Cisco Wireless :: Mesh And Flexconnect With WLC5508?
Apr 4, 2013
A customer have a bad coverage in a corner of his branch office. He like to add a mesh AP (MAP) in the near of that corner.
I checked allready the documention about Mesh but i'm not sure if Flexconnect and Mesh works togheter. This MAP is in a branch office and the WLC is in the head quarter therefore he likes to uses Flexconnect togheter with Mesh.
I need to integrate Cisco ISE and WLC5508 with FlexConnect (local switching) using EAP-TLS security for wireless clients across multiple floors (dynamic VLAN assignments based on floor level). The AP model used is 3602.
- What RADIUS Attribute can be used for dynamic VLAN assignments based on floor level? Is there an option where I can group all LWAPs in same floor for getting certain VLAN from ISE?
- I intend to use WLC software version 7.2 since 7.3 is latest version. Has someone use WLC software version 7.3 without any major bugs/issues pertaining to FlexConnect and EAP-TLS?
- I read some documents saying L3 roaminig is where the associated WLC has changed. However if user move to different subnet but still associated to the same WLC, would this be consider as L3 roaming too?
I have two WLC5508 controllers running 184.108.40.206, which having the two of them probably is inconsequential because all the APs are added to only one controller. The problem I'm facing is that I have several LAP1552E's deployed throughout my facility, and I have several that are doing Ethernet bridging to some Cisco switches using G0. In this, I have a PC at the end of one of these switches, and using Iperf and PingPlotter to get some metrics, and what I'm seeing is >400ms latency with <3 Mbit throughput to the PC. On the 802.11a radios I have 18 Mbit set as mandatory, with everything below disabled and everything above Supported, with all MCS indexes under 802.11n enabled.
My channel is set to 161 with a 40 MHz channel-width, and a power of 3 configured.After many days of trying different power settings, channel settings, and such, I can't get better results than above and my channel utilization stays > 75% at all times. I do have video cameras attached to the other bridges switches, and have video QoS set to Bronze and the cameras configured to ~ 1 Mbit bandwidth maximum. Also, average RAP-MAP distance is ~ 1100 ft and average MAP-MAP distance is 400 ft, with the longest RAP-MAP being 1400 ft and MAP-MAP distance being 875 ft.
I want to start implementing a small outdoor mesh network of 3 APs Aironet 1550 in order to grow afterward with more APs. Is there any way to configure those 3 APs in an outdoor mesh configuration (for example, only one RAP and two MAPs) without a Wireless LAN Controller or I have to have at least, one WLC? My idea is to have a WLC 5508, but at the very beginning I don't know if my budget is gonna allow me to cost the WLC.
I have a problem configuring ClientLink on a FlexConnect local switching AP (3602i), the problem is that I can not see the clients that are using the ClientLink feature when entering the show interface dot11radio 1 lbf rbf command, the AP shows "Hardware beamforming stats not supported (radioid 0x3B00)" message instead of show the client information. I am using a 2504 Wireless LAN Controller running 220.127.116.11 software version, why is not working properly?
A customer of mine has a centralized 2504 WLC with 7.2 code running. They have 1142N APs deployed locally as well as in remote sites (3) in FlexConnect mode. For no apparent reason last Thursday all the remote APs disassociated with the controller and could not rejoin. All the local APs remained up and unaffected.No changes to the WLAN, LAN, Firewall or MPLS WAN occured to cause this.The customer opened a TAC case and their determination was that ports 5246-5247 were not getting thru. When the customer engaged me this morning I had him run a packet capture on the Sonicwall firewall to prove out if the CAPWAP signals were leaving and returning across the WAN. Sure enough we can see this bi-directional traffic (pic attached). Also, I had the MPLS provider run a trace at the far end and they see the same traffic leave the remote site. And then an odd thing happened; one of the APs at one of the remote sites all of a sudden Joined the controller. So I tried rebooting the AP that is located in the same office, and it fails to Join. When I look on the controller under AP Join statistics, the last activity shows the controller receiving a Discovery Request and response is sent, but no further Config Request and response or Join Request and response.
However, I now have a number of devices... certain smartphones so far... that will NOT connect to a FlexConnect AP if it's a 1262AGN AP, but my older 1242G AP will accept the devices without issue. Same SSID, same encryption standards.
If I connect the devices to my guest network (no security), they will connect just fine to both APs, and Non-FlexConnect 1242 and 1262 APs will both accept the devices without issue using my private network.
In other words, it seems to be an issue specific to 1262AGN with my encryption security. My security is WPA2/AES with PSK. No additional security on the SSID.
We have a problem when I call bettween two 7925 in same SSID, VLAN voice. They cannot hear each other. The SSID and LAPs are in Flexconnet. From desk phones there are no problem and betwen one deskphone and one wireless phone there no problem too.
I want to use the flexconnect in the same network where the wlc is located. Normally we will do it for over WAN and branch office. But I want to use in the same main office to avoid more bandwidth utilization on my distribution layer. Wlc is connected on Distribution switch.I want to do local switching in the access layer switch.
The below is the sample topology. But real topology contains nearly 200 AP's(3600 series) and 20 access switches and so on.....So there is a chance of 200 AP * 350 Mbps can flow on the distribution layer.So ,
1)If I use flexconnect any issues will be occuring?
I have one WLC 2504 with 18.104.22.168 code and 4 APs 1142 in Flexconnect mode all of them are in one group with 2 SSIDs in two differents VLAN:
-Admin VLAN 151 -Corporate VLAN 158 -Guest VLAN 159 -The auth is 802.1x using an ACS ver 4.2
I connect my Laptop to the corporate SSID and start to have access to web services, intranet services, etc but arround 15 25 min after i connect i lost connectivity to my GW and all the services but i still have my IP info. I do some tests on MAC books, Laptop with Windows XP, 7 and 8 and its the same for all. I config one switch port in the corporate VLAN and i never loose connectivity.
If i reset the WLAN connection all start to works.The ports in the SW are in trunk mode and almost always the APs are in connect mode.
i have installed ISE1.1 on VM and other hand vWLC7.4 also there in VM i am using 1130AG APs in flexconnect mode and using central auth and central switch.i wan to configure it for CWA(central web Auth) from ISE but a little a bit confuse about ACLs.
I have about 200 APs (Cisco 1042n and 1142n), 4 controllers (5508 and 2504).. Switches are 2960s and some other stuff.. I Use NCS for management.We have a couple of vlans and SSIDs, when users connect to a SSID i use Flexconnect to associate the users to the correct VLAN.
I have quick question about wlc software version upgrade : currect version of 5500 WLC : 22.214.171.124,However i am planning to upgrade to version 126.96.36.199,currectly all remote site AP's are connected to this WLC , nearly 150 AP's all are in H-reap mode however once i upgrade to 188.8.131.52 version , all default should come into Flexconnect mode.Do i need to make any configuration or any changes in AP's to get Flexconnect mode or will it be default mode as Flexconnect mode in new version of WLC ?
Subject: FlexConnect compatibility with Access Point? We have today one Cisco 5508 and those access point on remote sites
o CISCO AIR-LAP-1131AG-E-K9 o CISCO AIR-LAP-1231G-E-K9 o CISCO AIR-LAP-1142N-E-K9
We plan to use redundancy on the controller and implement Flexconnect on the remote site. What we need to know is if I can implement Flexconnect on all actual access point - I think it is possible on 1142N + 1131G but do not know on 1231AG - is it correct or I'm wrong ? We plan to install the latest SW version for 5508 controller.
I have found some samples on the FlexConnect setup for the controller side. However none of the documents mentioned how the switch port should be configured that goes to the controller and AP.
At this moment I have a Cisco 5508 configured in CAPWAP mode with 20 APs. I would like to use same controller for connecting one of the remote sites with 2 APs in FlexConnect mode. Current the 5508 to switch port is configured as 802.1Q port. All CAPWAP AP ports are configured as "switchport access vlan X" where X=capwap VLAN. Need to know how the switch port should be set for the remote site where flexconnect APs connect.
Configuring HP switches for Flexconnect. I am not sure if or not its doable? Access Points are 2600 and 3600 with 5508 as a controller. Idea is to keep the branch traffic local but the switches are HP.
The wlc config guide of Release 7.4 states that sticky key caching (usefull with apple devices) is supported at AP in local mode. [URL]I am testing the new WLC 8500 with 184.108.40.206.
AP mode = FlexConnect
The wlan i activated skc is centrally switched.I debugged the iPhone (4S) roaming.I think skc works at centrally switched vlan on flexconnect APs.
*apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Reassociation received from mobile on BSSID 00:16:9c:ba:a9:b6 *apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Global 200 Clients are allowed to AP radio *apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Max Client Trap Threshold: 0 cur: 23 *apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Rf profile 600 Clients are allowed to AP wlan
after upgrading to 220.127.116.11 im getting this error message when trying to apply changes on the wlan id."mDNS profiling cannot be enabled with flexconnect local switching"if unselect mDNS snooping under (wlan id/advanced) i can apply the changes, but only temporary.when im looking the next time, the tick box mDNS snooping is enabled again.is this a bug or what?
I have several 2602 AP's that I want to operate in FlexConnect mode. The WLC is at a central HQ and the Ap's are remote. There are central radius servers at the HQ for the wlans. At the remote lcoation, there is a local radius server we want to use for the primary radius server for these AP's. This radius server has been added to the WLC. I have setup a FlexConnect Group, designated the the primary and secondary servers, and then added the AP's to the group. It does not look like radius requests are being sent to the local controller.
For this to work, do we have to check the box under the wlan for FlexConnect Local Auth? Currently, we only have FlexConnect local switching selected.
Currently we have 20 remote sites, each with 2-5 AP's each. They all connect back to our Main Data Site in the US and register on a single WLC5508.
We do not have a backup WLC, but are looking to purchase one. What I would like to know is, are there any problems with the secondary WLC being installed in our Main Data Site in Europe? These two main sites are connected via a 10M MPLS WAN.
So all the remote sites could still connect to the WLC in the US, but in the event of a WLC failure in the US, they would need to fail over to the site in Europe
I'm using WLC5508 /w 7.0..My client do not get its IP. Status shown "DHCP_REQD".I found in (Cisco Live) Troubleshooting Wireless LANs with Centralized Controllers This related with Enable/Disable DHCP Proxy checkbox. I solved. with Enabling this.But,
1) Why this box have been working correctly for longtime? No one did diable/enable this feature on my box.
2) I guest, ver7.0 Disables this chechbox by default. Or not? I also have others two 7.2 boxes. Those are all Enabled.
I have some problem about dhcp via VMware 7.1. My client connect the wifi and get ip address well, then, i turn on VMware (inside my computer) and set as the bridge mode. I found that my VM cannot get the ip-address from dhcp server and I using WLC5508 version 7.2. I try to connect via Switch, my VM get the ip address well.
looking at doing the site survey before detailed implementation. we plan to use a wlc5508, AP3602, a good tripod/stand, PoE switch and AirMagnet to conduct the site survey. i'm inclined to use a single AP and just a guest SSID and let AirMagnet merge the readings on where i 'locate' the AP (on 1 VLAN)
I have a customer who is going to deploy a WLC HA AP SSO setup. I have recommended them to have 4 Gigabit SFP modules in each WLC5508.The customer now asks if it is possible to only have one or two SFP modules in the standby unit ? As he says it is properly not going to go in service one time within the next five years if he is unlucky.
We have five cisco WLC 5508 and one WCS .The WLC is running on 18.104.22.168 version at present but we want to upgrade it to 22.214.171.124 but on cisco site at download location , the below thing is mentioned...
WLC Version 126.96.36.199 will need Prime Infrastructure Version 1.3 to be managed, Version 1.3 is not yet available to download at this point of time
Access Point Model----Cisco 3501i Series
So i want to know, can i upgrade it to this version when we are having the WCS in our network ?
In one week I need to import the config from my 4404 WLC to my new 5508, then I just want to change the mgnt IP address of the 5508 and then bring it into the same mobility group.How do I import the config when the 5508 is straight out of the box?
I have WLC 5508 with 6.0 software and kept in main office and 10 sites are connected . I created Group and hreap for the sites AP.Now customer wants the secondary WLC to keep on one another site. And the customer is asking all the configuration like ap group and all should come to secondary wlc automatically . In future also if he create any new group in primary it should come in secondary wlc.And if primary goes down the secondary should controll all the sites and when comes up primary should taken care.Active standbye mode.
I have been asked to setup wireless and we have purchased WLC 5508 and 1142 APs.We have several remote sites and a centralized WLC. The requirement are to have a common SSID (Corporate) advertised across all the remote sites and have that SSID locally switched, and have another two SSID Guest and Mobile tunneled back to the central site (WLC).I want all the wireless (Corporate) clients to use the same subnet as the wired clients at each remote site, the IP assigment will be done by a DHCP server at the central site. The Guest and Mobile users will use a common subnet each across all the site and this will also be handled by the DHCP server at the central site.
I have enabled H-REAP with Centralized Authentication and Local switching but I'm not sure about the second part which is to have a common SSID (Corporate) across the remote sites and localy switched whilst having the other two SSIDs tunneled back to the WLC. Cisco TAC told me to configure dynamic interfaces for each of the remote site but then he said I still wouldn't be able to switch the Corporate traffic localy if I use a different subnet to the wired subnet for the wireless clients.