Cisco :: How Many AP Will Wlc 5508 Support In HREAP Groups
Nov 20, 2011
I have a new deployment of 44 3502i AP's in 3 buildings at one of my campus'.The 5508 wlc is running latest 7.0.116.0 code.I have some users who take their work with them as they go from location to location on this campus.They need to be able to smoothly switch from AP to AP without having to reauthenticate each time the next AP takes over in the handoff.On the ssid in question we run 802.1x back to 1 auth server; there is no failover auth server.All APs are in one AP Group.My thought is to add all 44 of the APs to one HREAP Group.
View 4 Replies
ADVERTISEMENT
Mar 1, 2012
I have a wireless network with two WLC 5508 controllers and 220 LWAPs in the same location as the controllers. All APs are currently in local mode. I run a few guest networks as well as some other client networks. One client in particular uses their network to connect mobile machines to their VLAN. The only issue is that the machines do not have wireless adapters. Instead, the manufacturer put inside the chassis, a D-Link WGB, which has an ethernet cable, you then have to plug into the ethernet port. These devices cannot seem to connect to the network. I have found, the WGBs do associate on the network, but the wired client behind it cannot pass traffic onto the VLAN. I have also tried connecting PCs with different SOHO style WGBs from different manufacturers with the same result.
After going through Cisco's documentation, I found that using 1230s in WGB mode can resolve this issue since they use IAPP to communicate the MAC table of the wired side clients they service back to the controller. I have configured a 1230, and used it as the WGB for the client machine instead of the D-Link and it does seem to work, but this would mean configuring a considerable number of 1230s to hand over to the client.
The first question would be, Is there something I am missing that I would need to do in order to allow SOHO style WGBs to forward wired side client traffic onto the network while LWAPs are in local mode? Or would the WGB NEED to support IAPP?
The second question is that, I may have found another solution to this already, but would like some input prior to committing.
This client also uses these same machines with the same WGBs inside the chassis at another location where the client operates the network themselves. They also use the same WLC model with the same version, and same APs. The only difference is that they use H-REAP mode with local switching.
I also tested this idea, and it seemed to work. With the AP in H-REAP mode, and the client's WLAN set to local switching, the machine and WGB connected with no problem.
So the question with this, would be; would there be any disadvantages in running all 220 APs at this location in H-REAP mode? What would I be losing if anything? Also, I would like to keep all other WLANs centrally switched.
I understand what the difference would be for this client's WLAN if I ran in H-REAP mode with local switching, but what would the difference be in the other guest WLANs if I set them to be centrally switched? (Is there any difference between running APs in local mode vs running APs in H-REAP with central switching?)
View 2 Replies
View Related
May 22, 2013
I have been having an issue with random AP3602I's in HREAP mode disassociating from the 5508 controller. These AP's are in remote offices with 70Mb WAN back to the controller. Randomly one or two AP's disassociate from the controller and I have to bounce the switchport to bring them back online. The WLC is running 7.2. Again this only occurs to one or two AP's not all of the AP's.
View 8 Replies
View Related
Aug 26, 2012
Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
5508 controller
7.2.110.0 code
6 buildings
6 interface groups
1 ssid
View 4 Replies
View Related
Jul 30, 2012
I have a Cisco 5508 setup at a host site with 3 other sites connected using hreap on 1252APs. When doing testing of network speed I find that the throughput from the wireless to wired network is at about 18mbps yet the same test on wired side is 85-100mbps and wireless to wireless is 18mbps
View 4 Replies
View Related
Sep 1, 2012
1) Is it possible for 2 WLCs installed in seperate data centres with L3 seperation to be joined in a mobility group? We will have aps in the branch offices split between controllers so we want to make sure roaming work ok. Also all guest access should be anchored to data centre 2.
2) in flexconnect local switching mode, do I need to create flexconnect groups if I'm only using radius servers in the data centre with no requirement to use local radius as a backup?
View 6 Replies
View Related
Mar 15, 2011
Did any know that how many AP Groups can be created by one Controller? (5508) May I have 100 AP Groups?
View 3 Replies
View Related
Dec 1, 2011
Do you know if the new 2500 series controller supports things like mobility groups? Could I use 2 of these and do inter-controller roaming. Also do you know if this would work with a 2106 controller and a 2505 controller or are they 2 completely independent controllers only knowing about their own APs??
View 12 Replies
View Related
Dec 20, 2012
We are running ACS 4.0 so understandably so we are looking to upgrading to a Cisco supportable version of ACS. The limitation of our current version of ACS does not support nested AD groups. The latest version of ACS (I think it is 5.4) will?
View 1 Replies
View Related
May 3, 2012
web authenticate users within a specific Active Directory Security Group. I tried to authenticate over Radius with Cisco Secure ACS and Network Access Restrictions. But NAR only works with Layer 2 authentication. And Web Authentication over LDAP can only be used with User Objects.
View 5 Replies
View Related
May 6, 2012
How do Mobility Groups work with internal DHCP scopes on a WLC 5508?We have a WLC 5508 with two internal DHCP scopes which redirect to captive portals for authentication. I am looking at putting in a second WLC in a mobility group setup to provide some WLC redundancy. The LWAPs will be setup so that every second AP is on the has the second WLC as its primary controller. If the primary WLC fails we want the secondary to be able to take over and issue IP's from the internal scope. How do you set this up with a Mobility group so the second WLC does not act as a rouge DHCP server while the primary WLC is still active?
View 6 Replies
View Related
May 6, 2012
I got the error in object when I try to add a new HSRP group in new vlan.All the HSRP group has the same HSRP group the 2.another way to provide clients's default gateway redundancy for each Vlan intead to use the HSRP?
View 4 Replies
View Related
Feb 29, 2012
Im configuring a WLC 5508 ( version 7 ) with h-reap local switching.All is working , yet i wonder if the vlan mapping can be done better.Currently i need to go into each Lightweight Access point , enable h-reap, then set the native vlan , with the final step to map the vlan. This needs to be done for each AP. In an environment of 100's of APs i would take forever. ( i thought one of the main points of the WLC is centralized management).
View 1 Replies
View Related
Feb 14, 2013
We are in a warehouse type setting and have data centers on each side of warehouse with 5508 WLC's in each data center. Each side is on its own subnet with routing in between and a different set of SSID's for each set of WLC’s. Are goal is to have the ability to failover in the event that if one data center goes down AP’s will move to the controllers in the other DC and the clients will still be able to operate.
Our thought was to implement mobility groups between the controllers. While I saw documentation on setting this up when the controllers are on the same vlan, I didnt see any setup config when controllers are in different vlans. So I am wondering if mobility groups are even an option for what we want to accomplish. For the most part clients stay on their respected sides of the warehouse and so we are not necessarily needing roaming for clients between controllers in DC1 and DC2. But that does raise another question in that we do have a planned voice wlan that we would like to have the ability to roam between each side of the warehouse. But we have seen ip issues with this. In the past we have had both SSID's setup on each side and ran to issues with clients not renewing their IP address when moving to the controllers on the different subnets.
Can we setup mobility groups between controllers on different vlans/subnets? For failover purposes will mobility groups assist in our setup with 2 DC’s and different subnets/vlans? If the answer is yes we can setup mobility groups between different subnets, is there a way to setup the SSID's on all controllers and have the ability for clients to roam and renew their IP’s when moving to a different controller on a different subnet?
View 3 Replies
View Related
Jul 7, 2011
I have 2 5508 controllers in a mobility group. Any good way to keep the configuration between the 2 controllers synched up?
I thought about copying the config from my primary controller to the secondary controller, but I would think there is a more elegant way to make this happen.
View 5 Replies
View Related
Dec 12, 2011
I created some User Defined Groups in LMS 4.1, now I want to apply certain fault notification groups to Event Sets.
Unfortunately the Groups I configured are not in the Group Selector of the Fault Notification Group: Admin > Network > Notification and Action Settings > Fault Notification Group
View 3 Replies
View Related
Aug 20, 2012
As we know that WLC (i.e. 5508) does not support MAB (MAC Auth Bypass) and it supports CWA in 7.2.x. CWA is a result of successfull MAB. So how CWA work for wireless? So it means WLC support MAB?
View 5 Replies
View Related
Oct 23, 2011
I have seen that the current WLC software release, 7.0.116.0, does not support secure LDAP using TLS. Are there any plans to incorporate this feature? (I've read that it was supported in previous releases to version 4.2). Is it in the roadmap of the product?
View 1 Replies
View Related
Mar 27, 2013
We are moving forward with a mobility project which requires our network to authenticate/authorize based on certificates.
WLAN_1 has 802.1x enabled passing the cert through to the MS CA which authorizes the cred, which in turn passes the AD creds of the user to the MS RADIUS server for authenticate/authorization.
Hardware: WLC 5508 running 7.2.110.0 3600 APs ACS 5.2 not used for AAA
1. As we turn up additional SSIDs, we need Mobile SSID to accept ONLY the Mobile Cert, our Internet SSID to only accept the Internal Cert and our GUEST SSID to deny ANY Cert issued by our CA.I know ISE makes this much easier, but I dont have it and need this to work as best we can until next fiscal cycle..
View 3 Replies
View Related
Dec 14, 2011
How Cisco Identity Service Engine (ISE) can work with WLAN controller 5508 to do the Local Web Authentication, on behalf tje guest profile is create using Cisco ISE guest management?
As i check Cisco ISE caveat wireless only support on LWA, and LWA not supported on Authorization's VLAN assignment.
what i need to concern abou the ISE authentication and authorization policy on behalf on Wireless LWA with use of ISE guest management case?
View 1 Replies
View Related
Oct 9, 2012
I'm running version 7.2.111.3 on my WLC 5508 and I try to figure out how I can set PEAP towards my configurerd Radius servers. On my Local EAP profile I can specify PEAP, but how is it default configurerd when you just specify the radius servers on the "WLANs > Edit Test > security > AAA servers tab ?
The MS radius logs tell me that it is EAP and not PEAP, so the questions is does the WLC support Microsoft: Protected EAP ???
Dot1x_NW_MsgTask_0: Oct 10 11:02:27.279: 24:77:03:07:75:28 AAA EAP Packet created request = 0x1bd4647c.. !!!! -> should be AAA PEAP ?
*Dot1x_NW_MsgTask_0: Oct 10 11:02:27.279: 24:77:03:07:75:28 Sending EAP Attribute (code=2, length=35, id=2) for mobile 24:77:03:07:75:28*Dot1x_NW_MsgTask_0: Oct 10 11:02:27.280: 24:77:03:07:75:28 [BE-req] Radius EAP/Local WLAN 3.
View 6 Replies
View Related
Aug 10, 2012
I have a customert that needs to support 200 laptops over 16 classrooms with scalability to 400 laptops. I have a heatmap design to cover this with 22 1042 access points. Does any one know what features the 5508 has over the 2504? By reviewing the data sheets, the biggest feature difference is better support for mobility, which not a need for this deployment as they just wheel a cart of laptops into a classroom and fire them up. Also, does the 2504 support LAG across the four gig interfaces?
View 1 Replies
View Related
Jun 6, 2011
is there a support of 1+1 mode (HA mode) at 5508 Controller? If yes Is there a HA bundle or do we have to order two identical 5508 controller ?
View 6 Replies
View Related
Jan 23, 2013
I am trying to follow the Fips guide for the WLC5508 and it wants to encrypt the connection to the Radius, either with PSK key wrap or IPsec. I have the options for Ipsec only as the Windoes NPS does not support Key wrap from what a previous user confirmed for me here on the board.. But then found another post that states that the 5508 does not support IPsec?
View 5 Replies
View Related
Oct 4, 2012
I have a T1 connection to one of my sites, I am running HREAP with 4 AP's. I have been noticing a spike in traffic from my AP's to the WLC. Even when no one is on the wireless. When you use encryption (DTLS) should this cause spikes on the T1 ?
View 2 Replies
View Related
Jun 28, 2010
I have this Wireless deployment :
Main Site: WLC AIR-CT5508-50-K9
WCS 6.x for 50 APs
(32 ) AP 1140
02 Remote Sites : 03 AP 1140 using H-REAP
Now, my company is considering to implement a wIPS solution, so i planned to install in the Main Site a MSE3300 and (01) AP 3500e as a wIPS AP Monitor in the remote sites,
Need to confirm:
A) Can an AP3500 work with HREAP and as wIPS monitor AP at the same time? or in other words, if it is possible to have an AP wIPS monitor far away from the WLC (over the WAN)?
B) What are the requirements of WAN link if I want to install a Centralized MSE 330 Engine,which perform the wIPS solution in all the network.
View 2 Replies
View Related
Aug 9, 2011
How many AP in h-reap mode recommend with WAN link 512k ?,i have read in document it show h-reap mode must requirement minimum link is 128k for connect to wlc but i don't know this requirement for 1 ap or all ap to connect across WAN to register and send traffic across WAN. Because now i have 2 site HQ -> Branch (link 512k) it can use for this solution.
View 4 Replies
View Related
Mar 20, 2011
I have two sites.Main site (local) has two Vlans: Vlan1 and Vlan2. Each has its own IP address range.VLAN 1 is the default Vlan and is used for CORPorate traffic. IP range 10.33.4.*VLAN 2 is for guest access to the internet IP range 10.10.10.*I have a WLC4402 on the this site with 2 WLANs: CORP on Vlan1 and GUEST on Vlan2.
Branch site (remote) which has 2 Vlans: Vlan1 and Vlan2. Each has its own IP address range.VLAN 1 is the default Vlan and is used for CORPorate traffic. IP range 10.125.15.*VLAN 2 is for guest access to the internet IP range 10.10.11.*I have an 1141 on this site using HREAP.
Locally, if you connect to CORP, you get a CORP ip address and access to CORP network. If you connect to GUEST, you get a guest ip address and guest access to the guest network. Simple so far....
Remotely, if you connect to CORP, you get a CORP ip address 10.125.15.x and access to CORP network (great). If you connect to GUEST, you get a CORP ip address 10.125.15.x and access to CORP network (not great). This is with the HREAP native vlan ID for the access point set to 2 on the controller.If I set the native vlan ID to 1 on the controller, I can not get an IP address at all.If I do not set the native vlan ID on the controller, I can not get an IP address at all.
View 2 Replies
View Related
Dec 6, 2011
Trying to implement HREAP over WAN between main and remote site. The WLC4402 is on main site. There will be a secondary DHCP at the remote site. Does the switch at the remote site any preparation?
View 4 Replies
View Related
Apr 8, 2013
I have quick question about wlc software version upgrade : currect version of 5500 WLC : 7.0.220.0,However i am planning to upgrade to version 7.2.110.0,currectly all remote site AP's are connected to this WLC , nearly 150 AP's all are in H-reap mode however once i upgrade to 7.2.110.0 version , all default should come into Flexconnect mode.Do i need to make any configuration or any changes in AP's to get Flexconnect mode or will it be default mode as Flexconnect mode in new version of WLC ?
View 1 Replies
View Related
Feb 23, 2012
We have standart wireless deployment with 24 APs (1240G model) and wireless controller 4402-25 placed on same site.Most of clients (WMS RF terminals ) works with one WLAN (WPA2-PSK) and constantly roam over warehouse , and that works great.
But for better survivability(when controller dies) we are trying to configure HREAP on our APs with local swicthed local auth WLAN. And that also work , but client roaming occur much more slowly and RDP connection to WMS APP server sometimes stuck for 2-5 sec.Disabling "local switching" checkbox for WLAN make roaming almost momental.
And slow roaming are price for controllerless HREAP design ? And for fast roaming and survivability we must use N+1 wlc?
View 3 Replies
View Related
Nov 23, 2009
I have a tale of woe for you who may be considering Hybrid REAP with local switching.
My client has a varied configuration, but the requirements basically screamed HREAP with local switching. They have 15 sites, had already purchased a single WLC 4404 and they needed between 4 and 24 APs at each of the sites. Each of these locations are connected by a WAN link of good quality, but only a single link so there is no assurance of availability; the client has local resources so it would be useful if wireless stayed working during an outage.
So I setup the WLC for HREAP local switching. I setup AP Groups VLANs, but I noticed it had no effect on the VLAN allocation for HREAP. This was unfortunate, because not every site has the same VLAN configuration - some sites had a L3 switch and others only a L2 switch. But I suffered through this and configured each AP manually with the appropriate VLAN mappings.
The infuriating thing, is now that they have bought a second WLC 4404 (they expect to increase the number of APs beyond 100) all these VLAN mappings are messed up when APs connect to the second WLC. I've been going through them one by one again - it is really unfortunate that the AP Groups VLAN mappings don't apply to HREAP local switching.
I'm going to get back to the next 80 APs - but if some of you have a system for handling the VLAN mappings of a large number of APs.
View 4 Replies
View Related
Aug 8, 2012
I'm configuring AP in Hreap mode. Objective for me is th have a "plug & play" installation method for HREAP. I configure on HREAP AP, Native VLAN set to 1 and the WLAN and Vlan mapping for the current wlan is set to 1 too. WLC version is 7.0.230.0 and AP version is 12.4(23c)JA4
on my cisco switch (WS-C3560-24PS with 12.2(55)SE1), the port configuration is as below:
switchport trunk encapsulation dot1q
switchport trunk native vlan 45
switchport trunk allowed vlan 45,74
switchport mode trunk
no logging event link-status
no logging event power-inline-status
no snmp trap link-status
spanning-tree portfast trunk
spanning-tree bpduguard enable
AP receives a DHCP IP in Vlan 45 and users connected in vlan 45 too. I would like to undestand why the AP is working properly because normally vlan 1 is not configured as allowed vlan on my switch and the native vlan is dedicated only to untagged ethernet packet.
View 1 Replies
View Related
