Cisco Wireless :: AP Fallback From WLC V 7.4 To V7.2?
May 19, 2013
we are testing WLC v7.4 in our lab. The AP joins fine but when we try to move it to another WLC running 7.2 (simulating a fall-back plan if there are issues with the 7.4 code), it fails saying image not found.
I have an issue with AP Fallback not working with two Cisco 4402-50 WLC's. Here is the senerio:
Site 1 has a 4402 (WLC01) running software 7.0.220.0 with 48 associated access points. AP Fallback is enabled in Controller > General and all 48 AP's are set to Critical failover with WLC01 being the primary controller and WLC02 (at site 2) being the secondary.
Site 2 is the location of WLC02 which is also running software 7.0.220.0 but has 0 ap's associated and also had AP Fallback set to enabled.
Your typical active/passive setup
The problem is when WLC01 goes down all of the AP's fail over to WLC02, however when the connection is restored to WLC01 we have to manually reboot each access point in order for them to reassociate back to the primary controller. Isn't AP Fallback enabled suppose to allow the AP's to move back to the primary controller once connection is reestablished?
I'm deploying a Cisco Mesh infrastructure using WLC 7.2 version and 1552 APs.
This Mesh APs will be connected in the Light Pole and the RAP will be connected to the SP Switch located in this same Pole.
The MAP will be powered using Pole source power and will be connected to the RAP over 5.8 Bach haul.
My Customer asks if is possible that in case of SP Switch lost the connectivity to the Backbone IP, the RAP can connected to another RAP and maintain the connectivity to the Backbone over the Air, like REPEATER FALLBACK mode in Autonomous version.
For that I thinking to change the role of the RAP APs to "MAP with UTP Cable", but I'm not sure that a MAP AP with CAPWAP tunnel over UTP Cable can provide a Down link Backhand to another MAPs. That is possible?
I have a Cisco 886G i have configured a fallback mechanism. i did this with a sla track. You can see this in the config below. Bij the problem is that i can't get internet to work when connection is in fail over state. it fails over to Cllular0 and i can ping from router to the internet. that works fine but when i want to use the internet from one of the pc's is doesn't work. i traced it to nat. there seems to be that only one ip nat inside source .... when i change this one from dialer0 to cellular0 i have internet on the computers.how can i configure multiple ip nat inside source... rules or is there an other way to accomplished this?
I have ACS 5.1 configured to authenticate users based on Active Directory. I have configured wired 802.1x too, with machine authentication enabled on ACS.When I login with credentials that exist in AD, it works fine. Then I configured Windows Authentication to ask for credentials (popup window). But I experience network disconnection when I login with a local account even though I entered correct AD credentials.I want to do the following: for an account that exist on the machine being authenticated (non-AD account), ACS should check its local database and reply with authentication success if it finds it, so the user is granted network connectivity.I heard about Identity Sequence in ACS. But I still don't see the right configuration,
We have both ADSL2+ and Cable broadband and wish to have them both connected to and accessible on the same network, possibly linked by using the WiFi modem-routers or by adding redundant WiFi modem-routers in bridge mode.The object is to have a seamless each-way fall-back as both broadband feeds have been unreliable in the past, sometimes for weeks at a time and this has had a destructive influence on concurrent college, uni courses and various pocket-money commercial interests.The current situation is to have two separate wired networks running at 100/1000 with limited WiFi access for laptops and mobile device access.All clients would effectively be part of the same workgroup but with a possible future dmz to a small dynamic dns server for non-business convenience and test use. (HTML, PHP, MySQL website development exercises etc.)At present, there are no significant internal security issues within the firewalls provided by the existing modem-routers and there is no significant budget.
I know the way to configure the ASA to fallback to LOCAL authentication, if the Radius server is not available.
Now we would like to authenticate the local users, if the user is not found in the AD. Is this possible and how can I configure this with the new policies? I tested it with "dropping" when the user is not found in the AD, but then the Radius server will be marked as "dead" and the other AD users can't login for a given period. Maybe we can configure the dead time to 0, but this is not as nice it could be.
I have a Netgear WNR3500L wireless router. I assume it's v1 because on the back it doesn't have "v" anything. Firmware version V1.2.2.44_35.0.53NA.When I connect using g I get 22+Mbps download speed. When I connect using n I get 10 Mbps. I've tried using both WPA2 only (laptop reports 130 Mbps connection I believe) as well as the combo WPA+WPA2 (laptop reports connection of 117 Mbps).Broadband download results don't change - they stay at the 10 Mbps level. I've fiddled with some of the settings on my laptop's wireless card - but the results are the same.For now I'm just trying to figure out where I should focus my investigation and fiddling efforts - on the laptop or on the router.
i have a Netgear N600 Wireless ADSL2+ router on wireless a/b/g/n dual band and all that but what i want to know is will i get better performance if i use a WirelessN card over G on a 10 - 15mb/s connection gaming wise and will it b a great increase over the G causeif its not a HUGE increase then i wont waste my money on a newer card?
My Acer Aspire 5610Z laptop will automatically connect to public hotspot wireless network but when I attempt to connect to a wireless network at home, set up using a Netgear modem, I only ever get 'local' internet connection only. My wife's HP laptop has no problem making the home wireless connection.
I am running windows vista and have installed the software and windows sees the adapter and states it is working but when it searches for available networks it can't find any. How can I download the driver and install it?
I have a setup involving 3 clustered AP541 running off a sg300 switch. The wireless network setup VAP has one entry for vlan 1 with station isolation disabled. Is there anything more I need to do to allow one wireless client to ping another wireless client - am I missing something - i assume this is possible.Needless to say wireless clients can ping non wireless clients and vice versa quite happily. Everything is running with factory default settings more or less.
*Mar 1 01:28:21.018: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY *Mar 1 01:28:21.022: %LWAPP-3-CLIENTERRORLOG: bsnSetCurrentBHRate : fail to set radio control and data rate
*Mar 1 01:28:21.179: %CDP_PD-2-POWER_LOW: All radios disabled - AC_ADAPTOR (00 00.0000.0000) *Mar 1 01:28:21.984: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth ernet0, changed state to up *Mar 1 01:28:34.341: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne d DHCP address 192.168.10.244, mask 255.255.255.0, hostname AP2c54.2d0d.c3c4
I have a WLC 5508, AIR-LAP1142N APs and a SSID for students to connect to who bring their own device. I am still testing this and it has not been rolled out but I am running into some serious issues with joining the network. I am authenticating them through a RADIUS server (2008 R2). Problem: many of them cannot connect because they are lacking the certificate.
1. What is a good setup for authentication in a BYOD environment
2. If my setup is good what can I do to allow kids to use their computers on the wireless either without the certificate (which I know is unlikely) or what do I need to have them do to connect. I am hoping it does not involve hard wiring and getting the certificate from the server.
have a Cisco 5508 controller (version 6.0.199.4) that when I enable global multicast mode it will work for an hour or two and then it will kill the network. All internet both wired and wireless, access to server everything dead. I then have to directly connect to the service port and disable the global multicast mode. Then two reasons for enabling it are Docs2Go and LanSchool both require multicast to be enabled. I have it enabled on our wired network and it works OK there. ted.
We have recently been given this unusual task. The setup is a series of CAP3502P access points, and a wireless controller (either 2500 Series or 5500 Series), as well as other standard network infrastructure.
In this network, the client (mobile/wireless) devices must be able to detect when they change what access point they are communicating through, while also requiring a seamless transition. Ie, if the client device is communicating via access point A, and displaying the application menus for A, when the user walks to the area services by access point B, it must detect that sot he application can display menus for B, without the user having to select "B".
Is there a way for the client device to detect which access point it is using and provide that to an application? Or alternatively a way for a host service residing on a server to get that information from the wireless controller?
i am placing a formal request to Cisco and to the firmware development team to create a new-and-improved firmware release for the WET200 wireless Ethernet bridge, a product that is still being produced, shipped, and sold. I purchased the product about one-and-a-half years ago and have enjoyed its performance. There have been, however, some flaws with the device, namely the following:While configured to use WPA2-based security, DHCP-related traffic is not passed from a router/gateway's DHCP Server to connected devices on the WET200. Current firmware release notes indicate this was a known issue and was, supposedly, fixed; however, due to the level of problems customers are reporting, it appears this may have only been resolved, if at all, with security configurations of WPA, WEP, or OPEN. It has not been fixed for customers using WPA2-based security.When I originally purchased the WET200 and configured it to use WPA2-based security, while it, initially, did have a few problems connecting to my router/gateway, it, eventually, did connect and stayed connected for, approximately, one year. However, in September of 2009, it suddenly lost connectivity with my router/gateway and has not been able to establish a connection since, even after reinstalling the latest firmware revision and after several soft and hard resets of the device. I tested the WET200 with another router/gateway, only to experience the same issue. Other devices are connecting to my router/gateway, but, not the WET200. The last firmware update for the WET200 was dated back in July of 2008. Currently, it is January 2010 and since these issues have been known for quite some time, it is unacceptable that the firmware for this device has not been updated in such a long time, especially when there are known issues with the WET200's firmware. Such lack of support is forcing me and my clients to stop using these Cisco-based products and purchase competing hardware, something I would prefer not to do; however, without better support, I and my clients do not have a choice. Expecting me and my clients to use an inferior form of security on the WET200, such as WEP and/or WPA, until a firmware update is issued is unacceptable, especially when that update has not been released in over one-and-a-half years. Such lack of support is especially unforgettable when my clients and I are looking to purchase new networking equipment. In the past, I would not have hesitated to purchase a Cisco-based product; now, with this experience in mind, I am finding it very difficult to recommend to a client that he or she should invest their organization's finances into Cisco-branded equipment. Proper, professional, timely, support of your hardware is expected of your customers, especially if you wish them to remain loyal customers. I have noticed that other similar devices, albeit, higher-end devices, have had their firmware updated, more recently, compared to the WET200. I assumed this meant that the firmware development team was updating all firmware on such devices. So far, I have been disappointed in the lack of firmware updates for the WET200. While I understand the possible desire to update the higher-end products, first, as a professional whose job is to research, recommend, purchase, install,configure, secure, and maintain both the enterprise-level and small business-level devices, I highly encourage Cisco not to overlook their small business products when the firmware development team is updating firmware for any Cisco products. Deficiency in the support of one strata of Cisco-based products is reflective upon the support of any Cisco-based product and is not easily forgiven by Cisco customers, such as myself, when new and additional hardware needs to be purchased.
WET546 successfully authenticates and looks pretty healthy on controller (see below) , however neither of computers plugged to WET546 was unable to obtain ip address from dhcp server , nor working with static ip. I was under impression what it might be related to some default policies on WLC2100. Logs (warning) on WLC2100 looks clean.
This is the first time I am trying my hands on wireless gears. I have 2500 WLC and 1142 AP (which I converted from Standalone to LAP).I have a layer 3 POE switch where i am using port 1 for the WLC which is a trunk port.
Port 2 is for the AP using access vlan 111
Port 3 is trunk port going to a router where i am running dhcp server for the VLANs which are as follow:
I wanted to block the traffic from the Guest VLAN 999 but when i apply the ACL on the Guest Interface created on the WLC, I dont see any pings going across and neither I see any hit counts on the deny statement as if the ACL is never applied.
I just read that starting from version 7.4, the 2500 controller can be used to terminate guest anchor tunnels. have a question regarding the performance of the internal DHCP server when used in guest environments.
We have a 2504 Wireless Controller and it works great!We currently have 6 Access Points (Aironet 1252) connected.We just added the sixth one a few weeks ago and with a properly configured and fully functioning Wireless Controller, it was super easy.Now, I have been assigned to add another Access Point, but at a remote site.The plan is to have up to three or more APs at this remote location and we want them to talk back to the Wireless Controller.We have plenty of licences on our current Wireless Controller.Do do not want to spend the funds for another Wireless Controller and more licenses.
1. How does one manually add a Aironet 1252 to the 2504 Wireless Controller
2. If the AP is on a different subnet than the Wireless Controller, how does one get it registered?
3. The best for last: Can a Aironet 1252 talk to a 2504 Wireless Controller over a WAN link?
Android users can connect to our hospital guest wireless but will not have connectivity. Our wireless infrastructure is WISM based with 2 controllers on 6509 platform. We have a mixed environment of 1231, 1252 & 3502 series APs.
Had issue connecting just Android devices? All other devices connect fine.
I have problem setting up wireless repeater using Cisco 1242AG access points. Here is the setup and problem - The location has 2 1242AG APs and a WLC (2206) which will be used by PDAs. One of the AP was converted to Lightweight AP and is wired. This AP is up and working and PDAs are able to connect to it. There is 1 WLAN and it uses Local EAP (LEAP) as authentication. Layer-2 security is configured as WPA/WPA-2 with 802.1X authentication. Under AAA servers Local-EAP is enabled and a profile (with LEAP enabled) is used. Local users are configured for login. As said PDAs are able to connect and it is working without any problem.
WLC (LEAP with local users) -----> LAP ----> Repeater AP
But the 2nd AP has to be configured as repeater was configured to repeater mode (refering to the document) and was placed. The WLC can see a client (with APs MAC address) but it is probing. The AP is still Automonous AP. Also username and password is configured for authentication. But still the radio on the AP is not up and it is in reset state.
Is 802.11ac wireless module for Cisco Access Point 3602 is available to order ? what Wireless controller we need to use for the support of 802.11ac wireless standard ?802.11ac will support only on 5700 series wireless controller ? Or it will support with 5508 Series also ?
We plan on buying a Cisco 2700 wireless location appliance but I need to know if it will be compatible with our 2500 WLC.I've tried to look but cant find any document for this. Also can you deploy the location appliance without a WCS?
I have a WLC 2006 running 4.2.130 code with AP1020s.I also have several users that have VMware machines that run various flavors of Linux, etc Virtual Machines on Windows XP Pro.
The Windows XP works fine on the wireless. It is the VMWare Virtual Machine running the Bridged ethernet connection that have problems.
The problem is that the Virtual Machine doesn't get a DHCP IP address from the wireless network.
If the user plugs into the wired network all works fine.I have done some captures that show the DHCP requests going out with the MAC address of the wireless client, but no DHCP replies.
It looks like the WLC is seeing the additional DHCP requests from the MAC address of the wireless adapter and dropping them.The same DHCP server (different scopes) are used for both wireless and wired clients.
The DHCP server shows NO activity when the Virtual Machine tries to get a DHCP IP address.The DHCP server is a Cat 6500 running IOS v12.2(33)SXH. DHCP activity was monitored using debug IP dhcp server events/debug IP dhcp server packets. The VMWare Workstation tried is 6.02-6.04.
I have one WET200 Wireless Brigde, connected to internet router... I can't use the infraestructure mode to broadcast the ssid to wireless cliente like laptops,
Only can use the ad hoc mode, but the wireless clients dont reach the internet from adhoc connection trought WET200...The datasheet saids "client only" for WET200, what is the diference between client only and Access Point mode? ??
We have 2 access switches (3750s) that are both attached to a pair of Nexus 5548UPs with L3 cards over VPCs. Access switch (AC1) terminates our 4402 WLC. The WLC services 4 WLANs and connects to the access switch with a single trunked port. Access switch 2 (AC2) terminates an 1131AG lightweight AP. The WLAN is 10.1.1.0/24 on VLAN 300. Router 1 (R1) VLAN 300 IP is 10.1.1.2. Router 2 (R2) VLAN 300 IP is 10.1.1.3. R1 is the active router for VLAN 300. The standby IP for VLAN 300 is 10.1.1.1. The VPCs between both access switches and the router pair are functioning correctly and trunks are wide open (no pruning).
Wireless clients get a DHCP address from a server on another VLAN. Those addresses get handed out just fine.
Wireless clients can ping 10.1.1.3 (R2). They cannot ping 10.1.1.1 (standby address) or 10.1.1.2 (R1).
I took captures from the WLC and I see the ARP requests and replies from wireless clients to their gateway (10.1.1.1). I took another capture directly from the wireless clients themselves. From there, we see the ARP requests, but never the replies. If I create a static ARP entry on the client, it can ping the gateway just fine.
I have 2 cisco Aironet 1252 setup as a point to point link using an external antenna (one radio is setup as the root bridge the other is setup as the non-root bridge). Now I see that the connection between the radios is established at a speed of 54 Mbps. However when I perform a speedtest on the link I see that the my actual download speed does not exceed the 2,5 Mbps. what can cause my actual speed to be far lower than the 54 Mbps? And what can I do to improve it?
I'm setting up a wireless network for a small office with 25 people with approx. 15 on wireless at any time. The office is very long and skinny so I'm looking at a cluster of WAP321's. I'm hoping these will save a ton of money versus buying a controller and more expensive access points.
How do these work for roaming? I tried a search but I've found descriptions of them not roaming at all and descriptions of them roaming but you have to do some kind of pre-authorization right up to they roam with no user interaction, they just roam.
I need the users to be able to roam around the office with no interruption. I don't want to install these and have to rip them out later and put in new ones and a controller. How to find out if the WAP321's will work for roaming.
I recently purchase my first Cisco products for a network for our church. I have a RV180W router, WAP 121 Access Point and a SR2016T switch for our network, which is just pier-to-pier at this point. We have 5 computers connected with ether net through the switch and all see the Internet and work fine. The wireless connection through the router is working fine with our wireless devices (laptops and i Pads). Where I am having issues is with the AP. It is in different area away from the router being powered through POE instead of the regular power connection.
My problem is this: it takes FOREVER to connect to the AP and to the Internet, even when sitting directly under the AP with full signal. Once connected, it appears to allow Internet connection just fine, but getting to that point takes 15-20 minutes sometimes. Also, when I come back the next day, I have NO signal at all, as it seems the AP has "timed out" due to inactivity or something. I have to reboot the AP and the router to get it all back up and running again. I need for the signal to stay up all the time or at least come on when someone connects.
So, what am I doing wrong here? I have recognized and authorized the AP through the router config, security is set up fine and I can see it once it comes up. I have the AP set up as a completely different SSID, although I would prefer to have the AP as merely an extension of the router's wireless network if possible.