATION_VLAN: Security violation on port FastEthernet0/42 due to MAC address 0811.9695.9b04 on VLAN 144
Jan 12 10:37:42.770: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0811.9695.9b04 on port FastEthernet0/42.
Jan 12 10:37:42.770: %PORT_SECURITY-2-PSECURE_VIOLATION_VLAN: Security violation on port FastEthernet0/42 due to MAC address 0811.9695.9b04 on VLAN 144
Wonder why clients MAC is seen on native vlan (and ofcourse also on taged vlan) ...?
We have a customer who is evaluating a Cisco Vs. Motorla wirless solution. He says that a Motorola AP can only work in standalone mode for 48 hrs. after it lost communication to the controller. Is there any limitation like this with a 2500 controller and 1140 series access points solution?. Is there any reference to show?
View 3 Replies View Relatedi have configured cisco LAP1240 in H-Reap Mode for multiple branch offices with Local switching and central authentication. one of the branch's AP does not join the controller in HQ while the others are all ok. i have firewall only in HQ, i did priming first for all APs like let them join the controller and configure controller IP in high availbility, and H-Reap config and assign SSID to map with the branch local vlan. when i faced this issue first time i brought back ap and configure a static IP address for AP than recheck them again but the problem still same. since i have only one firewall in the network and also other branches joined the controller through that firewall and no issues.
View 3 Replies View RelatedWhat is the maximum number of WLANs/SSIDs that can be configured on a H-REAP access point? I have a network with 3502i AP's, centralised WLC's in the data centre running 7.0.116.0, and WCS version 7.0.172.0.
I was successfully running 2 SSID's at a remote site, one SSID was configured for H-REAP local switching, dropping out to the local site VLAN X, and the other SSID was a central switching guest WLAN anchored to a WLC in a DMZ.I configured a third SSID at the local site running H-REAP local switching, and now I cannot see the guest SSID anymore, it does not appear to be broadcasting.Is there a maximum of 2 WLANs/SSIDs when operating in H-REAP mode?
I have three 5508 WLCs, running code 7.0.98.0 supporting 100+ LWAPs in H-REAP mode. The LWAPs are servicing 2-3 WLANs each. Some are using central authentication and local switching, some are configured for central authentication and central switching. When the LWAPs fail from one WLC to another WLC, the LWAP's lose all of their VLAN mappings and pick up the VLAN of the management interface on the new WLC.
All WLANs are configured to use the management interface on the WLC and the VLAN mappings are configured per LWAP on the H-REAP properties tab. The WLAN ID numbers and all the WLAN settings are the same across all 3 WLC's. I have created AP groups on all 3 WLC's and the AP group config matches across the 3 WLCs.
I can get the LWAPs to keep their VLAN mapping by creating an interface on the WLC with the VLAN ID of the locally switched/remote site VLAN and then setting the interface for the WLAN to the new interface. However, then the WLAN doesn't work, because the centrally located WLC doesn't have the remote site VLAN. It also seems to keep the VLAN mapping if I create the locally switched/remote site VLAN interface on the WLC , and point the WLAN to the management interface. This shouldn't be a necessary step though... In H-REAP with local switching, the LWAPs aren't using the interface on the WLC.
I found a note in the 7.0 WLC config guide that explains why the VLANs are picking up the management interface VLAN, but that same note says the VLAN mappings can be changed per LWAP/WLAN!
From config guide: For hybrid-REAP access points, the interface mapping at the controller for WLANs that is configured for H-REAP Local Switching is inherited at the access point as the default VLAN tagging. This mapping can be easily changed per SSID, per hybrid-REAP access point
Using H-REAP and been able to get the LWAPs to keep the VLAN mapping when failing from one WLC to another?
I have 5 access points (WAP4410N) all connected to a befsr41 8 port/switch router, each AP has it's own SSID. Is it possible to to have one SSID for the entire wireless network so users do not have to change SSID's every time they change locations?
View 11 Replies View RelatedI have more different client networks with one ssid, when a client is in another network gets an ip it still from the old network.
How can I to the wlc change this so he gets one right address. I have a Cisco WLC 5508 and 1262/1252 Access point
I have an issue where I have an AP in one room and another in another.When I walk from one room to the other, I lose signal but manages to see the SSID and join.But, I cannot seem to surf the Internet, I have to manually disconnect and reconnect. Normal wireless routers I reconnect seamlessly without any manual disconnect & reconnect.Currently using cisco 5508 and ap2600.
View 8 Replies View RelatedI currently have a UC540 system with 12x aironet 1130 APs. Seamless roaming does not seem to work, and the recommendation seems to be to introduce a WLAN controller.
View 4 Replies View RelatedI´m trying to find the best configuration to improve the roaming in a WLC 7.3I changed the power threshold under the TPC to -67 and in the client roaming I put in custom mode and the minimun RSSI in -78 dBm.but I was wondering if there is a specific configuration to improve the roaming.
View 3 Replies View RelatedCurrently have a 5508 in the lab and testing 4 AP's with it. Eventually there will be 18 AP's spread thru out different floor in our building.
So far access is working fine using WPA, 802.1x and the client configured to use windows logon credentials..But it doesn't seem to automatically transfer between access points.
I have 3 Cisco 1242 WAPs that I have deployed at a site that has NO RADIUS/AAA devices. I have given all of them a different channel (1,6,11), but the same SSID and crypto (WPA2-PSK). The issue is when a machine boots up it associates with the closest/strongest AP, but as the device "roams" it does not which to a different AP. It stays associated with the original AP until that signal is gone. Then it quickly associates with the closest AP with no problem.
How do I get the device to associate with the strongest WAP? I have research "fast roaming and WDS" but it seems like you need EAP/LEAP and they do NOT have that at all.
I have configured some iPads and iPhones to Connect to an ASA via AnyConnect (ASA 8.4(1), iOS 4.2.1, AnyConnect 2.4.4009).I have configured the devices with the "iPhone Configuration Utility" (iPCU 3.2.0.267).
My question is: How to configure the "Network Roaming" feature of the AnyConnect via the iPCU?I can configure everything else correctly with the iPCU (server, certificate, connect on demand, proxy settings,...) but as mentioned NO network roaming!
how to create WiFi network with uninteruptable roaming between Access Points while clients are moving.What hardware is the best here? Are there any manuals about that?
View 2 Replies View RelatedJust checking in to ask about setting up a network with multiple WAPs. Right now, I have it set up with two WAPs, and can roam seemlessly between the two. Same security, SSIDs, etc. I have one broadcasting on channel 1, and the other on channel 11.What I wanted to ask is this: in the future, I'd like to add two wireless access to a different network that exists in the same building. So I'd have two more WAPs, broadcasting a different network with a different SSID. I can assign one to channel 6, but the last WAP will not have a non-overlapping channel to use. Is that going to cause interference issues?
View 2 Replies View RelatedHow can i configure AP (WAP4410N) to Support Roaming?
View 2 Replies View Related