Cisco Wireless :: 5508 Foreign Controller And 4400 Anchor Controller?

Jun 2, 2013

We have a customer that have 2 5508 as primary and backup controller and a 4400 as an anchor controller.  We plan to upgrade the 5508 to 7.3.112.0 and the 4400 is already 7.0.116.0.  Will there be any issue if the anchor controller is not the same code as the foreign controller?  Do I also have to upgrade the acnhor controller to 7.0.240.0?

View 2 Replies


ADVERTISEMENT

Cisco Wireless :: 4404 Guest Anchor Controller With 5508 Foreign Controller?

Aug 12, 2012

I know that the 3600 series APs are not supported on the 4404 WLC.  However, would the following scenario be supported? I would like to use the 4404 (software rel. 7.0) as a guest anchor with a 5508 (software release 7.2) as the foreign controller supporting series 3600 APs.  I ask because the APs do not need to join the guest anchor.

View 7 Replies View Related

Cisco Wireless :: 4400 - Guest Anchor / Foreign Controller Control Path Down?

Aug 16, 2012

We have a Cisco 4400 series wireless controller deployed as a Guest Anchor in a private DMZ.  We have 13 foreign controllers anchored to this for Guest Wireless.  We recently anchored 17 additional controllers to this Anchor controller. Since we have done that, periodically on just 3 of the foreign controllers, the control path shows down on the mobility peer, then comes back up.  We have had this issue in the past, but it resolved itself.  However, now we are seeing this issue again. Are we reaching a limit on EoIP tunnels?  I have read that there is a max of 71, and that is per controller, not SSID. We do have a firewall in the middle but all necessary ports are open.
 
We have had this issue for quite sometime, it just does not happen frequently.  Since we have added the additional controllers, it is now happpening very often, but only with 3 controllers.  There is not much in common with these 3 controllers.  2 are 4400 series, and 1 is a 5508.  All 3 are local on a campus LAN, different networks.  Could it have anything to do with memory or utilization?

View 15 Replies View Related

Cisco :: Deploying 4400 Controller As An Anchor For 5500 Controllers?

Jun 7, 2011

in one of the sites, the client has an exisiting 4402 controller which he moved to the DMZ in order to set it as an anchor & he purchased two new 5508 controllers to control the corporate APs.  I configured all the parameters needed for the guest anchoring & then I tested the connection but there was an issue. (all the controllers are running the same firmware version)after testing the setup, the guest users could get an IP from the internal DHCP of the anchor controller (in DMZ), but then they cannot reach the internet or anything outside the anchor controller.Cisco confirmed that the 4400 is fully compatible with the 5500 to work in an anchor-foreign secnario as long as they are running the same firmware version. yet, when I temporarily used one of the 5500 controller in the DMZ as an anchor & I applied the exact same configurations on it as the 4400, it worked perfectly without any issues.
 
note:  on the anchor controller (4400), the management & AP-manager interfaces reside on the same subnet & the wireless guest SSID is also mapped to the management interface.  (may be this setup is causing the issue) but on the 5500 it is working just fine?

View 2 Replies View Related

Cisco Wireless :: 5508 Anchor Controller In DMZ

Nov 26, 2012

We have a WLC (5508) in our main office in Brisbane that is hosting two WLANs. One provides wireless access to our internal network and the second provides wireless guest access. The guest WLAN is anchored to a controller sitting in the DMZ at our Data Centre.
 
In the DMZ the anchor controller has a management interface and an interface in the DMZ for the wireless guest access. I am using the DHCP server on the anchor DMZ to provide IPs etc to wireless guest clients. The default gateway is 10.8.144.1 which is a VIP or a pair of firewalls.
 
Initially everything works fine. Guests connect to the guest network, have to authenticate via a web portal (Cisco ISE server) and then can go on an use the internet. Works perfectly until the firewalls fail over and the secondary firewall takes over the VIP address. All access to the internet is lost at that point. If I try to disconnect and then reconnect a wireless client it connects, as in it will get an IP address, but DNS resolution stops and I do not get redirected to the web auth portal. If the firewalls are failed back to the primary then everything works again, no issues. However, if I reboot the WLC while the secondary firewall has the VIP IP everything will work fine as it did on the primary. If the firewalls now fail over to the primary again everything goes to ****. Until either the firewalls are failed back or the anchor WLC is rebooted.
 
Initially I thought this was an issue on the firewall, but this doesn't appear to be the case. When the firewall fails over it sends out a gratuitous ARP advising of the change in MAC address for the 10.8.144.1 IP address. The WLC seems to update its ARP table because if I run the command "show arp switch" it has the 10.8.144.1 IP address with the MAC address of the active firewall. From the client perspective I have run a wireshark and captured packets on the wireless interface when trying to connect. The laptop is continuously send ARP requests for 10.8.144.1 but gets not reply. Without this the client cannot send an ethernet frame to the gateway and hence get to the DNS server and WEB portal. Internet access breaks. Doing a TCP dump on the active firewall shows it receiving and then sending a reply to the ARP request. It just never gets to the wireless client. Debugging ARP packets on the anchor WLC seems to indicate that the controller is receiving the ARP replies from the firewall. So I'm at a loss as to why things should break when the firewalls fail over.
 
I have a 3750 switch in the DMZ with SVI of 10.8.144.4. I thought I could get a work around where I would make this the default gateway. The theory being that this interface MAC address would never change. However I was wrong. Even with this IP set as the gateway address for the wireless clients I see the exact same bahaviour when the firewalls fail over. I can't explain it other than to say that the gratuitous ARP sent by the firewalls seems to kill the ability of ARP replies to be sent back to the wireless client.

View 3 Replies View Related

Cisco Wireless :: 5508 Anchor Configuration With One Controller In DMZ

Feb 2, 2012

Any link that will give configuration examples of a wireles anchor config with one controller in a DMZ. I have tried this on my own and have some problems in my test enviorment. I believe my issues were with the firewall but not exactly sure.

View 4 Replies View Related

Cisco Wireless :: DHCP With Anchor Controller With 2504 And 5508

Nov 7, 2012

All controllers are in version 7.2.111.3.C1 is a 5508, it is ou anchor controller.C2 is a 5508, it is a big site controller.C3 is a 2504, it is a small site controller. C2 and C3 are in the same mobility group than C1 (and all is up up in mobilty managment). When "DHCP Addr. Assignment" is enable on C1 : Clients on C2 received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C2 and all is working fine. Clients on C3 don't received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C3, so nothing work.

View 4 Replies View Related

Cisco Wireless :: Multiple Anchor Tunnels On One 5508 Controller

Jan 2, 2012

I'm trying to research the tunnel limits on a 5508 controller if you're terminating controllers to two different SSID's.  For example.  In my DMZ i have  a GUEST SSID for contractors and guests and then I have another SSID used by employees so that tablet and mobile phone users can access the interenet.   Because we don't trust any of these devices we have that SSID is termiated just as we do our GUEST SSID. 
 
To reduce the number of anchor controllers I deploy, I wanted to start with one 5508 Controller. (then move up to about 3)  This controller would have two SSID's, GUEST & MOBILE.  On the Foreign controllers when I setup anchor tunneling I will be anchoring to the same controller however to two different SSID's. 
 
Per the 5508 specs it supports 71 tunnels.
 
So my question to the group is, will the 5508 see this anchoring as one tunnel each? Or does it support 71 Tunnels per SSID?

View 14 Replies View Related

Cisco Wireless :: WLC 5508 HA / Anchor Controller Software Versions

Feb 12, 2013

We have Internal Wireless Controllers to be set up for HA (AP SSO) and wireless traffic from Guest SSID will be terminated on a Guest Anchor Controller inside Firewall DMZ. The Internal WLC controllers are installed with software versions 7.3.101.0, and the Guest Anchor controller is installed with software version 7.2.103.0. Just wondering if the Guest Anchor controller needs an upgrade to match the software versions on the HA controllers. Also, Cisco provides  a new version of code, 7.3.112.0 now. So is it recommended to install the new software version on the HA controllers as well as the Guest Anchor Controller.

View 8 Replies View Related

Cisco Wireless :: 5508 - Anchor And Guest Controller IOS Version

Dec 5, 2011

I know that the recommendation from Cisco for the mobility anchor feature to work well  is to use the same IOS version on the anchor WLC and local WLC controller. Now I´ll install on a new site a 5508 local WLC with a newer IOS version which is installed on the other controllers ( Guest and local ). Later I´ve planned to update also the other controllers to the same IOS version. Now my question is, must I upgrade all other controller at the same time ?

View 4 Replies View Related

Cisco Switching/Routing :: 2125 Wireless Controller Without Anchor Controller Just Using Existing Hardware

Dec 6, 2012

I am looking to configure a wired and wireless guest network. I have industrial barcode scanners that connect to one SSID and then there is the business network on the office SSID (no vlan seperation for these devices just different SSIDs). There is not really a need to seperate the business network from the scanners in any case. However, there are needs for a guest network and this needs to be seperated. At the bare minumum I would like to have the wireless guest network. Here is what I have: 2125 Wireless LAN controller managing 18 LAPs (1 indoor and 17 outdoors)Cisco Cat 2950 switches (2 x 24 port and soon to be replaced with 2 x 48 port 2960's with 802.1x capability) Sonicwall TZ210 firewallOne existing wired and trunked vlan for PLC infrastructure. One ESXi hosting Windows server guests (soon to be 2 with vMotion) The reason for the wired guest access network is tp prevent anyone from plugging into the wall jack in the office with thier home laptops or anyone else from being on the same subnet as our domain machines. Granted they would be unathenticaed but there would be no layer 2 seperation and that is what I think would be best.
 
How would I go about doing this on the wireless controller without an anchor controller just using my existing hardware? I would like to have the Guest SSID only availible in the front office. Is it possible to offer a guest network while still servicing the business network SSID on the same access point? Then might I be able to have the guest network be treated as it should at the controller? However this might present another issue altogether as the guest traffic will be over the same wire as the business SSID until it hits the controller for management.

View 1 Replies View Related

Cisco Wireless :: 4402 Guest Anchor Controller 5508 Software 7.2

Nov 6, 2012

We currently have all of our foreign AP controllers on software version 7.0.116.  This consists of a mixture of 4400 and 5508 WLC's.  Our guest anchor is a 4402 on version 7.0.116.  We are replacing the guest anchor with a 5508.  We are also upgrading our 5508 wireless controllers to version 7.2 to support the 3600 series AP's.  My question is what is the recommeded code that the anchor controller should be on?  Should it also be upgraded to 7.2?  If we upgrade the anchor controller to version 7.2, will this affect anchoring to 4400 series foreign controllers still on7.0.116?                 

View 9 Replies View Related

Cisco Wireless :: 5508 / Virtual WLAN Controller Guest Anchor?

Dec 6, 2012

We are planning a WLAN upgrade and the security policy is to forward wireless Guest user traffic to the DMZ controllers. We are now considering the Virtual WLAN Controller and all AP's will register with the virtual controllers and we will use Flexconnect for Staff and internal traffic that will switch their traffic onto the local switch.
 
We wish to forward the guest traffic to the DMZ Guest Anchor controller which will be a 5508 controller. This will also offer Office Extend AP service.I have looked at teh virtual controller docs and not very clear if this deployment model is supported. Below is a diagram of what we wish to deploy and is this a supported deployment model.

View 2 Replies View Related

Cisco :: Use A 5508 WLC As Anchor Controller?

Apr 21, 2013

I want to use a 5508 as an anchor controller for a wireless guest deployment....but the client has internal 4402's controllers, with software version 7.0.235.0...is it possible tu mix these two controllers for a Wireless Guest Access Deployment??

View 3 Replies View Related

Cisco Wireless :: WLC 5508 / Guest VLAN Unable To Get DHCP IP Address From Anchor Controller

Feb 23, 2012

In our test set up, we have two WLC 5508 Controllers connected via Checkpoint UTM-1 firewall Inside and DMZ Interfaces. Both the WLC controllers are connected to the firewall via Cisco 3750 switch. On the Local (Inside) Controller, guest SSID is enabled and attached to the wireless management Interface. On the remote anchor controller, guest SSID is enabled and attached to the Management Interface as well. The following configs are replicated on both the Controllers.
 
SSID Name - guest
Interface - Management ( VLAN 10 on Local and VLAN 20 on remote) -
Mobility Group: Same configs at both ends
SSID Anchor : Anchor SSID on local and local SSID on Anchor.
AP: CAPWAP 3502 Management Subnet

[code]....

Is there any thing missing in the wireless configs and or the firewall rules as i could not see DHCP request back from the Anchor Controller. Also, after DHCP is obtained, the web authentication request will be redirected to an Amigopod device for authentication. In this case is the redirect URL congiguration to be performed only on the Anchor Controller or is this to be replicated on both the Local and Anchor Controllers.

View 8 Replies View Related

Cisco Wireless :: 44xx / 55xx - Anchor Controller Redundancy

Sep 23, 2012

I am in process of replacing our 44xx controllers with new 55xx controllers.  During the upgrade, I would like to add redundancy to our guest controllers that reside in the DMZ and had a question about regarding the setup.
 
If I remember correctly, I would place both guest controllers on the same mobilty group, and then add both of the controllers to the foreign controllers. The foreign controllers will form mobility with both anchors, but choose the one with the lowest MAC address as primary.  On the foreign controller, if the lowest MAC addressed anchor controller does not respond, it will connect to the second controller.  Is that still true? or is there a better way to go about it?
 
Also, I was wondering, do I need to put different guest network ranges on each of the Anchor controller? or can I use the same exact range on both anchor controller (since if a controller goes down, the clients would be reconnecting to the second controller anyways?)
 
Any best way to setup redundant Anchor (guest) controllers).

View 22 Replies View Related

Cisco Wireless :: 2504 Originating More Than 1 EoIP Tunnel To An Anchor Controller

Feb 26, 2013

I'm attempting to set up (for testing purposes) a 2nd 'guest' SSID on an internal WLC (WLC-A), and terminate it in a DMZ on an anchor controller (WLC-B).  We already have a guest SSID originating on WLC-A and terminating on WLC-B though.  Is it possible to originate a 2nd guest SSID on WLC-A?
 
WLC-A - 2504 (7.2.x)
WLC-B - 5508 (7.2.x)
 
The problem I'm seeing is I'm getting no DHCP address assigned on the test SSID.  If I statically assign IP information I still have no connectivity.  It's as if the EoIP tunnel for the 2nd test SSID isn't functional.

View 2 Replies View Related

Cisco Wireless :: 3502 - WLC User Rate Limit On Guest SSID Anchor Controller

Jul 30, 2012

We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ. Both the foreign and anchor controller are here at my location.
 
I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid. As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.
 
We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.
 
I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.
 
So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.
      
Oh and here is my hardware & software levels.
 
5508wlc - forgeign
4402wlc - anchor
Software Version7.0.230.0

View 3 Replies View Related

Cisco Wireless :: 4400 How To Get New Access Point To Be Seen By Controller

Jul 23, 2012

I have a Cisco Series 4400 WLAN controller and I'm trying to connect a lightweight AP to the controller.  I have already assigned the switch port to use my wi-fi VLAN, and have connected the AP to the switch.  After a few minutes, the light on the AP goes from green to light blue (indicating it's serving clients). When I log into he wi-fi controller to look for the Ethernet mac address of the new AP, I do not see its Mac Address.  I want to be able to rename the AP to reflect where it will be used,  but need to select the AP via its Ethernet mac address before I can make any edits like changing its name etc. I've gone through the "monitoring" menu, selected "All" and still do not see it in their via its MAC address.  I also will select the "wireless menu" which lists all the AP's on my network, listing in order from on the longest running, to just powered on.Is there something I'm missing like a "re-scan" that scan's all devices?

View 5 Replies View Related

Cisco Wireless :: 4400 - LAN Controller (WLC) Configuration Best Practices

May 19, 2013

I'm looking for a document that states the best practices for WLC configurations (Management/Security/AP's..etc). I can currently only find the following document:URL
 
But this document has last been updated in 2008, in a few days that's almost 5 years ago, and we all know how quickly technology is evolving. 10Gb wireless is around the corner, with 1GB starting to go production now. This document also mentions the 4400 (which is end of life).

View 1 Replies View Related

Cisco :: Wireless Controller 4400 Series Web Passthrough?

Aug 2, 2011

I've download a login.html into the controller successfully, but when I preview the page there isn't an accept button.  Do I need to create the accept button with the html file or is there some place I need to enable on the controller itself.  After download the .tar file I reboot the controller but no luck.  I also create a java script button redirect but it didn't redirect to where I needed to go.  It just stuck on the splash page.

View 3 Replies View Related

Cisco Wireless :: Comparison Of Features In Wi-Fi LAN Controller 2500 And 4400?

Jul 27, 2011

give me the run down on the features removed from the 4400 series in the 2500 series? Obviously 4400 is now EOL, and so i cannot purchase new.  Therefore I was looking at the 2500 for my implementation to save costs also.I would like to have two SSID's, running seperate VLAN's, one voice, one guest, trunk the link to the AP's, which will be 1131AG or newer, N possibly.  Voice needs to be encrypted with WPA or WPA2, guest needs to be open using the guest access feature.  Here's a sample but with EAP:
 
[URL]
 
Is this supported to have WPA on one SSID and Guest access on the other? i did spot a paragraph in the 4400 manual stating that certain restrictions apply regarding one SSID having encryption and the other being guest mode?I notice also in the WCS documentation, it doesn't explicitly state it supports the 2500 series under the managed devices section?

View 1 Replies View Related

Cisco Wireless :: Windows Laptops That Do Not Roam From One AP To Another On Same 4400 Controller

Jan 22, 2012

Windows laptops that do not roam from one AP to another on the same 4400 controller?  Particularly using an Atheros chipset - works fine under Linux... It's a WPA2/AES enterprise network on a controller running 7.0.220.0 

View 4 Replies View Related

Cisco Wireless :: Mobility Group Between Controller 4400 And Virtual WLC

Mar 7, 2013

I read the configuration guide about the 7.3 release. And I figured out that you will need a hash key for establishing a mobility group relation between a controller and a virtual controller. The 7.3 release for the 5500 series works fine for me.But the latest release 7.0.235.0 for the wireless lan controller series 4400 does not have a functionality to add a hash key while creating a new mobility group member.The command "config mobility group member hash" is totally missing. How to establish a mobility group between a 4400 controller and a virtual then ?

View 2 Replies View Related

Cisco Wireless :: Mobility Group Between Controller 4400 And Virtual Wlc

Sep 3, 2012

I read the configuration guide about the 7.3 release. And I figured out that you will need a hash key for establishing a mobility group relation between a controller and a virtual controller. The 7.3 release for the 5500 series works fine for me.
 
But the latest release 7.0.235.0 for the wireless lan controller series 4400 does not have a functionality to add a hash key while creating a new mobility group member.
The command "config mobility group member hash" is totally missing.
 
how to establish a mobility group between a 4400 controller and a virtual then?

View 4 Replies View Related

Cisco Wireless :: 4400 How To Configure Controller In Case Ethernet Port Goes Down

Oct 7, 2012

I want to configure a Cisco Wireless Lan Controller (4400 and 5500 series) with to data ports for failover?  I think the primary and secondary ethernet connections should be configured as trunks.  I cannot find anything on CCO about this or on the internet per se.  I know how to configure for failover with APs but cannot find anything on how to configure the controller in case an the ethernet port goes down.

View 7 Replies View Related

Cisco Wireless :: 4400 Series Controller Blocking 802.11a/n Radio Interface Of 1250 AP

Dec 19, 2009

We are facing an issue with a customer where a Cisco 4400 Series controller is blocking the 802.11a/n Radio Interface of a 1250 AP. The radio shows as down on the controller GUI. The error message on the GUI is that the 'Regulatory Domain' is not supported. This can be seen from the attached screenshot. Also relevant parts of the WLC configs are attached. WLC: Cisco 4402  WirelessWLC Country: SADevice: Cisco Lightweight Access Point 1250 (LAP) is controlled through the 4402 Cisco Wireless LAN Controller (WLC)The operating system version of the LAP: c1250-k9w8-mx.124-18a.JA version of the WLC: Software Version 5.2.178.0 The problem is that the controller shows that the 802.11a/n Radio Interface in Radio Slot # 1 is always down ,  the customer tried to manually 'no shut' the AP interface from the console and it worked , but obviously this solution would not work as the configuration cannot be saved (LW AP).

View 12 Replies View Related

Cisco Wireless :: 3502 Access Point Will Not Connect To 4400 Series WLAN Controller

May 20, 2012

I recently upgraded our controllers to the latest version 7 software, as I read this was one of the requirements to get them to connect.  But I am not having any luck getting into a controller.  Normally I plug them in to the network, they pop into the controller listed as something like AP5057.a844.xxxx and then I can finish configuring them, but a static IP on them, etc. This is the first of this model AP I have tried to deploy, so I am wondering what is different with these. or what I might be missing in the default config in the WLAN controllers. Niether of which are set to "Master" either.

View 10 Replies View Related

Cisco Switching/Routing :: Import MAC Filter Database From Wireless LAN Controller (4400) To ACS Server (v4.2)

Apr 10, 2013

we need to be required to import MAC filter databse from Cisco Wireless LAN Controller (4400) to Cisco ACS Server (v4.2).

View 2 Replies View Related

Cisco :: 4400 Controller / Accessing Web GUI From Port 0?

Jun 7, 2011

I know how to access the GUI from the service port.  However, I am not able to access from Port 0.  IPs have all been properly set.  We have a management VLAN in our enterprise.  I have configured the WLC management interface for an ip on that subnet.  Port 0 is connected to a 3560G switch.  I have set the switch port to be an access port to the management vlan and I have tried to set the switch port as a trunk, with the native vlan set to the management vlan.  I am not able to ping nor access the web GUI remotely via the management vlan.

View 3 Replies View Related

Cisco :: 4400 - Cannot Copy Configuration From Controller To WCS

Feb 22, 2011

When I try to import configuration from the controller 4400 to my WCS it gives the following message:
 
Status Refresh succeeded but some records were dropped because their key fields failed validations.
 
When i see the config in the WCS, all of my light access points are not on it. I check for the logs and this is What I get: (its a lot of info, so I am putting an example!)
 
02/23/11 14:18:46.784 ERROR [general] [TP-Processor7] THROWcom.cisco.server.common.errors.InternalException: [COMMON-1]: COMMON-1com.cisco.server.common.errors.ObjectNotFoundException: COMMON-

[code]......

View 3 Replies View Related

Cisco Wireless :: 4400 High Availability In Wireless Controller

May 28, 2012

We have two 4400 WLC's. We have around 20 access points in our network.If we assign controller1 as primary for half of the access points and controller 2 as primary for the other half, does this mean the association of the ap's indicate load balancing by the controllers. Does this mean wlc does load balancing as different ap's associate on different controllers. or does it only server as active-standby wlc.

View 2 Replies View Related

Cisco Wireless :: 5500 / Controller Versus Cloud-based (Controller)

Mar 31, 2013

We are trying to navigate the waters in choosing between a in-house, controller-based, wireless network solution or a cloud-based solution. We have been presented with the usual suspects in cloud-based (Aerohive, Meracki, etc) and with Cisco (5500) and Aruba on the other side. We are a multi-campus organization with approx. 200 APs.Any hard reasons why go with a controller-based vs. cloud-based solution? If we must keep the conversation limited to Cisco, why go Meracki over Cisco's WLC solutions or vise versa?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved