Cisco Wireless :: AIR-CT5508-K9 - VLAN Mapping Missing In LWAP
Mar 11, 2013
I am running big wireless network, with 20no of 5500 with 7.0.116.0 version. I have more than 20,000 AP's. If i add some config in primary controller or do some changes or reboot all the AP's are moving to backup controller. this doesn’t have any problem, but many AP's which moved to backup controller are losing VLAN mapping. This happens every time. Primary --> backup, backup --> primary. Both controllers have same vern...same config etc..
AP model: AIR-LAP1252AG-A-K9
Controler model: AIR-CT5508-K9
i received access point types AIR-LAP1252AG-E-K9, which i want to connect to my wlan controller AIR-CT5508-K9. Update from IOS etc. is working fine. Also all access points are recognized by the controller.We got the AIR-LAP1252AG-E-K9 with two antenna versions.
Im configuring a WLC 5508 ( version 7 ) with h-reap local switching.All is working , yet i wonder if the vlan mapping can be done better.Currently i need to go into each Lightweight Access point , enable h-reap, then set the native vlan , with the final step to map the vlan. This needs to be done for each AP. In an environment of 100's of APs i would take forever. ( i thought one of the main points of the WLC is centralized management).
I have three 5508 WLCs, running code 7.0.98.0 supporting 100+ LWAPs in H-REAP mode. The LWAPs are servicing 2-3 WLANs each. Some are using central authentication and local switching, some are configured for central authentication and central switching. When the LWAPs fail from one WLC to another WLC, the LWAP's lose all of their VLAN mappings and pick up the VLAN of the management interface on the new WLC.
All WLANs are configured to use the management interface on the WLC and the VLAN mappings are configured per LWAP on the H-REAP properties tab. The WLAN ID numbers and all the WLAN settings are the same across all 3 WLC's. I have created AP groups on all 3 WLC's and the AP group config matches across the 3 WLCs.
I can get the LWAPs to keep their VLAN mapping by creating an interface on the WLC with the VLAN ID of the locally switched/remote site VLAN and then setting the interface for the WLAN to the new interface. However, then the WLAN doesn't work, because the centrally located WLC doesn't have the remote site VLAN. It also seems to keep the VLAN mapping if I create the locally switched/remote site VLAN interface on the WLC , and point the WLAN to the management interface. This shouldn't be a necessary step though... In H-REAP with local switching, the LWAPs aren't using the interface on the WLC.
I found a note in the 7.0 WLC config guide that explains why the VLANs are picking up the management interface VLAN, but that same note says the VLAN mappings can be changed per LWAP/WLAN!
From config guide: For hybrid-REAP access points, the interface mapping at the controller for WLANs that is configured for H-REAP Local Switching is inherited at the access point as the default VLAN tagging. This mapping can be easily changed per SSID, per hybrid-REAP access point
Using H-REAP and been able to get the LWAPs to keep the VLAN mapping when failing from one WLC to another?
How do I submit an RFE (Request For Enhancement) to the Cisco SBR team to encourage them to implement the missing support for VLAN to VLAN firewall rules that was available in the RVS4000 (See [URL]) and that was supposedly added to a beta release of the RV220W firmware (See [URL])?
we have ACS 5.3 and 1042 AP. So we need to authenticate client based on user certificate, and after that to put the client in specific VLAN based on membership in Active Directory group.
Is it possible to do that? We can not solve the problem of identity store, once the user is authenticated based on regular certificate, we need to authorize the same user based on the specific attribute from AD.
I have one VLAN on a 3750 where I do not see any MAC addresses even though it is in use. This is an unrouted VLAN between a WLC on a port- channel /LAG and an access port to an ASA for guest traffic. When I do a show MAC add I get nothing for VLAN 60 (guest DMZ) but all other VLANs seem to be OK. Spanning tree is not showing TC counters incrementing either.
I also was told when put a port on this VLAN the laptop did not get a DHCP address form the ASA, but the wireless guest clients are working fine. I can see the DHCP leases and ARP entries in the ASA and the ASA ARP in the WLC so some traffic is passing fine. I'm not onsite right now so troubleshooting is all remote which limits some options.
I just installed a N1K (with code 4.2(1)SV1(4a)) and I was trying to setup a private vlan.
Example:
vlan 300 name PRI-VLAN private-vlan primary
[Code]....
I upgraded another n1k (that already had pvlan configured) to this version of code and it has the private vlan option. This was just installed yesterday so I don't have the license on it yet.
we do have a site where we need to deploy AIR-LAP1142N-E-K9 and AIR-LAP1242G-E-K9 APs. We have two AIR-CT5508-K9 controllers with SW version 6.0.188.0.AIR-LAP1142N-E-K9s work okay, as expected, we do not have any problems with them.However AIR-LAP1242G-E-K9s do not, there is a problem with establishing CAPWAP tunnel with the controller.The AP is seen on the controller for a while, with 0 time up-time, cannot change any settings on the AP via controller, and after a while it disapears from the controller, apears again and this repeats.
The APs and controllers are connected to the LAN campus.Controllers via two 1G links configured as Etherchannel to WS-C6506-E VSS switch with s72033-ipservicesk9_wan-z.122-33.SXI1.bin on it.APs to WS-C3750G-48PS with c3750-ipbasek9-mz.122-50.SE2.bin on it. 3750 is connected to the C6505 via two 1G links configured as Etherchannel.Below I copied the log I captured on 1242 and the controller. Highlighted ones are the ones which I think might bring a clue.
I performed some troubleshooting steps.
- As we have some other controllers available over WAN, I tested the 1242 AP with 2100, 4400 and also with the same model AIR-CT5508-K9 with SW version 6.0.188.0 over WAN and this worked always okay.
- I wanted to be sure that I eliminate any kind of out of sequence packet issue, so I brought down all redundancy L2 links so that the L2 path from the AP to the controller was only through one leg links.
- I also brought the second controller down to eliminate potential issue with having two of them up.
- The AP gets its IP from DHCP configured on the C6506 switch, I am always able to ssh to AP, so the IP connectivity does not seem to be an issue.
- I have more 1242s, all behave in the same way. I also connected them to some other 3750 switches we have in the campus, always the same.
- As this seems to be maybe a kind of ssl issue, I tried to play with controller settings, like enabling Accept... options under Security/AP Policy,but this did not work.
- I also tried to reboot the controller, no improvement.
- The APs came from the factory, so in the beginning everything was factory default in them. They were always able to download the image from the controller in the very initial phase. I still do have some of them untouched, so I can perform any troubleshooting steps with the fresh one.I can reproduce this, can also send debugging logs if needed.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This Discussion has been converted into document:- [URL] ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ AIR-LAP1242G-E-K9 10.0.13.28 log *Mar 1 00:00:05.922: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed *Mar 1 00:00:07.536: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot1 1Radio 0 *Mar 1 00:00:07.672: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 304 messages)
I've two wlc model CT5508 version 7.0.116.0. They are working fine except for the RF grouping part. When I look at the RF Group members part in the configuration, I can see only one wlc (the one I'm connected to). If I connect to the second one, in the same part, I've just one controller (so the second one..). I tried to restart the algorithm but no change. Each controller is configured with Group Mode set to auto, and their respective role are auto-leader...I tried to change the RF group name on both wlcs, but it didn't fix the problem. When I look at the logs, there is one which appear quite often:
*emWeb: Nov 29 10:32:07.764: %LOG-6-Q_IND: dtl_arp.c:2581 ARP input q exceeds limit. Current val = 50 [...It occurred 38 times.!]
I have issue about Wireless controler , i have 2x WS-C3750G-24WS and 1x AIR-CT5508-50-K9 , i have max 50 access point license and i can't upgrading because WS-C3750G-24WS is and of life , can i use AIR-CT5508-50-K9 with 3750G to work together? , mobility and everything....
What is the operating and/or peak power consumption (in kW) of a 5508 WLC with redundant power supplies?
The below power details are from the 5508 datasheet which lists 115 W as the maximum draw (0.115 kW) however this seems a bit low, is this right?
Input power: 100 to 240 VAC; 50/60 Hz; 1.05 A at 110 VAC, 115 W Maximum; 0.523 A at 220 VAC, 115 W Maximum; Test Conditions: Redundant Power Supplies, 40C, Full Traffic. Heat Dissipation: 392 BTU/hour at 110/220 VAC Maximum Cisco 5500 Series Wireless Controllers Data Sheet: [URL]
My understanding is rigister LIC-CT5508-UPG/PAK number on cisco site and get .lic file however what is the use of other PAK where do i register this files with? Moreover , we do have NCS , MSE in place which is centralised devices.
We're in the process of upgrading our Wireless AP's from autonomus to LWAP. We're doing the upgrades remotely (we have 100's of sites to do, and it's not possible to be there to console on to each one), using a local computer to upgrade them to LWAP's with the Cisco Upgrade Tool.Having some inconsistent bugs pop up though from time to time.The most common one is that it basically buggers up the IP address after applying the recovery firmware image. It's supposed to keep the IP it had according to the IPFile.txt (for example 172.25.25.4), but it does something very weird... it keeps the last two octets (so 25.4 from the e.g) but replaces the first two octets with a 192.168 address. So the final address in this example after the UpgradeTool has done its work, is 192.168.25.4 - which is compeltely wrong.
This causes it to be unable to talk to the WLC (obviously, with bogus IP information it will struggle), and gives us big problems in that it wont ever come up unless someone can console to the AP and fix it. We can usually resolve the issue by munging about on the switch - switching the port it's connected to between access and trunk and doing some shut/noshut cycles seems to do the trick mostly.
I have WLC 2504 with 7.2.103.0 software version , & 2 different LWAP 1262n & 1231G with "c1200-rcvk9w8-mx.124-21a.JA" Image.The 1262n is joined to the to the controller and working fine but the 1231G it can't join the controller , the controller says "Join request received from an unsupported AP" !!i will attaches the logs for this AP.
I have an AIR-AP1242AG-E-K9 which had c1240-k9w8-mx.124-21a.JA loaded, I followed the link below and upgraded with Cisco’s upgrade tool to c1240-rcvk9w8-mx with no problems at all, after the upgrade I could then see the LWAP on the 4402 controller and had it working a treat.Now the problems begin, I brought it into the office where we have 5508 controllers, plug in the LWAP into our management switch and boot it up I get an IP assigned from the DHCP server and the AP goes into discovery mode but never finds the controller.I have logged the boot process but this does not give much away, our other 1100 series AP’s boot fine,
[URL]
Console Boot Log. Xmodem file system is available. flashfs[0]: 9 files, 3 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 15998976
[code]....
And that is where she sits and does nothing more, I have noticed the DNS problems but the other 1100 series LWAP’s boot up after show that same issue.
Is it possible to Change IOS of 1252 LWAP AP to Autonomous AP? I have seen some documents for changing Autonomous AP to LWAP and change back procedures.
I have a 1121 autonomous AP which I switched to the lightweight mode by copying the LWAPP ios to its flash and issuing the command boot system flash IOS_file_Name. After that I was unable to associate the AP to my wireless controller because it was continiously rebooting. Unfortunately this AP does not have a console port so I can access the debug and see what is happening. And I was not able to switch it back to the autonmous mode becaus the AP won't accept the Autonomous mode IOS anymore.
I have an environment of Cisco 5508 Wireless Controller and 1142N Access Points. I have a problem with the ratio of concentration of clients connecting to Access points in floors.
Recently I have been turning off 802.11a on the access points and I am seeing increase in client count in a few of acces points.What is the maximum client count supported by these access points and how do i ensure they are distributed evenly on access points?
I have a 3502 AP that I am attempting to set back to factory default including clearing the username and password. It is going to work off of 4400 controllers. I have read numerous documents no how to clear the config and password but so far nothing has worked. I can get it into ap: mode but not sure what to enter here. When I do a dir there doesnt seem to be any files. It will pull an IP address via the local router but cannot communicate with WLC.
I am installing a small wireless network (for the firs time). The WLAN is connected to a router/firewall and consists of a Cisco 2960-C Series 8-Port Compact Ethernet Switch, a Cisco Aironet 2500 Series Wireless LAN Controller for Lightweight Access Points and a Cisco Aironet 1140 Series g/n Lightweight Access Points (five AP if I get it to work).
My problem is that when a client connects to the access point it does not get an IP-address.
In the WLC DHCP proxy is enabled and Internal DHCP server is used.
The scope is from 192.168.104.65 - 192.168.104.99 The WLC IP is 192.168.104.60 The DHCP server is given as 192.168.104.60
When starting the system I can see the the AP have the IP 192.168.104.66 so it seems the DHCP gives out IP-addresses. I can ping the AP.
When a client connects to the APit is asked for the security key and the client can be seen in the WLC monitor section. The client never gets an IP-address; in the WLC monitor 0.0.0.0 is shown.
When a client connecting to a specific AP (example AP01), after every 1800 sec uptime it will reconnect and join other unit AP (example AP02)Both AP physically installed distance is around 6 meters from each other. I conduct the testing where i get myself sitting in middle between these two APs.
01. If i disable settsion timeout this feature, or setting the seconds become higher value, what's the performance and security impact? Is it recomend to change the default 1800 seconds session timeout?
02. Is there anyway i can tweak on WLC controller to prevent the client after session timeout then associate with another AP. This will lead major performance impact as the client woudl possibility connect to the weak signal AP and effect on the performance.
These are the details for reference:Client detail
- Dell DW1520 wireless-N WLAN card, with firmware version 5.100.235.12 - CCX version 4 supported - Layer 2 security is WPA2 personal with PSK. - wireless radio an
Controller detail: model is AIR-CT5508-K9 software version is 7.2.110.0
I have a problem with three AIR-LAP1131AG-E-K9 that joined the controller and the status led turns to yellow after joining the controller while other LEDs are blinking green.The APs has no coverage at all although the WCS shows that there is coverage and the 4400WLC shows that the AP interfaces are UP. (The ethernet interface and tha 802.11b,g radio interface is up).The SSID broadcast is enabled.On the switch the interface is up and there is traffic going in and out of the LAP.I tired power reset and factory reset for the APs but the problem remains the same.
