Cisco Wireless :: AP's Intermittently Joins WLC Controller 5508
Nov 27, 2012Ap's at remote location intermittently joins unjoins the WLC controller 5508. AP's getting IP's from DHCP server located at locan end. [code]
View 8 Replies
ADVERTISEMENT
Cisco Wireless :: AP1142 No Longer Joins Controller - WLC5508
Sep 15, 2011 Two months ago I installed a WLC5508 with sw r7.0.116.0 and we installed 8 AP1142 as a start.
10 days the customer calls and says that the wlc logs error messages that says there is an IP-conflict with the management-interface. The conflict source is its own ip-adress!!! He reboots the WLC but the error message keeps coming. After a short while he notices that there are No APs on the WLC...!!!...
After some discussion I suggested that he should disconnect one of the two gig-ports of the WLC (LAG was enabled and in use). He did so and rebooted the WLC for good measure ... The IP-conflict disappeared but still no APs.....
In the DHCP-server (MS Win2003 server), in the AP-scope we also see that the "leased adresses" fills up with "BAD_IP_ADDRESS" (or the sort ... :-/ )
The setup is like this:
- WLC5508 running r7.0.116.0
- WLC has LAG activated and is connected to two different Cat3750G that are stacked
- The management if of the WLC is on the same subnet as the AP1142s, no other hosts on this subnet
- WLC management interface on own subnet as the only host (+ def gwy...)
- APs on their own subnet, no other hosts
- When the APs gets a IP-adress it is possible to ping them from the WLC!
- All VLANs/interfaces on the WLC is tagged, ie a "pure" trunk between WLC and 3750-stack
- Option 43 configured on the AP-scope
- All APs is connected via Power-injector (PWR-INJ4)
WLC5508 => LAG => 2x Cat3750G => TRUNK => Cat2960 with 1x AP1142 => TRUNK => Cat2960 with 6x AP1142
What we have done so far:
- Made sure the port-channel on the 3750-stack was configured: port-channel load-balance src-dest-ip
- Physically disonnected on port of the WLC
- Do "shutdown"on port gig-ports on the 3750-stack and "no shut" on only the one that is still physically connected to WLC
- Do "shutdown" on all AP-ports in the 2960-switches. Clear the lease-pool of the DHCP-server, Deactivate scope, Reactivate Scope and finally "no shut" on all AP-ports
Nothing worked, still no APs on the WLC.
I the connected my PC to the consloe of an AP that was easily accessible and powercycled it. The output can be seen below, the most peculiar was the line : " *Mar 1 00:15:53.351: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination"
1. It worked initially but after the ip-address confilct and reboot of WLC no APs associate to the WLC. Why??
2. The error message on the AP console: "*Mar 1 00:15:53.351: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination" What does this mean?
3. Since the AP gets an IP-address an it is possible to ping WLC -> AP, is there some freakish ogre in the Cat2960 that eats up the CAPWAP-packets??
Cisco Wireless :: 5508 / 1142n AP - Unjoin Dissociated Intermittently And Random?
Mar 28, 2013We have several 5508 controller with 1142n access points some access points unjointed from the controller and do not rejoin. It is not always the same access point and it does not happen in any order we can find. All access points may stayed joined for a couple days then one may disjoin, we can bounce the Poe port on the switch and the access point will reboot and rejoin. When looking at the switch port it shows power and link connection to the ap but we can not ping the ap. usually the ap led will be black or out.
View 24 Replies View RelatedCisco Wireless :: 4404 Guest Anchor Controller With 5508 Foreign Controller?
Aug 12, 2012I know that the 3600 series APs are not supported on the 4404 WLC. However, would the following scenario be supported? I would like to use the 4404 (software rel. 7.0) as a guest anchor with a 5508 (software release 7.2) as the foreign controller supporting series 3600 APs. I ask because the APs do not need to join the guest anchor.
View 7 Replies View RelatedCisco Wireless :: 5508 Foreign Controller And 4400 Anchor Controller?
Jun 2, 2013We have a customer that have 2 5508 as primary and backup controller and a 4400 as an anchor controller. We plan to upgrade the 5508 to 7.3.112.0 and the 4400 is already 7.0.116.0. Will there be any issue if the anchor controller is not the same code as the foreign controller? Do I also have to upgrade the acnhor controller to 7.0.240.0?
View 2 Replies View RelatedCisco :: WLC 5508 Users Are Disconnected Intermittently
Jul 6, 2012I have WLC 5508 and 18 1242 APs are connected to WLC. I am getting following error messages in all APs.
*Jul 3 02:53:18.263: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jul 3 02:53:18.320: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 3 02:53:18.326: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to
[Code]......
Cisco Switching/Routing :: 5508 WLC And Nexus 7K - Clients Cannot Obtain IP Address Intermittently
Jan 22, 2013I have a strange behavior between a WLC 5508 (version 7.0.116.0) and NEXUS7010.
WLC
The WLC is configured in DHCP Bridging Mode (it sends DHCP requests without change)
Nexus
The VLAN interface is configured as follows
interface Vlan501
ip access-group acl-int-vlan501-in-1 in
no ip redirects
ip address 10.12.56.4/21
ip ospf network broadcast
ip router ospf 100 area 10.23.0.0
hsrp 51
Clients can not obtain an IP address intermittently. If I deactivates the ACL when the problem appears(when the client can not obtain an IP@) the probleme is resolved
Note: Before the WLC was connected to Catalyst 6500 and worked properly for 2 years (with same configuration)
I saw this note about differences between DHCP relay on the NEXUS7000/NXOS an Ip helper one the 6500/IOS URL. Do you think the problem may come from the DHCP relay or ACL on the NEXUS.
Cisco Wireless :: Client Joins On WLC 2504?
Sep 11, 2012I am seeing a lot of client has joined profile XXX in the logs, and the customer has been saying the PC's are dropping constantly and take up to 5 minutes to reconnect.
I found a lot of Auth flood signiture hits, and disabled the signature as a temp test. I also had one WPA WIC error on one AP. The Auth sig was deteced on several AP's at one time.
Now the question, is it normal to see Clients joining like this, and does the auth flood disable the AP for a short period?
Cisco Wireless :: 5508 / AP On Different Vlan Than Controller?
Sep 30, 2011I have a 5508 controller at our headquarters and am installing some 3502 AP's at a remote branch. Unfortunatly, the remote branch has a different Vlan setup for some reason and the vlan that is used for the WLC (90) is designated for telephony at this branch. Can I put the AP's on a different VLAN (10) without having any issues? I will still use DHCP option 43 to point them back to the controller. Below are the configs for the WLC interfaces and what I am proposing for the AP interfaces:
WLC Config
interface GigabitEthernet1/1/38
description WLC01
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 90
switchport trunk allowed vlan 1,10,50,90,91,390,410-413,610-613,800,810,811
switchport mode trunk
[code]......
Cisco Wireless :: Setting UP 5508 LAN Controller
Nov 13, 2012Cisco 5508 Series Wireless Controller for up to 100 APs 802.11a/g/n Ctrlr-based AP w/CleanAir; Ext Ant; E Reg Domain..For Mobility i want to settup the device such that the SSID would be the same with thesame security key and in different subnet.
View 5 Replies View RelatedCisco Wireless :: WLC 5508 / Rejoin To Different Controller
Feb 10, 2013I use WLC 5508 (ver 7.0.116.0) with aironet 1140. I need to connect my APs to different controller .After log in via ssh to AP i am trying to do:
capwap ap controller ip add x.x.x.x
reset
But after reload, AP is still joined to the old WLC. So another idea was to log to that WLC and put:
config ap primary-base WLC2 AP_NAME x.x.x.x
and after that:
config ap reset AP_NAME
But still nothing, it's joined to another controller although "show ap client config" shows that primary-base switch is x.x.x.x ?How can i force it to join to other controller?
Cisco Wireless :: Upgrade 5508 Controller From 7.0.98.0 To 7.0.220.0
Jan 29, 2012We are looking to upgrade our 5508 wireless controller from 7.0.98.0 to 7.0.220.0. Reason being, we have experienced a lot of access points disassociating from the controller as well as client authentication issues. Upgraded from 7.0.98.0 to 7.0.220.0 and any issues during the upgrade or after the upgrade?
View 3 Replies View RelatedCisco Wireless :: 5508 Anchor Controller In DMZ
Nov 26, 2012We have a WLC (5508) in our main office in Brisbane that is hosting two WLANs. One provides wireless access to our internal network and the second provides wireless guest access. The guest WLAN is anchored to a controller sitting in the DMZ at our Data Centre.
In the DMZ the anchor controller has a management interface and an interface in the DMZ for the wireless guest access. I am using the DHCP server on the anchor DMZ to provide IPs etc to wireless guest clients. The default gateway is 10.8.144.1 which is a VIP or a pair of firewalls.
Initially everything works fine. Guests connect to the guest network, have to authenticate via a web portal (Cisco ISE server) and then can go on an use the internet. Works perfectly until the firewalls fail over and the secondary firewall takes over the VIP address. All access to the internet is lost at that point. If I try to disconnect and then reconnect a wireless client it connects, as in it will get an IP address, but DNS resolution stops and I do not get redirected to the web auth portal. If the firewalls are failed back to the primary then everything works again, no issues. However, if I reboot the WLC while the secondary firewall has the VIP IP everything will work fine as it did on the primary. If the firewalls now fail over to the primary again everything goes to ****. Until either the firewalls are failed back or the anchor WLC is rebooted.
Initially I thought this was an issue on the firewall, but this doesn't appear to be the case. When the firewall fails over it sends out a gratuitous ARP advising of the change in MAC address for the 10.8.144.1 IP address. The WLC seems to update its ARP table because if I run the command "show arp switch" it has the 10.8.144.1 IP address with the MAC address of the active firewall. From the client perspective I have run a wireshark and captured packets on the wireless interface when trying to connect. The laptop is continuously send ARP requests for 10.8.144.1 but gets not reply. Without this the client cannot send an ethernet frame to the gateway and hence get to the DNS server and WEB portal. Internet access breaks. Doing a TCP dump on the active firewall shows it receiving and then sending a reply to the ARP request. It just never gets to the wireless client. Debugging ARP packets on the anchor WLC seems to indicate that the controller is receiving the ARP replies from the firewall. So I'm at a loss as to why things should break when the firewalls fail over.
I have a 3750 switch in the DMZ with SVI of 10.8.144.4. I thought I could get a work around where I would make this the default gateway. The theory being that this interface MAC address would never change. However I was wrong. Even with this IP set as the gateway address for the wireless clients I see the exact same bahaviour when the firewalls fail over. I can't explain it other than to say that the gratuitous ARP sent by the firewalls seems to kill the ability of ARP replies to be sent back to the wireless client.
Cisco Wireless :: 5508 - VPN / GRE Don't Show Up In Controller
Mar 6, 2012Just replaced a 2106(ver 5.1) with a 5508 (ver.7.2)...Everything was OK.. AP's got on 5508 and we shut the 2106. (AP's are on L2 with controller)During some investigation of why new LAP's from a location via VPN/GRE don't show up in controller, i type the following command on 5508: test ap pmtu enable all....All AP's on 5508 is now in Not Joined state..Have powered up the old 2106 and put AP's on that .. This is OK ....Have rebooted/downgraded/upgraded the 5508 controller but with same result.....No AP's can join this controller (exept from a oeap600)
View 8 Replies View RelatedCisco :: Getting 5508 Wireless Controller Configuration
Sep 15, 2011So we have a Cisco 5508 controller that is managing 15 AP's in one of our buildings.I am running 2 wlans, one is internal access via (wpa) radius, peap and domain login...that works well now
The other is a guest lan, that is only allowed to surf the web.
The question from our security group, is there a way to restrict wireless access to ONLY a corporate approved list of devices.
As it stands right now, we only support Blackberry's as our mobility device. All local data is encrypted. The issue here is our testing shows that with an Iphone (not approved) it is very easy to connect to the WPA network if a user knows how to enter in their domain credentials. From there they can browse our internal web servers and download corporate data to a non approved, non encrypted device such as the iphone.
Cisco Wireless :: 5508 - APs Not Joining Controller
Jul 28, 2011I upgraded a controller yesterday 5508 it went from a low code version 6.x to 6.0.196.0 then to 7.0.116.0. However although all the access points joined code 6.0.196.0 they refused to join 7.0.116.0. The aps are all 1242s.
The country codes etc were all fine so I do not understand what was going on.
*spamApTask0: Jun 26 16:07:44.734: 00:3a:99:db:f3:20 Discovery Request from 10.0.0.183:55065
*spamApTask0: Jun 26 16:07:44.734: 00:3a:99:db:f3:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0*spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Discovery Response sent to 10.0.0.183:55065
[code] ......
Cisco Wireless :: When AP1121G Joins WLC5508 / RSSI In Whole Coverage Is Almost -35 Dbm
Jul 6, 2011When a ap1121G joins WLC4404,it shows a normal heatmap in WCS. But when a ap1121G joins WLC5508,the RSSI in whole coverage is almost -35 dbm.I copy the heatmaps to the attached files.
The versions are as below.
WCS 6.0.196
WLC5508 6.0.200.29
WLC4404 5.2.157
Cisco Wireless :: 5508 - LAP And Mesh AP With Controller Concepts
Jan 29, 2013I have one controller 5508 that will hold 50 LAP 1262 and another Controller that will hold another 50 outdoor mesh access point 1552. Both controllers (not redundant) are at the HQ while the access points are distributed between HQ and 3 branches.
The requirements is to have the SAME 4 SSIDs on MESH and LAP each have a security type (, wep,wpa,dot1x...) on HQ and Branches. Now, in the HQ I don't think I will face a problem since the WLCs is on the same LAN, so 5 interface v lans will be configured one for the WLCs and access point and another 4 interface v lans for the 4 SSIDs.
Now, for the remote sites I need to create another vlan on the switch with DHCP and option 43 ..... for the access point to register with the controller.
But here, do I have to create another 4 interface v lans (4 different sub nets) that should be bidden to the SSID as in the HQ?
Or the Access point will encapsulate all the traffic including the client traffic? Note that I have outdoor mesh access point and Lightweight access point and the BW link between the HQ and branch is 100M.
Also Can I have roaming between the same SSID that broadcasted on MESH and LAP knowing that each have different controller.
Cisco Wireless :: Redundacy - Controller 5508 Get Same Ip Addresses
May 8, 2013[URL] I have one Controller 5508 is my Central Office and I have some Ap's working in local mode in my Central Office, additional I have more Ap's in a remote Office they're are working as H-REAP and I can handles across my WLC. Now my enterprise decided bouth another WLC and wants to deploy a active-passive scenario. This new Controller should manages all the AP's when the central WLC fails...
My questions are... I need to have the same ip addressing on both sites? or they can be different. I nedd to configure some on my Ap's that are working as local mode, for allow the secondary WLC manage them when mi central WLC fails
Cisco Wireless :: 5508 Controller And Direct Connection
Feb 24, 2013I received a 5508 WLC, that I wanted to configure as a guest anchor for our DMZ. I stepped through the console configuration. Now that the setup is complete, can I attach my laptop directly to the copper SFP, and access the WLC web portal? I gave my laptop an IP address, in the same subnet, but still can't connect to the portal, or ping the WLC IP address.
View 2 Replies View RelatedCisco :: 5508 - Upgrade WLC Wireless LAN Controller Version 6 To 7
Feb 28, 2013I want to upgrade a 5508 WLC from version 6.0.196.0 to the most recent 7.4or 7.3 is it ok to skip so many versions, will this cause an issue?
View 9 Replies View RelatedCisco Wireless :: 5508 APs Joining Wrong Controller
Nov 5, 2012We have 3 5508 WLCs (A, B, & C) and several LAPs (1140, 3500, 3600). The APs learn the controllers IP addresses through DHCP Option 43. When we setup a new site we put the IP address of the controller we want the AP to join first. Lately, I've noticed that regardless of which WLC IP I put first when I setup Option 43 the LAPs are always joining a particular controller.
View 6 Replies View RelatedCisco Wireless :: Using LWAP With A 5508 Controller After AP Upgrade?
Aug 18, 2011I have an AIR-AP1242AG-E-K9 which had c1240-k9w8-mx.124-21a.JA loaded, I followed the link below and upgraded with Cisco’s upgrade tool to c1240-rcvk9w8-mx with no problems at all, after the upgrade I could then see the LWAP on the 4402 controller and had it working a treat.Now the problems begin, I brought it into the office where we have 5508 controllers, plug in the LWAP into our management switch and boot it up I get an IP assigned from the DHCP server and the AP goes into discovery mode but never finds the controller.I have logged the boot process but this does not give much away, our other 1100 series AP’s boot fine,
[URL]
Console Boot Log.
Xmodem file system is available.
flashfs[0]: 9 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
[code]....
And that is where she sits and does nothing more, I have noticed the DNS problems but the other 1100 series LWAP’s boot up after show that same issue.
Cisco :: Wireless Controller 5508 Authentication To AD Server?
Sep 11, 2012We just got a new 5508 wireless controller and the question we have is : can we get wireless users to authenticate to an Active Directory server to get access to the network? I know we can get the authentication done with an RSA server, but what about plain AD?
View 9 Replies View RelatedCisco Wireless :: How To Setup 5508 Series LAN Controller
Sep 23, 2010how to setup the 5508 Series LAN wireless controller. The online documentation are not details. What different between Service Interface IP and Management interface IP. The device IP is using what type service or management interface.
View 2 Replies View RelatedCisco Wireless :: Registering AP 3500 In Controller 5508
Apr 6, 2012how an AP 3500 get to be registered in a controller 5508??, so, i have seen a lot of information of wireles deployment guide but i haven't understood yet how the process or flow is for getting the AP to be registered in a controller 5508, what exactly basic configuration must be done in a controller for doing it?
View 6 Replies View RelatedCisco Wireless :: Controller 5508 Dropping MAC Addresses?
Oct 13, 2011Our 5508 Wireless Controller will drop MAC addresses clean out of the system. Addresses that are in use everyday just disappear. It is not a limitation issue because we are adding iPads everyday. And it is not a daily occurance, but maybe once or twice a week. Everything has been updated and it is more of a hassle than anything, I am just trying to understand what is happening.
View 2 Replies View RelatedCisco Wireless :: Client Roaming With 5508 Controller
May 27, 2013I am having some troubles with client roaming on a 5508 controller running firmware 7.3.101.0. As soon as a client roams outside the range of an AP they lose data flow and do not seem to transition to another AP for about 1 minute.This is a small network with 6 x AIRCAP3502E-N-K9 AP's (running in H-REAP mode) on the same floor and clients are a mix of HP notebooks, Mac Books, iMacs, iPads and iPhones. There are several seperate SSID's setup and the problem occurs on all. All are WPA2/AES with either a PSK or 802.1X. Both 2.4GHz and 5GHz radios are enabled with auto power and channel selection.
I have tried changing the roaming settings from default and also playing with the AP power settings to no avail.Is this normal behaviour or is there something I can do to improve the reconnection speed?
Cisco Wireless :: 5508 Controller SNMP Management
Jun 10, 2013We faced one recent issue with WLC configuration behavior and explaining our observation and workaround we did.Requirement is to manage the WLC (5508 with 7.4 code) using two SNMP managers in different locations. Also these two Servers should use the same community string to manage WLC.
We were able to configure the SNMP community string for one server IP (to allow access) through GUIWhile trying to add another Server – IP with same community string – it didn’t allow As per the configuration guide, Controller can use only one IP address range to manage SNMP community. So we cannot configure the same community string to allow only two different server IP addresses [code] We currently configured the major subnet ( 10.x / 8 - two match both server addresses) and it works fineAlso when we tried 0.0.0.0 / 0.0.0.0 , it didn’t work (SNMP was failing)But this creates a security issue wherein anybody can poll the WLC.
Cisco Wireless :: 5508 Anchor Configuration With One Controller In DMZ
Feb 2, 2012Any link that will give configuration examples of a wireles anchor config with one controller in a DMZ. I have tried this on my own and have some problems in my test enviorment. I believe my issues were with the firewall but not exactly sure.
View 4 Replies View RelatedCisco Wireless :: 5508 And 4402 Controller Anchoring?
Mar 11, 2012I am running 5508 wireless controllers. I pass along another agency's WLAN across my wireless network that is anchored to their older 4402 controller.
I wish to run the new 3600 series APs and am planning on migrating to NCS and the new 7.2 code.
I know that the older 4400 series controllers will not handle the newer 7.1 or 7.2 code. However, i still wish to maintain this anchor relatiosnhip with the older 4402 controller. I need to know if this will work or not.
Cisco Wireless :: New 5508 Controller - Can Ping It And Ssh But No Https
Apr 14, 2012New 5508 controller, can ping it and ssh but no https. Is there an initial cli configuration I'm missing here ?
View 2 Replies View RelatedCisco Wireless :: 2602AP's Won't Register With 5508 Controller
Dec 12, 2012We have a 5508 controller that manages AP's at approximately 20 branches - each branch has their own subnet. We have a single branch (subnet) with new 2602 AP's that will not register with the controller. All communications to this subnet appear normal and there are no ACL's in place between the AP's and the controller. The AP's are able to resolve the controller IP address via DNS and begin the registration process but then timeout. We have successfully installed 2602 AP's at other branch locations and they register with no problems - this is only a problem at a single branch. I've attached some debug messages below for a single AP (this is a production environment so I parsed un-necessary info) and also included the console messages from a different AP (the console messages on the AP's are the same). There are currently 9 AP's at this location and none of them will register.
Debug Capwap Events:
*spamApTask0: Dec 11 14:39:32.904: 44:2b:03:9a:d1:10 Discovery Request from 10.29.9.190:44306
*spamApTask0: Dec 11 14:39:32.904: 44:2b:03:9a:d1:10 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 300, joined Aps =272
[Code]......