There is a problem with my WLC, it is not allowing an specific client to connect. It gives an 802.1x failure log but I am not using it, anyways the WLC puts this client in the excluded clients list and I didn't add it manually, in fact is a new laptop.
I'm using WLC5508 /w 7.0..My client do not get its IP. Status shown "DHCP_REQD".I found in (Cisco Live) Troubleshooting Wireless LANs with Centralized Controllers This related with Enable/Disable DHCP Proxy checkbox. I solved. with Enabling this.But,
1) Why this box have been working correctly for longtime? No one did diable/enable this feature on my box.
2) I guest, ver7.0 Disables this chechbox by default. Or not? I also have others two 7.2 boxes. Those are all Enabled.
In an enviroment with WCS and a WLC5508 with 40 AP's (WAPs are either 1262's and 1252's), I have noticed that the bulk of users are infact operating on 802.11g although most operating notebooks are running 802.11n capable NICs (including my own laptops NIC - but yet when I connect I connect at 54Mbps.). Only a small portion of registered clients are using 802.11n. All my WAPs have both radios enabled?My question is how does a client notebook select a "prefered" band of 802.11n. I know in some cases the wireless NICs themselves have an option to select the "Prefered Band", but there are many notebooks out there that dont have this option. What would make a client connect at 802.11n over 802.11g? Who makes that call ?
I have a WRV210 router that is not allowing me to delete a VPN client that I had perviously set up. When I go to remove this client on the VPNVPN Client ACCESS table the s/w re-directs me to the Status VPN client table. There I cannot flag/check the disconnect box. I have version 2.0.1.5 s/w which is the latest.
I've got an 1841 router acting as the firewall for a LAN. It also does NAT and acts as the dialer for a PPPoE DSL line to the internet.
All is working fine, except now I need to allow a Tivo device to connect to certain ports on the Tivo servers on the internet. I want only the Tivo to be able to do this. The problem is that NAT is happening before my outbound ACL is checked, so even though I've got rules to allow the Tivo's LAN address out on all ports, it never works. I've verified this using a syslog server, and can see my external DSL IP trying to connect to the Tivo servers and being denied.
I've done things like this at work by NATting the appropriate internal host to its own external static IP address, which allows me to write rules allowing only that external address to do stuff. But I don't have multiple external addresses to work with here.
I tried applying my outbound ACL to the LAN interface of the router in the "in" direction (and removing the same ACL from the Dialer interface in the "out" direction), but that broke other things like the router's own ability to ping out to the LAN or to see a TFTP server on the LAN. I could maybe fix all of that with rule changes and inspect statements on traffic going out toward the LAN (not sure of this, think so), but I'm wondering:
Is there a better way to let just the Tivo makes outgoing connections to certain ports?
Config pasted below:
! ! Last configuration change at 17:15:10 CDT Sun Jul 15 2012 ! NVRAM config last updated at 16:27:14 CDT Sun Jul 15 2012 by someguy !
got an old computer to use from a family member and it is not alowing me to connect to the internet. it shows all my wireless connections but wont alow me to connect and use the internet. how do i fix this problem?
I have a nac guest server 3315 appliance with 4 NICs. I want to connect each NIC to 4 different networks without allowing traffic between them. So RADIUS interface will be different from sponsor/admin interface to the NGS. how to achieve this. I have created and assigned a static IP address using system-config-network, but when i do ifconfig i dont see the remaining 3 NICs and the web interface doesnt seem to have provision to create this interfaces.
I have created a RA VPN with a 5505 using Anyconnect client. My VPN functions perfectly, but now I am trying to limit access so that only one single host on my network can connect. To do this I tried creating an ACL permiting the host and denying all other traffic, but it does not work it seems every one can connect. how I can limit the outside access to a single host?
My internet speeds are 45 Mbps DL and 1 Mbps UL and my various wireless connections (3 laptops in my household) were achieving speeds anywhere from 25-40 Mbps DL. My router started acting up and wasn't letting anyone connect via wifi so I did a factory reset and set it up the same way I did before (as best as I could), it started working fine again but now the speeds on all the devices that are connecting to at are capped at 18 Mbps. A simple speed test shows that no matter what they won't pass 18 Mbps, I am almost 100% certain this is the router and I was wondering what I might have done wrong or what is causing this.
We recently had the Aironet 3502i APs installed in our infrastructure and are having a bad time with hosts connecting to them. The controller sees them, they have an IP, they are showing a solid green light, but you cannot get devices to connect. If you reboot the device you get about 5 seconds of connection and then it disconnects. The only cure seems to be rebooting the APs, but I am baffled why this keeps happening. The installer is blaming our devices, but it is happening to laptops, thin clients, and even cell phones. From what I've seen, everything works fine until, i believe, the device tries to refresh it's lease and is unable to do so.
i have a question about tunneling a software EasyVPN client to a client ASA Network. It looks like this:
EasyVPN Server 192.168.202.0/24 Network extension mode to Client EasyVPN ASA 192.168.1.0/24 This works fine in both directions. But now i want to connect the client ASA network via EasyVPN software client from outside. The user are already able to connect to the ASA Server on its static outside IP obtaining an IP from a 192.168.21.0/24 pool. This works fine. But how am i able to connect to the 192.168.1.0/24 network from this client?
EA4500 Linksys router stopped allowing vizio Internet apps to connect from two different TV's. Problem, Just got brand new EA4500 router and Motorola SURFboard DOCSIS 3.0 High-Speed Cable Modem Model: 575319-019. I have 2 new vizio big screen tv's with internet apps. All was working fine and had no problems but occasional drops or limited access.
One day BOTH TV's could no longer connect. However, The tv's will connect to another access point. therefore the problem does not exist in the TV/s and has to be a problem in my access point (I.E. Router allowing access). Additionally, all other devices connect and work fine. I have already unplugged everything for an extended period of time. Checked for updates on firmware and verified no software needed to be updated. Rebooted router... Am using wpa-psk and feel i shouldn't have to go weep as it was working fine...
how to migrate from WLC4404 to WLC5508. I want to know your propositions.
I could replicate the configuration manually but there is a lot of confirugation menus and all. If both could be online and migrate the AP to the new one until there is none on the old one, it would be great.
My customer has two SW6500 on VSS mode connected via VSL. Anyone connected WLC5508 with SW6500 VSS using LAG feature ?I wish to connect one uplink from LAG to the first switch and the second uplink to the other. The two switches are considered like one logical software.I have already read the best practice from CISCO when we connect a 5508 to a switch regarding the port-channel but nothing regarding VSS and VSL link.
Currently we have 20 remote sites, each with 2-5 AP's each. They all connect back to our Main Data Site in the US and register on a single WLC5508.
We do not have a backup WLC, but are looking to purchase one. What I would like to know is, are there any problems with the secondary WLC being installed in our Main Data Site in Europe? These two main sites are connected via a 10M MPLS WAN.
So all the remote sites could still connect to the WLC in the US, but in the event of a WLC failure in the US, they would need to fail over to the site in Europe
I have some problem about dhcp via VMware 7.1. My client connect the wifi and get ip address well, then, i turn on VMware (inside my computer) and set as the bridge mode. I found that my VM cannot get the ip-address from dhcp server and I using WLC5508 version 7.2. I try to connect via Switch, my VM get the ip address well.
looking at doing the site survey before detailed implementation. we plan to use a wlc5508, AP3602, a good tripod/stand, PoE switch and AirMagnet to conduct the site survey. i'm inclined to use a single AP and just a guest SSID and let AirMagnet merge the readings on where i 'locate' the AP (on 1 VLAN)
A customer have a bad coverage in a corner of his branch office. He like to add a mesh AP (MAP) in the near of that corner.
I checked allready the documention about Mesh but i'm not sure if Flexconnect and Mesh works togheter. This MAP is in a branch office and the WLC is in the head quarter therefore he likes to uses Flexconnect togheter with Mesh.
I have a customer who is going to deploy a WLC HA AP SSO setup. I have recommended them to have 4 Gigabit SFP modules in each WLC5508.The customer now asks if it is possible to only have one or two SFP modules in the standby unit ? As he says it is properly not going to go in service one time within the next five years if he is unlucky.
We have five cisco WLC 5508 and one WCS .The WLC is running on 7.0.116.0 version at present but we want to upgrade it to 7.4.100.0 but on cisco site at download location , the below thing is mentioned...
WLC Version 7.4.100.0 will need Prime Infrastructure Version 1.3 to be managed, Version 1.3 is not yet available to download at this point of time
Access Point Model----Cisco 3501i Series
So i want to know, can i upgrade it to this version when we are having the WCS in our network ?
I am implementing Cisco Network Access Control with Wireless Controller 5508 (WLC5508 below) . Could you tell me how to register WLC5508 as SNMP Agent for Cisco Access Manager (CAM below) ?
[System Information] IOS version of WLC5508: 7.0.98.218 Version of CAM: 4.8.0
[Code]....
I succeeded to register WLC5508 by using IP address of Service Port on the CAM Web Console. But WLC5508 has only one Service Port, which has no redundant port. I want to register it by usin Management Interface, which has backup port. It is also desirable to implement redundancy of Service Port if possible.
I am currently working on a lab and simulating a scenario that I will have to implement into production in the future. I am trying to setup a Guest SSID on a WLC (5508). This Guest SSID is to display the a set of Terms & Conditions, which then a user is to accept and then they move forward onto having access to the guest network.
I am familiar with performing this step using WebAuth, but it seems like the T&C are extremely long. The WebAuth page comes back with a "text exceeded limitation", on top of that I do notice that I would have to have a username and password.
Is there a feature in the WLC that would allow this scenario to work? Or will I have to build or download a customized WebAuth page?
At the present, we have two WLCs (5508). There are a total of 84 LAPs (1242AG). One controller is configured as the master controller in which all our APs associate to. It's currently running software version 7.0.116.0 and some of our BYODs using Windows 8 are unable to connect to the wireless. The fix for this is to upgrade the software of the WLC so that the LAPs can obtain the update to solve this problem. Simple! However, before rolling this out into the production wireless network, I would like to test it out on our second WLC which has no LAP associations, a test WLAN configured, and a newer software image loaded (7.4.100.0). I have a spare LAP that was previously associated with the master controller running the same software version (7.0.116.0). What I'm looking to do is associate this LAP to the 2nd WLC instead of the master so that I can ensure that the LAP gets the newest software. Then, I would like to test a Windows 8 device to make sure it connects.So far, I have done the following:
1. Disabled the 1st WLC from using Master Controller Mode and rebooted AP - result was unsuccessful; still associated to 1st WLC.
2. Reset LAP configuration excluding static IP info and reset AP - result was unsuccessful; still associated to 1st WLC.
3. Compared config for both WLC but since I'm new to these devices, I'm not sure what needs to be configured/changed.
In one week I need to import the config from my 4404 WLC to my new 5508, then I just want to change the mgnt IP address of the 5508 and then bring it into the same mobility group.How do I import the config when the 5508 is straight out of the box?
I have a WLC5508 and 25 LAP 1041. I use two wifi, one with RADIUS for data and other with wpa-psk for voip. The problem is the voip conectivity is broken.How can i improve the handover?
I have WLC 5508 with 6.0 software and kept in main office and 10 sites are connected . I created Group and hreap for the sites AP.Now customer wants the secondary WLC to keep on one another site. And the customer is asking all the configuration like ap group and all should come to secondary wlc automatically . In future also if he create any new group in primary it should come in secondary wlc.And if primary goes down the secondary should controll all the sites and when comes up primary should taken care.Active standbye mode.
I have been asked to setup wireless and we have purchased WLC 5508 and 1142 APs.We have several remote sites and a centralized WLC. The requirement are to have a common SSID (Corporate) advertised across all the remote sites and have that SSID locally switched, and have another two SSID Guest and Mobile tunneled back to the central site (WLC).I want all the wireless (Corporate) clients to use the same subnet as the wired clients at each remote site, the IP assigment will be done by a DHCP server at the central site. The Guest and Mobile users will use a common subnet each across all the site and this will also be handled by the DHCP server at the central site.
I have enabled H-REAP with Centralized Authentication and Local switching but I'm not sure about the second part which is to have a common SSID (Corporate) across the remote sites and localy switched whilst having the other two SSIDs tunneled back to the WLC. Cisco TAC told me to configure dynamic interfaces for each of the remote site but then he said I still wouldn't be able to switch the Corporate traffic localy if I use a different subnet to the wired subnet for the wireless clients.
My problem ist that i have 4 air-cap-1552e APs witch are powerde trugh Power Injectors. They worked fine for a few days but then the controller (7.2.111.3) lose connection to them. Right now i have only one Joined AP. The other 3 are status not joined. I can Ping all 4 Aps and wifi clients are connected through them.