I'm looking into upgrading our 4400 series controller to 5508's. Currently we have a few sites that have 8-9 4404 100AP controllers and I'm looking to condense these down to either 3 5508-500 or 5 5508-250 depending on cost. I'm wondering what a good port to AP ratio is for controllers with licenses that can handle over 100 AP's. I know the general rule of thumb is 25 AP's per port, but that seems to me to be 4400 way of thinking. I'm trying to also reduce the controllers overall footprint, i.e. ports on the uplink switch, power consumption, rack space etc.
Our controller get freezing every week at least twice, and do not know what is the reason. I am attaching the log for you to look at it. Last time happened was yesterday at around 13.00 pm.
I am setting up two 5508 controllers, one in HA mode, and one the primary for the remote sites in question. I plan to have these units service wireless for MPLS conected regional sites (each with their own local subnet). I was planning on using the cabled hosts network in each site for the wifi addressing and was thinking a different addressing for Guest Access, is this common? I'm obviously concerned with guest access clients but don't know enough how their trafiic is segregated from normal wifi traffic.
Also, when I stand up the controllers the management interface and ap-manager won't be in the same network as where the hosts or LWAP's will reside (routing access will exist though).
We have 2 Cisco 5508 WLCs, each wtih 50 licenses. What I would like to do is split the 50 odd APs between the 2 controllers load balancing the traffic. If a controller goes down or there is a break in the path all APs would failover to their configured secondary controller. So far so good.
However there seems to be no way to 'replicate' the configurations between controllers unless I setup HA , but as I understand it HA is Active /Passive, so essentially, unless you get a failover situaltion, completely 'redundant'.
Is there a way or either replicating between controllers automatically with out HA, or is there a way of making HA Active / Active?
I have two 5508 and one WCS server, the controllers are in one mobility group.Now I have to change the management IP addresses on the controllers. What are the correct steps to do this?
I am planning to move our WLC's (5508) from a branch site to HQ so that all branch site APs will just report centrally in the HQ. There are two WLCs working as Active/Standby. Plan is to move one then the other. I am not really inclined with wireless.
We are installing a set of 5508 controllers at one site in Tennessee. At another divisional site we have another controller that covers that division.
Both sites utilize the same DNS structure and would like to use the DNS entry CISCO- CAPWAP- CONTROLLER entry for bringing new AP onto the controllers at their sites, how would we go about configuring this?
I have two 5508 WLCs. Both have APs attached to them. If I create a guest account with the lobby administrator on one, will that user account be able to log in to the network if the client is attached to the ohter WLC? So far, I have found that I need to create the same user on both WLC's, in order to have the user login.
Just recently upgrade our 2 5508 controllers from 6.0.199.0 to 7.0.116.0. Since that upgrade, I have a handful (8 to 10) of wireless laptops that now refuse to associate to any access points. The thing these laptops all have in common is some variation of the Intel Wifi Link AGN cards. I have about 200 other clients out there working just fine.
I've tried everything under the sun that I can think of. Patches, drivers, the whole sh'bang.
Is there a known issue with 7.0.116.0 and these particular cards?
Is there any way to configure a wired guest network with a combination of 5508 and 2504 wireless controllers? I am aware that the 2504 does not have wired guest functionality, however is it possible to set up a wired guest on the 5508 and using mobility anchors, transmit the l2 information through eoip to communicate with the remote vlan?Home built NAC solution, using 802.1x authentication on switchports for public areas. If user is an employee, communicates with the supplicant on their machine, and places them on an internal vlan.If user is a guest, user fails 802.1x check and is placed on a "guest" vlan with an ACL and external DNS.If placed on the guest vlan, the user has to accept a terms of use form.This is working currently with our 5508s without any issue, however we have some remote offices we'd like to roll this out to that are using 2504 controllers. I'm hoping there's a way that I can use the 5508 as an anchor or vice versa to make this work.
Currently in the process of migrating from psk to 802.1x radius environment using a mix of 4400 and 5508 controllers with WCS using Microsoft ias. The problem I have is there is a lot of shared iPads and tablets in the environment. Is there a way to force these user to relogin to radius after a certain time period so they are not sharing unames and passwords?
Please find attached a simple BYOD/ISE document I uploaded to kick start my new Wireless setup. Its all configured on my ISE sever and Controller as per doc.My setup:
-3600 AP's -Internal 5508 Controller -DMZ 5508 Controller (acts as a DHCP server for wireless clients)
Controllers have established connectivity (mobility acnhors), as a client I can connect fine to my new SSID get a DHCP IP address back from DMZ WLC and at the moment can connect out to the Internet fine (using no WLAN Security as a test). So this part is working.I have now followed the document configured ISE, enabled AAA on the Internal WLC only and used the AAA override setting on WLAN as in the attached document.I connect to SSID expecting to be redirected to my ISE Guest Portal, nothing happens other than connecting to Internet WebPages.My question is, if I have followed this document correctly why is the Internal WLC not redirecting client requests to ISE, is this because my mobility anchors need to be re-configured, perhaps the AAA/ISE config needs to be applied to my DMZ WLC not internal WLC?
I would prefer the Internal WLC to redirect the login to ISE, doesn't make sense to traverse through the DMZ Firewall onto DMZ WLC back into the Internal Network again to the ISE to authenticate.Or am I missing something additionally to this document to make sure clients are directed to the ISE Guest portal login.
I have 2 x Redundant Guest Anchor Controllers (5508) located in 2 separate Data Centers with all the management and guest user VLAN spanned between two. Everything is working fine with the Guest WiFi access except the DHCP functionality as the Controllers are acting themselves as the internal DHCP Servers.
This is how I tried to distribute : network. 10.1.0.0/23 gateway: 10.1.1.254 Controller 1, DHCP Server pool: 10.1.0.2 - 10.1.0.254 Gw: 10.1.1.254 Controller 2, DHCP Server pool: 10.1.1.2 - 10.1.1.254 Gw: 10.1.1.254
As the user load balancing between the Anchor Controllers cannot be controlled (i.e. they are active/active), the same client sometime getting 2 different IP addresses from both the Controllers (as they do not talk to each other in terms of DHCP) hence depleting the pool addresses.
I guess one way of solving this is to just run 1 DHCP server in one of the controllers but that defeats the purpose of having N+1 Controllers. Is there a better way of doing the DHCP load balancing and having full redundancy at the same time?
I have a D-link Gigabit wireless router which works great but 1 particular wireless device of mine functions/works faster when i have a 100mbps Ethernet connection to it. Is it possible to slow down the wireless speed to a particular device?
Ideally i want my router to continue functioning as normal but i can't afford to have a 20m Cat5 cable running from my router through my hallway and into the living area. I want to slow the connection down to 100mbs for this one device.
I want to prevent guest from doing peer - peer communication on my Guest (5508) controllers. Is this a feature on the WLC or only by applying an ACL on the router interface?
Does a 802.11g compatible device on a 802.11n network slow the whole network down to 802.11g speed?I want to integrate a Logitech Squeezebox into my 802.11n home network but it is only rated at 802.11g.
I don't see any setting in the e4200 interface to reduce the transmit power. I only need to cover my small dorm room not the building. A friend has an e1000 and needs to do the same thing.
I am really not sure how to ask this question, but I will do my best. I have a Server running an application that I am connecting to via VNC app on my client. The app on the server is pushing 90mb down to the client, which is incredibly slow (3fps). I am curious if there is something that I can do/configure/verify to reduce the amount of data being pushed down?
our company has 1 mbps lease line for internet connectivity. but while monitoring i saw it goes up to 1.4 - 1.6 mbps. how can i reduce the access rate and maintain it below 1 mbps ???
I am trying to get a internet broadband connection through USB stick.. While speaking to the vendor. he said that they offer 3.1Mbps speed (no roaming charges)...all of this is understood...but they say that after 5GB of download the speed will reduce to 28Kbps....Can I know what do they mean by this.And how do I go ensuring how many GB have I completed my download.
I have been tasked by my boss of finding out and implementing a solution of building GRE tunnels from 2 4408 Wireless controllers system for a guest wireless network. I am but a low CCNA wireless, working on getting motivated for CCNP wireless, but I didn't even know if this was possible and if it was where to begin. I have been reading configuration guides but figure I should ask the wireless experts of the world of Cisco.
I am read this cisco document Cisco Catalyst 3850 Switch Services Guide
[URL]...
which describe that
L2 roam occurs when the user roams from an access point connected to its controller to a different access point connected to another controller, where the two controllers are L2 adjacent to each other.
L3 roam occurs when the user roams from an access point connected to its controller to a different access point connected to another controller, where the two controllers are L3 adjacent to each other.
so what exactly this mean the two controllers are L2/L3 adjacent to each other , what is the different between them.
I set up an IPSec VPN with NAT-T between two cisco router 871. In particular one router acts as a SERVER and the other one as a CLIENT. All the traffic coming from the hosts connected to the CLIENT-router is sent over the VPN (no split tunnel). Everything works perfectly. The only problem is the amount of time the VPN takes to establish the first connection between the two routers. In particular it takes about two minutes. tell me if this amount of time can be reduced (with a partcular configuration instruction)? Or this is the minimum amount of time required for the first connection establishment?
From one day to the next our UPM database (upm.db) has blown up from 4 Gb to 35 Gb.Data purging didn't reduce the size of the db.What happened ? And how can I compact the db again ?
I am configuring two 2504 controllers, which I ordered together, however they run different software versions and I don't have a contract/ login to download wlan controller software from the Cisco website. The one with the newest version runs 7.2.103.0 while the other one runs 7.0.220.0 I want to run them together in the same subnet and use them for redundancy (10 AP's will connect).
Is there a way I can download the software from the controller, just like I am able to do with an ASA firewall? Then I can upload it to the controller with the older software version.
Actually we have a 4402 controller with 1120 APs both of which are marked as EoL products, we want to jump over the new 2600 APs and 5508 Controller for increase signal coverage but we have the following deals:Last firmware for 4402 controller is 7.0.Firmware needed for 5508 to support 2600 APs is 7.3.Is it possible to configure mobility between 4402 and 5508 even with different firmware branch?
If we have 2 Cisco 2504 series wlcs and use multicast features in both and both are primary and secondary for LAPs. what about of we use multicast ip address let's say 255.239.1.60 can we use the same ip address for the secondary controller too or we should use any other ip ?
we have 2811 router with multiple servers connected to it's lan from which there are monitoring servers in between , the router suffers always from high cpu utilization configuration has alot of ACLs & NAT & IPSEC Tunnel with wan bandwidth 20 M? Is there any method to reduce the high CPU utilization shown below !!
CPU utilization for five seconds: 90%/80%; one minute: 93%; five minutes: 90% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 104 737029848 427864243 1722 5.45% 5.65% 5.65% 0 IP Input 253 63392216 11081854 5720 1.04% 1.15% 1.12% 0 IP NAT Ager 260 82602372 137425723 601 0.64% 0.64% 0.66% 0 PDU DISPATCHER
I have 2 WLAN controllers, a 4400 series and 5500 series controller. The 4400 series has 100 seat limit on it, with 74 Access Points currently connected. The 5500 series has a 250 max, but we bought it with only 50 licenses, and it is max'd out at 50.The 5500 controller is the controller that has a DNS entry so that the Access Points will know to find that controller as they're being added. BUT, because we've reached our limit of 50 licenses, I'd like to be able to set the 4400 series controller to be the controller that new Access Points try to connect to. By going back to the 4400 as the controller that new Access Points connect to buys me time to plan for more licenses on next years budget for the 5500 controller.
