Cisco Switching/Routing :: 6504-E VSS And WLC 5508 Integration?
Dec 14, 2012
We have implemented VSS on Cisco 6504-E switches using the 10GE links on the Sup-720-10GE. Two Cisco WLC 5508 controllers are planned to be connected in a LAG configuration, (consisting of eight links per LAG bundle) to each of the 6504-E chassis( Total of four WLC, two for the primary location and two for secondary location). WLC HA feature may be implemented on the primary and secondary WLC controllers using the 7.3 latest code release.
In this scenario, i would like to seek clarification on some of the design /configuration requirements on the 6504E switches:
1. VLAN 100 - 200 is configured for the Active Primary 6504-E switch and VLAN 200-300 for the Standby 6504-E switch. The IP scopes for the VLAN are defined in the 172.16.x.x range on the Primary and 172.17.x.x on the secondary. As there no cross links(Multichassis LAG) from the WLC controllers to the 6504-E switches, is it better off implementing a single common VLAN range on a single subnet block for the VSS, which in the event of say Primary switch failure, the Wireless APs do not have to re-associate with a different IP range on the secondary? What is the best design practise in this case?
2. What is the best practise for implementing a single management loopback address for the VSS domain- is this implemented using a port channel (Layer 3 MEC) as below? and is the loopback IP address on a totally different IP range reference to point 1 above?
Can the VLAN IP ranges on the 6504-E VSS be assigned in two different subnets say 172.16/12(100-200) and 17.17/12(300-400) and the common loopback (lo0) in 172.18.x.x/32 or is it better to have one common 172.16/12 subnet spanning the entire VLAN range (100-400). Cisco documentation describes creating port channels from the line card card physical ports as opposed to just creating lo0 and advertising this into the IGP.
int g1/x/1
desc VSS Management
channel-group mode 101 active
int gi2/x/1
channel-group mode 101 active
int po101
desc VSS Management
ip ad 172.18.x.x/32
View 2 Replies
ADVERTISEMENT
Dec 14, 2012
We have implemented VSS on Cisco 6504-E switches using the 10GE links on the Sup-720-10GE. Two Cisco WLC 5508 controllers are planned to be connected in a LAG configuration, (consisting of eight links per LAG bundle) to each of the 6504-E chassis( Total of four WLC, two for primary and two for secondary). WLC HA feature may be implemented on the primary and secondary WLC controllers using the 7.3 latest code release.
View 9 Replies
View Related
Apr 14, 2007
We recently wanted to swap our existing WS-SUP720-base with a WS-SUP720-3B in a 6513 chassis.Had the existing configuration config saved in a txt file and replaced the supervisor. Booting went fine and we pasted in the original config. There was one failure message about unnsupported command but didnt take further notice."boot system flash sup-bootflash:" was probaly the line that the 720-3B didnt support.After wr mem and reload it went in continious loop and rebooting due to inncorrect boot device. Had to put back the old supervisor and have now the 720-3B in a 6504 chassis. Tried some commands in rommon, but are not getting any further.
View 8 Replies
View Related
May 27, 2012
We currently have a WS-C6506 chassis with a line-card WS-X6408A-GBIC. Currently we need to replace the chassis by a Ws-6504-E and also the line-card. My question is: What must buy line-card and meets the same specifications of WS-X6408A-GBIC?.
View 4 Replies
View Related
Oct 17, 2012
We have network topo ( attach file)Two switch run VRRP, if I ping 10.0.10.3 from switch SW-6504-01 with source 10.0.10.2, ping lost one packet every 10 packets.We have other interface vlan with same problem
this is some config:
!
interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet3/47
[code]....
View 5 Replies
View Related
Oct 30, 2012
After rebooting a pair of 6504's configured for vss, both switches show active on the sup modules. A show switch virtual redundancy however shows the pair working in an active/standby mode. We have 6509's in vss pairs and they show active on switch1 and standby on switch2 led's. For the 6504's switch 1 was booted first and then the second switch about 30 seconds later. Is there something different with the 6504's? [code]
View 4 Replies
View Related
Jul 17, 2012
I'm having with VSS Failover. Currently I have two 6504's setup for VSS with one connection to the sup engine (10Gig__Connection) and the other connection on the Module 3 10Gig Blade and the same setup on the other 6504.My question is: If the active 6504 has a power outage or the link on the sup engine goes down, and the standby 6504 becomes active, what happens when the Failed 6504 comes back online with a higher priority and preempt set? What happens with the 6504 that took over as Active and now eeds to go back to Standby, what's required?
What I'm seeing is once the Standby took over and became Active in order for him to go back to Standby mode it's asking for a reload to take place is this NORMAL?
View 2 Replies
View Related
Nov 3, 2012
We are trying to integrate Cisco WLC 5508 and Microsoft NPS 2008 to allow users to use their AD username and password to authenticate to the wireless network.I basically followed the following document but with no luck (Appendix B): URL I'v went through some threads in this forum but also with no luck,Basically, we are recieving the follwoing error in NPS event viewer:A RADIUS message was received from RADIUS client a.a.a.a with an invalid authenticator. This is typically caused by mismatched shared secrets. Verify the configuration of the shared secret for the RADIUS client in the Network Policy Server snap-in and the configuration of the network access server.
View 2 Replies
View Related
May 24, 2011
I have just recently purchased a 5505 Controller and 30 3502i AP's. On my main corporate WLAN, I would like to allow users to be able to authenticate via Active Directory username and password.I am also looking for as little client side set up as possible. From what I have researched, I will need to use some type of EAP method.
I have come across two methods that appear to be the top contenders.
EAP-FAST - The method seems to be a possibility but I see that it uses certificates. If I use this method, does it mean that I would have to import the certificates to each machine manually? Also, can I configure thsi to work with just the 5508 Controller and an AD Database server or do I need an intermediary like IAS or ACS?
PEAP/GTC - This method is also a possibility and I think that it does not require certificates. Does this also require an intermediary like ACS or IAS.
View 3 Replies
View Related
May 18, 2011
I am deploying Redundant WLC 5508 with 4 VLANs and 4 SSIDs Match to it, Everything works Fine, now i need to do the below:
1. I need All Wireless Users need to authenticated with Existing Active Directory/LDAP
2. I will Create Guest Accounts in my AD , and pass to Guests, Then Guest should only Access Internet except Corporate Resources
2. How can i secure my Voice VLAN for Wireless Phones. I want only WIreless Phones to Connect to Voice VLAN.No internet Access on Voice VLan
View 4 Replies
View Related
May 15, 2012
we need to install a line cards (WS-X4548-GB-RJ45, chassis WS-C4510R-E), on a chassis Ws-6504-E.where I can find information about compatibility?
View 2 Replies
View Related
Oct 20, 2012
We are currently evaluating ISE and I am stuck with the PEAP authentication (with Server side Cert).Our current setup consists of two 5508 controllers, 30+ access point. For authentication we are using PEAP with (server side Cert). We have an IAS server which is also acting as a CA server. We are using Cisco’s NAM as a supplicant on Windows XP & 7 workstations. I would like to use ISE for authentication. I would like to use PEAP with Server side Cert (similar setup like IAS). I want ISE to perform the same function in addition to profiling etc.....
I was able to integrate ISE with Active Directory but could not get it working with PEAP (server side Cert). I would also like to know if they used Microsoft’s CA server or Open SSL CA server or a third party CA server (Go Daddy, VeriSign etc.)Can you we ISE as a CA server just the way we used Microsoft’s IAS Server as a CA Server?
View 8 Replies
View Related
Jan 3, 2012
Does VPC is supported with WLC 5508? I am running 5.1.(3).
View 6 Replies
View Related
Mar 10, 2013
I try to connect a AP3502 to WLC 5508 7.3 the AP obtain @IP of WLC, but no more than that.
The dhcp server is hosted to WLC the WLC server is configurerd with 1 interface Mgt with AP dynamique mode.
View 2 Replies
View Related
May 24, 2012
If the ports on a 5508 can only perform etherchannel(no LACP or PAGP), only on mode, how does a 5508 create a bundle with a nortel switch?
View 1 Replies
View Related
Jul 16, 2012
Getting a lot of the following errors on our 5508 form the same subnet: 10.20.0.1 255.255.248.0 . I tried researching and not getting much.
broffu_SocketReceive: Jul 17 10:11:10.068: %DATAPLANE-3-DP_MSG: broffu_fp_dapi_cmd.c:2891 FP0.09:(7089389)[cmdAddIpv4:2921]failed to find ipv4 10.20.6.58
[code]....
View 2 Replies
View Related
Oct 15, 2012
Is there any shut down proceedure for cisco devices in data center cisco router,switches,firewalls ASA-5580-20,ace-4710 and IPS-4260 devices.
View 4 Replies
View Related
Dec 11, 2011
how to configure QoS on the portchannels from the nexus up to the WLC 5508's?
View 1 Replies
View Related
Apr 25, 2013
How many VLAN Interface can be create on a WLC Interface, e.g. GigabitEthernet 1?
View 2 Replies
View Related
Dec 24, 2011
i wanted to know if there is any way to use poe from 6504 switch which is capable of burn a NIC?if there is a Way ' can you tell me how i can do it ??
View 10 Replies
View Related
Jan 22, 2013
I have a strange behavior between a WLC 5508 (version 7.0.116.0) and NEXUS7010.
WLC
The WLC is configured in DHCP Bridging Mode (it sends DHCP requests without change)
Nexus
The VLAN interface is configured as follows
interface Vlan501
ip access-group acl-int-vlan501-in-1 in
no ip redirects
ip address 10.12.56.4/21
ip ospf network broadcast
ip router ospf 100 area 10.23.0.0
hsrp 51
Clients can not obtain an IP address intermittently. If I deactivates the ACL when the problem appears(when the client can not obtain an IP@) the probleme is resolved
Note: Before the WLC was connected to Catalyst 6500 and worked properly for 2 years (with same configuration)
I saw this note about differences between DHCP relay on the NEXUS7000/NXOS an Ip helper one the 6500/IOS URL. Do you think the problem may come from the DHCP relay or ACL on the NEXUS.
View 2 Replies
View Related
Jan 18, 2013
I have just been setting up a WISM2 in a test lab and for some reason the Supervisor is not creating a port channel on my 6500 as suggested in the WISM2 Deployment Guide. WISM2 is installed in an appropriate slot (according to same doco) and have attempted reset to factory defaults, removing and power cycling several times.
View 1 Replies
View Related
Mar 20, 2013
I just got 2 Cat6504 Chassis and 2 ASASM pluged in them. show version from submodule ASA as follow:
SVC-APP-HW-3#show ver
Cisco IOS Software, trifecta Software (trifecta-SP-M), Version 15.1(1)SY, RELEASE SOFTWARE (fc2)
[Code].....
I want to upgrade new OS for ASA to 8.5 (asa851-smp-k8.bin) but after copy this soft to the module, I can not "write" command or when I reload this box, everything was no changed. SVC-APP-HW-3#write startup-config file open failed (No such device)
View 2 Replies
View Related
Jun 3, 2012
I am in the process of configuring load balancing on ACE module but struggling to configure virtual IP address for ACE module. I'm working on ACE30 module and using software version A5 (1.2). ACE module is in slot of Catalyst 6504 switch.
View 5 Replies
View Related
Nov 1, 2011
On our 6504 - 12.2(33)SXH, we currently have a single connection to our ISP (GI1/1) and want to add another connection (GI1/2) Is there a way to bond the two connections to form a single connection (a single pipe) to double the throughput?
View 3 Replies
View Related
Mar 1, 2012
Is integration of LMS 3.2.1 with ACS 5.3 now possible ? (I understood from this forum that early ACS 5.x could not integrate wih LMS 3.2, but that this feature would be restored at one point in time (5.1?)).
View 1 Replies
View Related
Mar 14, 2011
first i configure the ACS to Synchronize time from AD as NTP server second when i configure the integration between the ACS and AD and test the connection there is no output from this test but i see that the domain is connected and the end of the page the problem is when i try to navigate the groups by go to directory group and use select there is no output.
View 3 Replies
View Related
Apr 15, 2013
Is it possible to integrate a WLC with a NAC 4.9(1) L3 OOB? I can't find any documentation that says that it is possible or not.
View 9 Replies
View Related
Dec 24, 2012
I have Integrated the ACS 5.3 with AD.Now my next goal is to Integrate ACS with RSA in such a way that all my Cisco devices should use the username and password from the AD.The enable privilege level should come from the RSA Token OTP.Is it possible to do such a thing with ACS 5.3?
View 3 Replies
View Related
Nov 20, 2011
We have a customer who wants to configure his guest wireless network in such way that the guest should fill in a self registration form and generate the username and password themselves. For this purpose we are using cisco ISE but we don't know how to integrate it with cisco WLC.
View 1 Replies
View Related
Feb 12, 2012
Our DDM admin would like to pull device information from LMS. I've enabled DB Views (ODBC) access and tested from my desktop that I can query the data successfully. The DDM admin is telling me DDM requires access to several master tables - sysservers, sysdatabases, syslogins, etc..before he can query the RME/ANI device data. Does these master system tables are available, exposed or even exist in LMS? I can't find them.
View 1 Replies
View Related
Jun 24, 2012
We have an ACS running 4.2. I am sure that this ACS is talking to our AD database because our wireless users (using ACS as RADIUS servers) are able to log in using their Windows AD account.
However, I am not sure how ACS is integrated with AD. Our ACS is installed on a windows 2003 R2 server. I am not sure where the AD database is? ie,if AD is on the same server as ACS OR on a different server [ADs managed by different group altogether :-( ].
How is the integration done between ACS and AD when both are on the same windows server? And How is the integration done between ACS and AD when they are on different windows servers?
ACS is software installed on windows 2003 R2 server.
View 2 Replies
View Related
Jul 13, 2011
I have configured my WLC 4402 for Radius authentication using Cisco ACS server version 4.2 Patch 4. When using Local Database of ACS my Wireless Users are able to authenticate but users are not able to authenticate from External Database of Windows AD 2008 R1.
In ACS logs I am getting the this error- Authentication session timed out. Challenge not provided by client.
View 3 Replies
View Related
