Cisco Wireless :: 2504 Originating More Than 1 EoIP Tunnel To An Anchor Controller

Feb 26, 2013

I'm attempting to set up (for testing purposes) a 2nd 'guest' SSID on an internal WLC (WLC-A), and terminate it in a DMZ on an anchor controller (WLC-B).  We already have a guest SSID originating on WLC-A and terminating on WLC-B though.  Is it possible to originate a 2nd guest SSID on WLC-A?
WLC-A - 2504 (7.2.x)
WLC-B - 5508 (7.2.x)
The problem I'm seeing is I'm getting no DHCP address assigned on the test SSID.  If I statically assign IP information I still have no connectivity.  It's as if the EoIP tunnel for the 2nd test SSID isn't functional.

View 2 Replies


Cisco Wireless :: DHCP With Anchor Controller With 2504 And 5508

Nov 7, 2012

All controllers are in version is a 5508, it is ou anchor controller.C2 is a 5508, it is a big site controller.C3 is a 2504, it is a small site controller. C2 and C3 are in the same mobility group than C1 (and all is up up in mobilty managment). When "DHCP Addr. Assignment" is enable on C1 : Clients on C2 received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C2 and all is working fine. Clients on C3 don't received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C3, so nothing work.

View 4 Replies View Related

Cisco Wireless :: 4404 Guest Anchor Controller With 5508 Foreign Controller?

Aug 12, 2012

I know that the 3600 series APs are not supported on the 4404 WLC.  However, would the following scenario be supported? I would like to use the 4404 (software rel. 7.0) as a guest anchor with a 5508 (software release 7.2) as the foreign controller supporting series 3600 APs.  I ask because the APs do not need to join the guest anchor.

View 7 Replies View Related

Cisco Wireless :: 5508 Foreign Controller And 4400 Anchor Controller?

Jun 2, 2013

We have a customer that have 2 5508 as primary and backup controller and a 4400 as an anchor controller.  We plan to upgrade the 5508 to and the 4400 is already  Will there be any issue if the anchor controller is not the same code as the foreign controller?  Do I also have to upgrade the acnhor controller to

View 2 Replies View Related

Cisco Switching/Routing :: 2125 Wireless Controller Without Anchor Controller Just Using Existing Hardware

Dec 6, 2012

I am looking to configure a wired and wireless guest network. I have industrial barcode scanners that connect to one SSID and then there is the business network on the office SSID (no vlan seperation for these devices just different SSIDs). There is not really a need to seperate the business network from the scanners in any case. However, there are needs for a guest network and this needs to be seperated. At the bare minumum I would like to have the wireless guest network. Here is what I have: 2125 Wireless LAN controller managing 18 LAPs (1 indoor and 17 outdoors)Cisco Cat 2950 switches (2 x 24 port and soon to be replaced with 2 x 48 port 2960's with 802.1x capability) Sonicwall TZ210 firewallOne existing wired and trunked vlan for PLC infrastructure. One ESXi hosting Windows server guests (soon to be 2 with vMotion) The reason for the wired guest access network is tp prevent anyone from plugging into the wall jack in the office with thier home laptops or anyone else from being on the same subnet as our domain machines. Granted they would be unathenticaed but there would be no layer 2 seperation and that is what I think would be best.
How would I go about doing this on the wireless controller without an anchor controller just using my existing hardware? I would like to have the Guest SSID only availible in the front office. Is it possible to offer a guest network while still servicing the business network SSID on the same access point? Then might I be able to have the guest network be treated as it should at the controller? However this might present another issue altogether as the guest traffic will be over the same wire as the business SSID until it hits the controller for management.

View 1 Replies View Related

Cisco Wireless :: 5508 Anchor Controller In DMZ

Nov 26, 2012

We have a WLC (5508) in our main office in Brisbane that is hosting two WLANs. One provides wireless access to our internal network and the second provides wireless guest access. The guest WLAN is anchored to a controller sitting in the DMZ at our Data Centre.
In the DMZ the anchor controller has a management interface and an interface in the DMZ for the wireless guest access. I am using the DHCP server on the anchor DMZ to provide IPs etc to wireless guest clients. The default gateway is which is a VIP or a pair of firewalls.
Initially everything works fine. Guests connect to the guest network, have to authenticate via a web portal (Cisco ISE server) and then can go on an use the internet. Works perfectly until the firewalls fail over and the secondary firewall takes over the VIP address. All access to the internet is lost at that point. If I try to disconnect and then reconnect a wireless client it connects, as in it will get an IP address, but DNS resolution stops and I do not get redirected to the web auth portal. If the firewalls are failed back to the primary then everything works again, no issues. However, if I reboot the WLC while the secondary firewall has the VIP IP everything will work fine as it did on the primary. If the firewalls now fail over to the primary again everything goes to ****. Until either the firewalls are failed back or the anchor WLC is rebooted.
Initially I thought this was an issue on the firewall, but this doesn't appear to be the case. When the firewall fails over it sends out a gratuitous ARP advising of the change in MAC address for the IP address. The WLC seems to update its ARP table because if I run the command "show arp switch" it has the IP address with the MAC address of the active firewall. From the client perspective I have run a wireshark and captured packets on the wireless interface when trying to connect. The laptop is continuously send ARP requests for but gets not reply. Without this the client cannot send an ethernet frame to the gateway and hence get to the DNS server and WEB portal. Internet access breaks. Doing a TCP dump on the active firewall shows it receiving and then sending a reply to the ARP request. It just never gets to the wireless client. Debugging ARP packets on the anchor WLC seems to indicate that the controller is receiving the ARP replies from the firewall. So I'm at a loss as to why things should break when the firewalls fail over.
I have a 3750 switch in the DMZ with SVI of I thought I could get a work around where I would make this the default gateway. The theory being that this interface MAC address would never change. However I was wrong. Even with this IP set as the gateway address for the wireless clients I see the exact same bahaviour when the firewalls fail over. I can't explain it other than to say that the gratuitous ARP sent by the firewalls seems to kill the ability of ARP replies to be sent back to the wireless client.

View 3 Replies View Related

Cisco Wireless :: WLC 5508 Tunnel To 4402 Anchor

Jul 5, 2011

We have got a WLC 4402 as an anchor that provides guest internet access to our visitors. Our wan sites have 4402's running a tunnel to this anchor for guest traffic. We have got a new site coming up that will have a 5508 as its WLC. I am trying to determine if the 5508 will successfully form a tunnel with the existing 4402 anchor. I am assuming that it will be ok or maybe the 4402 will require an ios upgrade. Our AP's everywhere are 1131's but the new site will have the later versions which can work with the CAPWAP based 5508.
will the tunnel between the 4402 and 5508 work well or will it require an ios + bootstrap upgrade on the 4402 and subsequently the rest of the 4402's or it will not work altogetherwill the CAPWAP AP's at the new site work well with the 4402 LWAPP anchor - I am assuming that they will since the CAPWAP compatibility requirements are really between the AP and its local WLC. Our 4402's are on and I am proposing to management that we should upgrade these to to prepare the infrastructure for any potential issues.

View 4 Replies View Related

Cisco Wireless :: 5508 Anchor Configuration With One Controller In DMZ

Feb 2, 2012

Any link that will give configuration examples of a wireles anchor config with one controller in a DMZ. I have tried this on my own and have some problems in my test enviorment. I believe my issues were with the firewall but not exactly sure.

View 4 Replies View Related

Cisco Wireless :: Multiple Anchor Tunnels On One 5508 Controller

Jan 2, 2012

I'm trying to research the tunnel limits on a 5508 controller if you're terminating controllers to two different SSID's.  For example.  In my DMZ i have  a GUEST SSID for contractors and guests and then I have another SSID used by employees so that tablet and mobile phone users can access the interenet.   Because we don't trust any of these devices we have that SSID is termiated just as we do our GUEST SSID. 
To reduce the number of anchor controllers I deploy, I wanted to start with one 5508 Controller. (then move up to about 3)  This controller would have two SSID's, GUEST & MOBILE.  On the Foreign controllers when I setup anchor tunneling I will be anchoring to the same controller however to two different SSID's. 
Per the 5508 specs it supports 71 tunnels.
So my question to the group is, will the 5508 see this anchoring as one tunnel each? Or does it support 71 Tunnels per SSID?

View 14 Replies View Related

Cisco Wireless :: WLC 5508 HA / Anchor Controller Software Versions

Feb 12, 2013

We have Internal Wireless Controllers to be set up for HA (AP SSO) and wireless traffic from Guest SSID will be terminated on a Guest Anchor Controller inside Firewall DMZ. The Internal WLC controllers are installed with software versions, and the Guest Anchor controller is installed with software version Just wondering if the Guest Anchor controller needs an upgrade to match the software versions on the HA controllers. Also, Cisco provides  a new version of code, now. So is it recommended to install the new software version on the HA controllers as well as the Guest Anchor Controller.

View 8 Replies View Related

Cisco Wireless :: 5508 - Anchor And Guest Controller IOS Version

Dec 5, 2011

I know that the recommendation from Cisco for the mobility anchor feature to work well  is to use the same IOS version on the anchor WLC and local WLC controller. Now I´ll install on a new site a 5508 local WLC with a newer IOS version which is installed on the other controllers ( Guest and local ). Later I´ve planned to update also the other controllers to the same IOS version. Now my question is, must I upgrade all other controller at the same time ?

View 4 Replies View Related

Cisco Wireless :: 44xx / 55xx - Anchor Controller Redundancy

Sep 23, 2012

I am in process of replacing our 44xx controllers with new 55xx controllers.  During the upgrade, I would like to add redundancy to our guest controllers that reside in the DMZ and had a question about regarding the setup.
If I remember correctly, I would place both guest controllers on the same mobilty group, and then add both of the controllers to the foreign controllers. The foreign controllers will form mobility with both anchors, but choose the one with the lowest MAC address as primary.  On the foreign controller, if the lowest MAC addressed anchor controller does not respond, it will connect to the second controller.  Is that still true? or is there a better way to go about it?
Also, I was wondering, do I need to put different guest network ranges on each of the Anchor controller? or can I use the same exact range on both anchor controller (since if a controller goes down, the clients would be reconnecting to the second controller anyways?)
Any best way to setup redundant Anchor (guest) controllers).

View 22 Replies View Related

Cisco Wireless :: 4402 Guest Anchor Controller 5508 Software 7.2

Nov 6, 2012

We currently have all of our foreign AP controllers on software version 7.0.116.  This consists of a mixture of 4400 and 5508 WLC's.  Our guest anchor is a 4402 on version 7.0.116.  We are replacing the guest anchor with a 5508.  We are also upgrading our 5508 wireless controllers to version 7.2 to support the 3600 series AP's.  My question is what is the recommeded code that the anchor controller should be on?  Should it also be upgraded to 7.2?  If we upgrade the anchor controller to version 7.2, will this affect anchoring to 4400 series foreign controllers still on7.0.116?                 

View 9 Replies View Related

Cisco Wireless :: 5508 / Virtual WLAN Controller Guest Anchor?

Dec 6, 2012

We are planning a WLAN upgrade and the security policy is to forward wireless Guest user traffic to the DMZ controllers. We are now considering the Virtual WLAN Controller and all AP's will register with the virtual controllers and we will use Flexconnect for Staff and internal traffic that will switch their traffic onto the local switch.
We wish to forward the guest traffic to the DMZ Guest Anchor controller which will be a 5508 controller. This will also offer Office Extend AP service.I have looked at teh virtual controller docs and not very clear if this deployment model is supported. Below is a diagram of what we wish to deploy and is this a supported deployment model.

View 2 Replies View Related

Cisco Wireless :: 4400 - Guest Anchor / Foreign Controller Control Path Down?

Aug 16, 2012

We have a Cisco 4400 series wireless controller deployed as a Guest Anchor in a private DMZ.  We have 13 foreign controllers anchored to this for Guest Wireless.  We recently anchored 17 additional controllers to this Anchor controller. Since we have done that, periodically on just 3 of the foreign controllers, the control path shows down on the mobility peer, then comes back up.  We have had this issue in the past, but it resolved itself.  However, now we are seeing this issue again. Are we reaching a limit on EoIP tunnels?  I have read that there is a max of 71, and that is per controller, not SSID. We do have a firewall in the middle but all necessary ports are open.
We have had this issue for quite sometime, it just does not happen frequently.  Since we have added the additional controllers, it is now happpening very often, but only with 3 controllers.  There is not much in common with these 3 controllers.  2 are 4400 series, and 1 is a 5508.  All 3 are local on a campus LAN, different networks.  Could it have anything to do with memory or utilization?

View 15 Replies View Related

Cisco Wireless :: WLC 5508 / Guest VLAN Unable To Get DHCP IP Address From Anchor Controller

Feb 23, 2012

In our test set up, we have two WLC 5508 Controllers connected via Checkpoint UTM-1 firewall Inside and DMZ Interfaces. Both the WLC controllers are connected to the firewall via Cisco 3750 switch. On the Local (Inside) Controller, guest SSID is enabled and attached to the wireless management Interface. On the remote anchor controller, guest SSID is enabled and attached to the Management Interface as well. The following configs are replicated on both the Controllers.
SSID Name - guest
Interface - Management ( VLAN 10 on Local and VLAN 20 on remote) -
Mobility Group: Same configs at both ends
SSID Anchor : Anchor SSID on local and local SSID on Anchor.
AP: CAPWAP 3502 Management Subnet


Is there any thing missing in the wireless configs and or the firewall rules as i could not see DHCP request back from the Anchor Controller. Also, after DHCP is obtained, the web authentication request will be redirected to an Amigopod device for authentication. In this case is the redirect URL congiguration to be performed only on the Anchor Controller or is this to be replicated on both the Local and Anchor Controllers.

View 8 Replies View Related

Cisco Wireless :: 3502 - WLC User Rate Limit On Guest SSID Anchor Controller

Jul 30, 2012

We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ. Both the foreign and anchor controller are here at my location.
I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid. As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.
We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.
I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.
So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.
Oh and here is my hardware & software levels.
5508wlc - forgeign
4402wlc - anchor
Software Version7.0.230.0

View 3 Replies View Related

Cisco :: Use A 5508 WLC As Anchor Controller?

Apr 21, 2013

I want to use a 5508 as an anchor controller for a wireless guest deployment....but the client has internal 4402's controllers, with software version it possible tu mix these two controllers for a Wireless Guest Access Deployment??

View 3 Replies View Related

Cisco :: Guest Tunnel / Auto-anchor From 2100 To 4400 WLC

Jun 2, 2011

We’d like to extend our current Guest LAN from a 4400 WLC in our data center to a 2100 WLC located at a remote facility. However, we cannot get the foreign controller to pass traffic to the anchor controller – or so it seems. The catch is that we’re not actually trying to extend the SSID itself to provide wireless access, but instead flub it so that we can provide local wired access tunneled to the Guest LAN on the anchor WLC. I’m not entirely sure if this is possible, because I’ve read that before the EoIP tunnel will come up a guest client must associate to the foreign WLC.
We’ve followed the instructions we could find that go over setting up this type of scenario, but unfortunately they only cover setting up back-to-back 4400 controllers and as such, some functions described (notably being able to create a Guest LAN) are not possible on the 2100. We haven’t been able to find a clear and concise guide on the scenario we want to set up.
Here’s some detail:
Mobility group is up/up between both WLCs. Both WLCs are running 6.0.x code.
Anchor WLC – 3750G-24WS-S25 (a 4400 WLC w/ integrated 3750G-24)
Guest LAN WLAN “wired-guest” created; Ingress is “none” and Egress is our existing “dirtnet” – i.e. outside access. The “dirtnet” interface is *not* a Guest LAN interface. Mobility anchor is set as local.
Remote WLC – WLC2106
WLAN “wired-guest” created; Interface is “wired” w/ an IP address on the same subnet as the anchor “dirtnet” and associated with port 2. Mobility anchor is set to the anchor WLC and is up/up. I have a laptop connected to port 2 with a statically assigned IP address on the same subnet as “dirtnet.” I am able to ping the local port 2 address, but I can’t ping across the tunnel to the anchor WLC. I also cannot ping the anchor WLC "dirtnet" interface from the foreign WLC’s Ping tool.

View 1 Replies View Related

Cisco :: Deploying 4400 Controller As An Anchor For 5500 Controllers?

Jun 7, 2011

in one of the sites, the client has an exisiting 4402 controller which he moved to the DMZ in order to set it as an anchor & he purchased two new 5508 controllers to control the corporate APs.  I configured all the parameters needed for the guest anchoring & then I tested the connection but there was an issue. (all the controllers are running the same firmware version)after testing the setup, the guest users could get an IP from the internal DHCP of the anchor controller (in DMZ), but then they cannot reach the internet or anything outside the anchor controller.Cisco confirmed that the 4400 is fully compatible with the 5500 to work in an anchor-foreign secnario as long as they are running the same firmware version. yet, when I temporarily used one of the 5500 controller in the DMZ as an anchor & I applied the exact same configurations on it as the 4400, it worked perfectly without any issues.
note:  on the anchor controller (4400), the management & AP-manager interfaces reside on the same subnet & the wireless guest SSID is also mapped to the management interface.  (may be this setup is causing the issue) but on the 5500 it is working just fine?

View 2 Replies View Related

Cisco Wireless :: Adding A Second 2504 AP Controller

Aug 2, 2012

I currently have a single 2504 Controller managing 50 AP's.  I am adding a Second 2504 AP Controller with 15 Lic to manage an additional 10 AP's.  My current 2504 has each port configured for my four subnets that and it is managing AP's in 4 buildings.  Should I configure the new 2504 the same way so that it can see all four sites?  All so if the main 2504 goes down can the second 2504 take over even thou we will be out of lic?

View 7 Replies View Related

Cisco Wireless :: Upgrade Controller 2504 From 7.0 To 7.4?

Jun 16, 2013

upgrade on the wireless controller 2504  from 7.0 to 7.4 is direct upgrade.My customer  faced problem by upgrading the software 7.0 to 7.4 directly and the image should proceed recover the image 7.4/

View 7 Replies View Related

Cisco Wireless :: 2504 Bandwidth Of Capwap Tunnel

Dec 15, 2012

I'm looking at the spec sheet comparing Cisco WLCs and I see that the 2504 has a bandwidth max of 500mbps. Just to be clear, not all of the traffic from the APs goes through the WLC does it? In this setup, the APs would be plugged into a PoE switch as well as the WLC. The only traffic to WLC would be the CAPWAP tunnel, CleanAir info, etc right? All other traffic should just be handeld at the switch right?Also, does the 2504 licencing include CleanAir in the price?

View 17 Replies View Related

Cisco Wireless :: 2504 Controller - Can AP Be Set With Static Channels

Nov 11, 2012

We have a Cisco 2504 controller and approximately 35 AP's. Some of the AP's are located directly above each other (on another floor). When I run a basic annalyzer, it appears that there is some adjacent AP traffic, the controller has some of the close AP's with the same channel, so there is some RF interferance. The AP's currently are all setup for "G" and majority of the AP's are 1200 series, most of them are 1242's. Should and can the AP's be set with static channels so that there is no adjacent signals? If so where in the controller can that be done?

View 3 Replies View Related

Cisco Wireless :: 3602 AP Cannot Join 2504 Controller

Oct 16, 2012

This is a new setup and has not worked yet. I have multiple 3602 APs and one 2504 Controller. I thought initially I could plug-in an AP into one of two POE Ports on the 2504. During debug mode I see that it has low power, was suprised that the 2504 switch can't fully power the AP? Is this correct?Anyways I have another POE switch that I am using with ample power. The configuration for my wireless is that it will be completely segmented off of my internal network as this is for guest access. So DNS servers are external so I cannot create host entries for the AP to discover the controller. With that being said I believe that is just one way for the discovery process to happen. I have my controller management interface and DHCP scope on the controller on the same subnet plugged into the same POE switch. The AP does seem to get a DHCP address and I can ping the controller from the AP. I cannot get any further then that. I will not join the controller and the radios get disabled. I get messages such as "discovery response from MWAR is rejected. I will post a debug log of the AP and its bootup process. This is new equipment so I would assume the firmware is somewhat up-to-date and the 3602 AP is somewhat the latest model.

View 3 Replies View Related

Cisco Wireless :: 2504 Controller - Best Way To Have Internet Only Wi-Fi Network

Nov 29, 2012

Our current way of configuration for this is standalone ap's with multiple ssid's. The main network ssid's are on the networks. The internet only ssid is on the network. ( this is a wireless network only,no wired) They all get there dhcp address from a layer 3 switch. To prevent the wireless intenet only network from getting to the networks, we just put a simple source & destination deny acl on the in vlan interface of the network on the layer 3 switch.Now that we are impementing a Cisco 2504 controller, the management and ap manger are both on the network.( both on port 1 with dynamic ap manager enabled)  I can setup as many ssid's on the network and they all work fine. But when I setup the internet only ssid it will not connect. I'm assuming that its because the network or anyone trying to connect and use that network has to go through the controller located on the network. I'm thinking that the acl on the vlan interafce is the problem.So, if I'm correct, what is the best way to setup a separate internet only network through the private networks?

View 7 Replies View Related

Cisco Wireless :: Does 2504 Controller Support CAD Or JPG Drawings

Jun 11, 2013

Does the 2504 Wireless Controller support cad or jpg drawings? I have not been able to find in any of the menus.

View 1 Replies View Related

Cisco Wireless :: Enabling Netflow On A 2504 Controller?

Feb 28, 2013

I just completed setting up a AIR-CT2504-K9 controller with 9 APs with RADIUS on the private WLAN and an open guest WLAN; I want to enable netflow exports to a collector, but see no place in the GUI to do this and no obvious CLI commands.

View 1 Replies View Related

Cisco Wireless :: 2504 Controller Association Latency

May 21, 2013

-WLC 2504
We have 22 x AP1602.5 of them show up in the WLC with Controller Association Latency of around 1 minute and 10 seconds.The other 17 all have latency around 10 seconds.
1. What are possibile causes for high value of association latency?

2. Could high-value association latency be an indication of badly working wifi for data traffic?

View 1 Replies View Related

Cisco Wireless :: 2504 Controller - How To Generate Graphs

May 19, 2013

I'm supporting a 2504 wireless controller with 3 aps in a health clinic.  I'm interested in generating some useful information for the owners of the device such as radio utilization (It'd be really nice if there were some graphs). how I can generate these graphs without SNMP monitoring or something like Cisco Prime Infrastructure?

View 4 Replies View Related

Cisco Wireless :: Migration 2106 To 2504 Controller?

Jan 6, 2013

I have a question to migrate a customer from a 2106 controller to a 2504 controller. Can I use the configuration file with both controllers having the same version?
Or is there another way not having to do it again manually? The old configuration is OK, only the hardware is end of sale.

View 19 Replies View Related

Cisco Wireless :: Not Able To Get DHCP IP Via 2504 WLAN Controller

Jan 7, 2013

I have a Cisco Wlan Controller 2504 with 1042N AP (3-nos) every thing was working fine from past 2 months. Now i am getting a issue with clients which are connected to the wireless AP, they are not able to get an dhcp IP address from the 2960 Switch (DHCP Server). The clients are getting IP address as [code]

View 36 Replies View Related

Cisco Wireless :: WLC 2504 - Setup Guest Wi-Fi On Controller?

Jun 4, 2012

I have setup guest access on the controller and this is not working at the moment.
DHCP server setup on the controller for the Guest users.
You are able to connect (get ip address from controller) and the browser gets redirected to but then page can not be displayed instead of the login page.

View 2 Replies View Related

Copyrights 2005-15, All rights reserved