Cisco Wireless :: 5508 - Opening CAPWAP On Different Interfaces
May 9, 2012
I am trying to configure two AP-management interfaces to accept CAPWAP on different ports using the option "Enable Dynamic AP Management". One of them uses public ip address. However, I getting the message "Ignoring discovery request received on non-management interface ..." on this.
Clarify some points with capwap implementation, does all data and control traffic tunneled back to the controller and switching packets to the specific vlan will be done by the controller? so if i have 5508 controller, its maximum throughput will be 8 gbps (local mode AP), provided i have done LAG on all its ports to the LAN switch?
I have a DSL modem (custom made and branded by my ISP) which is receiving a DSL stream... it has an external IP which is visible to the world, say, 126.96.36.199 ... This modem has DHCP enabled, has an internal IP for itself, which is 192.168.1.1 .. it is connected to 2 laptops via and ethernet cable .. Laptop 1 has IP 192.168.1.2, and Laptop 2 has IP 192.168.1.3 ...On Laptop 1, two applications are running, jDownloader and Media Player Classic, which have their web interfaces on ports 8765 and 13579,respectively.. I can access both of these web interfaces from Laptop 2 by opening these addresses: 192.1681.2:8765 and 192.168.1.2:13579 ... both of their web interfaces open up, meaning the web interfaces are working fine ..Moving on, I now want to access these web interfaces from outside my network as well, and so I've configured port forwarding in my DSL modem to forward all traffic on ports between 8000 and 14000 (both TCP and UDP) to IP 192.168.1.2 ... I have verified that port forwarding is working by testing it using PortForward.com's port checker tool, and this website too: Open Port Check Tool - Test Port Forwarding on Your Router When I use the website, if I'm running the applications on Laptop 2, the website reports that the port is open .. if I then close the application, the website reports the port is closed ... This makes sense as nothing is listening on my machine in the latter case .. Also, if I disable port forwarding in my modem, again, the website reports the port is closed ... so, the website's results seem to be okay ...
Despite the above tools reporting that port forwarding is working, I am unable to open the web interfaces from outside my network ... So for example, if I tried to browse 188.8.131.52:8765 or 184.108.40.206:13579, nothing opens in my browser ... But if I accessed these web server's locally from Laptop 3, by typing in 192.168.1.2:8765 or 192.168.1.2:13579, they opened ... The tools report unanimously that port forwarding is working, and yet I am unable to open the web interfaces from outside the network ..Also note that I have disabled the firewall from my computer, and have also made sure that any option in the above programs (whose web interfaces I am trying to open) that says only local connections are to be accepted, is disabled ...
The scenario is that currently one of the client has a firewall Tie ring T1 internet facing and T2 internal which has multiple DMZ connected.
T2 firewall has a DMZ switch connected which has a router which connects to MPLS cloud to different site across the country. (around 10 sites) all static routing.
Now the client is thinking to deploy wireless at all 10 sites using H-REAP. The issue is that client has only one WLC and they are not willing to buy other as i was thinking to deploy two WLC one for corporate and one for guest users. (one in internal network and on in DMZ)
Now my question is as follow.
1- Keeping in mind that there is only one WLC where should i physically put it? 2- How guest users will work ? How the authentication will be done? 3-There are 8 SFP ports in WLC how physical topology will look like? 4-How many Vlans i have to make for wirless users will that be 10? (1 at each site) ?
my last question is that how these ports work on WLC are they just like switch e.g one port can be assigned to different vlan....just confuse about interfaces and vlans on WLC (interfaces concept)
I have a 5508-WLC appliance and configured multiple ap-manager interfaces to balance the join request from LAPs and the load.I went to console port from some LAPs and saw that there was that balance among multiple ap manager interfaces (Dynamic AP Management Interfaces). Then we torn down one of the ap manager interfaces and confirmed that the LAPs were moved to next ap manager interface automatically.But the question here is, how can I verify which ap-manager interface was used for a LAP from the WLC via GUI or CLI ?? or how can I see the amount of APs joined using that ap manager interface from WLC ?
I didn't design the job, but is pretty straight forward, except the following, the design has a single wlc 5508 with 2 physical connection between two non cisco switches. There are 2 initial WLANs to be created. I am ok with most of the wlc config execpt the following:
Now from my understanding of everything I have read recently, you can't use LAG on the 2 physical connections if they connect to 2 seperate switches, unless, although not offically supported, the 2 connections are on either 2 3750s in the same stack or a pair of 6500s running VSS. So I believe that in my case 2 seperate connections from the wlc to 2 non cisco switches will not work with LAG. Is my understanding of this correct?
Is there a way to maintain the 2 physical connections from the wlc to the 2 non cisco switches to maintain redundancy?The wlc will have a management interface obviously, but from what I have read, the 2 WLANs that are going to be created have to have their own interface on the WLC. Which I understand as the managment int and each of the 2 WLANs are on different subnets.
If I don't use a single uplink to one of the non cisco switches (either 1 or 2 physical connections) using LAG, it appears to me that each of the interfaces ( management, wlan1 and wlan2) need to have a physical connection from the WLC to the switch, with each interface mapped to a physical port on the WLC, so correct me please if I am wrong, but this would mean I need 3 physical connections between the wlc and the swtich?
just have few questions about designing WLC 5508. The scenario is that currently one of the client has a firewall Tie ring T1 internet facing and T2 internal which has multiple DMZ connected. T2 firewall has a DMZ switch connected which has a router which connects to MPLS cloud to different site across the country. (around 10 sites) all static routing. Now the client is thinking to deploy wireless at all 10 sites using H-REAP. The issue is that client has only one WLC and they are not willing to buy other as i was thinking to deploy two WLC one for corporate and one for guest users. (one in internal network and on in DMZ). Now my question is as follow.
1- Keeping in mind that there is only one WLC where should i physically put it? 2- How guest users will work ? How the authentication will be done? 3-There are 8 SFP ports in WLC how physical topology will look like? 4-How many V LANs i have to make for wireless users will that be 10? (1 at each site) ?
My last question is that how these ports work on WLC are they just like switch e.g one port can be assigned to different v lan....just confuse about interfaces and vlans on WLC (interfaces concept).
On a WLC 5508 it lists an option to specify a "Backup Port" under the physical information section on an interface. We have two central switched SSID's which are connected to an internal firewall. We are looking at installing a backup/standby firewall and running a virtual firewall between them. Each SSID would have an additional patch from the WLC to the standby firewall.
Does the backup interface port function on the WLC allow traffic to be failed over from a centrally switched SSID via backup interfaces to an alternative device? If this does work will only physical link failure to the primary firewall cause the backup port to be activated or is there configuration parameters which can be specified for load, packet loss or latency which can be used as criteria to cause the backup port to be utilized?
I am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
I have 2 questions:
1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
Port 1: Controller management only=> 192.168.x.x /24 Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing) Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing) Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth) Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?
I've got a new 5508 wireless lan controller and can ping the ip address of the management interface, but can't access the GUI at the management interface's ip address. I can access the GUI on the service-port interface. No static routes in the controller; trunk appears to be set up correctly.
I´m looking to a project where we want to start using Autonomous AP with possibility to change to controller based on near future.
Will Cisco Aironet 1040 Series Access Points allow us to change from IOS to CAPWAP when needed? I read some posts about the oposite process (CAPWAP to IOS) so I think it´s possible on both way. Can some one confirm this to me?
We have had several APs disassociating from our controllers. The alerts say, Message: Access Point 'AP-xxxxx' associated to controller '10.x.x.x' on port number '0'. Reason for association 'Dot11g Mode Change. I have read several posts that point out that you should have QoS implemented to prioritize the CAPWAP traffic. I'd like to know if someone has implemented QoS and whether it has been successful in stopping the APs from disassociating. And if it has been successful do you have any configuration examples for the ports attached to the AP and controller as well as the QoS configuration?
We have several sites with AP1142's and 3500's. We have 2 5508 controllers. We are broadcasting 2 SSIDs of which one is in HREAP mode and the other is in local mode. Each of our sites have MPLS circuits.
Here is an example I found on Cisco which I believe can be used for CAPWAP as long as you change the ports to 5246 & 5247 instead of 12222 & 12223.
Example Router Configurations # This section contains router configuration examples to be used as guides when addressing CS6 remarking or LWAPP control traffic load. # This example uses LWAPP APs on the 192.168.101.0/24 subnet, and two WLCs with ap-managers at 192.168.60.11, and 192.168.62.11. (code)
I have an 1142 running capwap c1140-k9w8-tar.124-23c.JA4 that I am wanting to convert to an Autonomous AP.However, the AP does not seem to have an archive exec command to tftp downoad an new IOS.Is there another procedure that should be used ?
I'm looking at the spec sheet comparing Cisco WLCs and I see that the 2504 has a bandwidth max of 500mbps. Just to be clear, not all of the traffic from the APs goes through the WLC does it? In this setup, the APs would be plugged into a PoE switch as well as the WLC. The only traffic to WLC would be the CAPWAP tunnel, CleanAir info, etc right? All other traffic should just be handeld at the switch right?Also, does the 2504 licencing include CleanAir in the price?
I have to prepare an 3600 Capwap AP for autonomous functionality!
The following image was downloaded: ap3g2-k9w7-tar.152-2.JA
The release notes say: Site-Survey Only Mode for 3600, 3500, and 1550 Access Points You can install Cisco IOS Release 15.2(2)JA on Cisco Aironet 3600 and 3500 Series access points and on 1550 series outdoor access points to perform site surveys. This release runs on these access points with limited functionality. You can manually adjust these settings on the site-survey access points:
• Channel on each radio • Transmit power on each radio • Enable and disable the radios • Manually set basic and supported transmit rates • Enable advertised cell power in beacons to client to enable DTPC for doing active surveys • Enable and disable SSID broadcast in beacons • Enable open authentication
My Question is: Where can i find a instruction for downgrading an AIR-CAP3602i to Autonomous 3600 AP? Is it complicate to get the AP running, or what do i need for "downgrading"?
I have a wireless network running with Controller WISM2 and I also have a NCS.I want to know if there is any way to look of individual log of CAPWAP and LAPWAP Access Points. It is better if I can see it through NCS.
I am facing this particular issue while providing Cisco unified Wireless solution to the customer. We are having CAPWAP 1252 APs controlled by WLC.
Scenario: 50 persons sitting in a hall with closely packed chairs using wireless simultaneously. Wireless access provided by patch antenna at a height of 11m from the user. As one AP can server 25 users, 2 APs are placed with antenna directions facing the compact users. Each users gets very good signal from these two APs.
Whether there will be serious interference and client association issues in this scenario? once one AP associates 25 clients, whether other 25 clients associate completely to other AP?
I understand that Cisco *wants* the APs to be directly connected to the new 3850.I have a few questions. Unfortunately, I think I know the answers. I just want to confirm.
a. When MA/MC is enabled on the 3850, does the 3850 start intercepting *all* CAPWAP packets it sees (much like CDP)? Even non-Cisco CAPWAP packets?
b. If I have a WLC 5500 upstream from the 3850, would APs hanging off a downstream 2960 be able to register to the 5500 through the 3850 when the 3850 is NOT in MA/MC mode?
c. If I have a WLC 5500 upstream from the 3850, would APs hanging off a downstream 2960 be able to register to the 5500 through the 3850 when the 3850 IS in MA/MC mode?
What I'm afraid of is:
a. yes, yes b. yes c. no
From the Q&A page:Q. Does the Cisco Catalyst 3850 support indirectly connected access points?A. No. The Cisco Catalyst 3850 switch will always terminate the CAPWAP tunnel locally. Pass-through mode or indirectly connected access point is not supported at this time.
*spamApTask0: Nov 09 15:59:29.071: %LOG-3-Q_IND: capwap_ac_reassembly.c:652 Unable to store capwap fragment from 88:f0:77:b6:fd:00. *spamApTask3: Nov 09 15:59:27.616: %CAPWAP-3-REASSEM_SPACE: capwap_ac_reassembly.c:652 Unable to store capwap fragment from 88:f0:77:b6:fd:00.
What could be causing it? I am using 1524 APs in a Mesh environment with a WLC 5508 (220.127.116.11) which is connected to a H3C switched network.
The MAC addresses above are from my MAPs and I don't think I am getting it from the RAPs.
I openened my desktop, and now usb wireless adapter keeps dropping connection every minute for about 5 seconds?usb wireless adapter was working correctly before i oppened desktop.it doesnt have to do anything with software.is there something that i could have moved inside??
I just purchased a cisco ea4500 I have set up port forwarding for http, https, rdp. however when I run zenmap and port check it fails says port in use. I have set it up in sigle port forwarding, rang and port trigging. I tried RDP and VPN to machine that is hard wired and it fails as well. My windows server is connected as well however RDP fails on there to
I have a E1000 and already for the longest time I've been trying basically everything possible to get my NAT open from being strict.I've looked around and tried everything I came across including the port forwarding. The only thing different from what I have and from what I have seen is that my router's ip is 192.168.0.1 instead of 192.168.1.1 that everyone else seems to have. I don't know if that affects my NAT in any certain way either.
Why I can't get my NAT opened? Right out of the box, my NAT has always been strict. I'm thinking about returning all of my settings back to default and then trying everything over.
I have a cable modem hooked up to a Linksys WRT54G2 wireless router, which is hardwired to the computer I use.
I go into the router's menu by going through the standard 192.168.1.1 in the browser, and then go to Applications and Gaming. The port I am trying to open is port 25565 for both TCP and UDP. In the Start and End ports I put 25565, and for the end of the IP Address, I put the last digits of my IPv4 address (10). I used a couple of port checker tools, and it is reporting as still being closed.
bought EA4500 router and successfully installed. The configuration of the desktop i use is - Windows 7 Home Premium SP 1, IE 9.0 and Chrome -23 Dual core Pentium, 2.5 GHZ, 2GB RAM Issue - Many websites, perticularly secured (HTTPS) are not opening up with new router. (Net banking, yahoo mail etc) I didn't face any issue with my old router which is WRT54GH, it is quite old router and did work excellent and working also. I had two calls with CISCO support team, they did check everything and came to conclusion that the issue is with router and asked to get it replaced. I did that but facing same issue. This time i connected my friends laptop to EA4500 along with my personal desktop. My company laptop has following configuration - Windows 7 Enterprise, IE 8.0 Dual core Pentium, 2.67 GHZ, 2GB RAM I tried yahoo mail, net banking websites on my desktop and friends laptop, these websites didn't open in my desktop but no issues faced on friend's laptop. I also noticed that cisco, apple sites are not opening on my desktop but no issue on friends laptop. I tried same thing with my old router WRT54GH, and all sites opened on both the PCs.