Cisco Wireless :: WLC 4404 HREAP Local Switching And VLAN Allocation
Nov 23, 2009
I have a tale of woe for you who may be considering Hybrid REAP with local switching.
My client has a varied configuration, but the requirements basically screamed HREAP with local switching. They have 15 sites, had already purchased a single WLC 4404 and they needed between 4 and 24 APs at each of the sites. Each of these locations are connected by a WAN link of good quality, but only a single link so there is no assurance of availability; the client has local resources so it would be useful if wireless stayed working during an outage.
So I setup the WLC for HREAP local switching. I setup AP Groups VLANs, but I noticed it had no effect on the VLAN allocation for HREAP. This was unfortunate, because not every site has the same VLAN configuration - some sites had a L3 switch and others only a L2 switch. But I suffered through this and configured each AP manually with the appropriate VLAN mappings.
The infuriating thing, is now that they have bought a second WLC 4404 (they expect to increase the number of APs beyond 100) all these VLAN mappings are messed up when APs connect to the second WLC. I've been going through them one by one again - it is really unfortunate that the AP Groups VLAN mappings don't apply to HREAP local switching.
I'm going to get back to the next 80 APs - but if some of you have a system for handling the VLAN mappings of a large number of APs.
View 4 Replies
ADVERTISEMENT
May 22, 2013
I have one cisco wlc 2112 with ios 7.0.230.0 with license to support 12 access points. My access points are nine (9) lap1231ag and one (1) lap1310.I just have one wlan (ssid). My scenario of deployment is in layer 3. I have one interface management and ap manager in the WLC. All my Access Points have differents ip address that WLC. I need to configure a unique ssid to associate my six (6) dynamics interfaces (each dymanic interface with different vlan subnet).Each wlan profile (ssid) should have the same security in phase 2 (wpa2/psk). My cisco access points don't support hreap. My wlc support only (4) interface into an interface group, and i need six (6) dynamics interfaces.
View 6 Replies
View Related
Apr 19, 2012
I am trying to find out wether it is possible to allocate bandwidth on a per-vlan basis.
We have multiple satellite connections coming into our infrastructure over a single gig ethernet cable from another service provider. The provider provides the connectivity on layer 2 and we are responsible for layer 3 connectivity for the clients on the other side of the satellite connections. The single gig ethernet cable is currently plugging into a Mikrotik 1100 router on our side, setup with VLAN ID and IP Addresses and everything works perfectly. The challenge now is that whilst we only have the one satellite client connecting, we can limit the bandwidth on the ethernet port to 512k for example which limits the client to only have 512k internet breakout. In the future, we need to be able to limit bandwidth as multiple VLAN IDs will be coming over that single ethernet cable and I'm not sure if one can do this at all.
View 4 Replies
View Related
Jul 31, 2012
10 Access Pointd 1142N setup on vlan 10 and the controller management is in vlan 10.
They get DHCP IP addreses from the controller itself!! I do not have another DHCP server.
Here is what I get wich debug capwap event and debug capwap packet
(Cisco Controller) >*spamReceiveTask: Jul 31 12:21:41.283: <<<< Start of CAPWAP Packet >>>>*spamReceiveTask: Jul 31 12:21:41.283: CAPWAP Control mesg Recd from 10.128.186.104, Port 51743*spamReceiveTask: Jul 31 12:21:41.283: HLEN 4,
[Code].....
View 9 Replies
View Related
Sep 16, 2012
I have currently Ciso4404 WLC installed which is in vlan4001 with the 172.16.10.0/24 subnet
I have bought Cisco 5508 WLC recently as AP count is increased... Can I install it in same vlan and subnet? If yes what would be the setting for APs to join... If no how can I configure it with other vlan and subnet..
View 1 Replies
View Related
Aug 1, 2012
We normally interconnect an ethernet VLAN via a bridge-group to an ATM PVC like :
interface ATM1/0.162055
bridge 10
pvc 16/2055
encap aal5snap
!
interface port-channel1.10
[code]...
This works fine on our 7206VXR's (IOS 12.4(24)) but the limit on bridge-groups is 256 which is not scalable enough.Earlier i was reading on [URL] wp1170945 for L2 switching an ATM PVC to an Ethernet VLAN which interested me because of the simplicity of it. According to the manual, the corresponding config would be :
interface ATM1/0
pvc 16/2055 l2transport
encapsulation aal5snap
!
!
connect atm-eth-vlan-con atm1/0 16/2055 GigabitEthernet0/1.100 interworking ethernet
I've got the following questions :
- Can i terminate the ATM PVC to a port-channel or is it implicit when i configure gi0/1.100?
- Are there any limitations on the amount of connects on the 7200VXR with the IOS i'm using?
- Are there any other caveats i didn't think about?
View 1 Replies
View Related
Mar 4, 2013
I have one cisco Nexus 7000 with version 6.1(2).I created 3 VDC
ADMINCOREsecurity
I have configured 1 - 45 ports for Core and 46 - 48 ports for Security.Now I am not using the VDC Security and I tried to move the assigned ports 46 - 48 from Security to ADMIN.Switch accepted the command .But the ports are not visible on ADMIN VDC.Now it is not showing on Security VDC also. I need this ports in ADMIN VDC
View 6 Replies
View Related
Jan 2, 2011
I need to configure these qos settings in a C2960S. [code]How I calculate the buffer allocation needed? [code]
View 4 Replies
View Related
Sep 27, 2012
I just bought a Catalyst 2960S to test out the feature "Port-Based Address Allocation" which is required for our factory. I followed the instruction from Cisco IOS and did all the steps but I could not get it to work, my network client did not received the expected IP address that I configured.
View 8 Replies
View Related
Nov 15, 2012
Does the 2960 switches with LAN-Lite support DHCP Server Port-Based Address Allocation?
View 1 Replies
View Related
Mar 1, 2012
I have a wireless network with two WLC 5508 controllers and 220 LWAPs in the same location as the controllers. All APs are currently in local mode. I run a few guest networks as well as some other client networks. One client in particular uses their network to connect mobile machines to their VLAN. The only issue is that the machines do not have wireless adapters. Instead, the manufacturer put inside the chassis, a D-Link WGB, which has an ethernet cable, you then have to plug into the ethernet port. These devices cannot seem to connect to the network. I have found, the WGBs do associate on the network, but the wired client behind it cannot pass traffic onto the VLAN. I have also tried connecting PCs with different SOHO style WGBs from different manufacturers with the same result.
After going through Cisco's documentation, I found that using 1230s in WGB mode can resolve this issue since they use IAPP to communicate the MAC table of the wired side clients they service back to the controller. I have configured a 1230, and used it as the WGB for the client machine instead of the D-Link and it does seem to work, but this would mean configuring a considerable number of 1230s to hand over to the client.
The first question would be, Is there something I am missing that I would need to do in order to allow SOHO style WGBs to forward wired side client traffic onto the network while LWAPs are in local mode? Or would the WGB NEED to support IAPP?
The second question is that, I may have found another solution to this already, but would like some input prior to committing.
This client also uses these same machines with the same WGBs inside the chassis at another location where the client operates the network themselves. They also use the same WLC model with the same version, and same APs. The only difference is that they use H-REAP mode with local switching.
I also tested this idea, and it seemed to work. With the AP in H-REAP mode, and the client's WLAN set to local switching, the machine and WGB connected with no problem.
So the question with this, would be; would there be any disadvantages in running all 220 APs at this location in H-REAP mode? What would I be losing if anything? Also, I would like to keep all other WLANs centrally switched.
I understand what the difference would be for this client's WLAN if I ran in H-REAP mode with local switching, but what would the difference be in the other guest WLANs if I set them to be centrally switched? (Is there any difference between running APs in local mode vs running APs in H-REAP with central switching?)
View 2 Replies
View Related
Aug 9, 2011
How many AP in h-reap mode recommend with WAN link 512k ?,i have read in document it show h-reap mode must requirement minimum link is 128k for connect to wlc but i don't know this requirement for 1 ap or all ap to connect across WAN to register and send traffic across WAN. Because now i have 2 site HQ -> Branch (link 512k) it can use for this solution.
View 4 Replies
View Related
Apr 8, 2013
I have quick question about wlc software version upgrade : currect version of 5500 WLC : 7.0.220.0,However i am planning to upgrade to version 7.2.110.0,currectly all remote site AP's are connected to this WLC , nearly 150 AP's all are in H-reap mode however once i upgrade to 7.2.110.0 version , all default should come into Flexconnect mode.Do i need to make any configuration or any changes in AP's to get Flexconnect mode or will it be default mode as Flexconnect mode in new version of WLC ?
View 1 Replies
View Related
Feb 23, 2012
We have standart wireless deployment with 24 APs (1240G model) and wireless controller 4402-25 placed on same site.Most of clients (WMS RF terminals ) works with one WLAN (WPA2-PSK) and constantly roam over warehouse , and that works great.
But for better survivability(when controller dies) we are trying to configure HREAP on our APs with local swicthed local auth WLAN. And that also work , but client roaming occur much more slowly and RDP connection to WMS APP server sometimes stuck for 2-5 sec.Disabling "local switching" checkbox for WLAN make roaming almost momental.
And slow roaming are price for controllerless HREAP design ? And for fast roaming and survivability we must use N+1 wlc?
View 3 Replies
View Related
May 22, 2013
I have been having an issue with random AP3602I's in HREAP mode disassociating from the 5508 controller. These AP's are in remote offices with 70Mb WAN back to the controller. Randomly one or two AP's disassociate from the controller and I have to bounce the switchport to bring them back online. The WLC is running 7.2. Again this only occurs to one or two AP's not all of the AP's.
View 8 Replies
View Related
Jul 30, 2012
I have a Cisco 5508 setup at a host site with 3 other sites connected using hreap on 1252APs. When doing testing of network speed I find that the throughput from the wireless to wired network is at about 18mbps yet the same test on wired side is 85-100mbps and wireless to wireless is 18mbps
View 4 Replies
View Related
Aug 8, 2012
I'm configuring AP in Hreap mode. Objective for me is th have a "plug & play" installation method for HREAP. I configure on HREAP AP, Native VLAN set to 1 and the WLAN and Vlan mapping for the current wlan is set to 1 too. WLC version is 7.0.230.0 and AP version is 12.4(23c)JA4
on my cisco switch (WS-C3560-24PS with 12.2(55)SE1), the port configuration is as below:
switchport trunk encapsulation dot1q
switchport trunk native vlan 45
switchport trunk allowed vlan 45,74
switchport mode trunk
no logging event link-status
no logging event power-inline-status
no snmp trap link-status
spanning-tree portfast trunk
spanning-tree bpduguard enable
AP receives a DHCP IP in Vlan 45 and users connected in vlan 45 too. I would like to undestand why the AP is working properly because normally vlan 1 is not configured as allowed vlan on my switch and the native vlan is dedicated only to untagged ethernet packet.
View 1 Replies
View Related
Nov 19, 2012
We have a WLC 5500 connected to a 2960 acting as core switch. there is a server attached to the switch , bearing all dhcp pools for lan and wireless users. Can the wlc or the switch be configured in such a way that the wireless users associating to the wlc get their ip addresses from the dhcp pool configured on the server. Can the configuration can be shared for such a setup.
View 5 Replies
View Related
Dec 18, 2011
Lets say I have the following topology.
DataCenter<---Etherchannel(2)-->BuildingB<---Etherchannel(2)--->BuildingA
There arer 3 stacks of 3750 at each building. The core switch/router in our network is at location B. The way it was originally setupis every L3 device has an ip address for each lan. So let's say we have VLAN 200 withnetwork 192.168.200.0/24. The DataCenter would be assigned (192.168.200.3), Building B would be assigned (192.168.200.1), and Building A would be assigned (192.168.200.2). I'm configuring the DC and BA to be L2 only and Building B to be the only real router in the network besides a few ASAs. When I ran a 'no ip address' on the vlan interface on Building A, the internet connectivity for 192.168.200.0 dies, but local connectivity is fine. After doing some research and troubleshooting, I found out that if I set the next hop on the ASA for the local networks for an IP address on building B everything works perfectly.
The way the routes on the ASA are setup for local networks are as follows.
All local networks have ip route localnetwork mask x.110.215.17. This address is the IP address of the inside interface on the ASA. Now, when I kill the IP address on the vlan interface on Building A internet connectivity goes down, while the next hop is still pointed to this address, BUT if I give it a next hop of the vlan interface ip address on B everything works fine. Now, I can easily fix this, I was just wondering why this is happening?
View 1 Replies
View Related
Jan 13, 2013
limit the bandwidth used by certain wireless devices on my network. The problem I'm having is of priority. For some reason when someone is watching Netflix on my laptop (wireless) no other device has any bandwith available to it, so while someone is watching Netflix my hard wired desktop can barely load Google.com much less do anything useful.I'm using a Cisco ValetPlus M20 wireless N router.allocating at least a minimum amount of bandwidth to wired devices?
View 1 Replies
View Related
Nov 14, 2012
We have configured following commands on switch to fallback to local Vlan if both radius server (policy persona's) is found dead. For test purpose we shutdown both servers (policy persona's) but fallback didn't work. We have 3750 switch running image 12.2(55)SE6 having following configuration.We do not know whether we configured switch in proper way or do we need to modify it. [code]
View 5 Replies
View Related
Jan 10, 2012
Between our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies
View Related
Jan 10, 2013
I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
View 4 Replies
View Related
Mar 31, 2013
i need to solves this little problem on 2960S lan BASE but i dont know if it is possible.
Uplink port config for gi 1/0/28 is:
switchport mode trunk
switchport trunk alloved vlan 10,11
but on interface gi 1/0/1 i want to have data from vlan 10 tagged as VLAN 20.
At this time i have solved this issue very primitively
I have set up gi 1/0/2 as int mode acces, acces vlan 20 and i have connected gi 1/0/2 with gi 1/0/3 with eth cable. int gi 1/0/3 is switchpor mode acces, switchport acces vlan 10
View 4 Replies
View Related
Sep 16, 2012
I have a 3750G switch in my production network that only has VLAN 1 on it. All ports are in a default state and VLAN 1 is disabled. The switch is passing traffic but shouldn't having the default VLAN shut down cause the ports not to pass traffic? If I start to create VLANs will that cause the switch to stop passing traffic?
View 4 Replies
View Related
Jun 13, 2011
I am trying to setup a L2tpv3 VLAN-to-VLAN tunnel.My setup has two Cisco 890 router with Cisco IOS Software version 15.0(1) M4. These routers are connected directly on FastEthernet port 8.
One linux machine is connected on FastEthernet port 0 on each router. The two linux machines are on same vlan. I am trying to establish a vlan-to-vlan tunnel between the routers and send traffic between the linux machines.
I followed the case study 11.4 from [URL] and configured the l2tp-class and pseudowire-class. However, the vlan interface configuration is different on 890 router.
I configured a vlan interface as follows.
(config)#vlan 200
(config)# interface FastEthernet 0
#shutdown
#switchport access vlan 200
(config)# interface vlan 200
I don't see the 'xconnect' command in this context. What's wrong with my configuration?
View 3 Replies
View Related
Nov 20, 2012
We have a low bandwith (15-20 Mbit/s) to the ASA from our Client vlan. If i connect the Client to the same vlan as the ASA is, the bandwith (90 Mbit/s) is good.
Here are the Layer 3 Design:
Client -> vlan 2 - Switch - vlan 7 -> vlan 1 - ASA 5505 -> ISP
The Layer 2 Design:
Client -> Gig2/0/13 - Switch - Gig4/0/43 -> Eth0/1 ASA5505 -> ISP
IP Address:
Client: 172.16.2.10Vlan2: 172.16.2.1Vlan7: 172.16.7.1ASA: 172.16.7.2
I assuming the switch has a problem with routing ?It is a stacked Switch with following members:
switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-24tsswitch 3 provision ws-c3750g-24tsswitch 4 provision ws-c3750x-48
And we have following error message in the log from the switch:
%PLATFORM_UCAST-4-PREFIX:
One or more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded I first get the idea that the switch is overloaded with router traffic. Thats why i assuming i have to check the sdm templates, but i'm not sure if this resolves the issue.
Here are the relevant config:
ASA Interface on the Switch:
interface GigabitEthernet4/0/43description ASA-inside LANswitchport access vlan 7switchport mode accessspanning-tree portfast
Client Interface on the Switch:
interface GigabitEthernet3/0/1switchport access vlan 2switchport mode accessswitchport port-securityswitchport port-security aging time 2switchport port-security violation restrictswitchport port-security aging type inactivitymacro description cisco-desktopspanning-tree portfastspanning-tree bpduguard enable
[code]...
View 2 Replies
View Related
Oct 4, 2012
I have a T1 connection to one of my sites, I am running HREAP with 4 AP's. I have been noticing a spike in traffic from my AP's to the WLC. Even when no one is on the wireless. When you use encryption (DTLS) should this cause spikes on the T1 ?
View 2 Replies
View Related
Nov 20, 2011
I have a new deployment of 44 3502i AP's in 3 buildings at one of my campus'.The 5508 wlc is running latest 7.0.116.0 code.I have some users who take their work with them as they go from location to location on this campus.They need to be able to smoothly switch from AP to AP without having to reauthenticate each time the next AP takes over in the handoff.On the ssid in question we run 802.1x back to 1 auth server; there is no failover auth server.All APs are in one AP Group.My thought is to add all 44 of the APs to one HREAP Group.
View 4 Replies
View Related
Jun 28, 2010
I have this Wireless deployment :
Main Site: WLC AIR-CT5508-50-K9
WCS 6.x for 50 APs
(32 ) AP 1140
02 Remote Sites : 03 AP 1140 using H-REAP
Now, my company is considering to implement a wIPS solution, so i planned to install in the Main Site a MSE3300 and (01) AP 3500e as a wIPS AP Monitor in the remote sites,
Need to confirm:
A) Can an AP3500 work with HREAP and as wIPS monitor AP at the same time? or in other words, if it is possible to have an AP wIPS monitor far away from the WLC (over the WAN)?
B) What are the requirements of WAN link if I want to install a Centralized MSE 330 Engine,which perform the wIPS solution in all the network.
View 2 Replies
View Related
Mar 20, 2011
I have two sites.Main site (local) has two Vlans: Vlan1 and Vlan2. Each has its own IP address range.VLAN 1 is the default Vlan and is used for CORPorate traffic. IP range 10.33.4.*VLAN 2 is for guest access to the internet IP range 10.10.10.*I have a WLC4402 on the this site with 2 WLANs: CORP on Vlan1 and GUEST on Vlan2.
Branch site (remote) which has 2 Vlans: Vlan1 and Vlan2. Each has its own IP address range.VLAN 1 is the default Vlan and is used for CORPorate traffic. IP range 10.125.15.*VLAN 2 is for guest access to the internet IP range 10.10.11.*I have an 1141 on this site using HREAP.
Locally, if you connect to CORP, you get a CORP ip address and access to CORP network. If you connect to GUEST, you get a guest ip address and guest access to the guest network. Simple so far....
Remotely, if you connect to CORP, you get a CORP ip address 10.125.15.x and access to CORP network (great). If you connect to GUEST, you get a CORP ip address 10.125.15.x and access to CORP network (not great). This is with the HREAP native vlan ID for the access point set to 2 on the controller.If I set the native vlan ID to 1 on the controller, I can not get an IP address at all.If I do not set the native vlan ID on the controller, I can not get an IP address at all.
View 2 Replies
View Related
Dec 6, 2011
Trying to implement HREAP over WAN between main and remote site. The WLC4402 is on main site. There will be a secondary DHCP at the remote site. Does the switch at the remote site any preparation?
View 4 Replies
View Related
Oct 9, 2012
I have a Cisco WLC 4404 with version software 7.0.230.0 and it gived me a this logg
Oct 9 15:43:08 192.168.122.34 WLC_4404_CC: *osapiReaper:
Oct 09 15:41:49.549: %OSAPI-3-FILE_OPEN_FAILED: osapi_file.c:370 Failed to open the file : /proc/895/stat.(erno 24)
View 3 Replies
View Related
