Cisco :: WLC5500 Mobility Group Fail-over
Mar 22, 2012
I have a Question i am testing mobility group with Failover for redundend connection between 2 Cisco 5500 Wlc.On both the controllers i got the mobility working And both the controllers have the same version.And configuration. But when i unplug the main controller the access-Points don't convers to the second one .The just keep on creaming can't find the main controllerAlso with this thus the second wlc need to have the same.Interface ip address like management.
View 8 Replies
ADVERTISEMENT
Jan 6, 2013
Is it possible to disable DCA for a couple of APs and manually force the channels assignment ?
View 3 Replies
View Related
Jun 23, 2011
How many WLCs 5508 can you add to the mobility group?
View 1 Replies
View Related
May 19, 2013
It seems the 7.3.101 version Mobility group peer cannot up,: refer to the attach,
Peer 1: version: 7.3.101
Peer 2: version 7.0.98
Peer3: version 7.2.103
Today we got new two WLC for Anchor use, and config the mobility group, but it's failed and cannot up, the ping is ok.
View 13 Replies
View Related
Nov 30, 2011
I recently add a second CT5508 to the network, but when I tried to add the first 5508 to the mobilty group I received a message like this:
"error in creating member"
I've tried different mobility names, via GUI, via CLI and always the same error.
I've verified twice or more than twice connectivity issues or any error on the entering the MAC and IP of the controllers, everything is fine.
I'm using version 7.0.116.0
View 4 Replies
View Related
Aug 15, 2012
I have to WLC's a 4402 and 5508 in a mobilty group. they are both running 7.0.116.0. They are configured to use Web Authentication. We are having complaints that Users are having to re-authenticate when moving around the office. My theory is they are moving from one WLC to the other and then requiring to re-authenticate.
View 5 Replies
View Related
Feb 1, 2012
I am setting up officeexten. I have placed the officeextend wlc in the dmz with an mgmt ip of 192.168.10.2. in the process of anchoring this to the internal wlc. Also the ip on the firewall for this interface is 192.168.10.1
1. does the mobility group need to match the same on the internal wlc ?
2. Now do i need a NAT transnational on the firewall for the external WAN ip (AP primed address say 66.10.10.10) to NAT back to 192.168.10.2 ?
3. The 5508 WLC is running on ver6.0.199.4 (license level base) - will this support office extend?
View 14 Replies
View Related
Mar 7, 2013
I read the configuration guide about the 7.3 release. And I figured out that you will need a hash key for establishing a mobility group relation between a controller and a virtual controller. The 7.3 release for the 5500 series works fine for me.But the latest release 7.0.235.0 for the wireless lan controller series 4400 does not have a functionality to add a hash key while creating a new mobility group member.The command "config mobility group member hash" is totally missing. How to establish a mobility group between a 4400 controller and a virtual then ?
View 2 Replies
View Related
Jan 23, 2012
for some reason our wlan-controllers were build up to be standalone instead of beeing one mobility-group. I would like to change this in order to use all features of HA.
let me describe our scenario: two WLCs 5508 running SW ver. 6
- same subnet
- both are running in master controller mode
- different hostnames, ip-addresses, etc
- all settings for WLANs and AP-groups (exept the APs themselves in these groups) are the same
- in total at this moment we are running around 100 LAPs configured one half on WLC#1, the other half on WLC#2
I don't know exactly why, but when that setting was installed, someone already configuredHA for each accesspoint... e.g.:
- AP#1 primary WLC#1, secondary WLC#2
- AP#2 primary WLC#2, secondary WLC#1 but without WLC#2 knowing the configuration for AP#1 it makes no sense, correct?
so my question is: how should I do the migration in the best way?
is it easy as:
- disabling master controller mode on WLC#2
- configuring both WLCs into one mobility group
--> WLCs are negotiating their configurations for the APs
View 5 Replies
View Related
Apr 7, 2013
I have a 4400 and a 5508 WLC in the same location We want to be able to roam between ap joined to both the 4400 and the 5508 using only one ssid
Do I only need to create a mobility group and add both WLC then create only one WLAN on one of the controllers and it will be shared across bot WLC.
View 5 Replies
View Related
Dec 5, 2011
I have a customer buys 12 x WISM and build up a mobility, when I add the final WLC to mobility, it prompts that there mobility group has reached the max of mobility member, but the total member is 23, according the configuration guide, it should be allow to 24 member, do I hit some bug? My using version is 7.0.98.0.
View 5 Replies
View Related
Sep 3, 2012
I read the configuration guide about the 7.3 release. And I figured out that you will need a hash key for establishing a mobility group relation between a controller and a virtual controller. The 7.3 release for the 5500 series works fine for me.
But the latest release 7.0.235.0 for the wireless lan controller series 4400 does not have a functionality to add a hash key while creating a new mobility group member.
The command "config mobility group member hash" is totally missing.
how to establish a mobility group between a 4400 controller and a virtual then?
View 4 Replies
View Related
Apr 4, 2012
One of the SSIDs in WLC 5500 (SV:7.2.103.0) is configured in web authentication mode. After authentication (local database) users can access http sites and can't access, for example, https sites.
View 2 Replies
View Related
Aug 2, 2012
I'm running a system that requires a third (and potentially fourth) DHCP server to be setup on each network in my network. The first two devices are Windows DHCP servers serving IPs from different address ranges for failover. The third DHCP is just a listener to receive OS information and device names to be logged in a database.
Currently this works like a charm for my wired clients as I can add in the third and fourth ip helper-address on each vlan and the information is received by the listeners. However, I cannot find anywhere in my WLC5500 to setup these extra two DHCP helper addresses.
The wireless vlan on my layer 3 switch has all the ip helper-addresses, but this doesn't seem to work, and the devices just use the DHCP servers set on the interface in the WLC.
View 5 Replies
View Related
May 20, 2012
I have a question regarding to the maximmum number of active SSID's on a WLC 5500 with 3500i, it's my understanding that the 3500i can support 16 active SSID's is it the same when connected to the WLC? Also, if possible would the WLC shutdown un-used Radios or maybe after hours?
View 1 Replies
View Related
Dec 25, 2012
I have a WLC 5508 and several 1142 access points. The APs are not showing up in the WLC. When i console into the APs, im getting the following errors,
*Dec 26 23:04:28.035: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 65.125.15.212:5246
*Dec 26 23:04:28.074: %CAPWAP-5-CHANGED: CAPWAP changed state to
[Code]....
Ive tried resetting the WLC, reloading the APs. I even factory defaulted one of the APs and still getting the same message.Ive verified that the WLC is set to accept MICs and SSCs.
View 6 Replies
View Related
Feb 22, 2012
We have two Cisco 2960 TT-L switches. I'd like to reduce single points of failure and have dual servers for most tasks. For example, two firewall servers and two web servers. Should one server fail the other will act as a failover.I'd like to extend the redundancy to the switches, and am thinking of connecting one web server to one switch, and one to the other. In the event a switch failed a set of servers would still run, and be able to talk to each other.I'd like to run two VLANs, one for the LAN, and one of the WAN, and connect the two VLANs on each of the switches with the associated VLAN on the other switch.
View 3 Replies
View Related
Jul 31, 2012
I try to map LDAP Group to ASA Group policy following documentation:
[URL]
This is a config for ASA 8.0. I would have expected it to work on 8.4 as well but I do run into problems. The mapping as shown in LDAP Debug and ASA Log will actually happen but it is overwritten by the "GPnoAccess" Group Policy configured locally in the Tunnel Group. From earlier works with RADIUS I would have expected the user specific Attribute to be "stronger"?
ASA Log:
AAA retrieved user specific group policy (correct Policy) for user = XXX
AAA retrieved default group policy (GPnoAccess) for user = XXX
View 3 Replies
View Related
Jul 19, 2012
I have problem I want a remote opzeten with my 800 router I used AnyConnect Secure Mobility Client can not connect but you know someone that can do
View 0 Replies
View Related
Jun 14, 2011
I am having a problem configuring SCEP for my secure mobility client. I have created a connection profile to allow certificate requests but when I fill in the step-forwarding-url field I get an error. The CA we are using is an internal MS CA with SCEP already enabled. This has been configured for a long time with our current Cisco VPN client using certificate authentication. The ASA is running 8.4.1.Here is the error I get when I try to enter the command into the group policy associated with my certificate enrollment connection profile: group-policy SSLGP attributes. url...
View 6 Replies
View Related
Jan 3, 2012
I have recently installed an Aruba Mobility Controller and trying to authenticate WLAN traffic off to the ACS server, but using a valid 802.1x account the authentication process is failing.Which version of RADIUS should I be using?Is there any way to enforce the Aruba controller to use TACACS instead?
View 1 Replies
View Related
Sep 1, 2012
1) Is it possible for 2 WLCs installed in seperate data centres with L3 seperation to be joined in a mobility group? We will have aps in the branch offices split between controllers so we want to make sure roaming work ok. Also all guest access should be anchored to data centre 2.
2) in flexconnect local switching mode, do I need to create flexconnect groups if I'm only using radius servers in the data centre with no requirement to use local radius as a backup?
View 6 Replies
View Related
Sep 15, 2011
On my setup SSLVPN tunnel fails with AnyConnect 3.0.3050 or above releases to UC520 platform running IOS(151-2.T4).
3.0.4235
3.0.3054
3.0.3050
Connection succeeds with all other versions below 3.0.3050. I’m using standalone client on my PC (tried Win7 and XP).I added my server to the trusted sites list on my IE.
When I tried with anyconnect-win-3.0.3050-k9.pkg which was installed on UC520, the client gets installed successfully and connection was established.When I disconnect the session (had an option to keep the client on PC) and tried to connect back, the connection failed after I have accepted the certificate.I don't see any webvpn debugs on the UC520.
View 1 Replies
View Related
May 1, 2012
how to associate an AD group - which i have defined in users and identity stores/external identity stores/Active Directory/Directory attributes to associate with the relevant identity groups - Users and identity stores/identity groups Is there an example of this being done somewhere as i am having problems understanding how to do this from the user guide.All i want to do is associate identity groups with ad groups.
View 3 Replies
View Related
Jun 30, 2011
I have been rolling out new IP Phones that use extension mobility and the biggest issue Im finding is the need to log-in every day, People t like change and they hate the fact that they have to login every day.I have been to the people at the top and gave them the options of remembering the last user logged so users just need to enter their pin or have EM not log users out at all… both got rejected.
View 2 Replies
View Related
Sep 10, 2012
Can I configure a mobility groups between 2106 Wireless LAN Controller and 5500 Wireless LAN Controllers?
View 8 Replies
View Related
Nov 11, 2012
We currently have an ASA 5505 Firewall with VPN services configured. The system is running ASA Version 9.0.0 and ADSDM 7.0.2. I installed the "Cisco AnyConnect Sercure Mobility Client" Version 3.1.01065 on my Windows 7 Ultimate PC. When I try to connect to my VPN service I ge the following message:
Security Warning: Untrusted VPN Server Certificate! AnyConnect cannot verify the VPN server: XXX.XXX.XX.XX
-Certifiate does not match the server name
-Certificate is from an untrusted source.
-Certificate is not identified for this purpose.
Without purchasing a certificate from a 3rd Party vendor, is it possible to register a "Self" generated Certificate to get rid of this message? If so are there any "Detailed" (e.g., simplified or not in Cisco-eeze language) instructions on how to setup the Firewall to "push" the certificate to the VPN client so the message doesn't come up for the user?
View 5 Replies
View Related
May 6, 2012
How do Mobility Groups work with internal DHCP scopes on a WLC 5508?We have a WLC 5508 with two internal DHCP scopes which redirect to captive portals for authentication. I am looking at putting in a second WLC in a mobility group setup to provide some WLC redundancy. The LWAPs will be setup so that every second AP is on the has the second WLC as its primary controller. If the primary WLC fails we want the secondary to be able to take over and issue IP's from the internal scope. How do you set this up with a Mobility group so the second WLC does not act as a rouge DHCP server while the primary WLC is still active?
View 6 Replies
View Related
Nov 27, 2011
I have two 5508, no anchor, only one SSID with internal web authentication using radius server.Under "Configuring Mobility Groups", Cisco guide says: "If a client roams in web authentication state, the client is considered as a new client on another controller instead of considering it as a mobile client".
I understand that if a client that has already autheticated via web roams between two LAPs that are associated with different WLCs, it has to reathenticate.
View 6 Replies
View Related
Dec 1, 2011
Do you know if the new 2500 series controller supports things like mobility groups? Could I use 2 of these and do inter-controller roaming. Also do you know if this would work with a 2106 controller and a 2505 controller or are they 2 completely independent controllers only knowing about their own APs??
View 12 Replies
View Related
Jun 12, 2013
I am unable to get my 4402 and 2504 to pair in mobility, I made short video to explain my issues.also do not worry there is no propritary information in this video, I am working on a lab that does not mirror any production networks.
View 6 Replies
View Related
Aug 7, 2012
After upgrading my 5508s to 7.2.110.0, they are reporting mobility data path errors to one of my WiSMs running 7.0.235.0.
I get these messages on the 5508s reporting that it can't send a ping to the affected WiSM:
*ethoipSocketTask: Aug 08 21:15:41.175: %ETHOIP-3-PKT_RECV_ERROR: ethoip.c:341 ethoipSocketTask: ethoipRecvPkt returned error
*ethoipSocketTask: Aug 08 21:15:41.175: %ETHOIP-3-PING_RESPONSE_TX_FAILED: ethoip_ping.c:312 Failed to tx a ping response to <ip address>, rc=5
But maybe there is another clue because I also see in the same log these errors referencing the same WiSM:
*bcastReceiveTask: Aug 08 21:15:45.310: %LOG-1-Q_IND: mm_dir.c:1969 Failed to recreate the SSH Rule for <ip address>.
*mmSSHPeerRegister: Aug 08 21:15:44.829: %MM-1-SSHRULE_CREATE_FAILED: mm_dir.c:1969 Failed to recreate the SSH Rule for <ip address>.
Why is the controller trying to SSH to another controller? Was some SSH related feature added to 7.2 that has been accidentally enabled?
View 4 Replies
View Related
Mar 10, 2013
deploying a DMZ wireless controller and I have a question regarding remote wired LANs. My 602OEAP APs support 1 or 2 of their LAN ports as being accessible across the DTLS tunnel.This works fine when they register across internet right to my internal WLC. However, now that I'm implementing a DMZ controller for this purpose, how will this work? I dont see the option for the Remote Wired LAN to be linked to a mobility anchor.Some of my users have printers connected to the LAN port on their 602OEAP and I need to maintain this functionality once I move their APs to the DMZ controller.
Software versions: 7.4.100.0
DMZ Controller: 2504
INT Controller: 5508
View 6 Replies
View Related
