Cisco Wireless :: WLC 5508 Management Interfaces For Wlans And Lag
Sep 3, 2012
I didn't design the job, but is pretty straight forward, except the following, the design has a single wlc 5508 with 2 physical connection between two non cisco switches. There are 2 initial WLANs to be created. I am ok with most of the wlc config execpt the following:
Now from my understanding of everything I have read recently, you can't use LAG on the 2 physical connections if they connect to 2 seperate switches, unless, although not offically supported, the 2 connections are on either 2 3750s in the same stack or a pair of 6500s running VSS. So I believe that in my case 2 seperate connections from the wlc to 2 non cisco switches will not work with LAG. Is my understanding of this correct?
Is there a way to maintain the 2 physical connections from the wlc to the 2 non cisco switches to maintain redundancy?The wlc will have a management interface obviously, but from what I have read, the 2 WLANs that are going to be created have to have their own interface on the WLC. Which I understand as the managment int and each of the 2 WLANs are on different subnets.
If I don't use a single uplink to one of the non cisco switches (either 1 or 2 physical connections) using LAG, it appears to me that each of the interfaces ( management, wlan1 and wlan2) need to have a physical connection from the WLC to the switch, with each interface mapped to a physical port on the WLC, so correct me please if I am wrong, but this would mean I need 3 physical connections between the wlc and the swtich?
I've got a new 5508 wireless lan controller and can ping the ip address of the management interface, but can't access the GUI at the management interface's ip address. I can access the GUI on the service-port interface. No static routes in the controller; trunk appears to be set up correctly.
I'm running 3 WLC 5508, 2 of them running image AIR-CT5500-K9-7-0-116-0.aes, one AIR-CT5500-LDPE-K9-7-0-116-0.aes.
On the 5508 running the LDPE-image, I have 9 WLANs (170,171,180,181,190,191,281,282,283), all defined with admin status "ENABLED". WLANs 180,181,281 belong to a defined AP-group, WLAN 190,191,282 belong to a different AP-group.
WLANs 180,181,190,191 are defined as H-REAP. The H-REAP APs registers without any problems at the backup WLC and switches back successfully to the primary controller after recovering from reboot. Unfortunately the WLANs 180,181,190,191 show status "DISABLED" every time the primary controller comes back and I have to enable them manually.
Doing exactly the same procedure with one of the other WLC, running AIR-CT5500-K9-7-0-116-0, I never face this problem.
I am using Cisco Wireless LAN software revision 7 on an AIR5508. I am sure that I read somewhere that the controller will not allow 2 w lans to talk to each other but trawling back through my books I can't find the information again. Essentially, I am looking to find out if there is a feature (other than on the default gateway which is a layer 3 switch) that will say that if WLAN1 tries to talk to WLAN2 via the default gateway, the controller will not allow it.
I remember from what I read that I think this is the case but just cant find where I read it.
I have a 5508 deployed, what I'm trying to do is configure it so that it can be accessed with AD credentials, I'm not talking about accessing the wifi network, I'm talking about logging onto the controller itself for management purposes. We havea few people our team, and it would be alot easier if each of us could log into the controller with our own AD logins. Is there a link that can assist me in accomplishing this, I haven't been able to find one.
I am trying to configure two AP-management interfaces to accept CAPWAP on different ports using the option "Enable Dynamic AP Management". One of them uses public ip address. However, I getting the message "Ignoring discovery request received on non-management interface ..." on this.
The scenario is that currently one of the client has a firewall Tie ring T1 internet facing and T2 internal which has multiple DMZ connected.
T2 firewall has a DMZ switch connected which has a router which connects to MPLS cloud to different site across the country. (around 10 sites) all static routing.
Now the client is thinking to deploy wireless at all 10 sites using H-REAP. The issue is that client has only one WLC and they are not willing to buy other as i was thinking to deploy two WLC one for corporate and one for guest users. (one in internal network and on in DMZ)
Now my question is as follow.
1- Keeping in mind that there is only one WLC where should i physically put it? 2- How guest users will work ? How the authentication will be done? 3-There are 8 SFP ports in WLC how physical topology will look like? 4-How many Vlans i have to make for wirless users will that be 10? (1 at each site) ?
my last question is that how these ports work on WLC are they just like switch e.g one port can be assigned to different vlan....just confuse about interfaces and vlans on WLC (interfaces concept)
I have a 5508-WLC appliance and configured multiple ap-manager interfaces to balance the join request from LAPs and the load.I went to console port from some LAPs and saw that there was that balance among multiple ap manager interfaces (Dynamic AP Management Interfaces). Then we torn down one of the ap manager interfaces and confirmed that the LAPs were moved to next ap manager interface automatically.But the question here is, how can I verify which ap-manager interface was used for a LAP from the WLC via GUI or CLI ?? or how can I see the amount of APs joined using that ap manager interface from WLC ?
just have few questions about designing WLC 5508. The scenario is that currently one of the client has a firewall Tie ring T1 internet facing and T2 internal which has multiple DMZ connected. T2 firewall has a DMZ switch connected which has a router which connects to MPLS cloud to different site across the country. (around 10 sites) all static routing. Now the client is thinking to deploy wireless at all 10 sites using H-REAP. The issue is that client has only one WLC and they are not willing to buy other as i was thinking to deploy two WLC one for corporate and one for guest users. (one in internal network and on in DMZ). Now my question is as follow.
1- Keeping in mind that there is only one WLC where should i physically put it? 2- How guest users will work ? How the authentication will be done? 3-There are 8 SFP ports in WLC how physical topology will look like? 4-How many V LANs i have to make for wireless users will that be 10? (1 at each site) ?
My last question is that how these ports work on WLC are they just like switch e.g one port can be assigned to different v lan....just confuse about interfaces and vlans on WLC (interfaces concept).
I setup a WLC5508 with 2 SSIDs, one for guest traffic and another for internal users. They are in separate subnets and are routed out to the internet via 2 different isps, with the guest network going over a bonded t1 and the internal users going out the primary internet connection for the company. While this works as desired and we've verified that while on the guest network we're going out the right isp, we've encountered an issue with saturation of the bonded t1 pipe by guests. We'd like to find a way to limit a guest to a capped down/up stream if possible, with downstream being the most important. The infrastructure includes 3560 switches and AIR-CAP3502I-A-K9 access points.
I have a Nexus 5548UP that would be managed by two organizations. Is it possible to set IP addresses for mgmt0 and an SVI (or an L3 interface) without using the L3 daughter card? I don't want to route between VLANs, just to separate management traffic.
I'm having an issue with the 5508 management port .. I can't seem to ping it from the switch connected to it .. ( the Show cdp command shows that the two can see each other .. but no ping is possible ! [code]
We faced one recent issue with WLC configuration behavior and explaining our observation and workaround we did.Requirement is to manage the WLC (5508 with 7.4 code) using two SNMP managers in different locations. Also these two Servers should use the same community string to manage WLC.
We were able to configure the SNMP community string for one server IP (to allow access) through GUIWhile trying to add another Server – IP with same community string – it didn’t allow As per the configuration guide, Controller can use only one IP address range to manage SNMP community. So we cannot configure the same community string to allow only two different server IP addresses [code] We currently configured the major subnet ( 10.x / 8 - two match both server addresses) and it works fineAlso when we tried 0.0.0.0 / 0.0.0.0 , it didn’t work (SNMP was failing)But this creates a security issue wherein anybody can poll the WLC.
I'm setting up a new 5508. I've used the config from a 4402, have successfully connected to the Service port to manage the device, but for some reason cannot connect to the Management interface. In this case, port 1.
The service port is connected to a Catalyst switch and grabbed an ip address (10.2.x.x subnet) no problem. I can access the 5508 via https using the SP. However, port 1 is connected to the same Catalyst switch, but on a different vlan (subnet 10.20.x.x). Both ends show that the interfaces are up, I can ping the interface from any other host on the network, but when I try to manage the device via https I cannot connect. We are using WCS and I cannot add the device from the WCS. About all I can do is ping that interface.
After I've upgraded software to the v7.3 and applied AP-SSO it made imposible to access the controller's gui via Service-port. So we tried to access it by management-port, but there is some problem too. It is not working from another subnets. But default gateway on management vlan is set correctly and I even tried to turn of all acl's on switch. WLC is only accessible from the same network. But at the same time wlc is replying on ping fine.All other protocols cannot connect to the controller.
I have 2 x 5508 Wireless Controllers, 1 mgmt port on each as standard. I noticied something different between these controllers running the same code.I can bound a physical port to the mgmt interface on one controller but not the other (both interfaces are untagged)see below, this config appears on one controller but not the other? Is this something to do with the initial setup? How can I add Phyiscal information to the other controller mgmt interface, I cannot delete the mgmt interface. Physical InformationPort Number Backup Port Active Port Enable Dynamic AP Management?
Local DHCP (via the 5508) is for the guest network while the management and voice use the Windows DHCP server.
My problem, Voice and guest work fine. I have two SSID's (one 802.1X and the other PSK) that use the management interface that will not get an IP. I have enabled dhcp proxy from the cli on the controller. I tried with the management VLAN tagged and untagged.
My 5508 WLC which runs version 7.4 is configured as a DHCP server for the AP management and here's my problem: My AP can get to the address, and can ping the address of the WLC management，But my AP prompts the following log： [code]
In the switch dhcp we can use to do the WLC option43 specified address, but in this case how the address specified WLC, the AP can be registered up?
On a WLC 5508 it lists an option to specify a "Backup Port" under the physical information section on an interface. We have two central switched SSID's which are connected to an internal firewall. We are looking at installing a backup/standby firewall and running a virtual firewall between them. Each SSID would have an additional patch from the WLC to the standby firewall.
Does the backup interface port function on the WLC allow traffic to be failed over from a centrally switched SSID via backup interfaces to an alternative device? If this does work will only physical link failure to the primary firewall cause the backup port to be activated or is there configuration parameters which can be specified for load, packet loss or latency which can be used as criteria to cause the backup port to be utilized?
I'm setting up a new 5508 WLC (the first wlc I have ever setup) and I have my WLAN setup with our existing WPA/TKIP ssid for transitioning our clients from our existing autonomous system to the wlc. I have selected PSK as the key mgmt and I can get the client's to connect for a few minutes but I keep seeing these errors:
Fri Aug 21 08:50:05 2009 Client Excluded: MACAddress:00:21:00:f9:dd:50 Base Radio MAC :00:23:eb:27:e3:b0 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4
I don't have nor do I want 802.1x enabled. Is there something I need to disable either on the client or the controller?
I am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
I have 2 questions:
1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
Port 1: Controller management only=> 192.168.x.x /24 Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing) Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing) Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth) Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?
I'm trying to verify some behaviors I'm seeing with my 5508 controller setup, I've zero experience with this hardware and clueless on the best practices. With that said... out of the box I ran through the AutoInstall process.
I gave my service port an IP address on my subnet, 10.10.8.0/24 vlan 100 and gave the management interface the ip address 10.10.30.5/24 vlan 130
From my host I can ping the management interace 10.10.30.5 and the interface gateway 10.10.30.1 I cannot connect to the controller via 10.10.30.5 either through the web GUI or telnet I can connect to the controller via 10.10.8.200 both through the web interface and telnet while connected to the service port, I can ping the management port IP but I cannot ping the 10.10.30.1 gateway.
We have attached two test 3502I AP's and they found the controller and pulled correct ip addresses, clients can authenticate and access network resources as well as the Internet so for the most part, things are working but it concerns me that the management interface can't ping its own gateway.
I configure IP address on the management interface port 1 of 5508 controller when i connect it direct to my laptop i can't ping or access controller from my laptop even i connect through layer 2 switch still i can't not.
IP Address of management interface : 10.21.0.50 Laptop IP Address : 10.21.0,51
What is the maximum number of WLANs/SSIDs that can be configured on a H-REAP access point? I have a network with 3502i AP's, centralised WLC's in the data centre running 184.108.40.206, and WCS version 220.127.116.11.
I was successfully running 2 SSID's at a remote site, one SSID was configured for H-REAP local switching, dropping out to the local site VLAN X, and the other SSID was a central switching guest WLAN anchored to a WLC in a DMZ.I configured a third SSID at the local site running H-REAP local switching, and now I cannot see the guest SSID anymore, it does not appear to be broadcasting.Is there a maximum of 2 WLANs/SSIDs when operating in H-REAP mode?
I would like to create multi-WLAN for personal communications, and gaming purposes. Each WLAN (is located in seperate house) and consists of a wireless AP wirely- connected to wireless router. The computers in each of these WLANs are connected wirelessly to the router. The houses (containing the WLANs) are locates within the region of a central wireless internet AP tower antenna.
I managed to utilize this central AP to make the connection, and make multiplayer gaming on two computers (in different houses and without using the internet services), each computer is connected to the central AP by a USB witrless adapter.My question is what are the necessary configurations that I need to make on the routers and APs? I have a number of different TP-Link routers (wr1043, wr743, wr543), micronet APs. Wr743 and 543 have AP client mode that can be used to simultaneously connecting wirelessly to central AP and to attaced computers.
There are 8 existing W LAN's in our WISM controller & it is working fine without any problem. Now the problem is any new W LAN's are not broadcasting from WISM to APs, I am able to create & enable it in WLC but it these W LAN's are not reflecting in associated APs.
FYI: WISM controller is in 6500 switch & FWSM module also in the same switch, earlier there was rule with any any traffic in the FWSM but recently we have removed the FWSM & all rules moved to checkpoint. We have check the in firewall there is traffic is blocking.
I want to run 2 separate wireless networks from the same appliance (Linksys E2000). Not just separate BSIDs or SSIDs, I want to run an N-only AP and a G-only AP. My wife's laptop is the only wireless N device and I want to ensure that she's getting true wireless N speeds. From what I could tell, I could set up a different VLAN for 2 separate WLANs, but they'll both still both follow the 1 wireless standard (either G or N). Is this even possible or do I need to run two separate wireless APs?