after upgrading to 7.4.100.0 im getting this error message when trying to apply changes on the wlan id."mDNS profiling cannot be enabled with flexconnect local switching"if unselect mDNS snooping under (wlan id/advanced) i can apply the changes, but only temporary.when im looking the next time, the tick box mDNS snooping is enabled again.is this a bug or what?
View 7 RepliesI need to integrate Cisco ISE and WLC5508 with FlexConnect (local switching) using EAP-TLS security for wireless clients across multiple floors (dynamic VLAN assignments based on floor level). The AP model used is 3602.
- What RADIUS Attribute can be used for dynamic VLAN assignments based on floor level? Is there an option where I can group all LWAPs in same floor for getting certain VLAN from ISE?
- I intend to use WLC software version 7.2 since 7.3 is latest version. Has someone use WLC software version 7.3 without any major bugs/issues pertaining to FlexConnect and EAP-TLS?
- I read some documents saying L3 roaminig is where the associated WLC has changed. However if user move to different subnet but still associated to the same WLC, would this be consider as L3 roaming too?
I have several 2602 AP's that I want to operate in FlexConnect mode. The WLC is at a central HQ and the Ap's are remote. There are central radius servers at the HQ for the wlans. At the remote lcoation, there is a local radius server we want to use for the primary radius server for these AP's. This radius server has been added to the WLC. I have setup a FlexConnect Group, designated the the primary and secondary servers, and then added the AP's to the group. It does not look like radius requests are being sent to the local controller.
For this to work, do we have to check the box under the wlan for FlexConnect Local Auth? Currently, we only have FlexConnect local switching selected.
I am working on a new install where the customer is using local RADIUS servers at each of their many campuses (for local dynamic VLAN assignment), while using a single set of controllers at the core of their network. For the record, we have set up a pair of 5508s (v 7.2.103.0) in their central data center with 3602i APs around the various campuses. We are using FlexConnect groups to locally authenticate and switch the users.
Right now, the config is working great as far as authentication and local switching goes. The problem we are experiencing is that none of the authenticated usernames are being passed back to the controller (and ultimately NCS). This makes the tracking and troubleshooting of users difficult. Is there something I am missing here? I can't seem to find any fixes relevant to this issue in the 7.2.110.0 release notes.
I've been trying to set my IP to a static IP so I can host servers for a few different games and every time I change the IPV4 settings my internet stops working and when I troubleshoot it says "DHCP Not enabled for local area connection.".
View 5 Replies View Relateddhcp is not enabled for local area connection in windows 7" my error is this and each time when I on my pc it will ask for a new connection..
View 2 Replies View Relatedi use cisco vpn client software to connect my laptop to my company's network when i at home. using dsl modem.
i wonder if it is technically possible to connect my local printer to dsl router and in such a way establish connection between my laptop and printer?
We have integrated WLC 5508 to cisco ise 3315 with ios 1.1.1 and using Guest Sponsor portal for wireless guest users.Where we have created open ssid in wlc and redirect web login portal in wlc for guest users. We have enable all respective node in policy service for profiling and also configure snmp in wlc as well as in ise.
When guest user is connected to open ssid its get redirected to web login page of ise portal and when it gets login we are only able to see the username which guest user login but not the end device in monitoring log.
Wireless End devices are not able to get profiled can any one tell me what configuration I need to do on ise or wlc side to profiled end guest wireless device like android,iphone and laptops
For my company, I am running a Cisco 5508 WLC with a 4400 WLC as a guest anchor in our DMZ. There is a guest SSID and several business SSID's for internal equipment. Guest traffic should be tunneled out to the 4400 controller where [the client] gets its IP address and is sent out to the internet. No internal corporate access is possible. However, when I do a packet capture from my wired PC, I'm seeing traffic generated by different iPhones. It appears to be mostly IPv6 mDNS or ICMPv6 traffic. How would this traffic make it onto the corporate wired network, when it should be staying on the guest network? None of the iPhones have been setup on the business SSIDs, so I know it isn't legit traffic. Is there a setting in the WLC that will block this? Will an ACL work?
These are examples of some of the traffic that wireshark is capturing:
349 7.794875 fe80::e77:1aff:fe3c:f81 ff02::fb MDNS 253 Standard query response PTR, cache flush Tonyas-iPhone-2.local PTR, cache flush Tonyas-iPhone-2.local
356 7.802667 fe80::e77:1aff:fe3c:f81 ff02::fb MDNS 151 Standard query ANY Tonyas-iPhone-2.local, "QU" question ANY Tonyas-iPhone-2.local, "QU" question
361 7.806964 fe80::e77:1aff:fe3c:f81 ff02::fb MDNS 151 Standard query ANY Tonyas-iPhone-2.local, "QM" question ANY Tonyas-iPhone-2.local, "QM" question
Both controllers are running software version 6.0.196.0. I also have a WCS server running version 7.0.220.
model: SG300-52
version: 1.1.0.73
Switch is running in layer 3 mode.How can I turn off mDNS broadcast coming from the vlan interface on the switch.Getting mDNS broadcast from switch every 5 seconds.
I have two questions about ISE Profiling features .
•1) Does Authentication Process done after completing profiling ?
•2) Can profiling feature overcome mac spoofing issue (printer mac is used with static IP to access the network where user and printer are in same vlan ,user with 802.1x and printers with MAB auth) and deny windows user with spoofed printer mac and IP add?
We currently have an issue with our main ISE. When logged in using the admin account (member of superadmin group) we no longer see the Profiling button/menu and also missing oter options in the GUI. On another standalone ISE we do see al those options?
Both are running on the same software version 1.1.1.268.We are using ISE 3395-K9 appliances
I have a problem configuring ClientLink on a FlexConnect local switching AP (3602i), the problem is that I can not see the clients that are using the ClientLink feature when entering the show interface dot11radio 1 lbf rbf command, the AP shows "Hardware beamforming stats not supported (radioid 0x3B00)" message instead of show the client information. I am using a 2504 Wireless LAN Controller running 7.3.101.0 software version, why is not working properly?
View 7 Replies View RelatedA customer have a bad coverage in a corner of his branch office. He like to add a mesh AP (MAP) in the near of that corner.
I checked allready the documention about Mesh but i'm not sure if Flexconnect and Mesh works togheter. This MAP is in a branch office and the WLC is in the head quarter therefore he likes to uses Flexconnect togheter with Mesh.
Does the access point 1600 and 2600 support flexconnect mode?
View 5 Replies View RelatedA customer of mine has a centralized 2504 WLC with 7.2 code running. They have 1142N APs deployed locally as well as in remote sites (3) in FlexConnect mode. For no apparent reason last Thursday all the remote APs disassociated with the controller and could not rejoin. All the local APs remained up and unaffected.No changes to the WLAN, LAN, Firewall or MPLS WAN occured to cause this.The customer opened a TAC case and their determination was that ports 5246-5247 were not getting thru. When the customer engaged me this morning I had him run a packet capture on the Sonicwall firewall to prove out if the CAPWAP signals were leaving and returning across the WAN. Sure enough we can see this bi-directional traffic (pic attached). Also, I had the MPLS provider run a trace at the far end and they see the same traffic leave the remote site. And then an odd thing happened; one of the APs at one of the remote sites all of a sudden Joined the controller. So I tried rebooting the AP that is located in the same office, and it fails to Join. When I look on the controller under AP Join statistics, the last activity shows the controller receiving a Discovery Request and response is sent, but no further Config Request and response or Join Request and response.
View 8 Replies View RelatedHowever, I now have a number of devices... certain smartphones so far... that will NOT connect to a FlexConnect AP if it's a 1262AGN AP, but my older 1242G AP will accept the devices without issue. Same SSID, same encryption standards.
If I connect the devices to my guest network (no security), they will connect just fine to both APs, and Non-FlexConnect 1242 and 1262 APs will both accept the devices without issue using my private network.
In other words, it seems to be an issue specific to 1262AGN with my encryption security. My security is WPA2/AES with PSK. No additional security on the SSID.
We have a problem when I call bettween two 7925 in same SSID, VLAN voice. They cannot hear each other. The SSID and LAPs are in Flexconnet. From desk phones there are no problem and betwen one deskphone and one wireless phone there no problem too.
View 2 Replies View RelatedI want to use the flexconnect in the same network where the wlc is located. Normally we will do it for over WAN and branch office. But I want to use in the same main office to avoid more bandwidth utilization on my distribution layer. Wlc is connected on Distribution switch.I want to do local switching in the access layer switch.
The below is the sample topology. But real topology contains nearly 200 AP's(3600 series) and 20 access switches and so on.....So there is a chance of 200 AP * 350 Mbps can flow on the distribution layer.So ,
1)If I use flexconnect any issues will be occuring?
2)Does it cause any impact on VOWLAN?
I have one WLC 2504 with 7.3.101.0 code and 4 APs 1142 in Flexconnect mode all of them are in one group with 2 SSIDs in two differents VLAN:
-Admin VLAN 151
-Corporate VLAN 158
-Guest VLAN 159
-The auth is 802.1x using an ACS ver 4.2
I connect my Laptop to the corporate SSID and start to have access to web services, intranet services, etc but arround 15 25 min after i connect i lost connectivity to my GW and all the services but i still have my IP info. I do some tests on MAC books, Laptop with Windows XP, 7 and 8 and its the same for all. I config one switch port in the corporate VLAN and i never loose connectivity.
If i reset the WLAN connection all start to works.The ports in the SW are in trunk mode and almost always the APs are in connect mode.
i have installed ISE1.1 on VM and other hand vWLC7.4 also there in VM i am using 1130AG APs in flexconnect mode and using central auth and central switch.i wan to configure it for CWA(central web Auth) from ISE but a little a bit confuse about ACLs.
View 2 Replies View RelatedI have about 200 APs (Cisco 1042n and 1142n), 4 controllers (5508 and 2504).. Switches are 2960s and some other stuff.. I Use NCS for management.We have a couple of vlans and SSIDs, when users connect to a SSID i use Flexconnect to associate the users to the correct VLAN.
View 5 Replies View RelatedI have quick question about wlc software version upgrade : currect version of 5500 WLC : 7.0.220.0,However i am planning to upgrade to version 7.2.110.0,currectly all remote site AP's are connected to this WLC , nearly 150 AP's all are in H-reap mode however once i upgrade to 7.2.110.0 version , all default should come into Flexconnect mode.Do i need to make any configuration or any changes in AP's to get Flexconnect mode or will it be default mode as Flexconnect mode in new version of WLC ?
View 1 Replies View Related1) Virtual controller 7.3.112 is OK
2) N° 2 LAP 1130 e 1240 is Joined to controller OK
3) flexconnect in localswitch is OK
4) flexconnect in central switch IS NOT work.
Subject: FlexConnect compatibility with Access Point? We have today one Cisco 5508 and those access point on remote sites
o CISCO AIR-LAP-1131AG-E-K9
o CISCO AIR-LAP-1231G-E-K9
o CISCO AIR-LAP-1142N-E-K9
We plan to use redundancy on the controller and implement Flexconnect on the remote site. What we need to know is if I can implement Flexconnect on all actual access point - I think it is possible on 1142N + 1131G but do not know on 1231AG - is it correct or I'm wrong ? We plan to install the latest SW version for 5508 controller.
I have found some samples on the FlexConnect setup for the controller side. However none of the documents mentioned how the switch port should be configured that goes to the controller and AP.
At this moment I have a Cisco 5508 configured in CAPWAP mode with 20 APs. I would like to use same controller for connecting one of the remote sites with 2 APs in FlexConnect mode. Current the 5508 to switch port is configured as 802.1Q port. All CAPWAP AP ports are configured as "switchport access vlan X" where X=capwap VLAN. Need to know how the switch port should be set for the remote site where flexconnect APs connect.
Configuring HP switches for Flexconnect. I am not sure if or not its doable? Access Points are 2600 and 3600 with 5508 as a controller. Idea is to keep the branch traffic local but the switches are HP.
View 3 Replies View RelatedThe wlc config guide of Release 7.4 states that sticky key caching (usefull with apple devices) is supported at AP in local mode. [URL]I am testing the new WLC 8500 with 7.4.100.60.
AP mode = FlexConnect
The wlan i activated skc is centrally switched.I debugged the iPhone (4S) roaming.I think skc works at centrally switched vlan on flexconnect APs.
*apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Reassociation received from mobile on BSSID 00:16:9c:ba:a9:b6
*apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Global 200 Clients are allowed to AP radio
*apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Max Client Trap Threshold: 0 cur: 23
*apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Rf profile 600 Clients are allowed to AP wlan
[code]....
Should I install any special license to enable vrf within Nexus 7000 VDC? I observed that vrf routing instance is not enabled in the VDC.
View 2 Replies View RelatedWe have just received a new 3750X-12S-S to put onto our existing network but I am having a few issues getting this switch working correctly. For this post, the permenant license is not activating/applying, switch boot up gives the following errors:
*Mar 1 00:00:05.377: Read env variable - LICENSE_BOOT_LEVEL =
*Mar 1 00:00:05.972: %IOS_LICENSE_IMAGE_APPLICATION-3-FAILED: Image application receive image level as NULL.
[Code]....
From my understanding these switches come with the ipbase license as default, and the other switch I received (3750X-24P-S) has this license loaded with no issues.
how profiling works exactly ?How intelligent is the profiling engine, meaning: Will it discover that one device has more than one different MACs and will merge the entries in the database ??
Example:This is in fact the same device, there is only one WLC-2500 in the network ....If it can discover that, what needs to be configured on the ISE to do that ?
I have a customer who just bought a pair of N5K and wanted to replace his current HP E3800 as Core. He wants to use the 4 x stacked HP E3800 connect back to the N5K. Will I be able to utilize VPC through a bundled 2 or 4 x 10G (40G) connection (10 or 20G on 1 switch, and 10 or 20G on another switch) from the stacked HP E3800s to the N5548s? I know you can do that with Cisco 3750s.
View 1 Replies View RelatedDocument at url... is quite interesting,One of these goes about the behavior of a switch (2960-S and 3750G) when QoS is not enabled vs the one when QoS is simply enabled with "mls qos".What additional commands, beside "mls qos", would be needed so as to simulate as accurately as possible the switch's behavior when QoS is not enabled?
View 3 Replies View Related