Cisco Wireless :: 5508 / AP Flexconnect - Switch Port Configuration?
Jul 23, 2012
I have found some samples on the FlexConnect setup for the controller side. However none of the documents mentioned how the switch port should be configured that goes to the controller and AP.
At this moment I have a Cisco 5508 configured in CAPWAP mode with 20 APs. I would like to use same controller for connecting one of the remote sites with 2 APs in FlexConnect mode. Current the 5508 to switch port is configured as 802.1Q port. All CAPWAP AP ports are configured as "switchport access vlan X" where X=capwap VLAN. Need to know how the switch port should be set for the remote site where flexconnect APs connect.
Subject: FlexConnect compatibility with Access Point? We have today one Cisco 5508 and those access point on remote sites
o CISCO AIR-LAP-1131AG-E-K9 o CISCO AIR-LAP-1231G-E-K9 o CISCO AIR-LAP-1142N-E-K9
We plan to use redundancy on the controller and implement Flexconnect on the remote site. What we need to know is if I can implement Flexconnect on all actual access point - I think it is possible on 1142N + 1131G but do not know on 1231AG - is it correct or I'm wrong ? We plan to install the latest SW version for 5508 controller.
Configuring HP switches for Flexconnect. I am not sure if or not its doable? Access Points are 2600 and 3600 with 5508 as a controller. Idea is to keep the branch traffic local but the switches are HP.
i have installed ISE1.1 on VM and other hand vWLC7.4 also there in VM i am using 1130AG APs in flexconnect mode and using central auth and central switch.i wan to configure it for CWA(central web Auth) from ISE but a little a bit confuse about ACLs.
We have a 5508WLC recently updated to 7.2.110.0 since we are using CAP3602I-N-K9, this AP is intended to work as a H-REAP device and eventhough it is registering to the controller I can't get to see the WLANS on the list to map it to the local VLANS
I have verified and the WLAN is configured for local switching also have followed the steps listed here:URL
Still Can't see the WLANs under the Flexconnect tab on the AP?
1) Virtual controller 7.3.112 is OK 2) N° 2 LAP 1130 e 1240 is Joined to controller OK 3) flexconnect in localswitch is OK 4) flexconnect in central switch IS NOT work.
After reboot WLC , the switch port was err-disable , the cause is link flap after we reboot 3 times , the switch port link flap err-disable every time? We don't know why the WLC rebboot will cause it , it just normal action on device the WLC version is 7.4.100.0 link switch with access port , no port channel , no portfast.
How to, for the most part, setup 802.1x via wireless. I'm using two 5508 WLCs, and Cisco ACS. I will setup the user account/password information via Cisco ACS and User Identity and Hosts. I know from the WLC 5508 web admin tool that I can choose 802.1x in the security parameters. I only have a few question. We have two wireless networks, one is wide open and provides internet access, the other will provide internal access for select users. I am setting up 802.1x on the internal wireless lan. Do I need to configure any 802.1 configuration commands on the switch in order for this to work, if so where would be the locations to do this at? Also, if there is a MAC isolation configuration option I can configure to not allow other hosts on this specific wireless network to communicate with each other?
We are using 3750 switches as WAN router facing the WAN cloud. To configure QoS for its WAN port, should I use 'auto qos voip trust" or treat it like a router port and configure class-maps, policy-maps, and attact service-policy input or output?
Because switches have different queuing and dropping methods than routers, auto qos can generate QoS configs that are considered most appropriate for 3750 switches. However the switch functions as WAN router. Maybe it should be configured using router type of QoS with policy-maps and service-policy?
I have an old Cabletron switch i have used for about 8-10 years, it has some vlans set up and i was wondering how i can "talk" to the switch and set it up. I am using this switch in my home on my vast network. is it possible to "reset to factory" or anything without a serial cable? I would like to use snmp of telnet to configure but i dont think it has an ip set up and it is such an old switch I cannot find any info from entrasys.
I have a laptop with a single physical NIC which I have used the advanced management tools to create two virtual NICs (say vlan 10 and vlan 20) and both are on the same subnet (say 192.168.4.x). One NIC is for normal TCP/IP traffic and one is for broadcast/multicast traffic (I have some custom software that requires this to be the case and works fine on an older laptops with built-in physical NIC and PCMCIA XIRCOM NIC). The dual NIC laptop communicates with a dual NIC server via a Cisco 2811 router (which has a 16 port switch module at the back) and has vlans set up so.
What I want is for the single NIC laptop (with two virtual NICs) to be able to also communicate with the server. Basically, one NIC is for normal traffic and one is for multicast/broadcast traffic. All three machines need to be able to talk to each other using the NIC for normal traffic and both laptops must be able to receive broadcasts from the server. What is the best way to configure the router to handle the trunking/tagging? Most configuration documentation I read has two complete subnets for the two virtual NICs. Note that all three machines use static IPs and are part of a workgroup so no DNS and domain servers etc.
I read quite a few documents on configuring SPAN on a cisco switch but none of them mention any limitations or any kind of CPU load it can have on a switch. I need to configure this on one of our switches and would like to know if there are any implications related to SPAN.
Since Avaya phones do not run CDP, how does the phone know which DHCP pool to pull from to get its IP address if the PC is connected to the phone.
Let's say I have a interface config like this interface gigabitethernet1/0/1 cisco3750(config-if)#switchport mode trunk cisco3750(config-if)#switchport access vlan 126 [code]....
And two DHCP scopes configured on the switch. What keeps the phone from pulling from the wrong scope?
I am trying to configure a 3500XL switch (and I know its old). I get to the int fa 0/1 line and thats where it all stops working.
switch#(config-if)#switch port mode access switch#copy run start or switch#(config-if)#switch port mode access switch#sh run int fa 0/1
It will show the configuration for port fa 0/1 as if I hadn't entered the "switch port mode access" command. Or any other command for that matter. Why the switch is not holding configuration and seemingly loses it as soon as you exit out of each interface?
I am testing rogue on wire using 5508 WLC and , I have a dedicated AP configured as rogue detector and configured the switch port where the Rogue detector is connected as trunk. I have plugged in an autonomous AP with open authentication to the same switch so that it can act as a rogue. On the WLC, I can see that Autonomous AP as rogue on Wire. But along with that I am seeing another AP as rogue on wire, even though i have plugged in only one Autonomous AP to the switch.
So we have a Cisco 5508 controller that is managing 15 AP's in one of our buildings.I am running 2 wlans, one is internal access via (wpa) radius, peap and domain login...that works well now
The other is a guest lan, that is only allowed to surf the web.
The question from our security group, is there a way to restrict wireless access to ONLY a corporate approved list of devices.
As it stands right now, we only support Blackberry's as our mobility device. All local data is encrypted. The issue here is our testing shows that with an Iphone (not approved) it is very easy to connect to the WPA network if a user knows how to enter in their domain credentials. From there they can browse our internal web servers and download corporate data to a non approved, non encrypted device such as the iphone.
I have WLC 5508 in my office and i am asked to backup file configuration from WLC but when i remote WLC to get the upload configuration file via tftp it doesn't work.
But when I try to use direct connection ( point to point ) with WLC and my laptop i can get the upload configuration file. is there something wrong, actually i have connected with that WLC i can ping and telnet that device
Any link that will give configuration examples of a wireles anchor config with one controller in a DMZ. I have tried this on my own and have some problems in my test enviorment. I believe my issues were with the firewall but not exactly sure.
I am trying to come up with a standard way to configure controllers for my field guys. I'd like to just have them paste in a config that has all the settings, like we use to be able to do on aIOS. I am not seeing away to break out of the wizard so that they can just paste in a config. Do you have to go through the wizard in order to get to a CLI ?
We have implemented VSS on Cisco 6504-E switches using the 10GE links on the Sup-720-10GE. Two Cisco WLC 5508 controllers are planned to be connected in a LAG configuration, (consisting of eight links per LAG bundle) to each of the 6504-E chassis( Total of four WLC, two for primary and two for secondary). WLC HA feature may be implemented on the primary and secondary WLC controllers using the 7.3 latest code release.
We have 5508 controller (redundant) & would like to configure Staff vlan to get authenticate with active directory.i am new to the controller device & want to configure controller with active directory (windows 2012).
5508 controller (Active & Standby) with 48 Access Point.(configuration Done) Guest Vlan (only for internet Access) controller based web authentication configured.
Staff Vlan ( inside & outside ). Need to configure with LDAP authentication?
I have a problem configuring ClientLink on a FlexConnect local switching AP (3602i), the problem is that I can not see the clients that are using the ClientLink feature when entering the show interface dot11radio 1 lbf rbf command, the AP shows "Hardware beamforming stats not supported (radioid 0x3B00)" message instead of show the client information. I am using a 2504 Wireless LAN Controller running 7.3.101.0 software version, why is not working properly?
A customer have a bad coverage in a corner of his branch office. He like to add a mesh AP (MAP) in the near of that corner.
I checked allready the documention about Mesh but i'm not sure if Flexconnect and Mesh works togheter. This MAP is in a branch office and the WLC is in the head quarter therefore he likes to uses Flexconnect togheter with Mesh.
I have 50 WAP connected to a WLC 5508. When I backup the config I don't see the custom settings I put in some WAP. Where are the WAP settings saved at ?
Is there any additional configuration to be done on the 5508 WLC for Wireless Laptop / Voice Roaming? I tested with Wireless IP Phone and found some blankness in voice , whereas i have other access point nearby , which wasn't switching over easily .
I have 2 5508 controllers in a mobility group. Any good way to keep the configuration between the 2 controllers synched up?
I thought about copying the config from my primary controller to the secondary controller, but I would think there is a more elegant way to make this happen.
A customer of mine has a centralized 2504 WLC with 7.2 code running. They have 1142N APs deployed locally as well as in remote sites (3) in FlexConnect mode. For no apparent reason last Thursday all the remote APs disassociated with the controller and could not rejoin. All the local APs remained up and unaffected.No changes to the WLAN, LAN, Firewall or MPLS WAN occured to cause this.The customer opened a TAC case and their determination was that ports 5246-5247 were not getting thru. When the customer engaged me this morning I had him run a packet capture on the Sonicwall firewall to prove out if the CAPWAP signals were leaving and returning across the WAN. Sure enough we can see this bi-directional traffic (pic attached). Also, I had the MPLS provider run a trace at the far end and they see the same traffic leave the remote site. And then an odd thing happened; one of the APs at one of the remote sites all of a sudden Joined the controller. So I tried rebooting the AP that is located in the same office, and it fails to Join. When I look on the controller under AP Join statistics, the last activity shows the controller receiving a Discovery Request and response is sent, but no further Config Request and response or Join Request and response.
However, I now have a number of devices... certain smartphones so far... that will NOT connect to a FlexConnect AP if it's a 1262AGN AP, but my older 1242G AP will accept the devices without issue. Same SSID, same encryption standards.
If I connect the devices to my guest network (no security), they will connect just fine to both APs, and Non-FlexConnect 1242 and 1262 APs will both accept the devices without issue using my private network.
In other words, it seems to be an issue specific to 1262AGN with my encryption security. My security is WPA2/AES with PSK. No additional security on the SSID.
We have a problem when I call bettween two 7925 in same SSID, VLAN voice. They cannot hear each other. The SSID and LAPs are in Flexconnet. From desk phones there are no problem and betwen one deskphone and one wireless phone there no problem too.
