Cisco Wireless :: 2112 One Ssid To Multiples Vlan Without Hreap Flex Connect
May 22, 2013
I have one cisco wlc 2112 with ios 7.0.230.0 with license to support 12 access points. My access points are nine (9) lap1231ag and one (1) lap1310.I just have one wlan (ssid). My scenario of deployment is in layer 3. I have one interface management and ap manager in the WLC. All my Access Points have differents ip address that WLC. I need to configure a unique ssid to associate my six (6) dynamics interfaces (each dymanic interface with different vlan subnet).Each wlan profile (ssid) should have the same security in phase 2 (wpa2/psk). My cisco access points don't support hreap. My wlc support only (4) interface into an interface group, and i need six (6) dynamics interfaces.
I have 8 no. AIR-LAP1131AG-A-K9 and WLC 2112 Wireless LAN Controller,i configured the device and its working at deffent SSIDs but when i am trying to enable same SSID on all LAP it shows "AP on dupplicate SSID found and Layer 2 security found".
I have a tale of woe for you who may be considering Hybrid REAP with local switching.
My client has a varied configuration, but the requirements basically screamed HREAP with local switching. They have 15 sites, had already purchased a single WLC 4404 and they needed between 4 and 24 APs at each of the sites. Each of these locations are connected by a WAN link of good quality, but only a single link so there is no assurance of availability; the client has local resources so it would be useful if wireless stayed working during an outage.
So I setup the WLC for HREAP local switching. I setup AP Groups VLANs, but I noticed it had no effect on the VLAN allocation for HREAP. This was unfortunate, because not every site has the same VLAN configuration - some sites had a L3 switch and others only a L2 switch. But I suffered through this and configured each AP manually with the appropriate VLAN mappings.
The infuriating thing, is now that they have bought a second WLC 4404 (they expect to increase the number of APs beyond 100) all these VLAN mappings are messed up when APs connect to the second WLC. I've been going through them one by one again - it is really unfortunate that the AP Groups VLAN mappings don't apply to HREAP local switching.
I'm going to get back to the next 80 APs - but if some of you have a system for handling the VLAN mappings of a large number of APs.
I have a wireless 5508 with license base to 50 aps, i use a deployment flex connect. I already registered all my access points, I use web authentication to authenticate users guest, and the service dhcp is in the central site.
My issue is the users in each remote site, can not get an ip address by dhcp from the central site, they can authenticate in the guest ssid, but any users can not get an ip. The request is passing by the wan in this way
Central Site DHCP - Router WAN - Remote Site - Users with notebooks. I use flex connect central deployment (all the traffic consulting to the wlc) .
perhaps i should use local deploy? The wireless is in the central site.
We are planning to implement Cisco wireless in our central office and branch office using Cisco 2504 WLC and Cisco 1602i Ap. Our branch office is connected via ip vpn and a separate broadband connection for urgent requirements. Usually all users are allowed to browse through central proxy server.I have been trying to find any possibility of giving guest access (web authentication) for branch office guests utilizing only the broadband connection which is connected to the branch office. Is there a possibility that Central WLC is reached using NAT from the BranchOffice AP and allowing guests to authenticate and surf the web at times IP VPN is unreachable.
I created a LAP Template in NCS to configure some new 1142 LAPs that were installed in a remote office. These LAPs need to be in Flex Connect mode with V LAN support. The template is being applied with partial success on every access point. Details of the partial success say the Flex Connect Parameters fail with the following error.
Provision Failure: { URL}.Object Not Found Exception cannot be cast to [URL]
Am I doing something wrong? The Flex Connect portion of the template has V LAN Support enabled, Native V LAN ID, and the Profile Name- V LAN Mappings configured.
Prime NCS version 1.1.1.24 Access Points are AIR-LAP1142N-A-K9s running 7.2.110.0
We recently purchased a 2112 WLC, running version 6.0.199.4. I have everything running through a single port on the controller, which is connected to a trunk port on our 3750 stack. Our management VLAN is vlan 40, and AP is plugged into another port on the same switch which is an access port in vlan 40. APs appear in the controller ok, receive an IP address, but we aren't able to connect to any of the WLANs and periodically the APs will disassociate with the following messages: [code] I'm not sure if that's related to why we can't connect to the WLANs or not...
Another wrinkle is that if we plug in the AP directly to one of the PoE ports on the controller, it all works perfectly. I'm guessing its something switch-related since the only difference is that we're not going through the switch when it works.
I had configured one access point CAP3602E in flex connect mode through a WLC 5508 after deploying the access point in flex control mode the local mac-filering is not working. before it was working when ap was in local mode. any body have to know is the mac-filtering working in flex-control mode ?
I'm using access point AIR-AP1141N-E-K9 and want to use Multi SSID. Based on Cisco document, when I config Multi SSID in access point, each SSID have a separate VLAN, is it a must have ? Can I use multi SSID without VLAN ?
I have a WRVS4400N that broadcasts two different SSIDs. One is a public network and the second is a private network. Right now, both SSIDs are pulling from the same DHCP server, but I would like to separate the public from the private. How can I separate these SSIDs by vlans? I can't seem to get the vlans to route to separate ports.
This is my vlan settings. I have two DHCP servers right now. One is in an isolated network plugged into Port 3 of the WRVS4400N. The other is on the production network, plugged into port 1 of the WRVS4400N. For some reason, whenever I connect to SSID Public, it won't pull an IP from the DHCP on port 1, it only pulls it from the one on port 2.
I know there is three SSIDs here, the Static one is going to be the same network as the EMS one.
As per my understanding, Cisco Nexus 2232 can only connect to HP c7000 Chassis if we are using a Pass Through Switch in the HP c7000. Cisco Nexus 2232 can only connect to End Hosts and not to a switch. Is there a New Feature added in Nexus 2232, which enables it to connect to a Switch like HP Flex Fabric ?
I have around 60 , 1142 N APs . As of now i have only management VLAN ( for IP ) & one user vlan 350 configured on the access point . All the users connect to VLAN 350 and they get IP as required.However in our new set up there are couple of requirements have come up were in SSID will be the same however we have created many VLANs for different kind of user group and all these VLANs should be mapped to this single SSID and pick the IPs from their respective VLANs .
We have done configuration on the RADIUS server side were in we have mapped the users in their respective VLANs and they are getting authenticated via AD . Now how do i map my these 4-5 VLANs in a single SSID in Access Point.
The issue that I have is around getting second SSID work on my router! So I have created two Vlans, 30 & 200. Vlan 200 is the native and is associated to SSID "Bitter". This SSID works like a charm however the other Vlan cannot be even pinged from router side the ip that I tried to ping is 192.168.30.1. I have posted the config below. Also i tried to brak wlan-gig into sub interfaces but the IOS does not accept that!
Vlan 30 >>>RadioDot 11 0.30>>>>Gigabit 0.2>>>>bridge group 2 Vlan 200>>RadioDot 11 0.200>>>Gigabit 0.1>>>>bridge group 1 (native Vlan)
Router side:
ip source-route ! ! ! ip dhcp excluded-address 10.10.10.1 [Code]...
I am planning an HREAP deployment; a data centre with multiple remote sites. HREAP has been evaluated and meets our requirements. We are now looking at buying some equipment for this deployment. For controllers, we are considering either the 5508 or the new 7500. Other than cost, scalability and different hardware what are the differences between the platforms? So far I have found:AP's in local mode not supported on 7500, the 5508 supports AP's in local mode.The 7500 cannot be used as a guest anchor controller, the 5508 can.
Just want to know if it is possible to have a 7500 Flex Controller Cluster in different Locations, like Germany an Australia?
This should be deployed as a redundant system, in case of a failure in one location the remaining Cluster can take over. Also the main maintenance/management should be done in the Headquarter (Germany). Is it possible to configure Guest Access via Web Interface.
Last question: how many AP`s can be managed, example: with one Controller 500 AP can I then manage 1000 with two controller?
I have a 2112 wlc and 6 1142ap's. I noticed that the 2.4ghz channel is filled with lots of networks but the 5.0ghz area is empty. I tried to manually change the channel but it keeps reverting back to 2.4.
I have a stacked Cisco Catalyst 3750 configuration that currently has one V LAN configured. VLAN 192 - 10.192.0.0/16
The Catalyst has an ip on this range of 10.192.0.1. I would like to configured a few more V LAN's to be able to run some more network ranges through this device. Would it be a case of just adding the V LAN's to the master and then configuring an IP for each V LAN within the inter-v lan routing section? Some V LAN's will require access to each other but not all.
I have 4 autonomous AP 1142 with 2 ssids : SSID10,vlan10 & SSID20,vlan 20.I use ACS 4.2 in order to authenticate users (EAP-FAST). How can i restrict access base on ssid or on vlan?I want users that connect to SSID 10 to not have access to SSID 20 and the opposite.
I have a wireless network with two WLC 5508 controllers and 220 LWAPs in the same location as the controllers. All APs are currently in local mode. I run a few guest networks as well as some other client networks. One client in particular uses their network to connect mobile machines to their VLAN. The only issue is that the machines do not have wireless adapters. Instead, the manufacturer put inside the chassis, a D-Link WGB, which has an ethernet cable, you then have to plug into the ethernet port. These devices cannot seem to connect to the network. I have found, the WGBs do associate on the network, but the wired client behind it cannot pass traffic onto the VLAN. I have also tried connecting PCs with different SOHO style WGBs from different manufacturers with the same result.
After going through Cisco's documentation, I found that using 1230s in WGB mode can resolve this issue since they use IAPP to communicate the MAC table of the wired side clients they service back to the controller. I have configured a 1230, and used it as the WGB for the client machine instead of the D-Link and it does seem to work, but this would mean configuring a considerable number of 1230s to hand over to the client.
The first question would be, Is there something I am missing that I would need to do in order to allow SOHO style WGBs to forward wired side client traffic onto the network while LWAPs are in local mode? Or would the WGB NEED to support IAPP?
The second question is that, I may have found another solution to this already, but would like some input prior to committing.
This client also uses these same machines with the same WGBs inside the chassis at another location where the client operates the network themselves. They also use the same WLC model with the same version, and same APs. The only difference is that they use H-REAP mode with local switching.
I also tested this idea, and it seemed to work. With the AP in H-REAP mode, and the client's WLAN set to local switching, the machine and WGB connected with no problem.
So the question with this, would be; would there be any disadvantages in running all 220 APs at this location in H-REAP mode? What would I be losing if anything? Also, I would like to keep all other WLANs centrally switched.
I understand what the difference would be for this client's WLAN if I ran in H-REAP mode with local switching, but what would the difference be in the other guest WLANs if I set them to be centrally switched? (Is there any difference between running APs in local mode vs running APs in H-REAP with central switching?)
we are trying to configure WLC 2112 with LAP 1042 but getting following erros on LAP1042. It show the Ap is not supported in controller version 6.0.199.4
My company has a lot of thier business relying on the wireless network and I am trying to reduce the single points of failulre in my network infrastructure. We have a single Cisco 2112 controller with 10 AP's that I am wondering if it's possible to cluster this with another controller for redundancy purposes?
I have a Mesh architecture with 2112 WLC and 1042 APs I want just to know if I can connect one 1310 AP to the ethernet port of a mesh 1042 AP with ethernet bridging enabled.
How many AP in h-reap mode recommend with WAN link 512k ?,i have read in document it show h-reap mode must requirement minimum link is 128k for connect to wlc but i don't know this requirement for 1 ap or all ap to connect across WAN to register and send traffic across WAN. Because now i have 2 site HQ -> Branch (link 512k) it can use for this solution.
I am having a trouble with using iTunes, iPhones and iPads on our Wireless LAN. We have the 2112 WLC and 10 1142N WAPs. If I do a network scan, I can see the Apple TV and see that port 5353 is open, which is Apple's Bonjour service. However, if I try to play music/video in iTunes, or on an iPhone/iPad, I do not see the Airplay icon. If I plug into the LAN, the Airplay icon appears immediately. I have created an allow all rule in the ACL but still no dice.
I have quick question about wlc software version upgrade : currect version of 5500 WLC : 7.0.220.0,However i am planning to upgrade to version 7.2.110.0,currectly all remote site AP's are connected to this WLC , nearly 150 AP's all are in H-reap mode however once i upgrade to 7.2.110.0 version , all default should come into Flexconnect mode.Do i need to make any configuration or any changes in AP's to get Flexconnect mode or will it be default mode as Flexconnect mode in new version of WLC ?
We have standart wireless deployment with 24 APs (1240G model) and wireless controller 4402-25 placed on same site.Most of clients (WMS RF terminals ) works with one WLAN (WPA2-PSK) and constantly roam over warehouse , and that works great.
But for better survivability(when controller dies) we are trying to configure HREAP on our APs with local swicthed local auth WLAN. And that also work , but client roaming occur much more slowly and RDP connection to WMS APP server sometimes stuck for 2-5 sec.Disabling "local switching" checkbox for WLAN make roaming almost momental.
And slow roaming are price for controllerless HREAP design ? And for fast roaming and survivability we must use N+1 wlc?
I have been having an issue with random AP3602I's in HREAP mode disassociating from the 5508 controller. These AP's are in remote offices with 70Mb WAN back to the controller. Randomly one or two AP's disassociate from the controller and I have to bounce the switchport to bring them back online. The WLC is running 7.2. Again this only occurs to one or two AP's not all of the AP's.
I am having a problem using my Windows IAS radius server to validate management users for my 2112 Wireless Lan Controller.I have defined the radius server and it works ok with the policy for validating wireless clients but not for WLC management users.The Remote access policy seems to be set up correctly as the event viewer on the server shows:-
*Feb 09 11:06:06.612: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed. User:xxxxxx. Service-Type is not present or it doesn't allow READ/WRITE permission..
I've read some opinions that lowering the RTS threshold can facilitate in some noisy wireless environments. I have found how this can be done on standalone APs but cant seem to implement the change on a WLC 2112. How to do it.
