Cisco Wireless :: WLC 5508 Implementation - Some Users Losing Connectivity
Dec 3, 2012
We are implementing a WLC infrastructure in our company following the below scenario:
- WLC 5508, OS 7.2
- APs AIR-LAP1142N-T-K9
- 3 Wlans (1Open w/ Web Auth, 1 WPA2 and 1 802.1x)
Issues:Everything seems to be fine, but some users loses connectivity (when connected to 802.1x network) at least 3 times by day.
- I cannot see anything at WLC logs concerning the association/deassociation of any of these users.
- Only strange line in the logs is "RADIUS server 172.21.44.50:1646 deactivated in global list" (authorization server config)
- Also I see some "Coverage hole pre alarm for client" but that doesn't look like a problem...
View 6 Replies
ADVERTISEMENT
Mar 30, 2011
Noticed the last couple days that pages weren't loading on my laptop. Looked at the network status for the laptop and noticed that my network speeds would fluctuate from 54Mbps to 1Mbps, and various speeds in between. I had never had this happen before (I've had this router, a Linksys, for about 6 years). I thought maybe something was going on with the laptop. Grabbed my wife's laptop and she had the same issue. So, I checked the wired towers - their speeds are running at 100% all the time, no fluctuation. So, it has to be something with my router, but I'm not familiar with how to diagnose, etc. The router has a 3rd party firmware (DD-WRT) flashed on it, in case that matters. But I've had that on there about 4 years, nothing new. I've done a DHCP release and renew.
View 14 Replies
View Related
Jul 13, 2012
My wireless users are loosing the internet(http and https) connection many times per day. I just check the ports configuration in the switch, but The problem persist. The device is a Cisco Aironet 1130 AG.
View 4 Replies
View Related
Apr 4, 2011
I have a DIR-625 router that has been acting odd lately. Several times a day at random my devices (laptop, android phones, PS3) will lose internet connectivity from my wireless network. They say they are still connected to the network but I am unable to access the internet or even the router config page. Everything works fine on Wired LAN computers. The only way I can fix it is by unplugging the router for a few seconds. I have had the router for over a year now without this problem. Seems like it may have started when we got our android phones.
View 6 Replies
View Related
Jun 24, 2012
I have a UC520 in a building with several IP phones. We installed a WLC526 and two AP521's for seamless roaming of cordless phones. THe phones work great with no issues. When I am running a ping test on a wireless laptop, i keep loosing packets. It looses connectivity randomnly. DHCP is given via Windows 2008R2 server. Have a cisco 2948 switch also in the mix. THe AP's are connected directly to teh front of the UC520. Why do phones work perfectly and not data?
View 2 Replies
View Related
Sep 7, 2011
our autonomous 1252APs. It loses network connectivity irregularly and ends up disconnecting everyone. It may stay up from a few days to a few weeks. I don't see any log messages that give any clues to why it is doing this. We have 30 of these working worldwide (on the same software level and same config) and this is the only one having the problem.
Things I have tried: Changing software levels - there is a code level where it didn't seem to have this issue, but I can't run it because then I'm unable to monitor it in our monitoring system. Swapping out wireless access pointsRe-terminating the cable on the AP side, it was really difficult to get the network cable into the AP while swapping it outBlocking a company test piece of equipment from connecting using the mac address filtering (it connects with one of their test IPs - weird) – I still see it connecting though I don't see high utilization on the switch port when the issue happens I had a few cases open with TAC, and they were unable to find anything wrong - gave them sh techs of prior to the event and after the event. It was one of those where the tickets were open for a weeks with no updates.
View 9 Replies
View Related
Aug 21, 2012
I have the model AE1200 usb adapter and its been working great for over 6 months, but lately it has been inconsistently working. It has stopped working then i have to reset the adapter and then it will work for a little bit and then it will do it again. is this a common problem or is it likely my adapter is failing? Is there an update that i am missing?
View 1 Replies
View Related
May 18, 2011
I recently purchased a Belkin F5D8053 N Wireless USB Adapter after my 6 year old adapter was unable to see my home network in the network list.
I installed the software but the adapter wouldn't connect to my home network so I reinstalled and updated the driver, still wouldn't work. Finally about 2 hours later it just randomly connected. Now it has been frequently (1-2 times a day) losing connection to my home network for around 3 hours, it can see a dozen networks in the list with full signal strength but won't connect to any at all then connects to my home network again several hours later.
I have switched between the Windows connector and the Belkin one and tried all 6 USB slots with no luck. I contacted Belkin support and they told me to try the device on another computer and see if the problem still happens but I don't have another computer to test it with.
I suspect this is a problem with my Windows installation rather than the hardware or router as my old card would freeze once every couple of days and was only fixed by powering off my computer as Windows was unable to kill the process to restart it.
View 4 Replies
View Related
Sep 7, 2010
Issue with Linksys E3000 router (firmware 1.0.02). I'm experiencing issues with the following wireless connections:
-iPhone 4G (wife's)
-iPod Touch 2G
-PC with wireless connection (non Linksys brand adapter)
-Acer NetBook (non Linksys brand adapter)
The issue is the connection gets interrupted and dropped, but the devices and the router DHCP clients table show the connections are still present. By interruption, I mean no data traffic is being transmitted.My wife's iPhone 4G and my son's iPod Touch wifi both show they are connected to the home network, complete with wifi bars being displayed, and the checkmark is present next to the home network connection in the the device settings for both. When I check the E3000 DHCP clients table, both Apple devices are listed as holding a connection. Yet both devices display network errors when trying to use any app that connects to the internet. By restarting the wifi connection on each, the connection is restored to the point where traffic now transmits. My wife and son estimate it is after about 10 minutes that they encounter the interruptions.
On the PC and NetBook, the connections have to be terminated and reconnected. I have not timed these to see how long before the connection becomes problematic.Interestingly, my ASUS laptop and my iPhone 4G do not have the issue, nor does my work laptop (Dell).There are no timeout parameters in the router config. Closest thing to it is the Beacon Interval, but I don't know which way to adjust it (up or down) to manage the devices that are experiencing interruptions. I have not made any interval adjustments...at this time, everything is set to default settings.This E3000 replaced an aging WRT54 (hardware v2) router so that I could have an N router in the house.
View 9 Replies
View Related
Jan 17, 2013
This problem only seems to affect one of our sites. Every once in a while, several APs would lose link to the 5508 and get stranded. The only way to fix the issue is either to power cycle, or better yet SSH into the APs and use the command "capwap ap controller ip address x.x.x.x", and then they'd automatically rejoin the controller. At first, I thought network hiccups caused the APs to lose connectivity, but there's none that I could find. I have the primary/secondary controller IPs configured in them as well. See log below:
[previous log entries show AP working as intended, then...]
*Jan 18 05:29:29.632: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_ECHO_REQUEST
., 1)
*Jan 18 05:29:29.632: %LWAPP-3-CLIENTEVENTLOG: Switching to Standalone mode
*Jan 18 05:29:29.645: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Jan 18 05:29:29.645: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to [ommitted due to security reason]:5246
*Jan 18 05:29:29.704: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
[code]....
View 2 Replies
View Related
May 16, 2013
We had a system outage due to power problems a few days ago, and now our WLC is showing short term packet loss when monitoring it using SNMP. We also monitor it using ICMP, but that shows no packet loss. I looked at the interface statistics on the WLC and all of the switches in between and there are no errors to be seen. is there any way to troubleshoot this problem on the WLC? I am more familiar with IOS than the WLC CLI.
View 10 Replies
View Related
Aug 29, 2012
ISP : ShawPC >> SMC Modem/Router >> Netgear Router >> PS3 and Denon Stereo Receiver ( Both hardwired to Netgear Router), 2 Laptops and 2 Phones connected wireless- The reason I do not use the SMC as a router is because I was getting terrible wireless signal- When everything is working properly I am getting great speedsroblem : I keep losing internet connectivity. On the wireless devices I still have have great signal strength but no connectivity. I need to run netgear genie oripconfig/release/renew to get it back. It always comes back but this is annoying.It also does this on the PS3 and Denon which are hardwired to the router..as with the other ones if I reset the router or do a connection test on the PS3 it will fix it. Finds IP but no internet connectivity.My PC has also started to lose connectivity and I need to do a ip release/renew and it comes back fine.The fact that this is happeneing on my PC would lead me to believe that it may be an issue with the Modem/router. Are there some settings I need to change on it since I am only using it for modem purposes? I have disabled the wireless on it but I don't think that would be the issue anyways
View 14 Replies
View Related
Jan 5, 2013
Have WLC 5508 running 7.4 code; have wlan setup to allow access to internal network. Users on ipads should be able to connect to this wlan and authenticated via certificate instead of PSK. We have setup laptops that are part of domain to use internal CA for authentication to WLAN. Ipads are not part of domain so we are not able to use the same model, or can we use the same model for authentication?How to setup WLC to authenticate ipad users via certificate instead of PSK while connecting to the WLAN?
View 1 Replies
View Related
May 2, 2011
I have three 5508 WLCs, running code 7.0.98.0 supporting 100+ LWAPs in H-REAP mode. The LWAPs are servicing 2-3 WLANs each. Some are using central authentication and local switching, some are configured for central authentication and central switching. When the LWAPs fail from one WLC to another WLC, the LWAP's lose all of their VLAN mappings and pick up the VLAN of the management interface on the new WLC.
All WLANs are configured to use the management interface on the WLC and the VLAN mappings are configured per LWAP on the H-REAP properties tab. The WLAN ID numbers and all the WLAN settings are the same across all 3 WLC's. I have created AP groups on all 3 WLC's and the AP group config matches across the 3 WLCs.
I can get the LWAPs to keep their VLAN mapping by creating an interface on the WLC with the VLAN ID of the locally switched/remote site VLAN and then setting the interface for the WLAN to the new interface. However, then the WLAN doesn't work, because the centrally located WLC doesn't have the remote site VLAN. It also seems to keep the VLAN mapping if I create the locally switched/remote site VLAN interface on the WLC , and point the WLAN to the management interface. This shouldn't be a necessary step though... In H-REAP with local switching, the LWAPs aren't using the interface on the WLC.
I found a note in the 7.0 WLC config guide that explains why the VLANs are picking up the management interface VLAN, but that same note says the VLAN mappings can be changed per LWAP/WLAN!
From config guide: For hybrid-REAP access points, the interface mapping at the controller for WLANs that is configured for H-REAP Local Switching is inherited at the access point as the default VLAN tagging. This mapping can be easily changed per SSID, per hybrid-REAP access point
Using H-REAP and been able to get the LWAPs to keep the VLAN mapping when failing from one WLC to another?
View 9 Replies
View Related
Mar 23, 2012
I am having an intermittent problem with my network connection dropping out for no apparent reason.When it drops, I still see the lights blinking on the NIC card, but cannot pass packets even to the router.Windows does not report the connection or the cable as disconnected when this problem is occurring.The problem will persist until I disconnect and reconnect the CAT-5e wire, or disable and re-enable the NIC.As soon as I do one of those 2 things, connectivity immediately returns (and works for another hour or so).I am running a legitimate copy of Windows 7 Home Premium 64-bit on an HP Pavilion.All of the latest Windows updates and the latest firmware drivers are installed.My ethernet connection is a wired Local Area Connection with a static IP address, gateway and DNS.The IP address, gateway and DNS settings are accurate and work for several other computers here.[CODE]
View 1 Replies
View Related
Sep 19, 2012
I have an issue with my current network where every couple of hours I will lose my connectivity and it will not come back unless I do a power cycle on my router/modem. I originally thought the issue was with my router, however I'm beginning to think it's an issue involving the modem. I've tried two different routers and this happens on both. My main router is a D-Link WBR-1310 (crap I know but it was free) and has lasted for years, and my modem is a Toshiba PCX2500 from Time Warner Cable. The second router I used to test this was an older Linksys BEFW11S4. I was going to replace my router, but when I saw that both of them reset after a few hours (today was only 5, last night it was connected for over 8 hours as I slept). I ran an IPCONFIG /ALL when I was connected with internet and when I was connected without and the only three changes were: [code]
View 2 Replies
View Related
Mar 22, 2010
Have a WLC 5508 running 6.x code with LAP's providing wireless for our internal laptops (WPA2 and EAP-TLS). I want to provide guest wireless which goes out a different port on the WLC to a guest firewall/cable modem. However, we want to prevent our internal laptops from being able to use the guest wireless. I have RADIUS (IAS) and LDAP for my AD available. We would prefer not to have use Lobby Ambassador and just have the guests use a simple password or web passthru. Guests may be laptops or smartphones. What options are available? I have tried a test setup using dynamic vlan assignments from RADIUS using the IETF flags, but can't seem to get it to work. Is there a way to identify the SSID is being used at the RADIUS server?
View 13 Replies
View Related
Sep 29, 2012
I have a wireless 5508 with license base to 50 aps, i use a deployment flex connect. I already registered all my access points, I use web authentication to authenticate users guest, and the service dhcp is in the central site.
My issue is the users in each remote site, can not get an ip address by dhcp from the central site, they can authenticate in the guest ssid, but any users can not get an ip. The request is passing by the wan in this way
Central Site DHCP - Router WAN - Remote Site - Users with notebooks. I use flex connect central deployment (all the traffic consulting to the wlc) .
perhaps i should use local deploy? The wireless is in the central site.
View 17 Replies
View Related
Mar 23, 2012
I am having an intermittent problem with my network connection dropping out for no apparent reason.When it drops, I still see the lights blinking on the NIC card, but cannot pass packets even to the router.Windows does not report the connection or the cable as disconnected when this problem is occurring.The problem will persist until I disconnect and reconnect the CAT-5e wire, or disable and re-enable the NIC.As soon as I do one of those 2 things, connectivity immediately returns (and works for another hour or so).I am running a legitimate copy of Windows 7 Home Premium 64-bit on an HP Pavilion.All of the latest Windows updates and the latest firmware drivers are installed.My ethernet connection is a wired Local Area Connection with a static IP address, gateway and DNS.The IP address, gateway and DNS settings are accurate and work for several other computers here.The Network Interface Card is a Realtek PCIe FE Family Controller (VEN_10EC / DEV_8136 / REV_05).NIC Power Management, Energy Efficient Ethernet, and Link Down Power Saving are all turned off.On the NIC, ARP/Large Send/IPv4,TCP,UDP Checksum/NS Offload, Flow Control, and are all on.
Receive Buffer Size on the NIC is 64Kb (512 buffers). Receive Side Scaling on. 128 Transmit Buffers.Interrupt Moderation is turned on. Magic Packet features are turned off. Optimal Performance enabled.NIC Speed and Duplex are set to 100mbps Full Duplex wherever possible (automatic was also tried).802.1X authentication (EAP or PEAP) is disabled. Auto connection logic is disabled.Connection routes through two switches into a Belkin router; other devices on same networks unaffected.Much of my data is stored on a Network Attached Storage device, with UNC shares mapped to drive letters.Other Windows, Mac and Linux devices connected to the same NAS device have no problems staying connected.When the issue occurs, I can't ping the gateway, do DNS lookups or pass any packets as far as I can tell.I have tried swapping out the CAT-5e cables for other cables and even ran them through a cable tester.
Network fixes I have attempted from the OS level so far include:
~ Switching the dynamic port range to start at 10,000 and run for approximately 54,000 ports
~ Systematically reviewing every running service to make certain that only the essential ones are on
~ Disabling all NIC stacks except Client for Microsoft Networks, IPv4, File and Printer Sharing and Comodo
~ Attempted connections with Comodo turned completely off and its NIC driver disabled
~ Attempted rolling back the RealTek driver to an earlier one from the same family and device line
Using netsh I have tried the following settings:
~ netsh winsock reset catalog
~ netsh int ipv4 reset reset.log
~ netsh int ipv6 reset reset.log
~ netsh int tcp set global rss=enabled
[code]....
View 2 Replies
View Related
Jan 18, 2013
I work at a campus and use the WCS to control access to my network for staff and only internet access for students. The Staff are assigned Username/password thru active directory and the student uses another SSID with only WPA --a password for all. I was tasked with adding more securing for students -- by adding a user/password. I do not want them connecting to my Active Directory for two reason--security risk and I have too many to input (over 1000). So, I wanted to use our internal database to validate users. I create a webpage with "WebAuth" that opens my logon page from my site and validates the login fields against the database. It works and this allows the user to navigate thru my website but not outside the site. If they try an outside url it redirect them to my logon script. I now understand why, so I'm looking for code I can add to my logon page that would allow me to redirect me to the controller's (once users are authenticated by my database) to call the WCS controller so I can enter a preset username/password so the policy management file would allow them access. I presently use "External" and don't know if "Custom" would work. Finding a way in using a database instead of adding one person at a time?
View 3 Replies
View Related
Jul 16, 2012
We are implementing a new corporate wireless network with Cisco 5508 WLC's and C3602I LWAP's. We are not running any RADIUS or EAP at the moment and are starting with WPA2 w/ AES with a pre-shared key to begin piloting. The issue we are having is iOS based devices (iPhone/iPad) do not seem to want to connect. We just get a could not join wireless network messages. We have had success with several Windows based laptops, my MacBook connects, as well as several different Android devices.Looking at the logs on the WLC I see these entries which correspond to the MAC address of my iPhone.
*apfMsConnTask_6: Jul 17 17:25:20.620: %APF-3-CHECK_SUPP_RATES_FAILED: apf_utils.c:376 Could not check supported rates. Missing Supported Rate. Length :0. Mobile MAC: 24:ab:81:92:4d:97.
View 28 Replies
View Related
Mar 13, 2012
Recently i have setup a WLAN with inside and anchor 5508 controllers. Standard setup. However, one issue I have is I wish to extend the length of time between password changes for users connected in on the guest wlan. At the moment, 30 is max. I dont have an option on the controller to creat accounts for any longer than that. How to I extend it to 90 days or 120 days?
View 1 Replies
View Related
Jul 18, 2012
I have a Cisco 5508 running version 7.0.116.0. This controller hosts an open public wifi that requires users to accept a terms agreement via a Web-Passthrough setup that redirects them to the terms splash page. For most people this works without any issue. However, if a user has their homepage for their default browser set to a https site, such as [url]..., then they are never redirected to the terms splash page. The page will just spin and spin until finally they get a timeout error.
View 7 Replies
View Related
Sep 19, 2012
I know there were a few post about users losing their access point config after a power loss to the ap. I wanted to share that I can confirm and reproduce this same issue with a number of access points that I have. I opened a tac case and will update this tread as the case progresses.
Wlc 5508
Ap 1242
7.0.220.0
View 3 Replies
View Related
Apr 4, 2013
I am using web authentication with my Wlc 5508 and I would like to check all users currently connected (ip, login used, MAC address, ...) with SNMP.
I am using an external web server and my client are authenticated with ldap.
I know I can receive these information with traps, but I would like to create a short program which will check all users when I click on a button.
View 2 Replies
View Related
Sep 25, 2011
Having an issue with Cisco ACS v5.1.0.44 and the Cisco WLC 5508. Cannot get users to authenticate and keep getting error messages referring to EAP session timeouts from WLC filling our logs. Seems to be with this model WLC because we have Cisco 4400 WLCs pointing to the same ACS with no issues. Is there a bug or special configuration that is necessary to marry the 5508 with ACS v5.1.0.44?
View 9 Replies
View Related
Jul 6, 2012
I have WLC 5508 and 18 1242 APs are connected to WLC. I am getting following error messages in all APs.
*Jul 3 02:53:18.263: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jul 3 02:53:18.320: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 3 02:53:18.326: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to
[Code]......
View 11 Replies
View Related
Jul 10, 2011
We are required to change passwords every so often at my job. I am trying to change the password for one of the local user accounts on a 5508 WLC running 7.0.98.218 - How can I accomplish this task? The option I get is to remove the users.
View 1 Replies
View Related
Jun 16, 2012
Is it possible to limit what users are able to do and view in the webconsole of a WLC 5508 via ACS. I have ACS setup to restrict what commands can be run depending on user on the CLI however when they log into the webconsole they can access everything?
View 2 Replies
View Related
Sep 16, 2012
Nowadays my Company works with autonomous APs (AP1142 most of them.We have a WLC 5008 and I am working on the implementation project... So far so good.BUT, I have just realized that the Company didnt buy a second WLC (this project started 1 year ago and I wasnt an employee here yet...).If I transform all autonomous APs we have (around 25, locally and some of them remotes)... And then If I have a HW problem with our single WLC... those APs will continue working ?
View 4 Replies
View Related
Mar 9, 2011
I have a problem in understanding how LLQ is implemented in different platforms of Cisco.QoS should kick in only when there is a congestion in the link irrespective of queueing / scheduling (LLQ and CBWFQ).But in certain platforms like GSR and IOS-XR, LLQ is confiugred only with priority and police command not with "prioirity percent <value>" command. In priority and police command since policer is used, LLQ is always on even there is no period of congestion. Of course with police you can re-mark the exceed traffic to different marking but thats not the requirement in my case.
In platforms like 7206, LLQ is configured with "prioirty percent <value>" which works ideally only when there is a period of congestion. When there is no congestion, LLQ class can use scanvenge other classes as well.Would like to know is there any specific reason why there is a difference in the implentation of LLQ between different platforms of Cisco.
View 1 Replies
View Related
Dec 6, 2012
Just a few questions. We are looking to deploying Cisco ASA 5545 into a network. I have a couple of issues with designing the network correctly.
We need to be able to scale out to more hosts than a single VLAN, we would also be considering adding 4948E switch behind the ASA and potentially a stack in front.
The problems are:
1) If we have an outside stack of public 4948E (so we can connect some hosts outside the firewall, such as additional ASA's running in NAT mode) for VPN. Is this a reliable, recommended configuration? The reason being we need to have the ability to add other seperate ASA protected networks that we don't want going through the 5545 as it's going to quickly run it out of capacity. If I have the L3 switch stack in front I'm guessing we would have a small subnet to link upstream and then sub-subnetwork into two blocks, one on the inside interface and one on the L3 switch for the other hosts? Or would it be better to let the upstream provider do this, and then just get them to provide us with two smaller subnets rather than one big one? As below if we do L3 stack ourselves we would need to small subnets, one to communicate with upstream and one to link ASA subnets. This seems like a waste of IP's. I was wondering if I could use Internal IP space on the L3 > ASA link, but I thought that could be an issue for BOGONS list.
2) If I want to extend the inside network (Cisco ASA would not run NAT, just public IP's on the inside, routed to the outside interface of the ASA) there are two ways. Use the ASA to create subinterfaces/VLANs (but that would be routed via the ASA - may be a performance hit?) or use a L3 switch behind the ASA. How does one accomplish running L3 switch behind ASA properly?
View 5 Replies
View Related
Apr 4, 2011
I would like to have implementation of two ASA 5520 (in failover). Architecture Context
-The ASA are used as VPN concentrator only.In a first time ASA will be in charge to take in charge VPN IPSec Host-to-LAN connexion (with the IPSec VPN client) and I think VPN SSL anyconnect client will be setup in a near futur.
-We must define two categories of users (student and researcher), for each one we want define :
+ An IP address pool
+ ACL
+ Split Tunneling (only LAN traffic will go in the VPN tunnel)
-The ASA will perform authentification via RADIUS server (the radius server is linked with a LDAP server)
+ In the RADIUS server we want define the category of user (each one user is a student or a researcher)
-The VPN clients use the internal DNS to request LAN ressources.
-A timeout of the VPN if no traffic during 60 minutes
-The VPN user perform authentification with PSK (no certificate)
the RADIUS server software is IETF compatible (url...)The architecture is the following :
-One internet connexion
-A corporate firewall with 3 DMZ :
+ 1 DMZ Public ; which is connected the ASA "outside" interface (encrypted traffic)
+ 1 DMZ Private ; which is connected the ASA "inside" interface (uncrypted traffic)
+ 1 DMZ LAN ; there is some VLANs routed by 6500 routers.
-On the LAN there is the radius servers
-On the corporate firewall :
+The https and ipsec will be opened between the internet and the ASA
+The RADIUS traffic between ASA and the radius servers and the traffic between the pool VPN users and the LAN.
-What is the best solution to configure the ASA?
View 1 Replies
View Related
