Cisco :: WLC 5508 - DHCP Flow In Remote Branches
Aug 16, 2012
The network scheme is this one, I have Lightweight APs distributed and a pair of WLC 5508 centralized. We use a pair or SSID for all the branches, concretely Voice and Data.
All the branches has a local DHCP Win2k3 Server, and APs get its IP address correctly from the local DHCP, but the wireless clients obtains the IP address from the centralized DHCP Server, because all the DHCP traffic go through LWAPP/ CAP WAP tunnel to WLC.
I want that the clients get its IP address from the branch DHCP, i have reading and i think that we need to use H-REAP with local switching configuration and the correct vlan mapping in local switch and H-REAP for it works that we want. Is it correct? Is possible that the client obtain the IP address for the local/branch DHCP Server instead of the Local DHCP?
View 6 Replies
ADVERTISEMENT
Jun 18, 2011
I am having asa 5520 in my head office and in branches 2811 routers.i connected two branches with my HO through VPN.now i configured remote vpn client in HO asa . now i need to access all the branches using this remote client.how i create route in HO ASA.
View 7 Replies
View Related
Sep 16, 2012
I am having trouble getting DHCP working for a site connected using Flex Connect. Here is my setup. I have a single 5508 Controller at one site using the 10.3.0.0 network. All AP's at that site are in local mode and use the local DHCP server, 10.3.0.2. Everything works fine there. Each site uses a different SSID as well.
At my second site, 10.4.0.0, all AP's there connect back to the controller at the site above and are in Flex Connect mode. The AP's work fine and the clients work fine there but they get an IP address on teh 10.3.0.0 instead of the 10.4.0.0 network. If i setup the SSID at this site to override the DHCP server settings and tell it to use 10.4.0.2, which is our local DHCP server, the clients don't get an address at all.Is this simply a matter of setting an IP Helper address on the router where the WLC is located or is there more to it than that?
View 4 Replies
View Related
Mar 10, 2013
In my network:- at HO: 2 x WLC 5500 and 20AP, ACS, AD- at branches: 5 AP at each branchI configure the H-Reap. Now, I have some question about Cisco wireless:1. Only 1 Wan link between HO and branches, How I should configure when the WAN link down, all AP at branches still works, users still connect?
2.Based my network architecture, I should authentication central at HO or authentication at HO and branches? AP at branches supports local authentication or not? If we want to authenticate on AD at branches, how can I configure?3. I also want IT at branches have managed AP at their branches. When branch has visitor, IT at branch create temporary key and provide to visitor. at branch, how can I do that?
View 5 Replies
View Related
Jun 11, 2013
We've encountered problem from the last few days with DHCP on certain SSID's. We have a wireless network with 13 SSID's being managed by a WLC 5508 pair configured as high availability (52 AIR-CAP3502I). Yesterday we encountered an issue with DHCP on a few of the SSID's but not all, and as a last resort a reboot of the controller fixed the problem. Statically assigning addressing allows for traffic to traverse the network out to the web and back so I don't think it's a VLAN configuration issue on the wired side. It's worth mentioning however that the controllers are configured for a LAG to HP switches. DHCP is being handled by an external windows DHCP server and the primary server address points to the gateway which has a relay configuration pointing to the windows server on the other side of it. Again, rebooting the controller fixed the problem and the web traffic traverses fine if statically assigning addressing.
View 1 Replies
View Related
May 17, 2011
We have a network of multiple WLCs: 5508, 4402, WISMs in two C6509 all running version 7 software. We have about a dozen SSIDs and we need to provide DHCP to the one public SSID (which like the other SSIDs span across all controllers) and to do so we thought of using a spare router, Linux workstation or DHCP server on the controllers. We are not sure if using the controllers is an option since we have multiple controllers. Is there a way to setup DHCP on a WLC and tell the others to use that WLC for DHCP for the one SSID?
View 3 Replies
View Related
Mar 28, 2011
delete a lease from a DHCP scope on a WLC 5508? I'm using that unit as the dhcp server, no relay. I am unable to find anything either through the web or cli.
View 2 Replies
View Related
Aug 22, 2011
The two controllers are having two internal DHCP servers with the same range in LAN (enx1,enx2). but i have specified which is primary DHCP server(enx3) in WLAN interface.
Now if a new user added into network, will he get IP address from primary dhcp(WLC) or AP connected WLC.
if two users connected to 2 diff AP's which are connected to 2 WLC will get the same IP address? since having same address pool configured.
View 11 Replies
View Related
Oct 3, 2012
I am configuring IPSec Remote Access VPN on a ASA 5505. There are one external interface and one internal interface configured on the device. Internal interface connected to subnet 192.168.1.0/24.en VPN client get connected, I would like to assign the IP from some subnet(for example 192.168.2.0/24) other than the current internel subnet (192.168.1.0/24), but the VPN client can still access to 192.168.1.0/24. Is there a way to do this?
View 2 Replies
View Related
Feb 28, 2013
I am currently running an ASA5540 version 8.3(2). I have multiple remove vpn users currently working on this server. Lately, I have had issues with people getting booted or not being able to route anywhere and it appears to be cause they keep fighting for the same IP address using the local pool, so I decided to attempt to do DHCP instead (I have no idea why it keeps overlapping IPs, we have tons in the pool and they keep fighting for the same one). This just started about a month ago, we are only using maybe 3-5 IPs out of the /24 block. The only thing that has changed was we have hired more people, but we have separate groups for corporate vs operations team.
So, I setup the dhcp-network-scope for the subnet and the dhcp-server under the policies. I see the request going to the server, but it seems to be putting the ASA MAC into the Client Hardware Address field of the DHCP header. I have attached the PCAP from the ASA showing this.
View 7 Replies
View Related
Dec 5, 2011
We have a 5508 WLC with WCS and are using 1131AG WAPs. How to determine if there is interference or noise at a remote location without going there with a spectrum analyzer?
View 8 Replies
View Related
Apr 17, 2012
i have deployed WLC 5508 in head office with current 56 access points (mix of 1262N, 1141N and 1242) are regist ered and working fine, recently we extended to our remote office (connected over Layer 3 MPLS with OSPF Protocol) were none of the access points are not registering, i am able to reach to the controller from the specific VLAN and native VLAN without any issues. @remote site i have enabled option 43 and option 60 with the controller IP.
Number of APs.................................... 56
Global AP User Name.............................. ciscoGlobal AP Dot1x User Name........................ Not Configured
[Code]......
View 10 Replies
View Related
Jul 23, 2012
I want to implement site to site vpn among our Head Office and Barnch routers (300 Sites).Head Office Site I have a cisco 7200 Router Im going to terminate the VPN conection on that.Branches we are having cisco 1841 series routers. They all are capable of working with VPN.In the present it is act like a EazyVPN Server for selected sites(30 sites).Is there any license limitations in Cisco 7200 Router ?Can I run both Site to site VPN and Eazy VPN Server together ?
View 1 Replies
View Related
Apr 22, 2012
I have Internal DHCP Server configured on the Cisco WLC 5508 and all is working fine. DHCP Range is 192.168.1.100 to 192.168.1.245. Now I created another SSID but I want clients connecting to this SSID get specific IP's or from a specific range. WLC has no option to bind a DHCP pool to a specific IP so what I did I checked the option to "Override DHCP" and added the IP of my firewall WLC is connected to and setup a DHCP Pool on that firewall as 192.168.1.89 to 192.168.1.94 (192.168.1.88/29).
Client can connect to the second SSID but can't grab and IP address, what am I missing ?
View 6 Replies
View Related
Dec 15, 2011
At customer site we have a wireless lan installed with wireless lan controller 5508. This works fine but the customer wants to add wireless bridge WET200 into the network. The problem is that the bridge seems to authenticate and associates with the LWAPP but does not get an ip-address.
View 5 Replies
View Related
Apr 10, 2013
Recently I came across a wireless design whcih I ws not able to understand.The design is:
1. Two wireless LAN Controllers 5508, each with 25 AP license. AP load (5APs per Contorller) shared between the WLCs and congured with Backup Controller option.
2. The design has a Data Center Switch 3560x series, on which the two WLCs, Cisco Prime Infrastructure and Cisco MSE were connected. I've attached the design here.
3. The Data Center Switch is configured with DHCP pool for the wireless clients. The IP Address of the Data Center Switch is : 10.xx.xx.2 and Default Gateway is: 10.xx.xx.1
4. On the WLC, the Management Interface is configured with the IP Address: 10.xx.xx.21 for Controller 1 adnd 10.xx.xx.22 for Controller 2. But, their DHCP Server is configured with IP Address: 10.xx.xx.1 but not with 10.xx.xx.2 .
This means, all the DHCP requests are pointing towards the Gateway of the Data Center Switch.Is this the correct configuration?I have seen the Wireless Clients getting the IPs allocated from the DHCP Pool, even though the Management Interface's DHCP server configured with Gateway IP address 10.xx.xx.1 .
The DHCP configuration for the Data Center Switch is:
ip dhcp pool xxxxxx
network 10.164.220.0 255.255.254.0
default-router 10.164.220.1
The Management Interface configuration on the WLC is:
Interface Configuration
Interface Name................................... management
MAC Address...................................... 2c:54:2d:72:b5:40
IP Address....................................... 10.164.220.21
IP Netmask....................................... 255.255.254.0
IP Gateway....................................... 10.164.220.1
External NAT IP State............................ Disabled
[code]....
View 2 Replies
View Related
Nov 8, 2012
I am trying to come up with a wireless solution for a campus deployment. The campus has ten buildings currently using Autonomous APs and are currently converting to Dual 5508 Controller model.
I would like to have a separate AP Mgmt subnet in each building, so I will configure an ip helper on the SVI on this vlan to:
Option1 - Point to the Internet Router configured with DHCP Option 43 with the controller IP addresses
Option 2 - Point to the Wireless LAN Controller itself.
Problem with Option 1 is that the Internet Router will now have to connect directly to the COE network to be able to route back to the AP mgmt subnets. So I would emply a VRF here to keep the separation.
Problem with option 2 is that there appears to only be one DHCP scope allowed on the controller. So this would mean a flat mgmt network across all buildings which I am trying to avoid. I know that after the AP joins the controller, I could change the IP and change the vlan on the port but this is not very neat.
So question is:
Is there a way of getting multiple DHCP pools on the controller?
View 3 Replies
View Related
Jul 10, 2012
i have WLC 5508 showing the below Logs , which prevent the users from connecting to the SSIDs , also its disconnecting the associted users DHCP Socket Task: Jul 11 09:54:08.992: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'interface-02'. Marking interface dirty.*mmListen: Jul 11 09:54:08.638: %MM-3-INVALID_PKT_RECVD: mm_listen.c:7671 Received an invalid packet from 10.21.1.25. Source member:0.0.0.0. source member unknown.it shows 3 to 4 times durring 1 hour ,
View 2 Replies
View Related
Mar 29, 2012
I would like to share one problem with WLC 5508 . we added a new virtual interface on the WLC. One new SSID is associated with this interface.
We created a ACL for this interface to restrict the access via WIFI to certian services. It´s not correct that everything works fine because the change were not applied. [code]
The changes of the ACL are applied on the fly, but for reason we don´t know, the clients don´t get a DHCP IP-Address (after changing the ACL) until the Controller is rebooted.
View 2 Replies
View Related
May 6, 2012
How do Mobility Groups work with internal DHCP scopes on a WLC 5508?We have a WLC 5508 with two internal DHCP scopes which redirect to captive portals for authentication. I am looking at putting in a second WLC in a mobility group setup to provide some WLC redundancy. The LWAPs will be setup so that every second AP is on the has the second WLC as its primary controller. If the primary WLC fails we want the secondary to be able to take over and issue IP's from the internal scope. How do you set this up with a Mobility group so the second WLC does not act as a rouge DHCP server while the primary WLC is still active?
View 6 Replies
View Related
May 1, 2013
Have a WLC 5508 running 7.0.230 with internal DHCP server. Timeout is 3600 seconds. The IP addresses never seem to be released. The controller will show 70 clients but 254 addresses will be assigned.
View 2 Replies
View Related
Jun 28, 2012
We created the management interface, an internal DHCP scope in same subnet, and Two SSID tied to the same management interface:
- when we connect to the first SSID we have and IP address
- but when we connect to the secone SSID: impossible to get an ip address - auth and association are OK
View 11 Replies
View Related
May 7, 2012
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching. - I have an LWAP connected to the WLC in HREAP mode. - WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server. - Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the V LAN configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name............. Cisco Systems Inc.Product Name................ Cisco Controller Product Version................. 7.0.116.0Bootloader Version................ 1.0.1Field Recovery Image Version..................... 6.0.182.0Firmware Version..... FPGA 1.3, Env 1.6, USB console 1.27Build Type.......... DATA + WPS + LDPE
[code]...
View 12 Replies
View Related
Jul 21, 2012
A client wants us to use the internal DHCP server on a 5508 instead of Windows DHCP. They will have 15 APs initially and upto 25 later. The docs on the 7.2 WLC make it sound like this is discouraged: Internal DHCP Server.
The controllers contain an internal DHCP server. This server is typically used in branch offices that do not already have a DHCP server. The wireless network generally contains 10 access points or fewer, with the access points on the same IP subnet as the controller.
In this case, the APs will not be in the same subnet as the Managment Internet.Is it a mistake to use the internal DHCP with upto 25 APs (3 WLANs)?
View 3 Replies
View Related
Nov 28, 2011
why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
!
ASA Version 8.2(5)
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.6.0.12 255.255.254.0
[code]....
View 3 Replies
View Related
Jan 15, 2013
why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
!
ASA Version 8.2(5)
!
interface Ethernet0/1
[Code]....
View 9 Replies
View Related
Apr 16, 2012
City A is the data center with 2 WLC (CT2504-K9) and a number of AP. City B is a branch with MPLS between A and B. Right now the APs at City B has joined the controller. Users at B is getting ip's assigned from DHCP at City A. How do I configure the WLC so users can get ip's assigned from DHCP server present at B. Option 43 is enabled.
View 2 Replies
View Related
Mar 11, 2012
I have a setup like this:
A central WLC 5508 running code 7.2 with management vlan 10 ( range 10.10.10.0/24), corp-user vlan 100 (10.11.10.0/24) with WPA2 key, guest vlan 200 (192.168.0.0/24, on local dsl modem) with WPA2 key...
A remote WLC 5508 with code 7.2 with management vlan 10 (range 10.20.10.0/24), corp-user vlan 101 (10.21.10.0/24) with WPA2 key and guest vlan 201 ( 192.168.0.0/24, on local dsl modem) with WPA2 key
corp ssid "Corp-user" on both sites
Guest ssid "Guest" on both sites
Intention is that the AP's (3500) on the remote site should fail over to the central WLC in case of any failure on the remote WLC and that the users could remain in their local vlan.
What kind of configuration would make this work?
View 8 Replies
View Related
Jun 2, 2013
We have a 5508 with 7.4.100.0 vor Internal APs and OEAPs. till now every thing is ok. Now we have to connect an AP (local) in a remote office, connected to the WLC by a VPN Tunnel. The problem is that the AP in the remote office uses the NAT Address to connect to the WLC, so the traffic goes over the Internet, not trough the VPN Tunnel. On the controller I have the following setting:
AP Discovery - NAT IP Only ................. Disabled
On the AP:
AP Link Latency.................................. Disabled
How to force the AP to use the internal IP Address of the WLC?
View 7 Replies
View Related
Mar 18, 2012
I am in the process of turning our autonomous wireless network into a centrally managed lwapp network. We have a new 5508 with 1140 series APs which will be distributed in three locations nationwide.
My manager saw a presentation that showed the AP just getting plugged in and all of its configurations were downloaded. Right now I am able to get basic global information to install on an AP in the local network but I feel I am missing something. If I have three locations using different IP schemes (eg: 10.0.1.0 for A, 10.0.2.0 for B and 10.0.3.0 for C), the remote locations are getting their DHCP info from the routers.
Is there a way based on location/IP that the APs associate themselves with the correct WLAN or AP group? How much can I automate once the AP discovers the controller? I am reading the manual and searching the web but information is a bit vauge on this. My plan is if an AP fails in a remote location, all I need to do is ship a new AP out to be replaced and when the AP is added to the network the firmware and other information is downloaded and is then ready to be accessed with minimal configuration on the controller end.
View 4 Replies
View Related
Feb 15, 2013
I have a school with 550 iPads. We are using two 5508 WLCs sharing the number of APs. The DHCP server and the default gateway for the network are on the firewall. The clients are able to get a DCHP. After some time, maybe about longer than a month, the clients are no longer able to get DCHP addresses. A reboot of both controllers takes care of this. Presently we are runing 7.2.110 OS. I am going to upgrade to the latest 7.4.100, and reload tonight.
View 1 Replies
View Related
Aug 10, 2011
I have a 5508 WLC controller at the HQ with the employee ssid ,the dhcp scope on the ssid is 10.120.0.0/16 network.
However,I want this same ssid to be brodcasted to a remote site using HREAP access point but with different dhcp scope 10.102.0.0/16.
I have tried creating another interface for the remote site with a different dhcp scope(10.102.0.0) but the controller wont allow me create another wlan with same ssid that existed before to apply the new interface created for.
View 1 Replies
View Related
Nov 7, 2012
All controllers are in version 7.2.111.3.C1 is a 5508, it is ou anchor controller.C2 is a 5508, it is a big site controller.C3 is a 2504, it is a small site controller. C2 and C3 are in the same mobility group than C1 (and all is up up in mobilty managment). When "DHCP Addr. Assignment" is enable on C1 : Clients on C2 received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C2 and all is working fine. Clients on C3 don't received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C3, so nothing work.
View 4 Replies
View Related
