Cisco Switching/Routing :: 2125 Wireless Controller Without Anchor Controller Just Using Existing Hardware
Dec 6, 2012
I am looking to configure a wired and wireless guest network. I have industrial barcode scanners that connect to one SSID and then there is the business network on the office SSID (no vlan seperation for these devices just different SSIDs). There is not really a need to seperate the business network from the scanners in any case. However, there are needs for a guest network and this needs to be seperated. At the bare minumum I would like to have the wireless guest network. Here is what I have: 2125 Wireless LAN controller managing 18 LAPs (1 indoor and 17 outdoors)Cisco Cat 2950 switches (2 x 24 port and soon to be replaced with 2 x 48 port 2960's with 802.1x capability) Sonicwall TZ210 firewallOne existing wired and trunked vlan for PLC infrastructure. One ESXi hosting Windows server guests (soon to be 2 with vMotion) The reason for the wired guest access network is tp prevent anyone from plugging into the wall jack in the office with thier home laptops or anyone else from being on the same subnet as our domain machines. Granted they would be unathenticaed but there would be no layer 2 seperation and that is what I think would be best.
How would I go about doing this on the wireless controller without an anchor controller just using my existing hardware? I would like to have the Guest SSID only availible in the front office. Is it possible to offer a guest network while still servicing the business network SSID on the same access point? Then might I be able to have the guest network be treated as it should at the controller? However this might present another issue altogether as the guest traffic will be over the same wire as the business SSID until it hits the controller for management.
View 1 Replies
ADVERTISEMENT
Aug 12, 2012
I know that the 3600 series APs are not supported on the 4404 WLC. However, would the following scenario be supported? I would like to use the 4404 (software rel. 7.0) as a guest anchor with a 5508 (software release 7.2) as the foreign controller supporting series 3600 APs. I ask because the APs do not need to join the guest anchor.
View 7 Replies
View Related
Jun 2, 2013
We have a customer that have 2 5508 as primary and backup controller and a 4400 as an anchor controller. We plan to upgrade the 5508 to 7.3.112.0 and the 4400 is already 7.0.116.0. Will there be any issue if the anchor controller is not the same code as the foreign controller? Do I also have to upgrade the acnhor controller to 7.0.240.0?
View 2 Replies
View Related
Sep 28, 2010
A customer has wireless LAN controller with version 4.2.205.0 and i want to upgrade it to version 7.do i need to upgrade the controller to intermediate version or i cant directly upgrade it.
View 2 Replies
View Related
Aug 29, 2011
I have a Cisco 2125 Wireless Lan Controller and I have problem with hold coverage errors and I had tri different solutions with different antenna, the resume is:The antena gain 10*0,5 Dbi(Using a 5 Dbi antenna or 10 Dbi antenna) with Tx power 1 and the antenna gain 20*0,5 Dbi (using 10Dbi antenna) with Tx power 3 the coverage is the same.
If I try the configuration 20*0,5 gain antenna and Tx power 1 the controller show me one error and the controller don't permit this configuration. Why don't permit this configuration?
View 3 Replies
View Related
May 29, 2012
I will migrate a Cisco WLAN Controller 2125 to 2504,So I have one question?I need to make all configuration into the new Wlan Controller or I can migrate with one tool or something else?
View 15 Replies
View Related
Dec 23, 2012
I have this issue regarding the 1131 Access Points. These access points were fat access points from the factory and were applied with LAP ios so that they can join our controller. We have 2 controllers 5108 for Internal network office use and a seperate 2125 for Guest internet both these are physically seperate networks. These AP's have been working fine since say like 8-9 months and suddenly they started giving problems. The status light keeps changing colour and the AP does not join the controller 2125. Whenever i am connecting this ap to our internal network it joins the controller 5508 and works fine but somehow does not register with our 2125 guest controller. This issue is being faced by one of our client. Could this be an issue due to the ap being loaded with lap ios or does it have anything to do with the different software version fo the controllers as i could not find any things regarding this.
View 3 Replies
View Related
Nov 26, 2012
We have a WLC (5508) in our main office in Brisbane that is hosting two WLANs. One provides wireless access to our internal network and the second provides wireless guest access. The guest WLAN is anchored to a controller sitting in the DMZ at our Data Centre.
In the DMZ the anchor controller has a management interface and an interface in the DMZ for the wireless guest access. I am using the DHCP server on the anchor DMZ to provide IPs etc to wireless guest clients. The default gateway is 10.8.144.1 which is a VIP or a pair of firewalls.
Initially everything works fine. Guests connect to the guest network, have to authenticate via a web portal (Cisco ISE server) and then can go on an use the internet. Works perfectly until the firewalls fail over and the secondary firewall takes over the VIP address. All access to the internet is lost at that point. If I try to disconnect and then reconnect a wireless client it connects, as in it will get an IP address, but DNS resolution stops and I do not get redirected to the web auth portal. If the firewalls are failed back to the primary then everything works again, no issues. However, if I reboot the WLC while the secondary firewall has the VIP IP everything will work fine as it did on the primary. If the firewalls now fail over to the primary again everything goes to ****. Until either the firewalls are failed back or the anchor WLC is rebooted.
Initially I thought this was an issue on the firewall, but this doesn't appear to be the case. When the firewall fails over it sends out a gratuitous ARP advising of the change in MAC address for the 10.8.144.1 IP address. The WLC seems to update its ARP table because if I run the command "show arp switch" it has the 10.8.144.1 IP address with the MAC address of the active firewall. From the client perspective I have run a wireshark and captured packets on the wireless interface when trying to connect. The laptop is continuously send ARP requests for 10.8.144.1 but gets not reply. Without this the client cannot send an ethernet frame to the gateway and hence get to the DNS server and WEB portal. Internet access breaks. Doing a TCP dump on the active firewall shows it receiving and then sending a reply to the ARP request. It just never gets to the wireless client. Debugging ARP packets on the anchor WLC seems to indicate that the controller is receiving the ARP replies from the firewall. So I'm at a loss as to why things should break when the firewalls fail over.
I have a 3750 switch in the DMZ with SVI of 10.8.144.4. I thought I could get a work around where I would make this the default gateway. The theory being that this interface MAC address would never change. However I was wrong. Even with this IP set as the gateway address for the wireless clients I see the exact same bahaviour when the firewalls fail over. I can't explain it other than to say that the gratuitous ARP sent by the firewalls seems to kill the ability of ARP replies to be sent back to the wireless client.
View 3 Replies
View Related
Feb 2, 2012
Any link that will give configuration examples of a wireles anchor config with one controller in a DMZ. I have tried this on my own and have some problems in my test enviorment. I believe my issues were with the firewall but not exactly sure.
View 4 Replies
View Related
Nov 7, 2012
All controllers are in version 7.2.111.3.C1 is a 5508, it is ou anchor controller.C2 is a 5508, it is a big site controller.C3 is a 2504, it is a small site controller. C2 and C3 are in the same mobility group than C1 (and all is up up in mobilty managment). When "DHCP Addr. Assignment" is enable on C1 : Clients on C2 received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C2 and all is working fine. Clients on C3 don't received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C3, so nothing work.
View 4 Replies
View Related
Jan 2, 2012
I'm trying to research the tunnel limits on a 5508 controller if you're terminating controllers to two different SSID's. For example. In my DMZ i have a GUEST SSID for contractors and guests and then I have another SSID used by employees so that tablet and mobile phone users can access the interenet. Because we don't trust any of these devices we have that SSID is termiated just as we do our GUEST SSID.
To reduce the number of anchor controllers I deploy, I wanted to start with one 5508 Controller. (then move up to about 3) This controller would have two SSID's, GUEST & MOBILE. On the Foreign controllers when I setup anchor tunneling I will be anchoring to the same controller however to two different SSID's.
Per the 5508 specs it supports 71 tunnels.
So my question to the group is, will the 5508 see this anchoring as one tunnel each? Or does it support 71 Tunnels per SSID?
View 14 Replies
View Related
Feb 12, 2013
We have Internal Wireless Controllers to be set up for HA (AP SSO) and wireless traffic from Guest SSID will be terminated on a Guest Anchor Controller inside Firewall DMZ. The Internal WLC controllers are installed with software versions 7.3.101.0, and the Guest Anchor controller is installed with software version 7.2.103.0. Just wondering if the Guest Anchor controller needs an upgrade to match the software versions on the HA controllers. Also, Cisco provides a new version of code, 7.3.112.0 now. So is it recommended to install the new software version on the HA controllers as well as the Guest Anchor Controller.
View 8 Replies
View Related
Dec 5, 2011
I know that the recommendation from Cisco for the mobility anchor feature to work well is to use the same IOS version on the anchor WLC and local WLC controller. Now I´ll install on a new site a 5508 local WLC with a newer IOS version which is installed on the other controllers ( Guest and local ). Later I´ve planned to update also the other controllers to the same IOS version. Now my question is, must I upgrade all other controller at the same time ?
View 4 Replies
View Related
Sep 23, 2012
I am in process of replacing our 44xx controllers with new 55xx controllers. During the upgrade, I would like to add redundancy to our guest controllers that reside in the DMZ and had a question about regarding the setup.
If I remember correctly, I would place both guest controllers on the same mobilty group, and then add both of the controllers to the foreign controllers. The foreign controllers will form mobility with both anchors, but choose the one with the lowest MAC address as primary. On the foreign controller, if the lowest MAC addressed anchor controller does not respond, it will connect to the second controller. Is that still true? or is there a better way to go about it?
Also, I was wondering, do I need to put different guest network ranges on each of the Anchor controller? or can I use the same exact range on both anchor controller (since if a controller goes down, the clients would be reconnecting to the second controller anyways?)
Any best way to setup redundant Anchor (guest) controllers).
View 22 Replies
View Related
Nov 6, 2012
We currently have all of our foreign AP controllers on software version 7.0.116. This consists of a mixture of 4400 and 5508 WLC's. Our guest anchor is a 4402 on version 7.0.116. We are replacing the guest anchor with a 5508. We are also upgrading our 5508 wireless controllers to version 7.2 to support the 3600 series AP's. My question is what is the recommeded code that the anchor controller should be on? Should it also be upgraded to 7.2? If we upgrade the anchor controller to version 7.2, will this affect anchoring to 4400 series foreign controllers still on7.0.116?
View 9 Replies
View Related
Feb 26, 2013
I'm attempting to set up (for testing purposes) a 2nd 'guest' SSID on an internal WLC (WLC-A), and terminate it in a DMZ on an anchor controller (WLC-B). We already have a guest SSID originating on WLC-A and terminating on WLC-B though. Is it possible to originate a 2nd guest SSID on WLC-A?
WLC-A - 2504 (7.2.x)
WLC-B - 5508 (7.2.x)
The problem I'm seeing is I'm getting no DHCP address assigned on the test SSID. If I statically assign IP information I still have no connectivity. It's as if the EoIP tunnel for the 2nd test SSID isn't functional.
View 2 Replies
View Related
Dec 6, 2012
We are planning a WLAN upgrade and the security policy is to forward wireless Guest user traffic to the DMZ controllers. We are now considering the Virtual WLAN Controller and all AP's will register with the virtual controllers and we will use Flexconnect for Staff and internal traffic that will switch their traffic onto the local switch.
We wish to forward the guest traffic to the DMZ Guest Anchor controller which will be a 5508 controller. This will also offer Office Extend AP service.I have looked at teh virtual controller docs and not very clear if this deployment model is supported. Below is a diagram of what we wish to deploy and is this a supported deployment model.
View 2 Replies
View Related
Aug 16, 2012
We have a Cisco 4400 series wireless controller deployed as a Guest Anchor in a private DMZ. We have 13 foreign controllers anchored to this for Guest Wireless. We recently anchored 17 additional controllers to this Anchor controller. Since we have done that, periodically on just 3 of the foreign controllers, the control path shows down on the mobility peer, then comes back up. We have had this issue in the past, but it resolved itself. However, now we are seeing this issue again. Are we reaching a limit on EoIP tunnels? I have read that there is a max of 71, and that is per controller, not SSID. We do have a firewall in the middle but all necessary ports are open.
We have had this issue for quite sometime, it just does not happen frequently. Since we have added the additional controllers, it is now happpening very often, but only with 3 controllers. There is not much in common with these 3 controllers. 2 are 4400 series, and 1 is a 5508. All 3 are local on a campus LAN, different networks. Could it have anything to do with memory or utilization?
View 15 Replies
View Related
Apr 21, 2013
I want to use a 5508 as an anchor controller for a wireless guest deployment....but the client has internal 4402's controllers, with software version 7.0.235.0...is it possible tu mix these two controllers for a Wireless Guest Access Deployment??
View 3 Replies
View Related
Feb 23, 2012
In our test set up, we have two WLC 5508 Controllers connected via Checkpoint UTM-1 firewall Inside and DMZ Interfaces. Both the WLC controllers are connected to the firewall via Cisco 3750 switch. On the Local (Inside) Controller, guest SSID is enabled and attached to the wireless management Interface. On the remote anchor controller, guest SSID is enabled and attached to the Management Interface as well. The following configs are replicated on both the Controllers.
SSID Name - guest
Interface - Management ( VLAN 10 on Local and VLAN 20 on remote) -
Mobility Group: Same configs at both ends
SSID Anchor : Anchor SSID on local and local SSID on Anchor.
AP: CAPWAP 3502 Management Subnet
[code]....
Is there any thing missing in the wireless configs and or the firewall rules as i could not see DHCP request back from the Anchor Controller. Also, after DHCP is obtained, the web authentication request will be redirected to an Amigopod device for authentication. In this case is the redirect URL congiguration to be performed only on the Anchor Controller or is this to be replicated on both the Local and Anchor Controllers.
View 8 Replies
View Related
Jul 30, 2012
We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ. Both the foreign and anchor controller are here at my location.
I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid. As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.
We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.
I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.
So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.
Oh and here is my hardware & software levels.
5508wlc - forgeign
4402wlc - anchor
Software Version7.0.230.0
View 3 Replies
View Related
Jun 7, 2011
in one of the sites, the client has an exisiting 4402 controller which he moved to the DMZ in order to set it as an anchor & he purchased two new 5508 controllers to control the corporate APs. I configured all the parameters needed for the guest anchoring & then I tested the connection but there was an issue. (all the controllers are running the same firmware version)after testing the setup, the guest users could get an IP from the internal DHCP of the anchor controller (in DMZ), but then they cannot reach the internet or anything outside the anchor controller.Cisco confirmed that the 4400 is fully compatible with the 5500 to work in an anchor-foreign secnario as long as they are running the same firmware version. yet, when I temporarily used one of the 5500 controller in the DMZ as an anchor & I applied the exact same configurations on it as the 4400, it worked perfectly without any issues.
note: on the anchor controller (4400), the management & AP-manager interfaces reside on the same subnet & the wireless guest SSID is also mapped to the management interface. (may be this setup is causing the issue) but on the 5500 it is working just fine?
View 2 Replies
View Related
Mar 4, 2012
I've got a couple new 5508 controllers to replace my 4404's. Im wondering though if I throw them on the network to setup, will there be any conflict with the current access points? Will they try and join the new controllers for any reason automatically? Is there a better way, or a best practice to provision these new controllers?
View 3 Replies
View Related
Mar 31, 2013
We are trying to navigate the waters in choosing between a in-house, controller-based, wireless network solution or a cloud-based solution. We have been presented with the usual suspects in cloud-based (Aerohive, Meracki, etc) and with Cisco (5500) and Aruba on the other side. We are a multi-campus organization with approx. 200 APs.Any hard reasons why go with a controller-based vs. cloud-based solution? If we must keep the conversation limited to Cisco, why go Meracki over Cisco's WLC solutions or vise versa?
View 1 Replies
View Related
Mar 13, 2013
I am looking at deploying a Cisco Virtual Wireless LAN Controller (vWLC 7.3).
Do I need Prime Infrastructure to manage the environment, or can I manage my AP's (1200 series) using the vWLC alone?
View 1 Replies
View Related
Aug 27, 2012
I have a Cisco Wireless LAN Controller WCL2112 model. It's currently plugged into an HP Procurve switch on a trunk port. That HP switch is plugged into my Cisco stack on a trunk port. I can reach the WCL just fine through the LAN. But when I plug the WCL directly into the Cisco stack on a trunk port, I can't reach the WCL at all, unless I connect to it over wireless. The interface shows it's conneccted and up/up. But no communications are sent across the line. I did a wireshark and can see only ARP request from the WCL. The trunk port on the stack is set to:
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
The WCL has 3 VLAN's on it and the SSID of VLAN 1 is our office wireless. If that matters. .The Cisco Stack is 4 switches. cisco WS-C3750X-48P
View 3 Replies
View Related
Apr 10, 2013
we need to be required to import MAC filter databse from Cisco Wireless LAN Controller (4400) to Cisco ACS Server (v4.2).
View 2 Replies
View Related
Nov 20, 2012
Having an issue with my WLC 5500 and client connectivity. This just started today. Clients will connect for a short period of time and then drop off. WLC appears fine with the exception of a bunch of trap errors. I've rebooted the WLC but this did not clear the issue.
View 3 Replies
View Related
Nov 4, 2012
I have two workstations running 7 Pro, each has a quad port intel card (PCIe) which I have created teams for on both sides using link aggregation. On my switch, a Cisco SG500X-24, I set up two LAG's with 4-ports each and have both servers connected as necessary. I turned on Jumbo frames and disabled energy saving. The teams were set up without LACP turned on, however I tried it with LACP and I also ran into the same problem. Both workstations have a 26TB arrays running in RAID 6 (so plenty of read/write speed), however, with this setup, I can only get about 100MB/s (single port speed) and multiple data streams cause the speed to divide. Only single ports blink on the cards as well.
Questions 1 is probably a no-brainer, but it's my first time setting this up, but once this is working properly, would it allow a single file to transfer at ~400MB/s or would I need to start multiple datastreams to take advantage of link aggregation.
Question 2 is what do I need to change to make the link aggregation work?
I do have a little linksys router plugged into a non aggregated port to do DHCP but that wouldn't mess anything up, would it? Considering I can unplug it once everything is talking, all the transfer should take place at the switch level, correct?
View 1 Replies
View Related
May 2, 2013
I have a Nexus 7000 Core Switch , and i need to allow the domain controller ip 10.x.x.x for DHCP relay on switch.
View 2 Replies
View Related
Feb 10, 2013
Based on what i am reading on the Catalyst 3850 datasheet, the controller functionality comes by default if i have a IP Base of IP Services license on the switch. Is this correct or do i need additional license to enable the controller functionality?What capabilities does below license provide ?
LIC-CT3850-UPG (Primary upgrade license SKU for Cisco 3850 wireless controller)
View 1 Replies
View Related
Sep 6, 2012
I configured a 2504 controller with two LWAPP Access Points, and I'm using two SSID's on the same controller, the problem is when the user tries to switch between SSID's he gets an error message saying that the other network is unavailable but if he disconnects from the first network and then connects to the other it works fine !.
View 5 Replies
View Related
Oct 13, 2011
after an unplanned power outage the WLAN in our office has stopped routing. Clients can associate and get an IP address from the DHCP server on the controller but cannot get past the controller. A PC on the LAN can ping the default gateway of the SSID (dynamic interface) but cannot ping the client. Attached is a diagram of the setup. I am trying to find out how to add a default/static route via the L3 switch that the controller is connected to but am unable to do so either through the CLI or GUI. The controller (AIR-WLC2106-K9) is operating on ver 5.2.157.0.
View 5 Replies
View Related
