Cisco Wireless :: Integrate ISE And WLC5508 With FlexConnect (local Switching) Using EAP-TLS Security?
Nov 29, 2012
I need to integrate Cisco ISE and WLC5508 with FlexConnect (local switching) using EAP-TLS security for wireless clients across multiple floors (dynamic VLAN assignments based on floor level). The AP model used is 3602.
- What RADIUS Attribute can be used for dynamic VLAN assignments based on floor level? Is there an option where I can group all LWAPs in same floor for getting certain VLAN from ISE?
- I intend to use WLC software version 7.2 since 7.3 is latest version. Has someone use WLC software version 7.3 without any major bugs/issues pertaining to FlexConnect and EAP-TLS?
- I read some documents saying L3 roaminig is where the associated WLC has changed. However if user move to different subnet but still associated to the same WLC, would this be consider as L3 roaming too?
View 3 Replies
ADVERTISEMENT
Apr 4, 2013
A customer have a bad coverage in a corner of his branch office. He like to add a mesh AP (MAP) in the near of that corner.
I checked allready the documention about Mesh but i'm not sure if Flexconnect and Mesh works togheter. This MAP is in a branch office and the WLC is in the head quarter therefore he likes to uses Flexconnect togheter with Mesh.
View 10 Replies
View Related
Feb 20, 2013
after upgrading to 7.4.100.0 im getting this error message when trying to apply changes on the wlan id."mDNS profiling cannot be enabled with flexconnect local switching"if unselect mDNS snooping under (wlan id/advanced) i can apply the changes, but only temporary.when im looking the next time, the tick box mDNS snooping is enabled again.is this a bug or what?
View 7 Replies
View Related
Apr 4, 2013
I have several 2602 AP's that I want to operate in FlexConnect mode. The WLC is at a central HQ and the Ap's are remote. There are central radius servers at the HQ for the wlans. At the remote lcoation, there is a local radius server we want to use for the primary radius server for these AP's. This radius server has been added to the WLC. I have setup a FlexConnect Group, designated the the primary and secondary servers, and then added the AP's to the group. It does not look like radius requests are being sent to the local controller.
For this to work, do we have to check the box under the wlan for FlexConnect Local Auth? Currently, we only have FlexConnect local switching selected.
View 8 Replies
View Related
Aug 5, 2012
I am working on a new install where the customer is using local RADIUS servers at each of their many campuses (for local dynamic VLAN assignment), while using a single set of controllers at the core of their network. For the record, we have set up a pair of 5508s (v 7.2.103.0) in their central data center with 3602i APs around the various campuses. We are using FlexConnect groups to locally authenticate and switch the users.
Right now, the config is working great as far as authentication and local switching goes. The problem we are experiencing is that none of the authenticated usernames are being passed back to the controller (and ultimately NCS). This makes the tracking and troubleshooting of users difficult. Is there something I am missing here? I can't seem to find any fixes relevant to this issue in the 7.2.110.0 release notes.
View 6 Replies
View Related
Apr 5, 2013
Can we integrate cisco acs verison 5.x with active directory Microsoft windows server 2012 ?
View 1 Replies
View Related
Apr 9, 2011
I was informed by a co-worker that there is a security vulnerability with the local certificate authority in the ASA running 8.3 code. I've looked through the security advisories and haven't been able to find anything about this. Was this just misquote or am I missing the security advisory release?
View 1 Replies
View Related
May 15, 2013
We are looking at possibly adding a second 5508 controller to our network and running in HA mode. I see now that there are 5760's available that run on IOS. Is there any way we can integrate a 5760 into our existing network instead of going with a second 5508? I would prefer to invest in newer hardware whenever possible.
View 15 Replies
View Related
Jan 12, 2013
I cannot integrate Virtual MSE 7.3.101 with my Prime Infrastructure 1.2 After I setup MSE via its wizard, I make a change on WCS username and password. When I try to integrate MSE with Prime Infrastructure, Prime notify me about the mismatch username/password.
Both systems are fresh install on my UCS C220 M3.
View 4 Replies
View Related
Feb 18, 2013
I have a problem configuring ClientLink on a FlexConnect local switching AP (3602i), the problem is that I can not see the clients that are using the ClientLink feature when entering the show interface dot11radio 1 lbf rbf command, the AP shows "Hardware beamforming stats not supported (radioid 0x3B00)" message instead of show the client information. I am using a 2504 Wireless LAN Controller running 7.3.101.0 software version, why is not working properly?
View 7 Replies
View Related
May 22, 2013
Does the access point 1600 and 2600 support flexconnect mode?
View 5 Replies
View Related
May 12, 2013
A customer of mine has a centralized 2504 WLC with 7.2 code running. They have 1142N APs deployed locally as well as in remote sites (3) in FlexConnect mode. For no apparent reason last Thursday all the remote APs disassociated with the controller and could not rejoin. All the local APs remained up and unaffected.No changes to the WLAN, LAN, Firewall or MPLS WAN occured to cause this.The customer opened a TAC case and their determination was that ports 5246-5247 were not getting thru. When the customer engaged me this morning I had him run a packet capture on the Sonicwall firewall to prove out if the CAPWAP signals were leaving and returning across the WAN. Sure enough we can see this bi-directional traffic (pic attached). Also, I had the MPLS provider run a trace at the far end and they see the same traffic leave the remote site. And then an odd thing happened; one of the APs at one of the remote sites all of a sudden Joined the controller. So I tried rebooting the AP that is located in the same office, and it fails to Join. When I look on the controller under AP Join statistics, the last activity shows the controller receiving a Discovery Request and response is sent, but no further Config Request and response or Join Request and response.
View 8 Replies
View Related
May 31, 2013
However, I now have a number of devices... certain smartphones so far... that will NOT connect to a FlexConnect AP if it's a 1262AGN AP, but my older 1242G AP will accept the devices without issue. Same SSID, same encryption standards.
If I connect the devices to my guest network (no security), they will connect just fine to both APs, and Non-FlexConnect 1242 and 1262 APs will both accept the devices without issue using my private network.
In other words, it seems to be an issue specific to 1262AGN with my encryption security. My security is WPA2/AES with PSK. No additional security on the SSID.
View 19 Replies
View Related
May 22, 2013
We have a problem when I call bettween two 7925 in same SSID, VLAN voice. They cannot hear each other. The SSID and LAPs are in Flexconnet. From desk phones there are no problem and betwen one deskphone and one wireless phone there no problem too.
View 2 Replies
View Related
Feb 3, 2013
I want to use the flexconnect in the same network where the wlc is located. Normally we will do it for over WAN and branch office. But I want to use in the same main office to avoid more bandwidth utilization on my distribution layer. Wlc is connected on Distribution switch.I want to do local switching in the access layer switch.
The below is the sample topology. But real topology contains nearly 200 AP's(3600 series) and 20 access switches and so on.....So there is a chance of 200 AP * 350 Mbps can flow on the distribution layer.So ,
1)If I use flexconnect any issues will be occuring?
2)Does it cause any impact on VOWLAN?
View 4 Replies
View Related
Nov 29, 2012
I have one WLC 2504 with 7.3.101.0 code and 4 APs 1142 in Flexconnect mode all of them are in one group with 2 SSIDs in two differents VLAN:
-Admin VLAN 151
-Corporate VLAN 158
-Guest VLAN 159
-The auth is 802.1x using an ACS ver 4.2
I connect my Laptop to the corporate SSID and start to have access to web services, intranet services, etc but arround 15 25 min after i connect i lost connectivity to my GW and all the services but i still have my IP info. I do some tests on MAC books, Laptop with Windows XP, 7 and 8 and its the same for all. I config one switch port in the corporate VLAN and i never loose connectivity.
If i reset the WLAN connection all start to works.The ports in the SW are in trunk mode and almost always the APs are in connect mode.
View 8 Replies
View Related
Feb 17, 2013
i have installed ISE1.1 on VM and other hand vWLC7.4 also there in VM i am using 1130AG APs in flexconnect mode and using central auth and central switch.i wan to configure it for CWA(central web Auth) from ISE but a little a bit confuse about ACLs.
View 2 Replies
View Related
Aug 22, 2012
I have about 200 APs (Cisco 1042n and 1142n), 4 controllers (5508 and 2504).. Switches are 2960s and some other stuff.. I Use NCS for management.We have a couple of vlans and SSIDs, when users connect to a SSID i use Flexconnect to associate the users to the correct VLAN.
View 5 Replies
View Related
Apr 8, 2013
I have quick question about wlc software version upgrade : currect version of 5500 WLC : 7.0.220.0,However i am planning to upgrade to version 7.2.110.0,currectly all remote site AP's are connected to this WLC , nearly 150 AP's all are in H-reap mode however once i upgrade to 7.2.110.0 version , all default should come into Flexconnect mode.Do i need to make any configuration or any changes in AP's to get Flexconnect mode or will it be default mode as Flexconnect mode in new version of WLC ?
View 1 Replies
View Related
May 1, 2013
1) Virtual controller 7.3.112 is OK
2) N° 2 LAP 1130 e 1240 is Joined to controller OK
3) flexconnect in localswitch is OK
4) flexconnect in central switch IS NOT work.
View 3 Replies
View Related
Apr 22, 2013
Subject: FlexConnect compatibility with Access Point? We have today one Cisco 5508 and those access point on remote sites
o CISCO AIR-LAP-1131AG-E-K9
o CISCO AIR-LAP-1231G-E-K9
o CISCO AIR-LAP-1142N-E-K9
We plan to use redundancy on the controller and implement Flexconnect on the remote site. What we need to know is if I can implement Flexconnect on all actual access point - I think it is possible on 1142N + 1131G but do not know on 1231AG - is it correct or I'm wrong ? We plan to install the latest SW version for 5508 controller.
View 1 Replies
View Related
Jul 23, 2012
I have found some samples on the FlexConnect setup for the controller side. However none of the documents mentioned how the switch port should be configured that goes to the controller and AP.
At this moment I have a Cisco 5508 configured in CAPWAP mode with 20 APs. I would like to use same controller for connecting one of the remote sites with 2 APs in FlexConnect mode. Current the 5508 to switch port is configured as 802.1Q port. All CAPWAP AP ports are configured as "switchport access vlan X" where X=capwap VLAN. Need to know how the switch port should be set for the remote site where flexconnect APs connect.
View 7 Replies
View Related
Apr 27, 2013
Configuring HP switches for Flexconnect. I am not sure if or not its doable? Access Points are 2600 and 3600 with 5508 as a controller. Idea is to keep the branch traffic local but the switches are HP.
View 3 Replies
View Related
Jun 13, 2013
The wlc config guide of Release 7.4 states that sticky key caching (usefull with apple devices) is supported at AP in local mode. [URL]I am testing the new WLC 8500 with 7.4.100.60.
AP mode = FlexConnect
The wlan i activated skc is centrally switched.I debugged the iPhone (4S) roaming.I think skc works at centrally switched vlan on flexconnect APs.
*apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Reassociation received from mobile on BSSID 00:16:9c:ba:a9:b6
*apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Global 200 Clients are allowed to AP radio
*apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Max Client Trap Threshold: 0 cur: 23
*apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Rf profile 600 Clients are allowed to AP wlan
[code]....
View 4 Replies
View Related
Jan 16, 2013
copy or move into local area network? If any software to check which PC or Workstation or Users or IP to do this.
View 2 Replies
View Related
Apr 2, 2013
I have AT&T Uverse and VOIP. I can receive calls but when I try to call out many local numbers and 800 #'s I get a busy signal. I called AT&T and they said everything looks ok to them. Could this have anything to do with Windows firewall or modem settings?
View 7 Replies
View Related
Jan 29, 2013
Currently we have 20 remote sites, each with 2-5 AP's each. They all connect back to our Main Data Site in the US and register on a single WLC5508.
We do not have a backup WLC, but are looking to purchase one. What I would like to know is, are there any problems with the secondary WLC being installed in our Main Data Site in Europe? These two main sites are connected via a 10M MPLS WAN.
So all the remote sites could still connect to the WLC in the US, but in the event of a WLC failure in the US, they would need to fail over to the site in Europe
View 5 Replies
View Related
Feb 6, 2013
I'm using WLC5508 /w 7.0..My client do not get its IP. Status shown "DHCP_REQD".I found in (Cisco Live) Troubleshooting Wireless LANs with Centralized Controllers This related with Enable/Disable DHCP Proxy checkbox. I solved. with Enabling this.But,
1) Why this box have been working correctly for longtime? No one did diable/enable this feature on my box.
2) I guest, ver7.0 Disables this chechbox by default. Or not? I also have others two 7.2 boxes. Those are all Enabled.
View 7 Replies
View Related
Jun 8, 2012
I have been having some issues with Windows Audio needing to be restarted every time I log on. Also my theme has changed unexpectedly. I also noticed that Wndows firewall isn't started and it won't let me start it it gives me this...Could not start the Windows Firewall/Internet Connection Sharing (ICX) on local computer. Error 3 access is denied.
View 3 Replies
View Related
Apr 20, 2011
How to place security + a password on a folder that is shared on a local area network. i don't want other users to access the contents in the folder since we are all on the same local network.
View 4 Replies
View Related
Jan 17, 2011
i have a cisco ACS version 5.0, I need to authenticate a wireless users connected to WLC 2100 controller when i connect the controller to a Dot1x port in the switch , the port go down.
View 6 Replies
View Related
Feb 4, 2013
I have a WLC5508 , we are using external DHCP for WLANs
one WLAN is able to get IP from DHCP server but another WLAN not , the DHCP server is same , only 2 different scopes.
This is debug
*DHCP Socket Task: Feb 05 21:26:43.106: e8:06:88:9b:a8:04 DHCP received op BOOTREQUEST (1) (len 308,vlan 1, port 1, encap 0xec03)
*DHCP Socket Task: Feb 05 21:26:43.106: e8:06:88:9b:a8:04 DHCP processing DHCP
[Code].....
View 2 Replies
View Related
May 7, 2012
I have some problem about dhcp via VMware 7.1. My client connect the wifi and get ip address well, then, i turn on VMware (inside my computer) and set as the bridge mode. I found that my VM cannot get the ip-address from dhcp server and I using WLC5508 version 7.2. I try to connect via Switch, my VM get the ip address well.
View 1 Replies
View Related