Local DHCP (via the 5508) is for the guest network while the management and voice use the Windows DHCP server.
My problem, Voice and guest work fine. I have two SSID's (one 802.1X and the other PSK) that use the management interface that will not get an IP. I have enabled dhcp proxy from the cli on the controller. I tried with the management VLAN tagged and untagged.
My 5508 WLC which runs version 7.4 is configured as a DHCP server for the AP management and here's my problem: My AP can get to the address, and can ping the address of the WLC management，But my AP prompts the following log： [code]
In the switch dhcp we can use to do the WLC option43 specified address, but in this case how the address specified WLC, the AP can be registered up?
In our test set up, we have two WLC 5508 Controllers connected via Checkpoint UTM-1 firewall Inside and DMZ Interfaces. Both the WLC controllers are connected to the firewall via Cisco 3750 switch. On the Local (Inside) Controller, guest SSID is enabled and attached to the wireless management Interface. On the remote anchor controller, guest SSID is enabled and attached to the Management Interface as well. The following configs are replicated on both the Controllers.
SSID Name - guest Interface - Management ( VLAN 10 on Local and VLAN 20 on remote) - Mobility Group: Same configs at both ends SSID Anchor : Anchor SSID on local and local SSID on Anchor. AP: CAPWAP 3502 Management Subnet
Is there any thing missing in the wireless configs and or the firewall rules as i could not see DHCP request back from the Anchor Controller. Also, after DHCP is obtained, the web authentication request will be redirected to an Amigopod device for authentication. In this case is the redirect URL congiguration to be performed only on the Anchor Controller or is this to be replicated on both the Local and Anchor Controllers.
Firmware version 184.108.40.206 STAR 9202 Chipset 64 MB DRAM 8MB Flash DOS, Block WAN Rq, Remote mgmt all OFF IPSec Tunnel none used
Every day or so the Router becomes unresponsive to the HTTP mgmt interface, as well as it no longer offers DHCP services.then this happens the only remedy is to power reboot.
Everything comes back online just fine, however, the LOGS are initilaized so no data to figure out what`s going on.My next step is to setuo a syslog server and have the logs copied out.( No, I have no Torrents running at all, but I do have several devices like AppleTV, PS3s etc that run streaming Video plus I have the SPA3102 )
The 5508 is running code 220.127.116.11. I have created a group interface for 3 subnets and assigned the group to the WLAN. Clients are getting IP addresses in a round robin fashion. The issue or downside to this is if the lease has not expired before the next time the station connects to the WLAN it consumes an address on another subnet instead of grabbing the unexpired lease IP address on it's previous VLAN. It seems that the WLC determines the VLAN in the interface group before the DHCP request from the client in case the client already received a DHCP address that has not expired. This can be problematic since we have seen some iPhones requesting an address every 20 minutes thus consuming an address on every subnet in the interface group. Other than setting a lease time extremely low what can be done to address this?
I have a Netgear GSM7248R switch with 5 different Vlans including th management Vlan. Each of the vlans are connected to my layer 3 switch for routing. I want to access the management vlan form any of my Vlans so my layer two switch can be detected by my snmp manager.
I have a 5508 deployed, what I'm trying to do is configure it so that it can be accessed with AD credentials, I'm not talking about accessing the wifi network, I'm talking about logging onto the controller itself for management purposes. We havea few people our team, and it would be alot easier if each of us could log into the controller with our own AD logins. Is there a link that can assist me in accomplishing this, I haven't been able to find one.
I setup a WLC5508 with 2 SSIDs, one for guest traffic and another for internal users. They are in separate subnets and are routed out to the internet via 2 different isps, with the guest network going over a bonded t1 and the internal users going out the primary internet connection for the company. While this works as desired and we've verified that while on the guest network we're going out the right isp, we've encountered an issue with saturation of the bonded t1 pipe by guests. We'd like to find a way to limit a guest to a capped down/up stream if possible, with downstream being the most important. The infrastructure includes 3560 switches and AIR-CAP3502I-A-K9 access points.
We are installing a 2504 with management on VLAN2. The management port is on interface 1 which is attached to a layer 3 3750. From other VLANs in the network we cannot manage the 2504 controller with the web manager. We are running the latest code, 18.104.22.168, since we are using 3600 APs. We have a TAC case open, but spent 3 hrs with them and they can't figure out the problem. TAC did some debugging and saw that the 2504 is ARPing for the address of the PC on the other VLAN instead of sending the packet to its default gateway. How to get success with the management interface on a VLAN and managing the controller from another VLAN?
I'm having an issue with the 5508 management port .. I can't seem to ping it from the switch connected to it .. ( the Show cdp command shows that the two can see each other .. but no ping is possible ! [code]
We faced one recent issue with WLC configuration behavior and explaining our observation and workaround we did.Requirement is to manage the WLC (5508 with 7.4 code) using two SNMP managers in different locations. Also these two Servers should use the same community string to manage WLC.
We were able to configure the SNMP community string for one server IP (to allow access) through GUIWhile trying to add another Server – IP with same community string – it didn’t allow As per the configuration guide, Controller can use only one IP address range to manage SNMP community. So we cannot configure the same community string to allow only two different server IP addresses [code] We currently configured the major subnet ( 10.x / 8 - two match both server addresses) and it works fineAlso when we tried 0.0.0.0 / 0.0.0.0 , it didn’t work (SNMP was failing)But this creates a security issue wherein anybody can poll the WLC.
I'm setting up a new 5508. I've used the config from a 4402, have successfully connected to the Service port to manage the device, but for some reason cannot connect to the Management interface. In this case, port 1.
The service port is connected to a Catalyst switch and grabbed an ip address (10.2.x.x subnet) no problem. I can access the 5508 via https using the SP. However, port 1 is connected to the same Catalyst switch, but on a different vlan (subnet 10.20.x.x). Both ends show that the interfaces are up, I can ping the interface from any other host on the network, but when I try to manage the device via https I cannot connect. We are using WCS and I cannot add the device from the WCS. About all I can do is ping that interface.
I didn't design the job, but is pretty straight forward, except the following, the design has a single wlc 5508 with 2 physical connection between two non cisco switches. There are 2 initial WLANs to be created. I am ok with most of the wlc config execpt the following:
Now from my understanding of everything I have read recently, you can't use LAG on the 2 physical connections if they connect to 2 seperate switches, unless, although not offically supported, the 2 connections are on either 2 3750s in the same stack or a pair of 6500s running VSS. So I believe that in my case 2 seperate connections from the wlc to 2 non cisco switches will not work with LAG. Is my understanding of this correct?
Is there a way to maintain the 2 physical connections from the wlc to the 2 non cisco switches to maintain redundancy?The wlc will have a management interface obviously, but from what I have read, the 2 WLANs that are going to be created have to have their own interface on the WLC. Which I understand as the managment int and each of the 2 WLANs are on different subnets.
If I don't use a single uplink to one of the non cisco switches (either 1 or 2 physical connections) using LAG, it appears to me that each of the interfaces ( management, wlan1 and wlan2) need to have a physical connection from the WLC to the switch, with each interface mapped to a physical port on the WLC, so correct me please if I am wrong, but this would mean I need 3 physical connections between the wlc and the swtich?
After I've upgraded software to the v7.3 and applied AP-SSO it made imposible to access the controller's gui via Service-port. So we tried to access it by management-port, but there is some problem too. It is not working from another subnets. But default gateway on management vlan is set correctly and I even tried to turn of all acl's on switch. WLC is only accessible from the same network. But at the same time wlc is replying on ping fine.All other protocols cannot connect to the controller.
I have 2 x 5508 Wireless Controllers, 1 mgmt port on each as standard. I noticied something different between these controllers running the same code.I can bound a physical port to the mgmt interface on one controller but not the other (both interfaces are untagged)see below, this config appears on one controller but not the other? Is this something to do with the initial setup? How can I add Phyiscal information to the other controller mgmt interface, I cannot delete the mgmt interface. Physical InformationPort Number Backup Port Active Port Enable Dynamic AP Management?
I have a WAP321 I am trying to set up. It's connected to gi1/23 and the switch system mode is set to router. The rest of the network works just fine.I have an SG500-28p and the port. [code] On the WAP321 wizard, configured IP address on my management vlan and also configured the default SSID on that vlan. That works. (I plan to remove that one) Then I add the two SSIDs for vlan 20 and 22 (private and public access) and I can't associate to either of the two additional SSIDs. I haven't configured any other settings beyond the wizard and adding the other two SSIDs. I do want cisco mobile ios (jabber) to work on the private network and also do have a couple spa525g2s that need to connect wireless.
I am working to configure AP541n AP, is able to connect to the AP wired, assign AP static IP with proper subnet mask & default gateway, when it's done, everything looks perfectly, but since I changed the management VLAN ID from 1 to 2, I can't even connect to the AP wired from the PC, why does the change matter?
I'm setting up a new 5508 WLC (the first wlc I have ever setup) and I have my WLAN setup with our existing WPA/TKIP ssid for transitioning our clients from our existing autonomous system to the wlc. I have selected PSK as the key mgmt and I can get the client's to connect for a few minutes but I keep seeing these errors:
Fri Aug 21 08:50:05 2009 Client Excluded: MACAddress:00:21:00:f9:dd:50 Base Radio MAC :00:23:eb:27:e3:b0 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4
I don't have nor do I want 802.1x enabled. Is there something I need to disable either on the client or the controller?
We've encountered problem from the last few days with DHCP on certain SSID's. We have a wireless network with 13 SSID's being managed by a WLC 5508 pair configured as high availability (52 AIR-CAP3502I). Yesterday we encountered an issue with DHCP on a few of the SSID's but not all, and as a last resort a reboot of the controller fixed the problem. Statically assigning addressing allows for traffic to traverse the network out to the web and back so I don't think it's a VLAN configuration issue on the wired side. It's worth mentioning however that the controllers are configured for a LAG to HP switches. DHCP is being handled by an external windows DHCP server and the primary server address points to the gateway which has a relay configuration pointing to the windows server on the other side of it. Again, rebooting the controller fixed the problem and the web traffic traverses fine if statically assigning addressing.
I am very interested in the new 7.3 feature HA.Also I can read that it is recommended to connect the two WLCs directly. How to use a L2-VLAN between them, in fact to bridge a distance between two data centres?
I am having trouble getting DHCP working for a site connected using Flex Connect. Here is my setup. I have a single 5508 Controller at one site using the 10.3.0.0 network. All AP's at that site are in local mode and use the local DHCP server, 10.3.0.2. Everything works fine there. Each site uses a different SSID as well.
At my second site, 10.4.0.0, all AP's there connect back to the controller at the site above and are in Flex Connect mode. The AP's work fine and the clients work fine there but they get an IP address on teh 10.3.0.0 instead of the 10.4.0.0 network. If i setup the SSID at this site to override the DHCP server settings and tell it to use 10.4.0.2, which is our local DHCP server, the clients don't get an address at all.Is this simply a matter of setting an IP Helper address on the router where the WLC is located or is there more to it than that?
I have a 5508 controller at our headquarters and am installing some 3502 AP's at a remote branch. Unfortunatly, the remote branch has a different Vlan setup for some reason and the vlan that is used for the WLC (90) is designated for telephony at this branch. Can I put the AP's on a different VLAN (10) without having any issues? I will still use DHCP option 43 to point them back to the controller. Below are the configs for the WLC interfaces and what I am proposing for the AP interfaces:
Can I change the untagged vlan on a 1131 to a new vlan. I need to move my management vlan from 10.1.1.1 on vlan 1 , to 172.16.0.1 on vlan 200. I attempted several configuration options including removing the vlan1 ip, changing my new vlan200 to untagged and mirroring it on the switch, and adding my new ip to vlan 1 untagged and then untagging the switch with access vlan 200 on the connected port. Nothing worked.
Below is a sample of what I changed:
interface Dot11Radio1 no ip address no ip route-cache
I'm trying to verify some behaviors I'm seeing with my 5508 controller setup, I've zero experience with this hardware and clueless on the best practices. With that said... out of the box I ran through the AutoInstall process.
I gave my service port an IP address on my subnet, 10.10.8.0/24 vlan 100 and gave the management interface the ip address 10.10.30.5/24 vlan 130
From my host I can ping the management interace 10.10.30.5 and the interface gateway 10.10.30.1 I cannot connect to the controller via 10.10.30.5 either through the web GUI or telnet I can connect to the controller via 10.10.8.200 both through the web interface and telnet while connected to the service port, I can ping the management port IP but I cannot ping the 10.10.30.1 gateway.
We have attached two test 3502I AP's and they found the controller and pulled correct ip addresses, clients can authenticate and access network resources as well as the Internet so for the most part, things are working but it concerns me that the management interface can't ping its own gateway.
I have Internal DHCP Server configured on the Cisco WLC 5508 and all is working fine. DHCP Range is 192.168.1.100 to 192.168.1.245. Now I created another SSID but I want clients connecting to this SSID get specific IP's or from a specific range. WLC has no option to bind a DHCP pool to a specific IP so what I did I checked the option to "Override DHCP" and added the IP of my firewall WLC is connected to and setup a DHCP Pool on that firewall as 192.168.1.89 to 192.168.1.94 (192.168.1.88/29).
Client can connect to the second SSID but can't grab and IP address, what am I missing ?
At customer site we have a wireless lan installed with wireless lan controller 5508. This works fine but the customer wants to add wireless bridge WET200 into the network. The problem is that the bridge seems to authenticate and associates with the LWAPP but does not get an ip-address.