Cisco Wireless :: Migration Of Remote Location APs (4400 To 5500)

Jan 7, 2013

I have a existing wireless setup of 4400 WLC with some  AP's  connected remotely,now i am migrating the whole setup to the new WLC 5500. All the AP has been registered to the new WLC 5500 except the remote location AP's.As there was no option of giving IP address in GUI of the controller in 4400 WLC, i have changed the controller name and restarted the AP, but even though it is going back to the old controller.

View 15 Replies


Cisco Wireless :: WLC Migration From 4400 To 5500

Jun 1, 2012

i have a existing wireless network setup in my office existing wlc in 4402 and LAPs are 1130 & 1242 all are working fine but we are now planning to use new 5500 series controllers for the same access points,i want to ask that how i can done this job with very minore downtime and users disconnectivity + zero error results??

View 2 Replies View Related

Cisco :: WLC 4400 To 5500 Migration?

May 30, 2012

We have a single 4404 that was setup long before I arrived with Guest networks that timeout and other such tweaks.  Is there a document somewhere that shows a way to migrate the old settings to a new 5508 that we are purchasing?  By the time the 5508 arrives I will have a very small window to setup the unit before a new wing goes live.  I need the new unit as we have reached our limit of licensed AP's on the old 4404.  It seems like everyone keeps talking about an easy way but no one says how to do it.
I have never setup one of these units before from scratch so I don't know how long it will take.

View 6 Replies View Related

Cisco Wireless :: Roaming Between 4400 And 5500 Controllers

Oct 11, 2012

Actually we have a 4402 controller with 1120 APs both of which are marked as EoL products, we want to jump over the new 2600 APs and 5508 Controller for increase signal coverage but we have the following deals:Last firmware for 4402 controller is 7.0.Firmware needed for 5508 to support 2600 APs is 7.3.Is it possible to configure mobility between 4402 and 5508 even with different firmware branch?

View 3 Replies View Related

Cisco Wireless :: 4400 - 5500 - Bridge With More Than 100Mbps

Aug 12, 2012

We are using Cisco Wireless solution in our network. Using 4400/5500 WLCs and 3500/1130 series APs.
A new requirement has come up and we need to provide connectivity between two buildings (which are within 1 km)  using wireless. This link should be able to give >=100Mbps.
As we already have 3500/1130 APs, can a wireless bridge be established using them which can also give >=100Mbps? Can this be done using a WLC based solution? What I mean is: Do I need to have a standalone AP solution or can it be done while both the APs register to WLC? What are the AP models/antennas that can meet my requirement?

View 6 Replies View Related

Cisco Wireless :: To Switch Which Of 2 WLAN Controllers 4400 And 5500

Aug 23, 2012

I have 2 WLAN controllers, a 4400 series and 5500 series controller.  The 4400 series has 100 seat limit on it, with 74 Access Points currently connected.  The 5500 series has a 250 max, but we bought it with only 50 licenses, and it is max'd out at 50.The 5500 controller is the controller that has a DNS entry so that the Access Points will know to find that controller as they're being added.  BUT, because we've reached our limit of 50 licenses, I'd like to be able to set the 4400 series controller to be the controller that new Access Points try to connect to.  By going back to the 4400 as the controller that new Access Points connect to buys me time to plan for more licenses on next years budget for the 5500 controller.

View 29 Replies View Related

Cisco VPN :: All Remote Wireless IPSec Remote Clients Fail Connecting To ASA 5500

Sep 12, 2012

We have two ASA 5500 series Firewalls running 8.4(1).  One in New York, another in Atlanta.They are configured identically for simple IPSecV1 remote access for clients.  Authentication is performed by an Radius server local to each site.
There are multiple IPSec Site-to-Site tunnels on these ASA's as well but those are not affected by the issues we're having.First, let me start with the famous last words, NOTHING WAS CHANGED.
All of a sudden, we were getting reports of remote users to the Atlanta ASA timing out when trying to bring up the tunnel.  They would get prompted for their ID/Password, then nothing until it times out.Sames users going to the NY ASA are fine.After extensive troubleshooting, here is what I've discovered. Remote clients will authenticate fine to the Atlanta Firewall ONLY IF THEY ARE USING A WIRED CONNECTION.
If they are using the wireless adapter for their client machine, they will get stuck trying to login to Atlanta.These same clients will get into the New York ASA with no problems using wired or wireless connections.Windows 7 clients use the Shrewsoft VPN client and Mac clients use the Cisco VPN client.  They BOTH BEHAVE the same way and fail to connect to the Atlanta ASA if they use their wireless adapter to initiate the connection.
Using myself as an example.
1. On my home Win 7 laptop using wireless, I can connect to the NY ASA with no issues. 
2. The same creditials USED to work for Atlanta as well but have now stopped working.  I get stuck until it times out.
3. I run a wire from my laptop to the FiOS router, then try again using the same credentials to Atlanta and I get RIGHT IN.
This makes absolutely no sense to me.  Why would the far end of the cloud care if I have a wired or wireless network adapter?  I should just be an IP address right?  Again, this is beyond my scope of knowledge.We've rebuilt and moved the Radius server to another host in Atlanta in our attempts to troubleshoot to no avail.  We've also rebooted the Atlanta Firewall and nothing changed.
We've tried all sorts of remote client combinations.  Wireless Internet access points from different carriers (Clear, Verizon, Sprint) all exhibit the same behavior.  Once I plug the laptops into a wired connection, BAM, they work connecting to Atlanta.  The New York ASA is fine for wired and wireless connections.  Same with some other remote office locations that we have.
Below I've detailed the syslog sequence on the Atlanta ASA for both a working wired remote connection and a failed wireless connection.  At first we thought the AAA/Radius server was rejecting us but is shows the same reject message for the working connection.  Again, both MAC and Windows clients show the same sequence.Where the connection fails is the "IKE Phase 1" process.

 %ASA-6-713172: Automatic NAT Detection Status: Remote end is|is not behind a NAT device This end is|is not behind a NAT device
NAT-Traversal auto-detected NAT.
 %ASA-6-113004: AAA user aaa_type Successful: server = server_IP_address, User = user
 %ASA-6-113005: AAA user authentication Rejected: reason = string: server = server_IP_address, User = user


View 1 Replies View Related

Cisco :: Migrate WLC 4400 To 5500?

Aug 1, 2011

l need change a wlc 4400 to 5500, but l don´t know what  l need back up, and how can I do to join the H Reap APs in the new 5500 WLC because all H Reap APs that l have, are not in the same city , and I understand if l want join AP in the new WLC l need to connect in the same network segment, is it rigth ?

View 7 Replies View Related

Cisco Firewall :: ASA 1000V And ASA 5500 Migration Between Firewalls

Jul 8, 2012

We currently have redundant FWSM's and are planning a migration to standalone ASA 5500 series firewalls. However, we have a complete VMWare environment and are looking at the Nexus 1000V. I understand the Nexus 1000V and VSG architecture and implementation, and I do understand that the ASA 1000V is designed for cloud environments. But I do have one question about the ASA 1000V.
Is it possible for an ASA 5500 series firewall to be replaced by an ASA 1000V? Basically, can an ASA 1000V be a sole firewall solution, or are ASA 5500's still needed? Is there a datasheet anywhere that compares the ASA 1000V and ASA 5500 series?

View 4 Replies View Related

Cisco :: Deploying 4400 Controller As An Anchor For 5500 Controllers?

Jun 7, 2011

in one of the sites, the client has an exisiting 4402 controller which he moved to the DMZ in order to set it as an anchor & he purchased two new 5508 controllers to control the corporate APs.  I configured all the parameters needed for the guest anchoring & then I tested the connection but there was an issue. (all the controllers are running the same firmware version)after testing the setup, the guest users could get an IP from the internal DHCP of the anchor controller (in DMZ), but then they cannot reach the internet or anything outside the anchor controller.Cisco confirmed that the 4400 is fully compatible with the 5500 to work in an anchor-foreign secnario as long as they are running the same firmware version. yet, when I temporarily used one of the 5500 controller in the DMZ as an anchor & I applied the exact same configurations on it as the 4400, it worked perfectly without any issues.
note:  on the anchor controller (4400), the management & AP-manager interfaces reside on the same subnet & the wireless guest SSID is also mapped to the management interface.  (may be this setup is causing the issue) but on the 5500 it is working just fine?

View 2 Replies View Related

Wireless Access For Remote Location?

May 3, 2012

I'm essentially looking to extend an existing network in a primary warehouse for our company across a parking lot to a secondary warehouse with no network drops. I need to keep the ability to assign addresses in the existing scheme over to two computers in the secondary warehouse.

View 1 Replies View Related

Cisco Wireless :: 2504 - Clients Unable To Connect To Wi-Fi At Remote Location

May 29, 2013

While trying to connect to WiFi at remote sites APs, the connection is getting time out.User are getting error as 'Unable to connect to <WiFi-SSID>' The APs at corporate office are functioning properly and user are able to connect to the APs.
Wifi Controller: 2504 Software ver:
Authentication 802.1x

View 7 Replies View Related

Cisco VPN :: ASA5520 Remote Access VPN Pool Migration?

Nov 29, 2012

best way to migrate to a new pool for remote access DHCP address assignment.  We are currently using a /24 pool, allowing us 253 IP Addresses... during the recent hurricane we hit 250 IP Addresses used, and had to start asking users to connect to our backup ASA VPN device in another country, not an ideal solution.  I'd like to expand our current VPN subnet to a /23, however I do not have a free /24 subnet above (or below) our current /24 subnet.

I can certainly allocate a new /23 subnet, but I am looking for the best migration plan with minimal downtime (no downtime would be preferred).  Can I just add the new pool range to the tunnel-group RAVPN general-attributes section alongside the current pool, or should I just remove the old pool, log off all existing remote access VPN users and have them log on again to start using the new pool?We are running ASA Version 8.2(1).

View 2 Replies View Related

Cisco :: 5508 Remote Location Without Going There With Spectrum Analyzer

Dec 5, 2011

We have a 5508 WLC with WCS and are using 1131AG WAPs. How to determine if there is interference or noise at a remote location without going there with a spectrum analyzer?

View 8 Replies View Related

Cisco WAN :: 857 - How To Route Traffic Over Remote Location Internet

Nov 18, 2011

I have a customer which has a main location office and a remote one. Recently we interconnect their facilities using a local ISP service called Virtual Connectivity, which basically is a private network which can be accessed over aDSL or any other data circuit. They are using Cisco 888 routers to interconnect both sites.At the main site the customer also has an Internet circuit (with a Cisco 857 router)and he wants to remove the Internet circtuit from the remote site and provide them access over their main location Internet circuit.At the primary offices, we installed Cisco 2811 router as a gateway to route the Internet and remote network traffic over the required data circuit. Everything is working fine, but we can not access Internet from the remote location over the circuit installed a the main site. I understand this is a routing issue, since the traffic hits the main office network it does not knows how to reach the Internet. I am assuming this routing must be set into the main office Cisco 888 router (installed by the ISP to interconnect to their private cloud) in order to properly route it over the Internet circuit.Since I already have access over the Internet router and the gateway router at the main site, but not into the ISP router, is there any other way I can make this configurtion over the routers I already have access?

View 3 Replies View Related

Cisco VPN :: ASA 5505 8.2.1 - Site-to-Site VPN NAT - Add Wireless To Remote Location?

Oct 18, 2012

On one of our branch locations ASA, I have a L2L VPN setup we are adding wireless to this remote location, and the AP's will talk back to the controller at HQ. The AP's are on the downstream L3 switch, and they have been placed on the mgmt network. It's definitely not ideal to have these AP's on the mgmt network, but for now that is how it is setup.

From HQ (163.122.x.x) I can ping and reach the ASA (, and the downstream L3 switch, but when I ping one of the AP's, I get timeouts and and the following error on the ASA:%ASA-3-305005: No translation group found for icmp src outside: dst mgmt: (type 8, code 0)
It appears it's a NAT issue on the ASA, but I'm confused on what I need to change. Why can I ping the ASA and the switch from HQ, but not the AP's which reside on the same mgmt network? I don't really need it to NAT, just to pass the connections. I currently only have the following two NAT statements in the configure


View 1 Replies View Related

Routers / Switches :: Find The Uptime Of An ISP From A Remote Location?

Jan 26, 2012

My boss is asking me to write a batch file or use a utility to monitor the uptime of 16 different ISP accounts that we use across several stores. Most stores have several ISP accounts setup as failover, so they're not always active on our network but the ISP should still be up. He would like this to run from one of our servers. He is suggesting the 'gateway' for the ISP however I am not sure how to find this IP. The tracert utility returns IP addresses which are different than the gateway address in our router settings so I am wary to use those IPs.Which IPs would I ping to monitor the uptime and where would be the best place to find them?

View 2 Replies View Related

Protocols / Routing :: Access Secondary Subnet From Remote Location?

Apr 12, 2011

Main Site allows communication from Remote Site via VPN to Windows ServerMain Site also has a secondary subnet that communicates ONLY through internet but NOT to the Windows Server.Sonicwall 192.168.168.x is main siteRemote Site is 192.168.0.x connecting to Main Site to access shared folders on serverSecondary subnet at Main Site is 192.168.0.x using Windows XP PC's. They are accessing a linux server at which Main Site has no access to.VPN remote ip's are 192.168.0.x - they can successfully access the Windows Server at BUT NOT Want to connect Remote Site to Secondary subnetWilling to make router changes or whatever is necessary to get Remote Site to access Secondary Subnet with the only exception that the Secondary Subnet REMAINS.VPN DHCP is turned off but willing to turn it on.Willing to make the Linux Server 'discoverable' on the Windows Server. Don't know linux at all but another co-worker set it up and can make changes.

View 4 Replies View Related

Cisco VPN :: ASA5510 / Change Split Tunnel And Not Allow Access To Internet From Remote Location?

Mar 28, 2010

I have successfully setup the AnyConnect VPN (connecting to our ASA5510) and have split tunneling configured.  My remote users can access inside LAN servers as well as the Internet from their remote location.  What I would like to know is is it possible to change the split tunnel and not allow access to the Internet from the remote location but force the remote client to go through the VPN and out our internal edge firewall to the Internet?  Basically I need my remote clients to access the Internet but I would like for their Internet traffic to go through the VPN and out our edge firewall.  This will allow the same security as if they were sitting in the office.

View 4 Replies View Related

Linksys Wired Router :: RVS4000 - Unable To Ping From Remote Location

Apr 30, 2013

I am being told from my remote end I do not have port 22 opened up.  I have single port forwarding to SSH 22 and Port Range 22 enabled. 

View 1 Replies View Related

Cisco VPN :: Restrict The Remote Access To ASA 5500?

Oct 20, 2012

is it possible to  restrict the Remote  Access VPN to  ASA based on the Source  Public IP , if so  how ?
here I am not talking about the  VPN-Filter under group-policy . I Want to restrict the access from specified source  IP  (  Public IP)

View 1 Replies View Related

Cisco VPN :: ASA 5500 - Remote Access VPN Intermittent Disconnect

Oct 11, 2012

I am having the peculiar issue in our ASA5500 firewall (version 8.2(5) ), where the remote access vpn is getting issue, I am unable to ping the internal resource for sometime, however without any modification the problem gets resolves.
During the issue we can see Tx count 0
Username     : xxxxxx              Index        : 3147
Assigned IP  :          Public IP    : 14.99.x.x
Protocol     : IKE IPsec
License      : IPsec
Encryption   : 3DES AES128            Hashing      : SHA1
Bytes Tx     : 0                      Bytes Rx     : 8764
Group Policy : EMP-VPN            Tunnel Group : EMP-VPN
Login Time   : 15:07:51 IST Fri Oct 12 2012
Duration     : 0h:06m:34s
Inactivity   : 0h:00m:00s
NAC Result   : Unknown
VLAN Mapping : N/A                    VLAN         : none

View 2 Replies View Related

Cisco VPN :: Configure Static IP Address In Remote Client ASA 5500?

Aug 13, 2011

i am trying to configure static ip on remote client user side , i am using the following doc as an example but i am not getting the ip which i am mentiong in the user .[url]...

View 10 Replies View Related

Cisco Security :: To Restrict Remote Access VPN To ASA 5500 Based On Source

Oct 20, 2012

Is it possible to  restrict the Remote  Access VPN to  ASA based on the Source  Public IP , if so  how ? here I am not talking about the  VPN-Filter under group-policy . I Want to restrict the access from specified source  IP  (Public IP)

View 1 Replies View Related

Cisco Wireless :: WCS 7.0 To NCS Migration

Dec 24, 2011

I'm trying to get all the templates and Maps I've created in WCS into our new NCS. The instructions say just run the export.bat file on WCS and then Migrate into NCS. I cannot find any export.bat file on version of WCS. Is it only available in WCS version ro Do I have to use the export.bat file or can I just do a regular backup and restore?

View 7 Replies View Related

Cisco Wireless :: Configuration Migration Of WLC 4402

Feb 3, 2013

We got WLC 4402 running software 7.0.235 and would like to backup the configuration and restore on 5508. Is this doable? Do we need to be on the same version as WLC 4402. How to get cisco document to follow the steps if the above is doable,5508 is new with no setup.

View 6 Replies View Related

Cisco Wireless :: WISM1 To WISM2 Migration With Different Image?

Dec 12, 2012

I am about to migrate WISM1 to WISM2, The image of WISM1 is and the image of WISM2 is
Do i need to upgrade WISM1 to before i export the configuration and import it into WISM2? Or can i just export the configuration from WISM1 on and import directly to WISM2 which is on

View 2 Replies View Related

Cisco Wireless :: Migration 2106 To 2504 Controller?

Jan 6, 2013

I have a question to migrate a customer from a 2106 controller to a 2504 controller. Can I use the configuration file with both controllers having the same version?
Or is there another way not having to do it again manually? The old configuration is OK, only the hardware is end of sale.

View 19 Replies View Related

Cisco Wireless :: How To Add An SSID To AP's Through WCS 4400

Sep 24, 2012

We have a new SSID that needs to be added to an AP through a 4400 Controller with software version
All AP's are configured as Lightweight.

View 4 Replies View Related

Cisco Wireless :: 4400 - APs Not Join To WLC

Jan 24, 2011

I have a 4400 WLC for 100APs running the version. Now, only 48 APs are joined, and the WLC dont accept new joins. The log below are from my WLC but appear for all others APs:
%LOG-6-Q_IND: spam_lrad.c:1440 Discarding discovery request in LWAPP from AP 00:3a:98:ae:e3:f0 supporting CAPWAP%LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1440 Discarding discovery request in LWAPP from AP 00:3a:98:ae:e3:f0 supporting CAPWAP%CAPWAP-3-TX_ERR: capwap_ac_sm.c:1966 Failed to transmit discovery response to AP 00:3a:98:ae:e3:f0%CAPWAP-3-ENCODE_ERR: capwap_ac_sm.c:2269 Failed to encode Discovery (code)

View 2 Replies View Related

Cisco Wireless :: WLC 4400 Change IP Address

Jan 1, 2013

We have a WLC4400 controller with about 30 LAP. We moving to a new IP scope and was wondering what is the best way to change the IP address of the controller. We have tried doing this via GUI however we have to power cycle the controller to get it back online using the old ip address.

View 3 Replies View Related

Cisco Wireless :: 4400 / 5508 - Upgrade From To

Apr 2, 2012

I want to upgrade all my controllers (a mix of 4400 and 5508) to from Can I make that jump or should I do incremental?

View 7 Replies View Related

Cisco Wireless :: Pipe Output In WLC 4400?

Feb 14, 2013

Like the way you do with the Cisco IOS.
ie show start | i router

View 1 Replies View Related

Copyrights 2005-15, All rights reserved