I have a 4400 and a 5508 WLC in the same location We want to be able to roam between ap joined to both the 4400 and the 5508 using only one ssid
Do I only need to create a mobility group and add both WLC then create only one WLAN on one of the controllers and it will be shared across bot WLC.
I recently add a second CT5508 to the network, but when I tried to add the first 5508 to the mobilty group I received a message like this:
"error in creating member"
I've tried different mobility names, via GUI, via CLI and always the same error.
I've verified twice or more than twice connectivity issues or any error on the entering the MAC and IP of the controllers, everything is fine.
I'm using version 7.0.116.0
I have to WLC's a 4402 and 5508 in a mobilty group. they are both running 7.0.116.0. They are configured to use Web Authentication. We are having complaints that Users are having to re-authenticate when moving around the office. My theory is they are moving from one WLC to the other and then requiring to re-authenticate.
View 5 Replies View Relatedfor some reason our wlan-controllers were build up to be standalone instead of beeing one mobility-group. I would like to change this in order to use all features of HA.
let me describe our scenario: two WLCs 5508 running SW ver. 6
- same subnet
- both are running in master controller mode
- different hostnames, ip-addresses, etc
- all settings for WLANs and AP-groups (exept the APs themselves in these groups) are the same
- in total at this moment we are running around 100 LAPs configured one half on WLC#1, the other half on WLC#2
I don't know exactly why, but when that setting was installed, someone already configuredHA for each accesspoint... e.g.:
- AP#1 primary WLC#1, secondary WLC#2
- AP#2 primary WLC#2, secondary WLC#1 but without WLC#2 knowing the configuration for AP#1 it makes no sense, correct?
so my question is: how should I do the migration in the best way?
is it easy as:
- disabling master controller mode on WLC#2
- configuring both WLCs into one mobility group
--> WLCs are negotiating their configurations for the APs
Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
5508 controller
7.2.110.0 code
6 buildings
6 interface groups
1 ssid
I am setting up officeexten. I have placed the officeextend wlc in the dmz with an mgmt ip of 192.168.10.2. in the process of anchoring this to the internal wlc. Also the ip on the firewall for this interface is 192.168.10.1
1. does the mobility group need to match the same on the internal wlc ?
2. Now do i need a NAT transnational on the firewall for the external WAN ip (AP primed address say 66.10.10.10) to NAT back to 192.168.10.2 ?
3. The 5508 WLC is running on ver6.0.199.4 (license level base) - will this support office extend?
We are in a warehouse type setting and have data centers on each side of warehouse with 5508 WLC's in each data center. Each side is on its own subnet with routing in between and a different set of SSID's for each set of WLC’s. Are goal is to have the ability to failover in the event that if one data center goes down AP’s will move to the controllers in the other DC and the clients will still be able to operate.
Our thought was to implement mobility groups between the controllers. While I saw documentation on setting this up when the controllers are on the same vlan, I didnt see any setup config when controllers are in different vlans. So I am wondering if mobility groups are even an option for what we want to accomplish. For the most part clients stay on their respected sides of the warehouse and so we are not necessarily needing roaming for clients between controllers in DC1 and DC2. But that does raise another question in that we do have a planned voice wlan that we would like to have the ability to roam between each side of the warehouse. But we have seen ip issues with this. In the past we have had both SSID's setup on each side and ran to issues with clients not renewing their IP address when moving to the controllers on the different subnets.
Can we setup mobility groups between controllers on different vlans/subnets? For failover purposes will mobility groups assist in our setup with 2 DC’s and different subnets/vlans? If the answer is yes we can setup mobility groups between different subnets, is there a way to setup the SSID's on all controllers and have the ability for clients to roam and renew their IP’s when moving to a different controller on a different subnet?
On a wlc 5508-7.0.116, can I set up 2 ssids that map to one wlan/vlan/subnet. I thought you could but I don't have the means to test without breaking production.
My goal is this:
Ssid red open
Ssid blue wpa 2
But all clients on the same ip subnet
It seems the 7.3.101 version Mobility group peer cannot up,: refer to the attach,
Peer 1: version: 7.3.101
Peer 2: version 7.0.98
Peer3: version 7.2.103
Today we got new two WLC for Anchor use, and config the mobility group, but it's failed and cannot up, the ping is ok.
I read the configuration guide about the 7.3 release. And I figured out that you will need a hash key for establishing a mobility group relation between a controller and a virtual controller. The 7.3 release for the 5500 series works fine for me.But the latest release 7.0.235.0 for the wireless lan controller series 4400 does not have a functionality to add a hash key while creating a new mobility group member.The command "config mobility group member hash" is totally missing. How to establish a mobility group between a 4400 controller and a virtual then ?
View 2 Replies View RelatedI have a customer buys 12 x WISM and build up a mobility, when I add the final WLC to mobility, it prompts that there mobility group has reached the max of mobility member, but the total member is 23, according the configuration guide, it should be allow to 24 member, do I hit some bug? My using version is 7.0.98.0.
View 5 Replies View RelatedI read the configuration guide about the 7.3 release. And I figured out that you will need a hash key for establishing a mobility group relation between a controller and a virtual controller. The 7.3 release for the 5500 series works fine for me.
But the latest release 7.0.235.0 for the wireless lan controller series 4400 does not have a functionality to add a hash key while creating a new mobility group member.
The command "config mobility group member hash" is totally missing.
how to establish a mobility group between a 4400 controller and a virtual then?
I have a Question i am testing mobility group with Failover for redundend connection between 2 Cisco 5500 Wlc.On both the controllers i got the mobility working And both the controllers have the same version.And configuration. But when i unplug the main controller the access-Points don't convers to the second one .The just keep on creaming can't find the main controllerAlso with this thus the second wlc need to have the same.Interface ip address like management.
View 8 Replies View RelatedHow many WLCs 5508 can you add to the mobility group?
View 1 Replies View Related1) Is it possible for 2 WLCs installed in seperate data centres with L3 seperation to be joined in a mobility group? We will have aps in the branch offices split between controllers so we want to make sure roaming work ok. Also all guest access should be anchored to data centre 2.
2) in flexconnect local switching mode, do I need to create flexconnect groups if I'm only using radius servers in the data centre with no requirement to use local radius as a backup?
how i can configure a second ssid for guest access in our environment. this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time. My AP config is attached below.
Do i need to redesign the whole network to have a native vlan other nthan the data vlan? Does the access point need to be aware of the voice vlan? Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
I have two 5508, no anchor, only one SSID with internal web authentication using radius server.Under "Configuring Mobility Groups", Cisco guide says: "If a client roams in web authentication state, the client is considered as a new client on another controller instead of considering it as a mobile client".
I understand that if a client that has already autheticated via web roams between two LAPs that are associated with different WLCs, it has to reathenticate.
My question is if I can configure 3 ssid, for 3 different VLAN and add the DHCP address from a WAP4410N AP, when you upgrade to the latest version of IOS I can have this functionality?
View 2 Replies View RelatedAfter upgrading my 5508s to 7.2.110.0, they are reporting mobility data path errors to one of my WiSMs running 7.0.235.0.
I get these messages on the 5508s reporting that it can't send a ping to the affected WiSM:
*ethoipSocketTask: Aug 08 21:15:41.175: %ETHOIP-3-PKT_RECV_ERROR: ethoip.c:341 ethoipSocketTask: ethoipRecvPkt returned error
*ethoipSocketTask: Aug 08 21:15:41.175: %ETHOIP-3-PING_RESPONSE_TX_FAILED: ethoip_ping.c:312 Failed to tx a ping response to <ip address>, rc=5
But maybe there is another clue because I also see in the same log these errors referencing the same WiSM:
*bcastReceiveTask: Aug 08 21:15:45.310: %LOG-1-Q_IND: mm_dir.c:1969 Failed to recreate the SSH Rule for <ip address>.
*mmSSHPeerRegister: Aug 08 21:15:44.829: %MM-1-SSHRULE_CREATE_FAILED: mm_dir.c:1969 Failed to recreate the SSH Rule for <ip address>.
Why is the controller trying to SSH to another controller? Was some SSH related feature added to 7.2 that has been accidentally enabled?
I have Cisco Wireless Lan Controller 5508 with 35 (3600 Series Access Points. Do i need to purchase Mobility Service Engine for this or no need? Do i need WCS server for this or no need?
View 1 Replies View RelatedI have 2 5508 controllers in a mobility group. Any good way to keep the configuration between the 2 controllers synched up?
I thought about copying the config from my primary controller to the secondary controller, but I would think there is a more elegant way to make this happen.
I am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
I have 2 questions:
1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
Port 1: Controller management only=> 192.168.x.x /24
Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing)
Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing)
Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth)
Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?
i`m facing a problem configuring the mentioned access point to act as stand alone access point with multiple SSID assigned to differnet VLANs the problem is that
1) i`m not able to broadcast the both SSIDs in the same time from the Access point
2) i need to make the radius server to manage the SSID access for the wireless clients (trying to find a way in which the aceess point sends a log for the radius server containing the VLAN id /IP address of the the SSID) you may find the below info about the IOS ver. & the configuration?
i`m running IOS /c1100-k9w7-mx.123-8.JEE/c1100-k9w7-mx.123-8.JEE?
How do Mobility Groups work with internal DHCP scopes on a WLC 5508?We have a WLC 5508 with two internal DHCP scopes which redirect to captive portals for authentication. I am looking at putting in a second WLC in a mobility group setup to provide some WLC redundancy. The LWAPs will be setup so that every second AP is on the has the second WLC as its primary controller. If the primary WLC fails we want the secondary to be able to take over and issue IP's from the internal scope. How do you set this up with a Mobility group so the second WLC does not act as a rouge DHCP server while the primary WLC is still active?
View 6 Replies View RelatedI am trying to implement PEAP authentication with ACS 5.3. I have two SSID's with peap authentication and i have two groups in AD. I need to map one ssid with one group and another SSID with the other group.
View 3 Replies View RelatedI have an AP group on a Cisco 5508 WLAN controller. Currently, it is populated with 13 Cisco 1142 lightweight access points. When I try to add a Cisco 3602i access point to the group, I get the following error in NCS: Error: OfficeExtend requires primary, secondary, or tertiary controller management IP to be set.I am using DNS to allow my AP's to find the controller and they work just fine. Is there a reason I can't add the 3600 series AP's to the AP group?
View 13 Replies View RelatedLooking to setup 3-4 WAP4410N AP's but only want to use 1 SSID and one set of keys if possible.
View 15 Replies View RelatedOn a 1200AP, I have set up multiple SSID's. Generally, broadcast is set on. Why can I only see the default SSID and not the others?
View 3 Replies View Relatedi have a WLC (5508) - trying to enable AP group vlans based on instructions from: url...however, my problem is that i don't have the 'ap group vlans feature enable' checkbox.
View 1 Replies View RelatedWe just got a WAP4410n and cant seem to get multiple SSID's to show up when searching for them.Only SSID1 shows up in Kismet or any other type of Wifi detector software, is it supposed to be like this?I would imagine that it should display both SSID's
-Mynetwork1
-Mynetwork2
Instead of just Mynetwork1, I have tried everything i can think of to connect to the second one but nothing seems to work.
We have a secure ssid and a guest ssid. Is the a way to prompt for a single username and password and if that name is guest it will automatically connect to the guest ssid? If active directory user and password it will automatically use the secure ssid? we are using Microsoft NPS/Radius, 3502 ap's, and 5508 controller.
View 3 Replies View RelatedI have two WAP200's code level version 2.0.4.0 connected to two SFE2000 24port, one switch per building. I have 3 vlans that I want to bridge between those two switches. I know the trunks on the switch are setup correctly because I can connect them directly and test all vlans.
I am able to get the untagged Vlan 1 to work fine with the bridge, but I have issues with the tagged Vlans 2 and 3. I have checked that I have the correct SSID tied to the correct Vlan number. I cause the whole network to lock up when I try to add the other SSID MAC addresses to the AP Mode -> AP Mode -> Wireless Bridge -> "Remote Wireless Bridge's MAC Addresses:" section. The wireless lights and ethernet lights go solid.
Should I be adding the additional MACs there?Does the WAP200 even support multiple VLAN/SSID?
Network diagram: SFE2000 --trunk-- WAP200 --(((((3xSSIDs)))))--WAP200--trunk--SFE2000
I am using a Aironet 1100 series access point (AIR-AP1142N-N-K9) with IOS version c1140-k9w7-tar.124-21a.JA1. I want to create two seperate SSID's on the access point with WEP encryption. There is no VLAN configured and i want it to be like it. Also I need to broadcast both the SSID's at the same time, so the some of my users need to login with the first SSID and the others to login through the other.
View 2 Replies View Related