setup a WEP SSID on my 5508 controllers. THat being said, I have multiple sites with extremely old scan guns that only do 104bit wep. I plan on locally switching this SSID and using static WEP 104bit key with MAC authentication, and then ACLing to limit my inherent security issues/exposure once someone compromises my WEP key. [code]
View 4 RepliesWe have 2 5508 WLC's on site (5508-1 & 5508-2) and at the completion of this project we will have around 150 access points. We are also using WCS. 5508-1 is set as the primary/master controller. 5508-2 is the secondary controller, serves as backup if/when 5508-1 fails. All LAPs connect to 5508-1 by default, so 5508-2 is basically sitting there doing nothing. Is this the best way to take advantage of the resources that are available? Would wireless clients see improved performance if the access points were split between the two controllers? If we do split LAPs between the controllers should I make sure that all of the LAPs on a particular floor are connected to the same controller or does that matter?
View 7 Replies View RelatedIs it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
5508 controller
7.2.110.0 code
6 buildings
6 interface groups
1 ssid
I have an issue where I have an AP in one room and another in another.When I walk from one room to the other, I lose signal but manages to see the SSID and join.But, I cannot seem to surf the Internet, I have to manually disconnect and reconnect. Normal wireless routers I reconnect seamlessly without any manual disconnect & reconnect.Currently using cisco 5508 and ap2600.
View 8 Replies View Relatedwe have two offices in same city at different location however we are planning to bring both the office at same location.Now lets say site A has controller 5508 configured with 24 AP's with 10.10.10.x subnet for internal SSID and Site B which is shifting to Site A campus has different subnet ( 10.10.20.x ) for same SSID.Site B has no controller since they had connection with H-reap and they were using different subnet for internal SSID ( 10.10.20.x ) .....Now i need to add their AP's in Site A controller which will be extended wireless LAN however we would like to keep same subnet ( 10.10.20.x ) what Site B has for wireless clients which is really confusing me ....I have already client subnet for site A with 10.10.10.x /24 subnet and nearly 200 users are already using this wireless client subnet.... How do i add their ( Site B ) subnet / 10.10.20.x with same SSID configured which is globally only one SSID ?
limitations :I can not create new SSID for site B since same will be broadcasting even in Site A AP's ?Is this possible to map one more subnet of site B to existing SSID with already different subnet ( 10.10.10.x ) ?
I have an issue where I cannot get clients to change SSID. I have two SSID, one WPA2 secure, one open guest. The secure is locally switched via Flexconnect and the guest is centrally switched. Both of them work. I have been able to test this and both work as intended. The problem is that once you connect to one of them, either secure or guest, you cannot then change to the other. The only way to change is to delete the dhcp entry from the scope and then do it.
Fast SSID change is enabled. I also have debug client output from when the client fails when you try to switch which I will include below. I also pulled some wireshark captures and those show me that the DHCP ack packets are trying to give the client the ip address from the incorrect/previous scope. So basically it's like FAST SSID change is not working and the client is never being disassociated properly??
I am totally stumped and even though the client will most likely not be switched between SSID that often I would still like to know the solution.
Cisco 5508 running 7.2.110.0
Cisco 3502 LWAPP
windows server 2008 dhcp server
[Code].....
In the company we have two SSIDs for corporate and guest networks respectively when I try to connect to any of the SSIDs it doesn't happen until 5 retries. The only log I get that seems to be related to it is the following:
*Jun 11 11:48:09.062: %APF-1-DISCONECT_MOBILE_DUE_TO_WLAN_SW: apf_policy.c:541 Disconnecting mobile 00:23:32:73:d7:15 due to switch of WLANs from 1(femsawl) to 2(visitas)
Here it shows a switch between SSIDs but if you just turned on an apple device and try to associate for the first time to any of the SSIDs the scenario is the same, several tries to connect.I am running a 4402 wlc with 6.0.202.0 software version.
Ive had this 655 for about a year now and it has been rock solid. But, there has been one slight issue.
And and all wireless devices can see each other and all wired devices can see each other....but the wired cant see the wireless and vis versa.
The wireless devices (W7 and Vista laptops) can see the wired devices when they are plugged in. But my phone and Galaxy Tab can only see whatever wireless devices there are (cant be plugged in). Even my wired Samsung TV cant see the shares on the Tab or wireless laptops (and vis versa). So, its certainly not a firewall or OS config issue.
Now, I made sure they are all connecting via the main SSID and not the "isolated" Guest SSID....but its acting like the main SSID is isolated from the wired LAN somehow.
Firmware 1.34. IPs for the wired and wireless devices are all in the 1.2 - 1.50 range.
I have Internal DHCP Server configured on the Cisco WLC 5508 and all is working fine. DHCP Range is 192.168.1.100 to 192.168.1.245. Now I created another SSID but I want clients connecting to this SSID get specific IP's or from a specific range. WLC has no option to bind a DHCP pool to a specific IP so what I did I checked the option to "Override DHCP" and added the IP of my firewall WLC is connected to and setup a DHCP Pool on that firewall as 192.168.1.89 to 192.168.1.94 (192.168.1.88/29).
Client can connect to the second SSID but can't grab and IP address, what am I missing ?
I am setting up a Cisco 5508 wireless controller and was looking for some feedback or assistance. Basically I already have my guest SSID configured and functioning. Created an interface group containing my vlans and applied the created ACL "Guest Policy - internet only", which is also working.I want to setup a second SSID called "staffstudent" and use RADIUS for authentication. I have already created two separate network policies on the radius server: staff and student. Each only allows certain user groups. I want to be able to differentiate on the controller side which profile they are logging in on and then apply the correct ACL. I have two currently configured: one for staff and one for student. It appears to me that since you have to apply the ACL at the interface level I cannot use both since my interface is accepting both staff and students. Is there a way I can filter them using RADIUS so that when they login RADIUS can return a "student" value and then apply the correct ACL? Same for staff?
View 2 Replies View Relatedis it possible to multicast between 2 different SSID's that are associated to 2 different VLAN's?
View 2 Replies View RelatedWe created the management interface, an internal DHCP scope in same subnet, and Two SSID tied to the same management interface:
- when we connect to the first SSID we have and IP address
- but when we connect to the secone SSID: impossible to get an ip address - auth and association are OK
On a wlc 5508-7.0.116, can I set up 2 ssids that map to one wlan/vlan/subnet. I thought you could but I don't have the means to test without breaking production.
My goal is this:
Ssid red open
Ssid blue wpa 2
But all clients on the same ip subnet
I have Build a 5508-HA Cluster (7.4.100.0) , hat to reboot this cluster due to Licens install.After the reboot atleast one of the SSIDs was not broadcasting anymore, even the checkbox was checked.
What did I do:
Installed the Licenses @ Freiday 12:00
@17:15 reload active WLC, wait till controller is up again (a few minutes pingable)
@17:25 force failover to first controller.
check a few SSIDs but not all, those who where check are ok.
@monday 07:00 clients complaining not seeing the SSID (some where connected)
on a 5508 WLC can we create new SSID for I PAD / IPHONE Users without having ISE, only I phone / I PAD are allowed to be authenticated rest all should be denied. IS this possible?
View 8 Replies View RelatedI have a wireless lan controller (5508) broadcasting 2 SSID's, once is a secure vlan grabbing an ip address from a local dhcp server and getting access to the internal network, and the other ssid is for a guest vlan where the dhcp server is in a remote site and internet access is off a circuit in our data center which is accessed over a wan. The secure ssid's vlan is defined on the local switch, but the guest vlan is not defined on the local switch.the ap's in the respective sites are trunked to the core switch and the switchport config is : [code] it's trunked b/c we have both vlans going across this physical connection.I would like get the guest vlan a wired connection, ie. off a switchhub, but not sure how to do that as this guest vlan is not defined on our local network.
View 1 Replies View RelatedI have an open SSID on 5508 controllers - configured as anchors and need to redirect wireless clients to the wireless help page automatically once they have connected and opened their browser.I've read all through the web auth and pass through discussions on here but nothing seems to be quiet right for me - unless I am completely missing something.
View 5 Replies View RelatedI have two WLC-5508 for 50 AP's deployed. One is primary controller & other is secondary.Recently noticed an unknown "authorization failed, no sufficient privileges for user" message poping up while making configuration changes in WLC. Specificly when trying to create an new SSID. WLC Authentication is local. This message poped up earlier once or twice but it didnt prevent from making changes that time.
View 3 Replies View RelatedI have a 5508 WLC controller at the HQ with the employee ssid ,the dhcp scope on the ssid is 10.120.0.0/16 network.
However,I want this same ssid to be brodcasted to a remote site using HREAP access point but with different dhcp scope 10.102.0.0/16.
I have tried creating another interface for the remote site with a different dhcp scope(10.102.0.0) but the controller wont allow me create another wlan with same ssid that existed before to apply the new interface created for.
My customer wants to have mapping of WLAN SSID with different authentication protocol as show below .
1: EMP-M for Mschap
2: EMP-G for Peap GTC
3: EMP-T for TLS
For example EMP-M SSID users should be connected with only PEAP(MSCHAPv2) and not on other methods like PEAP-GTC/EAP-TLS .
customer is currently having WLC 5508 and using ISE for AAA . Any tip how we can do the above requirement through WLC .
I have a 4400 and a 5508 WLC in the same location We want to be able to roam between ap joined to both the 4400 and the 5508 using only one ssid
Do I only need to create a mobility group and add both WLC then create only one WLAN on one of the controllers and it will be shared across bot WLC.
I need raise a especial configuration to 34 APs LWAPP associated to WLC 5508 with IOS 7.0.220
This is the Scenario:We have 34 APs LWAPP with 2 SSID (Corporative & Guest), with 2 DHCP different. The Guest SSID receive IP to DHCP from WLC while SSID Corporative receive IP from Microsoft DHCP. The AP On Site are Local and the Foreign AP are configured like H-REAP (H-REAP Local switching and Learn Client IP Address are marked)
Here is the thing, I need configure a new WLAN (Pruebas) for add to 34 APs (Local and Foreign) but this new WLAN must be receive IP from a New Microsoft DHCP
Firstly I configured a new Physical interface and linked to New WLAN (Pruebas) however i don't know how configure the AP and the DHCP because I want that the AP deliver IP addresses depending the Locality.The last because the SuperScope from DHCP is divided in various subnets and because the IP from the AP will be in another VLAN
I have two WRT54GS routers. I want to extend my WiFi from the router connected to my upstream in the office to a second router in the living room. I want devices configured for the SSID and passphrase of my current WiFi (which is find in the office) to work seamlessly in the living room. I understand I can do this by running a cable and configuring router 2 as a client of router 1 with router 2 exposing the same SSID and passthrase on a different channel.
But I really don't want to run a cable.There is a point where a client can see router 1 where an AP would cover the living room.
Can I put router 2 at that point, have it connect wirelessly as a client to router 1, and have it expose as an AP using the same SSID and passphrase? Can this be done without wiring the router?
E4200 not letting my known wireless devices connect when SSID Broadcast is turned off.
View 1 Replies View RelatedI'm facing a problem on vWLC. I configured the vWLC and Aironet 1252, I created 2 SSID with below settings.
1. WPA2 Auth 802.1X
2. Web-Auth
Inside Wireless, I configured this AP Mode as "Local", but all of the client device such as iPhone, Laptop can't find these SSID.
I'm using a Cisco Wireless LAN Controller 5508, 14x Access Points 1041 and 6x Access Points 1031 in combination with a NCS 1.0.
Is it possible to broadcast SSID'S only on defined Access Points, e.g. AP 1-3,7-10,18? If yes, what have I to do?
i have two 5508 ver 7.3.0, one is the primary and one is the guest controller. mobility is up and running. i have an exising guest ssid working with wpa2-psk and web authentication and its working fine but i require a second guest ssid that only uses a wpa2-psk for ipod/ipads as i cant use passive client on primary controller. i presently have the one vlan range and dhcp setup on the guest controller to give addressing to either ssid. i know you can have multiple ssid setup on the guest controller but in other sites i have only had one guest connection comming from the primary controller, just a primary controller on each sites was only creating one link to the same guest controler.
View 3 Replies View RelatedHas anyone come accross a problem whereby an SSID becomes unavailable when selecting a Radio Policy of '802.11g Only'? The SSID is configured identically accross multiple controllers, but only works on the WISM's. The same WLAN profile on a 5508 is unavailable unless I select a Radio Policy of 'All'.
All controllers (WISM's and 5508's are running 6.0.188.0)The WLAN profile is using MAC Filtering[WPA2][Auth(802.1X)] as the security policy.
I'm seeing a problem with Apple IOS devices connecting from one SSID and then connecting immediately to another. I've tried to replicate this fault with non Apple IOS devices, but I'm unable.
Environment:
Single 5508 WLC running 7.2.110.0 AIR-LAP1142N-A-K9 AP's
WLC is in clients head office, MPLS to their branch sites. AP's are in Flex Connect mode, with AP and Flex Connect groups for the AP's at the branch. 3 x SSIDs; Corporate (802.1X), Guest (Web-Auth) & Non-Corp (PSK).
Scenario:
Client is connected to the Corporate SSID with his iPad (new model, running iOS 5.1.1). No problem with access, he is able to roam throughout the building with good SNR/RSSI. He wants to test the other SSID's, he attempts to connect directly to the Guest or Non-Corp and gets an error message on the client saying 'Unable to Connect' or 'Unable to Join'. Debugs on the WLC for the client shows no connection attempt, no errors. I can see the client disconnect from the Corporate SSID, but nothing for the Guest or Non-Corp SSID.
If the client then disconnects and forgets the Corporate SSID from the wireless profiles on their i Pad, waits 20-30 seconds (I can see the client disconnect cleanly from the WLC) and then attempts to connect to the Guest or Non-Corp SSID's - he doesn't have a problem. He immediately associates, and is able to connect. If he then tries to connect directly to another SSID, while still associated to another from the same WLC/AP – he gets the error again. Forget/wait 20-30 seconds, attempt to connect – no problem. We've tested with several i Phones (4 & 4S), i Pads (2 & new model) - all running the same Apple IOS (5.1.1).
I unfortunately can't do much troubleshooting with TAC on this as the client is no longer onsite, and I don't have a 5508 in our lab that I can currently test with. I've tried playing with beacon intervals, etc to no avail.
I have a problem with MSE tracking client in my network.What we have:PI 1.3 with evaluation license (temporary)MSE 7.4.100 with 3k device licenses (hardware appliance 3355)WLC 5508 7.4.100.For now MSE is reacheble from PI and WLC, all setings are synchronized, NMSP status is active, mse assigned for maps and synchronized, on map we have 3 APs, but in Contex Aware tab we didnt see any tracking devices, all counts 0.
View 11 Replies View RelatedWe have integrated WLC 5508 to cisco ise 3315 with ios 1.1.1 and using Guest Sponsor portal for wireless guest users.Where we have created open ssid in wlc and redirect web login portal in wlc for guest users. We have enable all respective node in policy service for profiling and also configure snmp in wlc as well as in ise.
When guest user is connected to open ssid its get redirected to web login page of ise portal and when it gets login we are only able to see the username which guest user login but not the end device in monitoring log.
Wireless End devices are not able to get profiled can any one tell me what configuration I need to do on ise or wlc side to profiled end guest wireless device like android,iphone and laptops
We have 3 3602Es connected to a 2504 WLC. I was wondering for best practices for antenna placement. They are all mounted on the side of a wall, near the ceiling (above everyone's head).
View 10 Replies View RelatedI'm looking for a document that states the best practices for WLC configurations (Management/Security/AP's..etc). I can currently only find the following document:URL
But this document has last been updated in 2008, in a few days that's almost 5 years ago, and we all know how quickly technology is evolving. 10Gb wireless is around the corner, with 1GB starting to go production now. This document also mentions the 4400 (which is end of life).