Cisco Wireless :: WLC 5508 Request Received On Wrong Vlan
May 31, 2012
We have two WLC's 5508. Following are its interfaces & details:mgmt 10.49.5.251 on wlc1 & .252 on wlc2 access p 10.49.6.251 on wlc1 & .252 on wlc2 there is no AP manager interface seen on both wlc's nor configured. both wlc1 & wlc2 are connected each to two switch ports, configured as normal trunk link each.LAG is enabled on both WLC's.
View 2 Replies
ADVERTISEMENT
Jan 13, 2013
Im receving this error on my syslog server: capwap_ac_sm.c:1443 Ignoring Primary discovery request received on non-management interface (2) from APalready checked the configuration and everything seems ok. They are registered and with clients associated.What could be the cause?
View 2 Replies
View Related
Feb 14, 2011
I have a network setup as live-ssid. It is using the Interface for VLAN 14. All APs under the default-group AP Group obviously allows clients to DHCP an address from VLAN 14. This is working fine.
I created a new AP Group called 3rd Floor. This has the live-ssid setup, but instead of using the Interface for VLAN 14 it is setup for the Interface for VLAN 50. I have all the APs on this floor moved to the 3rd Floor AP Group.
The problem is that 95% of the clients on 3rd Floor are still picking up DHCP addresses from VLAN 14. I checked and all the clients are connected to the APs on the 3rd Floor. Only 4 Clients are getting an address from VLAN 50.
I'm not sure if something is configured wrong or not since some devices pick up the new VLAN and the rest don't. I've manually reboot the APs on the 3rd floor to see if that would fix it.
View 2 Replies
View Related
Nov 5, 2012
We have 3 5508 WLCs (A, B, & C) and several LAPs (1140, 3500, 3600). The APs learn the controllers IP addresses through DHCP Option 43. When we setup a new site we put the IP address of the controller we want the AP to join first. Lately, I've noticed that regardless of which WLC IP I put first when I setup Option 43 the LAPs are always joining a particular controller.
View 6 Replies
View Related
Mar 7, 2013
I have a wireless network infrastructure that is controlled by two WLC 5508s, Prime NCS and ISE. I have two networks for my users, an employee network and a student network. I started publishing the information for these networks via a group policy and the settings are identical, with the exception to the SSID.
My employees can logon to the employee network with no problems. I can walk up to any laptop, regardless if I have logged on to it before or not, and logon with no issues. ISE correctly profiles my account and authorizes me for the right profile. My students however are another story. Laptops that are designated for student use have the wireless network in their network list, and at the logon it shows that it will attempt to connect to the STUDENTS network. When I enter in a student username and password, it begins to login but then gives an error that says:
'There are currently no logon servers available to process the logon request'
The students cannot login at all. I can use my domain admin or my account and login to one of the units with no problem, even if I haven't logged onto the unit before with that account.
I don't know if this is an ISE issue or some other type of issue. I'm leaning towards ISE being the issue, since its what is passing authentication through to the domain. I have my students all in groups and I have those groups added to ISE, just like I have my employees added.
View 2 Replies
View Related
Dec 14, 2011
We have a Cisco Aironet 1130AG Wireless AP (firmware 12.4) and have a guest wireless network (internet only) and corporate wireless network configured on it. They are kept separate by having different VLANs assigned to them. When a laptop connects to the guest network I see the DHCP request go out and it is tagged with the correct VLAN. The problem is when a laptop connects to the corporate network I see the DHCP request go out but there is no VLAN tagged on the packets. This causes a problem because both of our DHCP servers (on VLAN 1 and 3, remote DHCP servers no DHCP running on the Aironet [Doesn't seem like this version has a DHCP server]) are sending responses and sometimes the corporate user will get an IP address on the Guest subnet.
Our corporate network is setup on VLAN 1 which is configured as the Native VLAN on the Aironet. Will this cause the Aironet not to tag these packets with any VLAN information? Any other thoughts as to why it isn’t tagging these packets to a VLAN?
View 3 Replies
View Related
Jan 16, 2012
I have setup the WLC to authenticate to a MS Server2008 NPS for a WPA2/AES SSID. The connection is successful, but client authentication fails for wrong EAP-type. I believe this indicates a Windows7 client issue. What is the required client setup to satisfy the MS NPS?
View 8 Replies
View Related
Mar 29, 2012
I have 2 units Cisco WLC 5508 running software version 7.0.220 with 70 over units Cisco AP 1262N and 1242AG. Some of wireless clients having problem to get the correct IP address from the DHCP server. There are 2 units of Microsoft DHCP. Both DHCP server ip have been configured on the Interface at the WLC. The core switch also being configured with ip helper. I've attached the debug output of one of the wireless client during the problem.
View 12 Replies
View Related
May 22, 2013
We are experiencing a lot of these RADIUS failed to respond messages on our WLC's leading to a lot of RADIUS server hopping within the WLC.We are using Cisco 5508's, 1142 AP's and a Microsoft NPS RADIUS backend. SSID is WPA2+802.1xThe first workaround to this problem was to disable aggressive failover on the WLC. But this is only a temporary fix, because in the end, there will be more than 3 consequetive clients, failing to authenticate to the WLAN network. As a result, the WLC will swap to the 2nd RADIUS server configured.When we dived into this a little bit more we saw the following messages being logged on the RADIUS backend at the time we saw the RADIUS messages on the WL:Event ID: 6274: Network Policy Server discarded the request for a user.
View 16 Replies
View Related
Dec 29, 2011
Setup is like this: Poly com IP phones -> Cisco 2960 switches -> Cisco 2621XM router running 12.28(r). A Windows 2003 server running on HP Proliant DL380 G4 with the correct DHCP scope is configured for the IP phones, also sitting on a Cisco 2960 switch.
A typical port config on the 2960 is:
interface FastEthernet0/1
switchport mode access
switchport voice vlan 60
mls qos trust cos
auto qos voip trust
spanning-tree portfast
spanning-tree bpduguard enable
Relevant section of the config on the 2621XM router:
interface FastEthernet0/0
no ip address
no ip redirects
no ip proxy-arp
ip pim sparse-dense-mode
[Code] .......
This used to work on a Windows 2000 server which sat on different piece of hardware, but stopped immediately after the migration to Windows 2003 server was done. There was no change on the router or switches prior to or after the server migration. I see DHCP server log on the 2003 server giving DHCP NACK because the phones are apparently asking for IP's in the data VLAN.
View 14 Replies
View Related
Feb 12, 2013
- Incoming frames on three of a blade's four switchports are being put into VLAN 1 even though the ports are either in other access VLANs, or are configured as trunks with different VLAN IDs being tagged by the server. - When the ports go down the access VLAN is removed from the port.
Switch stack: 4x WS-CBS3120X-S, 12.2(58)SE1
HP blade: HP BL460c Gen8
This combination has been used successfully elsewhere.
Switchport configuration:
!
interface GigabitEthernet1/0/13 -------> THIS PORT IS OK
switchport mode trunk
[Code].....
View 1 Replies
View Related
Dec 8, 2011
accounting in ACS 5.3. When I setup accounting on WLC 440x / 5508 ACS takes them as an authentication request and fail.
Here are some logs what I see in acsview:
Dec 9,11 6:05:11.783 PM
Radius authentication failed for USER: navrka2 MAC: a.b.c.d AUTHTYPE: Radius authentication failed
ACS Session ID:
dc2aaa1v/112555963/420
Audit Session ID:
0a9a01d7000001fd4ee23a3d
Tunnel Details:
[code]...
View 4 Replies
View Related
Nov 13, 2012
I am very interested in the new 7.3 feature HA.Also I can read that it is recommended to connect the two WLCs directly. How to use a L2-VLAN between them, in fact to bridge a distance between two data centres?
View 3 Replies
View Related
Apr 8, 2013
I was wondering if it is possible to do dynamic VLAN assignment on the Cisco Wireless Controller 5508 without using Cisco ACS but use Microsoft NPS server instead?
View 3 Replies
View Related
Sep 30, 2011
I have a 5508 controller at our headquarters and am installing some 3502 AP's at a remote branch. Unfortunatly, the remote branch has a different Vlan setup for some reason and the vlan that is used for the WLC (90) is designated for telephony at this branch. Can I put the AP's on a different VLAN (10) without having any issues? I will still use DHCP option 43 to point them back to the controller. Below are the configs for the WLC interfaces and what I am proposing for the AP interfaces:
WLC Config
interface GigabitEthernet1/1/38
description WLC01
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 90
switchport trunk allowed vlan 1,10,50,90,91,390,410-413,610-613,800,810,811
switchport mode trunk
[code]......
View 3 Replies
View Related
Dec 12, 2012
is it possible to multicast between 2 different SSID's that are associated to 2 different VLAN's?
View 2 Replies
View Related
Feb 29, 2012
Im configuring a WLC 5508 ( version 7 ) with h-reap local switching.All is working , yet i wonder if the vlan mapping can be done better.Currently i need to go into each Lightweight Access point , enable h-reap, then set the native vlan , with the final step to map the vlan. This needs to be done for each AP. In an environment of 100's of APs i would take forever. ( i thought one of the main points of the WLC is centralized management).
View 1 Replies
View Related
Jan 2, 2013
We created a VLAN interface and a WLAN on the wireless controller (5508) and using it for Guest Wireless (Web auth), can we use the same VLAN and WLAN s for Wired Guests also?
View 5 Replies
View Related
Sep 25, 2012
I have a new 5508 that I am setting up. My first one from scratch.
Interfaces:
managment -> 10.10.10.10 ->dhcp 10.10.10.1
voice -> 10.10.7.1 ->dhcp 10.10.10.1
guest -> 192.168.1.2 ->dhcp 192.168.1.2
Local DHCP (via the 5508) is for the guest network while the management and voice use the Windows DHCP server.
My problem, Voice and guest work fine. I have two SSID's (one 802.1X and the other PSK) that use the management interface that will not get an IP. I have enabled dhcp proxy from the cli on the controller. I tried with the management VLAN tagged and untagged.
View 2 Replies
View Related
Aug 12, 2012
I have got a wireless project with WLC main office and have 10 sites where ap's are there and ap's getting registerd .we need 4 ssid in all branches same .
ssid guest
ssid scanner
ssid user
vlan 600 main office for scanner 192.168.1.0
in branch
vlan 600 for scanner but ip is 172.16.1.0
and bgp is running . And customer is asking me not to edit the ip range or vlan or create new vlan . but in wlc am not able to create branch network 172.16.1.0 range interface and vlan 600 as vlan 600 i already created for scanner main office 192.168.1.0 So is there a way to do that .
Temprarly one site i did like created vlan 610 in branch no ip . And in main office interface vlan 610 given another ip range . and i created interface in wlc . from branch i can connect the ssid and getting ip . But they dont want to create any aditional vlan or another network . Customer dont have a smartnet contract . They recently baught 2 wlc 5508 and 40 ap 1142.
View 4 Replies
View Related
Feb 23, 2012
In our test set up, we have two WLC 5508 Controllers connected via Checkpoint UTM-1 firewall Inside and DMZ Interfaces. Both the WLC controllers are connected to the firewall via Cisco 3750 switch. On the Local (Inside) Controller, guest SSID is enabled and attached to the wireless management Interface. On the remote anchor controller, guest SSID is enabled and attached to the Management Interface as well. The following configs are replicated on both the Controllers.
SSID Name - guest
Interface - Management ( VLAN 10 on Local and VLAN 20 on remote) -
Mobility Group: Same configs at both ends
SSID Anchor : Anchor SSID on local and local SSID on Anchor.
AP: CAPWAP 3502 Management Subnet
[code]....
Is there any thing missing in the wireless configs and or the firewall rules as i could not see DHCP request back from the Anchor Controller. Also, after DHCP is obtained, the web authentication request will be redirected to an Amigopod device for authentication. In this case is the redirect URL congiguration to be performed only on the Anchor Controller or is this to be replicated on both the Local and Anchor Controllers.
View 8 Replies
View Related
May 2, 2011
I have three 5508 WLCs, running code 7.0.98.0 supporting 100+ LWAPs in H-REAP mode. The LWAPs are servicing 2-3 WLANs each. Some are using central authentication and local switching, some are configured for central authentication and central switching. When the LWAPs fail from one WLC to another WLC, the LWAP's lose all of their VLAN mappings and pick up the VLAN of the management interface on the new WLC.
All WLANs are configured to use the management interface on the WLC and the VLAN mappings are configured per LWAP on the H-REAP properties tab. The WLAN ID numbers and all the WLAN settings are the same across all 3 WLC's. I have created AP groups on all 3 WLC's and the AP group config matches across the 3 WLCs.
I can get the LWAPs to keep their VLAN mapping by creating an interface on the WLC with the VLAN ID of the locally switched/remote site VLAN and then setting the interface for the WLAN to the new interface. However, then the WLAN doesn't work, because the centrally located WLC doesn't have the remote site VLAN. It also seems to keep the VLAN mapping if I create the locally switched/remote site VLAN interface on the WLC , and point the WLAN to the management interface. This shouldn't be a necessary step though... In H-REAP with local switching, the LWAPs aren't using the interface on the WLC.
I found a note in the 7.0 WLC config guide that explains why the VLANs are picking up the management interface VLAN, but that same note says the VLAN mappings can be changed per LWAP/WLAN!
From config guide: For hybrid-REAP access points, the interface mapping at the controller for WLANs that is configured for H-REAP Local Switching is inherited at the access point as the default VLAN tagging. This mapping can be easily changed per SSID, per hybrid-REAP access point
Using H-REAP and been able to get the LWAPs to keep the VLAN mapping when failing from one WLC to another?
View 9 Replies
View Related
Jan 8, 2012
I have a 5508 WLC that for whatever reason cant take any DNS settings, but I still need to get some filtering on the public hotspot side of my wireless network. Can I put the DNS settings on the router that the circuit terminates on? This is the same router that the public vlan is defined on, I'm just not sure if I can put DNS settings in place for just one vlan, and how that'd work.
View 3 Replies
View Related
Jan 8, 2013
We implemented WLC 5508 software version 7.3, with 8 Aironet devices, most of them are AIR-LAP1131AG-E-K9, and two AIR-LAP1242AG-E-K9.I could really have benefits of VLAN select feature, but I noticed that it's not working like it should. Two interfaces are in Interface group, but from 45 clients only few of them has IP address from one subnet, others have from second sub.I see requirements for this to work is 32 MB of flash on LWAP devices..I only have 16 MB.. upgrade of flash on devices or something ?
View 12 Replies
View Related
Apr 25, 2013
How many VLAN Interface can be create on a WLC Interface, e.g. GigabitEthernet 1?
View 2 Replies
View Related
Sep 11, 2011
The 5508 is running code 7.0.116.0. I have created a group interface for 3 subnets and assigned the group to the WLAN. Clients are getting IP addresses in a round robin fashion. The issue or downside to this is if the lease has not expired before the next time the station connects to the WLAN it consumes an address on another subnet instead of grabbing the unexpired lease IP address on it's previous VLAN. It seems that the WLC determines the VLAN in the interface group before the DHCP request from the client in case the client already received a DHCP address that has not expired. This can be problematic since we have seen some iPhones requesting an address every 20 minutes thus consuming an address on every subnet in the interface group. Other than setting a lease time extremely low what can be done to address this?
View 1 Replies
View Related
Apr 2, 2013
We have currently a WLC 5508 using 8 ports bundled into an etherchannel.
We would like to remove one physical from this etherchannel and use it for providing an access to Internet only,
Is it possible to create an virtual interface on the WLC that points only on this port?
(we would like to have a physical separation for the Internet traffic only and encrypt the capwapp up to the WLC).
View 10 Replies
View Related
Mar 5, 2013
I am installing a small wireless network (for the firs time). The WLAN is connected to a router/firewall and consists of a Cisco 2960-C Series 8-Port Compact Ethernet Switch, a Cisco Aironet 2500 Series Wireless LAN Controller for Lightweight Access Points and a Cisco Aironet 1140 Series g/n Lightweight Access Points (five AP if I get it to work).
My problem is that when a client connects to the access point it does not get an IP-address.
In the WLC DHCP proxy is enabled and Internal DHCP server is used.
The scope is from 192.168.104.65 - 192.168.104.99
The WLC IP is 192.168.104.60
The DHCP server is given as 192.168.104.60
When starting the system I can see the the AP have the IP 192.168.104.66 so it seems the DHCP gives out IP-addresses. I can ping the AP.
When a client connects to the APit is asked for the security key and the client can be seen in the WLC monitor section. The client never gets an IP-address; in the WLC monitor 0.0.0.0 is shown.
View 4 Replies
View Related
Jun 23, 2011
I replaced my old wireless router with a Cisco Linksys E4200, running firmware version 1.0.02 build 13 May 24, 2011. About once a minute the router sends an unsolicited DNS message to the IPV4 multicast address 01:00:5e:00:00:fb with a destination IP address of 224.0.0.251. The unsolicited message is a DNS response with source port 32784, transaction ID 0, flags 0x8400 (standard query response, no error), questions 0, answer RRs 2, authority RRs 0 and additional RRs 1. The two answers both relate to the router itself: one has Name Cisco18738.local, type A (host address), class 1 (IN), cache flush true, time to live 1 minute, data length 4, and the address of the router. The other is the reverse of the same address. The additional record is for Cisco18738.local, type NSEC, class IN, cache flush true, time to live 1 minute, data length 5, next domain name Cisco18738.local, RR type A (host address).
When my desktop computer receives these messages it logs an error, for example: "Jun 23 07:39:22 sauterws02 avahi-daemon[1067]: Received response from host 10.146.9.1 with invalid source port 32784 on interface 'eth0.0'" The 10.146.9.1 is the router's IP address. I also see these messages on the wireless link from my laptop.I suppose the E4200 is generating these DNS messages in a misguided attempt to make sure there is no old information about its name. Is there a way to turn them off? If not, is there a way to report this to Cisco as a bug?
View 9 Replies
View Related
Aug 10, 2011
Trying to get an lightweight AP to register with a controller, never seen this one before where the Discovery request is going out to the controller, the discovery response is coming back, but then nothing. At this point the AP should then send a JOIN request, but it just doesnt.
I am using L3 LWAPP, and have the AP statically configured. its a 1131, connecting to a 5.1.151.0 in a WISM. I have run a wireshark and can see the discovery going out, its response coming back, but then nothing (the debugs below also back this up). I have also jumped on the controller and can see the discovery responces are going out but it says no JOIN's are coming in. I'm aware this is an old version of controller but still..
I've tried many different IOS on the AP, including the one it came with in the box, other previously successful IOS and the IOS that 5.1.151.0 dishes out to its registered AP's, multiple AP hardware resets, controller reboots, tried different controllers. etc... What would cause this? Possibly something in the response? See info below:
AP
LWAPP Static IP Configuration
IP Address 172.18.240.244
IP netmask 255.255.255.192
Default Gateway 172.18.240.193
[Code]....
View 8 Replies
View Related
Jun 6, 2012
I have a Linksys wireless router model WRT54G (not sure the exact model, it's not in front of me right now). It has worked flawlessly for the past several years, but for some reason has recently stopped working. I confirmed it's not a problem with the DSL Modem, as I can hard wire connect to my laptop and the internet works fine. It's clear something is wrong with the wireless router. I've tried unplugging, hitting the reset button on the back, and nothing has worked. My computer is able to recognize/locate the router and connect, it's just that I can't connect to the internet. One thing I've noticed under the wireless connection is that the computer is able to "send" packets, but not "receive." My experience is that this is always the case when I experience connection problems, but I have no idea what that means. I was going to call the Help Line, but I see it costs $30 which is likely more than my router is worth and probably 1/2 to 1/3 the cost of a new one so I am trying to troubleshoot myself.
View 8 Replies
View Related
Jan 24, 2012
I have run into a major issue with an autonomous Cisco 1142AP. We were in the midst of a firmware upgrade when something went wrong and caused the AP to reboot in an error mode. Basically the unit was flashing Blue, amber, red. We unmounted the unit from the wall, connected to the console, and it would now only flash red over and over. We pulled out the cisco guides and performed a factory reset on the unit. This still does not work. and the contents of our flash directory is empty. All we get is a ROMMON AP prompt on the unit. If I issue a set command, I can see the default settings for IP, netmask, etc.
I cannot access the unit via the network, even after setting IP info and matching it up to my laptop. Since I have no network connectivity, I can't TFTP a new IOS file to the unit. I am stumped. How to get the config as if it was out of the box, or an alternate way to TFTP to the unit? [code]Notice the lines in red, I must have typed someting incorrectly.Now once the unit boots after being reset, I cannot even type in the CLI. Someting majorly screwed up here. Can the bootstrap be reinitialized?
View 3 Replies
View Related
May 3, 2012
WLC-4402-25-K S/W - Primary and Secondary Controllers were running 4.2.130 to begin with. Customer upgraded remotely using NCS - Primary to 4.2.209 and then to 7.0.230 and all that went fine and is in Production.
Then customer upgraded Secondary also using NCS also from 4.2.130 to 4.2.209 in preparation to upgrade to 7.0.230 and he lost contact with the controller. Sent a technician to site to troubleshoot by connecting to Serial Port. Technician #ESCAPED out of the boot sequence and from the BOOT MENU tried to boot the Primary Image and it failed with CRC error on Flash. He then tried to boot the Backup image and had the same problem. He then tried to manually load 7.0.230 - ER (Boot Software) using TFTPD32.EXE and that went fine. He then tried to load 7.0.230 "aes" S/W - The big over 70 MB file and went through most of the file transfer but failed saying:
ERROR: Transfer Failed.
TFTPD32.EXE said something like "Data Packet too Short or some such thing". Sorry did not write down what TFTPD32.EXE said.
Then we thought "may be" a power cycle of the unit is required after the ER Boot Loader Image was loaded. When we did that the unit died. That is - no communication with the Serial Port. We don't think we have any choice other than RMA - Do we?
Customer says he did read and follow this link - especially Table 10-1. {URL}. He said he used NCS to do the Upgrade. I a not familiar with NCS.
View 2 Replies
View Related