Cisco :: WLC 5508 Interfaces Backup Port
Apr 25, 2012
On a WLC 5508 it lists an option to specify a "Backup Port" under the physical information section on an interface. We have two central switched SSID's which are connected to an internal firewall. We are looking at installing a backup/standby firewall and running a virtual firewall between them. Each SSID would have an additional patch from the WLC to the standby firewall.
Does the backup interface port function on the WLC allow traffic to be failed over from a centrally switched SSID via backup interfaces to an alternative device? If this does work will only physical link failure to the primary firewall cause the backup port to be activated or is there configuration parameters which can be specified for load, packet loss or latency which can be used as criteria to cause the backup port to be utilized?
View 1 Replies
ADVERTISEMENT
Sep 8, 2012
Since WLC5508 MGMT interface is configured a AP-Mgr at the same time, can I set a Backup Port to WLC5508 MGMT interface? Refer to WLC configuration Guide:
In the Backup Port text box, enter the number of the backup port assigned to the management interface. If the primary port for the management interface fails, the interface automatically moves to the backup port.
Note Do not define a backup port for an AP-manager interface. Port redundancy is not supported for AP-manager interfaces. If the AP-manager interface fails, all of the access points connected to the controller through that interface are evenly distributed among the other configured AP-manager interfaces
if I need to configure the backup port for MGMT interface, i need to remove the AP-manager on MGMT interface and create a network dynamic interface for AP-Manager ?
View 2 Replies
View Related
Feb 5, 2013
how to backup a Cisco Wireless Access Point Controller 5508.
View 2 Replies
View Related
Jun 12, 2012
My customer has a 4402-25-K9 and need a backup (failover) controller to avoid data transmision break when primary controller goes down.4402 are end of sale so I have a question can I use 5508 to get Controller Failover Protection with 4402 ?
View 3 Replies
View Related
Dec 9, 2012
I have two 5508 WLC's setup to run about 200 AP's as the moment. This is a hospital with patient care now running over wireless. I am looking for the best scenario to minimize down time. Currently both controllers are in the same mobility group and I will be setting the primary / secondary controller in the High Availability tab for each AP. Most setting are all default still.
My question:
Would it better to setup the primary/secondary from the global configuration?
Can I leave them in the same mobility group if I use the global configuration?
My only problem so far is having AP's on different controllers caused some response delay as clients move from one controller to the other. I need to find the best possible response time with the lowest possible fail-over time. Any recommondeations or links to a good article on this subject?
View 4 Replies
View Related
Jan 10, 2012
I recently tested the process for a customer of defaulting a Cisco WLC to factory configuration and then restoring the configuration from Cisco NCS. It was not seamless to say the least and I wonder if I have just gone about it the wrong way.
Have have set the NCS platform to configuration sync with the 5508 controllers at 04:00 every day and prior to the controller defaulting I ensured that NCS also reported that the config was in sync. I have also set NCS to complete a tftp backup of the controller every night 23:00 - interestingly though I have no idea where this is stored on the NCS platform ( a VM appliance ) or what it's file name is.
Anyway my experiences where as follows:-
1. defaulted WLC and via serial CLI ended up at the configuration wizard.
2. Set the correct LAG, management IP, host name that NCS knew this controller by.
3. To test things just created a dummy WLAN ( SSID ) as I assumed this would be overwritten ( big mistake ! ).
At this point I connected the controller to the network and tried to restore the configuration from the config sync version.
First problem - you have to remember to set up the SNMP community string you were using as it is needed by the configuration sync process. After adding this to the controller I could push the configuration to the controller.
Second problem - failed to add the first WLAN from the backup as I have added the temporary dummy W LAN via the wizard and NCS reported a conflict. So had to delete WLAN ID 1 from the WLC GUI directly and then the config push no longer reported this error.
Third problem - for some reason did not add the TACACS server details - reported the error that it could not added them. I manually added these via a template via NCS and all was well.
Fourth problem - all but the first WLAN was in the disabled state - had to re-enable all of the WLANs.
Fifth problem - any default items I had disabled or removed have not been saved - therefore I have removed the public and private SNMP communities - but these were still on the WLC after the restore. I have disabled unused ports not in the LAG as they show an error in NCS - these where not disabled after the restore.
So all in all not a very satisfactory restore process from NCS to an defaulted WLC ( meant to simulate to the customer what would be needed if they had to replace a controller due to hardware failure ).
View 1 Replies
View Related
May 9, 2012
I am trying to configure two AP-management interfaces to accept CAPWAP on different ports using the option "Enable Dynamic AP Management". One of them uses public ip address. However, I getting the message "Ignoring discovery request received on non-management interface ..." on this.
The controller is 5508.
View 4 Replies
View Related
Oct 8, 2012
just have few questions about designing WLC 5508
The scenario is that currently one of the client has a firewall Tie ring T1 internet facing and T2 internal which has multiple DMZ connected.
T2 firewall has a DMZ switch connected which has a router which connects to MPLS cloud to different site across the country. (around 10 sites) all static routing.
Now the client is thinking to deploy wireless at all 10 sites using H-REAP. The issue is that client has only one WLC and they are not willing to buy other as i was thinking to deploy two WLC one for corporate and one for guest users. (one in internal network and on in DMZ)
Now my question is as follow.
1- Keeping in mind that there is only one WLC where should i physically put it?
2- How guest users will work ? How the authentication will be done?
3-There are 8 SFP ports in WLC how physical topology will look like?
4-How many Vlans i have to make for wirless users will that be 10? (1 at each site) ?
my last question is that how these ports work on WLC are they just like switch e.g one port can be assigned to different vlan....just confuse about interfaces and vlans on WLC (interfaces concept)
View 3 Replies
View Related
Jan 3, 2012
I have a 5508-WLC appliance and configured multiple ap-manager interfaces to balance the join request from LAPs and the load.I went to console port from some LAPs and saw that there was that balance among multiple ap manager interfaces (Dynamic AP Management Interfaces). Then we torn down one of the ap manager interfaces and confirmed that the LAPs were moved to next ap manager interface automatically.But the question here is, how can I verify which ap-manager interface was used for a LAP from the WLC via GUI or CLI ?? or how can I see the amount of APs joined using that ap manager interface from WLC ?
View 2 Replies
View Related
Sep 3, 2012
I didn't design the job, but is pretty straight forward, except the following, the design has a single wlc 5508 with 2 physical connection between two non cisco switches. There are 2 initial WLANs to be created. I am ok with most of the wlc config execpt the following:
Now from my understanding of everything I have read recently, you can't use LAG on the 2 physical connections if they connect to 2 seperate switches, unless, although not offically supported, the 2 connections are on either 2 3750s in the same stack or a pair of 6500s running VSS. So I believe that in my case 2 seperate connections from the wlc to 2 non cisco switches will not work with LAG. Is my understanding of this correct?
Is there a way to maintain the 2 physical connections from the wlc to the 2 non cisco switches to maintain redundancy?The wlc will have a management interface obviously, but from what I have read, the 2 WLANs that are going to be created have to have their own interface on the WLC. Which I understand as the managment int and each of the 2 WLANs are on different subnets.
If I don't use a single uplink to one of the non cisco switches (either 1 or 2 physical connections) using LAG, it appears to me that each of the interfaces ( management, wlan1 and wlan2) need to have a physical connection from the WLC to the switch, with each interface mapped to a physical port on the WLC, so correct me please if I am wrong, but this would mean I need 3 physical connections between the wlc and the swtich?
View 3 Replies
View Related
Oct 8, 2012
just have few questions about designing WLC 5508. The scenario is that currently one of the client has a firewall Tie ring T1 internet facing and T2 internal which has multiple DMZ connected. T2 firewall has a DMZ switch connected which has a router which connects to MPLS cloud to different site across the country. (around 10 sites) all static routing. Now the client is thinking to deploy wireless at all 10 sites using H-REAP. The issue is that client has only one WLC and they are not willing to buy other as i was thinking to deploy two WLC one for corporate and one for guest users. (one in internal network and on in DMZ). Now my question is as follow.
1- Keeping in mind that there is only one WLC where should i physically put it?
2- How guest users will work ? How the authentication will be done?
3-There are 8 SFP ports in WLC how physical topology will look like?
4-How many V LANs i have to make for wireless users will that be 10? (1 at each site) ?
My last question is that how these ports work on WLC are they just like switch e.g one port can be assigned to different v lan....just confuse about interfaces and vlans on WLC (interfaces concept).
View 3 Replies
View Related
Jun 20, 2012
I have a facility, where all the access points almost 250 of them are connected to two WisM's (One in each core switch ) . They are running in 6.0.199 firmware . These two WisM's are managed by WCS , which is running 6.0.188.
As i need to add more access points and to make fully redundant , 5500 controller was ordered and it has with firmware 7.0 installed. Couple of queries related with it .
1. Can 5500 be added in the WLC group, so that existing Access Points can be configured to use primary controller as 5500 and secondary / tertiary controller as WISM ?
2. Will 5500 be able to be detected by WCS , as the version of 5500 is 7.0 and WCS version is 6.0.188 ?
3. As WCS was already deployed and live, is it possible to upgrade, if the client has support contract like SUSA ?
View 4 Replies
View Related
Aug 30, 2011
I've got a new 5508 wireless lan controller and can ping the ip address of the management interface, but can't access the GUI at the management interface's ip address. I can access the GUI on the service-port interface. No static routes in the controller; trunk appears to be set up correctly.
View 5 Replies
View Related
Mar 14, 2012
My company uses Cisco 891's in replacement of the 1811 where we would have DBU used via an external modem and a triggered time of 3 minutes after a primary connection failure was identified. In testing the 891 in a Layer 2 failure environment, it is within milliseconds that the v.92 port is engaging after the layer 2 failure. Has anyone been able to get it to attempt at a more than millisecond rate?
Redacted config from router:
ip sla 1
icmp-echo <%= probeIP1 %> source-interface GigabitEthernet0
[Code].....
View 0 Replies
View Related
Apr 24, 2012
I have a question about 2504 deployment.Two WLC's , one will be acting as primary controller, second as secondary controller.
There will be two firewalls with High Availability between them. Ok, if primary controller will go down, we would need to wait about 2minutes, and AP's would join secondary controller.
But if there is a problem with firewall? Etc. FW 1 goes down. Is it possible with WLC 2504 to use it's second port as backup port ? And use the same IP address between them?
Because if we configure the second port with different IP address, we would need to wait about 2minutes, because AP's is in "rejoining" mode )(To use second port as backup, but have the same IP address on it ( like put these two interfaces into the same "vlan") , because this would be really great, if one Firewall goes down, we would still will be using the same wireless controller.)
View 3 Replies
View Related
Jun 23, 2011
I have a DSL modem (custom made and branded by my ISP) which is receiving a DSL stream... it has an external IP which is visible to the world, say, 11.22.33.44 ... This modem has DHCP enabled, has an internal IP for itself, which is 192.168.1.1 .. it is connected to 2 laptops via and ethernet cable .. Laptop 1 has IP 192.168.1.2, and Laptop 2 has IP 192.168.1.3 ...On Laptop 1, two applications are running, jDownloader and Media Player Classic, which have their web interfaces on ports 8765 and 13579,respectively.. I can access both of these web interfaces from Laptop 2 by opening these addresses: 192.1681.2:8765 and 192.168.1.2:13579 ... both of their web interfaces open up, meaning the web interfaces are working fine ..Moving on, I now want to access these web interfaces from outside my network as well, and so I've configured port forwarding in my DSL modem to forward all traffic on ports between 8000 and 14000 (both TCP and UDP) to IP 192.168.1.2 ... I have verified that port forwarding is working by testing it using PortForward.com's port checker tool, and this website too: Open Port Check Tool - Test Port Forwarding on Your Router When I use the website, if I'm running the applications on Laptop 2, the website reports that the port is open .. if I then close the application, the website reports the port is closed ... This makes sense as nothing is listening on my machine in the latter case .. Also, if I disable port forwarding in my modem, again, the website reports the port is closed ... so, the website's results seem to be okay ...
Despite the above tools reporting that port forwarding is working, I am unable to open the web interfaces from outside my network ... So for example, if I tried to browse 11.22.33.44:8765 or 11.22.33.44:13579, nothing opens in my browser ... But if I accessed these web server's locally from Laptop 3, by typing in 192.168.1.2:8765 or 192.168.1.2:13579, they opened ... The tools report unanimously that port forwarding is working, and yet I am unable to open the web interfaces from outside the network ..Also note that I have disabled the firewall from my computer, and have also made sure that any option in the above programs (whose web interfaces I am trying to open) that says only local connections are to be accepted, is disabled ...
View 2 Replies
View Related
May 13, 2013
I am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
I have 2 questions:
1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
Port 1: Controller management only=> 192.168.x.x /24
Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing)
Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing)
Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth)
Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?
View 3 Replies
View Related
Sep 17, 2011
I am wondering if xconnect L2TPV3 feature could be done on multiple SVI interfaces on 871 router and 2911 router with built in 8 port switch?Like I need to extend two ethernet interfaces and can I use two SVIs on router built-in switch module on each side?
View 2 Replies
View Related
Oct 23, 2012
I just turned on 2 Wirelless LAN Controllers 5508 and I am getting this message on both of them:
Loading primary image (Image not found)
** Unable to read "linux.pri.img" from ide 0:2 **
Loading backup image (Image not found)
** Unable to read "linux.bak.img" from ide 0:2 **
And it is taking me to the BootMenu. I selected option 4 to Clear Configuration and the controller seems to restart the system but I still get the same error. I checked the LEDs status and Sys is Amber and Alarm is OFF which according to the documentation is a System Crash.
View 1 Replies
View Related
Jul 10, 2012
I have bought an RV180 Firewall/VPN and try to use the Backup Software Crashplan. As per the supplier it needs Port 443 and 4242 open. Port 443 is fine and allows me to use the service to backup to the Cloud. However when I want to allow other users to backup to my computer this traffic is blocked. I tried to open port 4242 on the firewall and forward the traffic to the computer that hosts the service but it does not work. I have tried to Telnet this port from the WAN but I don't get a response. When I check the Open Ports this port is not listed as a LISTEN port either.
View 1 Replies
View Related
Jan 20, 2013
Here's my problem. I'm going to be using Cisco 1941 routers at a bunch of remote sites. All of these sites have 2 comm paths out. Some of them have 2 IP/VHF radios and some have 1 IP/VHF radio and a copper link using Patton ethernet extenders. From the VHF radios the data hit our MPLS network back to our HQ and the sites with copper go directly back to our HQ. Everything ends up at a Cisco 4948 switch. The problem I'm having is that I want the routers at the remote site to use one ethernet port (G0/0) as the primary and the other (G0/1) as the backup interface. I've tried the backup interface command but the problem is that depending on where an outage occurs the ethernet link to either the radio or Patton stays up so it never switches over. We're using OSPF as our routing protocol and I'm sure there's something that can be done with it but I'm not sure what.
View 4 Replies
View Related
Dec 5, 2010
What is the purpose of Redundant Port that says "future use RJ45" on the Cisco WLC 5508?
View 3 Replies
View Related
Jul 3, 2012
I'm having an issue with the 5508 management port .. I can't seem to ping it from the switch connected to it .. ( the Show cdp command shows that the two can see each other .. but no ping is possible ! [code]
View 4 Replies
View Related
Dec 30, 2012
I connect a copper SFP on port 2 of WLC 5508 to a ASA 5510 firewall. The links between two devices are down. Since ASA 5510 only support 100 full, how do I change port speed on port 2 to 100.
View 8 Replies
View Related
Jan 2, 2013
I want to configure Port channel for WLC 5508 and cisco 3750 Stack Switch. What changes I need to make on WLC and where?
View 7 Replies
View Related
Apr 30, 2013
We are trying to set up Out of band connection for Cisco 5508 WLC and when we try to ssh to the Service port from a remote switch, this fails. SSH or Telnet to the Management IP address works fine. The Service port and Managment IP are in the same IP scope but different subnet..i.e 172.16.10 for Management and 172.16.99 for Service port. Also, as this set up will be HA (AP SSO) in future, for which DHCP is recommended for the service ports, just wondering if SSh will be possible.
View 7 Replies
View Related
May 16, 2013
We use a wlc model AIR-CT5508-K9 with eight built-in ports. I would like to know if it is possible to change the speed of these ports down to 100Mb. At this time, they are set to auto and 1000Mbps.
View 3 Replies
View Related
May 6, 2013
I have 2 x 5508 Wireless Controllers, 1 mgmt port on each as standard. I noticied something different between these controllers running the same code.I can bound a physical port to the mgmt interface on one controller but not the other (both interfaces are untagged)see below, this config appears on one controller but not the other? Is this something to do with the initial setup? How can I add Phyiscal information to the other controller mgmt interface, I cannot delete the mgmt interface. Physical InformationPort Number Backup Port Active Port Enable Dynamic AP Management?
View 2 Replies
View Related
Aug 19, 2012
I'm having some difficulties configuring my Cisco WLC (5508) - ver 7.0.230.0 .I'm have multiple client device residing on same vlan associated to the WLC but unable to telnet over port 8090. However, when inter-vlan, client device able to telnet over port 8090.Say Machine A as application hosted machine and Machine B as client machine; [code] i should be looking on the WLC to allow telnet port 8090 over from Machine A to B within the vlan .
View 2 Replies
View Related
May 15, 2013
Management purchased a HA package from Cisco consisting of 2 5508's with pre installed 500 users license on the Primary WLC and none on the secondary WLC. We have 5508's already so I am familiar with setting them up and so forth. What I am not familiar with is setting them up using HA for failover and license sharing. I've looked and looked and can't find documentation online showing how to set this up. I have found some but nothing that is complete. I have spent 2 days spinning my wheels.
View 2 Replies
View Related
Oct 9, 2011
I have setup LAG for one of our 5508 controllers and have connected 4 of the 8 ethernet ports to a 4507 switch. After configuring 2 port channels on the switch we are receiving a host flapping error between the port channels and it seems to be causing a serious slowdown on the switch. When I shutdown one of the port channels the error goes away and traffic returns to normal. I have the same configuration at other locations with the only difference being the switches used are 3750G-12S and I do not see the host flapping error. It appears to only be a problem with modular switches.
One other thing of note: I read a Cisco white paper on LAG and it suggested creating the port channels over 2 different modules. For example, put ports G4/24 and G5/24 in port channel 1 and G4/25 and G5/25 in port channel 2. I tried this but I still got the host flapping error.
View 4 Replies
View Related
May 30, 2012
Let's say I have 3 APs, all connected to a WLC 5508,Each AP has a computer that is connected to it, Computer A, B and C, all on the same Vlan with same SSID
Is it possible to configure so
A and B can not talk to each other but both can talk to C ?
Something like "protected port" feature in the switch world.
View 4 Replies
View Related
Jul 23, 2012
I have found some samples on the FlexConnect setup for the controller side. However none of the documents mentioned how the switch port should be configured that goes to the controller and AP.
At this moment I have a Cisco 5508 configured in CAPWAP mode with 20 APs. I would like to use same controller for connecting one of the remote sites with 2 APs in FlexConnect mode. Current the 5508 to switch port is configured as 802.1Q port. All CAPWAP AP ports are configured as "switchport access vlan X" where X=capwap VLAN. Need to know how the switch port should be set for the remote site where flexconnect APs connect.
View 7 Replies
View Related
