Cisco Wireless :: Set Up Fail Over Capability On Two Active WLC 5508
Mar 18, 2013
for some reason some AP's are terminating the association to either one of the controllers for a short period of time. When this happens and the AP re-associates itself with either of the active controllers, it looses the information of what group it previously belonged; and it gets dropped in the default group, broadcasting every single SSID available.
What I would like to see happen is that if for some reason an AP terminates association, but restablishes it shortly; it can automatically go to the correct group.
Both WLC are running the same version and have the same amount of licenses, they can hold all the AP's one of the WLC came down. Config-wise they are identical except that the groups are named differently but ultimately configured the same. If that is an issue we can change it no problem since it's only the name.
View 5 Replies
ADVERTISEMENT
Jul 18, 2011
Does WLC 5508 has capability to create login credentials with specific time of validity? Could it be used in hotel set-up to provide prepaid access account to guest?
View 2 Replies
View Related
Jun 9, 2013
I have a lab network setup at my house with similar equipment to our office that I use for testing different features and functionality. Since I have had this installed (~ 2 years) I've had an intermittent but recurring problem with connectivity to various wireless devices that I have never been able to fully resolve.I have a 5508 Wireless controller with a handful of 3502i APs spread throughout my house. The controller is connected to a 3560X switch. And I have an ASA 5510 firewall as my Firewall/Internet Gateway. When I work from home I most often work from a desktop computer in my office and have a Windows RDP session to a laptop located in another room in my house on one of my monitors as a working space (I know this is weird but there is a good reason). This laptop is connected via WiFi at all times.Occasionally, I will lose connectivity to this laptop (or not be able to connect back to my desktop from it) and have to start an extended ping from the laptop to the desktop to re-establish connectivity. A while ago I performed some deeper analysis on what was happening and what I found is that when the connectivity breaks the problem is that the desktop is unable to resolve the MAC address of the laptop. It sends out ARP requests but never receives any reply back.
Why would the controller stop replying to ARP requests for the IP address of the laptop?If I log into the controller while this is happening it shows the laptop as a connected client, and has its IP address and MAC address listed fine in the clients section. In order to avoid getting up every time I need to reconnect, I normally hop to a system I control across one of my VPN tunnels via RDP, then connect BACK to the laptop and start the ping to re-establish connectivity back to my main desktop machine. This works because the firewalls ARP cache hasn't cleared yet. And then everything works fine again... unless I manually clear my ARP cache. Sometimes clearing the ARP cache will result in the exact same problem again and I will lose connection. Other times it seems to repopulate almost immediately and the connection doesn't drop.
A wireshark debug from the desktop reveals that ARP requests simply go out with no reply, confirming what is happening.As a note, I have set both the User Idle Timeout and the ARP timeout to 24 hours to try but this has not had any effect.This problem seems to go away and then come back. In fact, I havent been experiencing this issue for probably a couple months recently and then it just started again in the last few days which is why I am back to posting here. No changes to the network were made in the meantime that could account for this change in behavior. I am currently running version 7.2.111.3 but this behavior has persisted through at least four software upgrades so I don't think it's an issue with a specific version but I don't really know.I occasionally epxerience connectivity issues in my house to other devices as well that I use less often like a printer, network camera, apple tv so I now feel like these issues are likely all related.
View 5 Replies
View Related
Apr 10, 2011
I have two ASA5510 configured in an active/standby failover configuration. Everything is working well, but I would like to remove DMZ2 as it is no longer needed. On my DMZ2 interface, I have removed the security level and the IP address and shutdown the interface. However, when I do a "show failover" DMZ2 is still showing up. I would like to remove it completely so that failover isn't even "monitoring" this interface. What command am I missing or what do I need to do to completely remove this interface from this "show failover" listing? [code]
View 7 Replies
View Related
Apr 2, 2013
I have a dual ISP, 1 primary and 1 secondary terminated on fa0 and fa2 on our ASA respectively. ASA was configured so that, when the primary fails, the secondary kicks in. [code]
It was until yesterday that we experienced downtime on the primary ISP that the secondary doesn't do the fail-over. I have to manually configure the device to use the secondary ISP. Currently, I'm looking at maybe this has something to do with the licensing.We are currently using a Base License, should we be upgrading to Security Plus?
View 10 Replies
View Related
Feb 29, 2012
I have been having an annoying issue for the past few weeks with my ASA setup. We are using the ASA as our Remote Access Gateway and originally had it setup in a Active/Standby failover configuration using 2 x 5520 ASA's.The original setup of the devices was that the 2 x ASA were setup in a failover configuration, with both of them connecting back to the internal network via a 6500 device. Because of using failover I created a VLAN on the 6500 and put the two ports that connect the ASA's into that VLAN. I then configured the VLAN interface to be the EIGRP interface for the neighbour relationship to the ASA's.
The problem I am seeing is that the EIGRP neighbour relationship between the Active ASA and the 6500 keeps flapping. It occurs abour 4-5 times every day at randmon intervals. Sometimes the neighbour relationship will stay up for 6-7 hours, other times it flaps every 1-2 hours. I initially thought it was due to the failover configuration so I removed one of the ASA's and removed all of the failover configuration, but the EIGRP neighbour flapping problem still exisits. [code] Since removing the failvoer configuration I am thinking it could be a physical cable problem?
View 4 Replies
View Related
Jun 29, 2011
I have a pair of 5520s running 8.2(3) in failover active/standby, routed mode. I have an issue with SSH as it's stopped worked after a short time, less than 8hrs during the network being installed, telnet is working fine as is https/asdm. I have re-created the crypto key and the ssh access is allowed. When I try to connect I just get a flashing cursor, telnet to the ip and port 22 also works.
View 1 Replies
View Related
Nov 10, 2011
Just recently upgrade our 2 5508 controllers from 6.0.199.0 to 7.0.116.0. Since that upgrade, I have a handful (8 to 10) of wireless laptops that now refuse to associate to any access points. The thing these laptops all have in common is some variation of the Intel Wifi Link AGN cards. I have about 200 other clients out there working just fine.
I've tried everything under the sun that I can think of. Patches, drivers, the whole sh'bang.
Is there a known issue with 7.0.116.0 and these particular cards?
View 17 Replies
View Related
May 2, 2011
I have three 5508 WLCs, running code 7.0.98.0 supporting 100+ LWAPs in H-REAP mode. The LWAPs are servicing 2-3 WLANs each. Some are using central authentication and local switching, some are configured for central authentication and central switching. When the LWAPs fail from one WLC to another WLC, the LWAP's lose all of their VLAN mappings and pick up the VLAN of the management interface on the new WLC.
All WLANs are configured to use the management interface on the WLC and the VLAN mappings are configured per LWAP on the H-REAP properties tab. The WLAN ID numbers and all the WLAN settings are the same across all 3 WLC's. I have created AP groups on all 3 WLC's and the AP group config matches across the 3 WLCs.
I can get the LWAPs to keep their VLAN mapping by creating an interface on the WLC with the VLAN ID of the locally switched/remote site VLAN and then setting the interface for the WLAN to the new interface. However, then the WLAN doesn't work, because the centrally located WLC doesn't have the remote site VLAN. It also seems to keep the VLAN mapping if I create the locally switched/remote site VLAN interface on the WLC , and point the WLAN to the management interface. This shouldn't be a necessary step though... In H-REAP with local switching, the LWAPs aren't using the interface on the WLC.
I found a note in the 7.0 WLC config guide that explains why the VLANs are picking up the management interface VLAN, but that same note says the VLAN mappings can be changed per LWAP/WLAN!
From config guide: For hybrid-REAP access points, the interface mapping at the controller for WLANs that is configured for H-REAP Local Switching is inherited at the access point as the default VLAN tagging. This mapping can be easily changed per SSID, per hybrid-REAP access point
Using H-REAP and been able to get the LWAPs to keep the VLAN mapping when failing from one WLC to another?
View 9 Replies
View Related
Dec 8, 2011
accounting in ACS 5.3. When I setup accounting on WLC 440x / 5508 ACS takes them as an authentication request and fail.
Here are some logs what I see in acsview:
Dec 9,11 6:05:11.783 PM
Radius authentication failed for USER: navrka2 MAC: a.b.c.d AUTHTYPE: Radius authentication failed
ACS Session ID:
dc2aaa1v/112555963/420
Audit Session ID:
0a9a01d7000001fd4ee23a3d
Tunnel Details:
[code]...
View 4 Replies
View Related
May 24, 2011
I have just recently purchased a 5505 Controller and 30 3502i AP's. On my main corporate WLAN, I would like to allow users to be able to authenticate via Active Directory username and password.I am also looking for as little client side set up as possible. From what I have researched, I will need to use some type of EAP method.
I have come across two methods that appear to be the top contenders.
EAP-FAST - The method seems to be a possibility but I see that it uses certificates. If I use this method, does it mean that I would have to import the certificates to each machine manually? Also, can I configure thsi to work with just the 5508 Controller and an AD Database server or do I need an intermediary like IAS or ACS?
PEAP/GTC - This method is also a possibility and I think that it does not require certificates. Does this also require an intermediary like ACS or IAS.
View 3 Replies
View Related
May 10, 2011
I need to configure EAP-FAST without certificate and authenticate to the corporate Microsoft AD database, Do I need a Cisco ACS server in the middle to forward the authentication to the AD? Or I can do the authentication to the AD directly? I am using a WLC5508.
View 6 Replies
View Related
May 18, 2011
I am deploying Redundant WLC 5508 with 4 VLANs and 4 SSIDs Match to it, Everything works Fine, now i need to do the below:
1. I need All Wireless Users need to authenticated with Existing Active Directory/LDAP
2. I will Create Guest Accounts in my AD , and pass to Guests, Then Guest should only Access Internet except Corporate Resources
2. How can i secure my Voice VLAN for Wireless Phones. I want only WIreless Phones to Connect to Voice VLAN.No internet Access on Voice VLan
View 4 Replies
View Related
Jul 17, 2012
I have a pair of ASA 5520s operating in failover pair as active/standby, having two contexts on them. I am planning to share the load and make it active/active making first context active on the primary unit and second context active on the secondary unit. My question is if this will disrupt any connectivity thru these firewalls when I do "no failover" on the active/standby and assign the contexts to different failover groups and enable the failover back.
View 6 Replies
View Related
Feb 22, 2012
We have two Cisco 2960 TT-L switches. I'd like to reduce single points of failure and have dual servers for most tasks. For example, two firewall servers and two web servers. Should one server fail the other will act as a failover.I'd like to extend the redundancy to the switches, and am thinking of connecting one web server to one switch, and one to the other. In the event a switch failed a set of servers would still run, and be able to talk to each other.I'd like to run two VLANs, one for the LAN, and one of the WAN, and connect the two VLANs on each of the switches with the associated VLAN on the other switch.
View 3 Replies
View Related
Mar 20, 2012
I am looking at deploying a pair of 5585X's in an active/active multiple context state. I am creating Mulitple contexts that need to be able to route to each other. I was going to deploy a type of Gateway context that has a shared interface to all of the other contexts, instead of sharing interfaces directly between the contexts, i beleive this will work as basically i am just cascadng the contexts and sharing interfaces.
The main problem i have come across, is that if i deploy active/active across two appliances using 2 failover groups i can not see a way to route between them, for example.
I have Context 1, Context 2 and Context GW A including the shared interfaces of Con1 and Con2 in failover group 1 on appliance A with the respective standbys on Appliance 2. I have Context 2, Context 4 and Context GW B including the shared interfaces of Con 3 and Con 4 in failover group 2 on appliance B with the respective standbys on Appliance 1.
I need to be able to route traffic between Context GW A and GW B so that the contexts can communicate in normal operation and in failover. I do not beleive that I can share an interface between contexts in two separate failover groups and to be honest without adding a L3 device between the appliances i am not sure if this is possible.
View 9 Replies
View Related
Dec 17, 2012
I have two ASA 5510s running in Active/Active mode. I need to make config changes on them. How do I go about it? Do I power off the secondary ASA and make the config changes on the primary and then power on the secondary ASA ? Or this another way to do this?
View 3 Replies
View Related
Jun 1, 2011
I have an ASA5520 in location A with an ISP connection and a matching ASA5520 in location B with a separate ISP connection. We have fiber connecting the two locations and vlans passing back and forth so I will be able to configure the failover via a vlan as well as extend the ISP's to each location via vlans. The Active/Active configuration with the multiple security contexts does not seem to be an issue but how is a redundant ISP configured in this mode?We want to have context A using the ASA in location A with ISP1 as the primary and failing over to ISP 2 in locaiton B We also want to have context B using the ASA in location B with ISP 2 as the primary and failing over to ISP1 in location A Would route tracking provide the desired result? Is there a better option?
View 1 Replies
View Related
Feb 7, 2012
The 6509 Series Switches support the scenario VSS Active-Active Chassis, I would like to setup both switch's as one virtual switch but working at the same time, not with Active - Stand By Chassis.
My plans it to create PortChannel accross both Switches 6509 in order to have 2 links one connected to one slot/switch and the other connected to slot/switch in the second 6509 for servers redundancy.
View 1 Replies
View Related
Jun 10, 2012
I am working on a network which has two ISP connections (Active/Active) terminating on router (ASR1000). From the LAN side (6500 switch) all the traffic need to be route on ISP1 but some of the specific subnets like 10.250.0.0/16 need to be route on ISP2 connection.
I am planning to use PBR and NAT with route maps. any documents or refrences are provided.
(access switches)---------(core switch)----------(routers)----------------(ISP1)
----------------------(ISP2)
View 1 Replies
View Related
Apr 10, 2011
I faced one problem in our core switch 4507 R . Active sup lost connection and standby came active. We got lot of errors/alerts on console shown below. [Code] Also when I reloaded the switch with reload command only both sups got reloaded but I want to reload all the modules but reload command do not gives any options for that.
View 2 Replies
View Related
Mar 30, 2011
I have 2 asa 5520 firewalls including and 1 AIP-SSM-10 module in each of them. the configuration is set using active/active failover and context mode.
Both of them run individualy the IPS module. The IPS is configured using inline mode and fail-open option. However when one of the module fails and the state is changing from up to init or anything else making the IPS to fail then failover is detected and ASA consider it as failover and bounce context to the other unit.
IPS soft is 6.0(4) and ASA soft is 8.0(3)
I have checked cisco doc and it is confusing to me. it says: "The AIP-SSM does not participate in stateful failover if stateful failover is configured on the ASA failover pair." but it really does participate. Running is not really an option because of production network impact matter..
View 2 Replies
View Related
Sep 19, 2011
We have an Active/Active ASA 5520 setup, as i know in Active/Active setup there is no remote VPN access, So i could overcome this limitations?I have a solution but i dont know if it is ablecable or not? we have a spare ASA 5510, so i can use it behind Active/Active Firewalls and assign a public static NAT IP address to it and open all IPSEC and VPN ports and let the remote users to connect to it, is this ablecable setup or not?
View 1 Replies
View Related
Dec 27, 2011
its possible to set up active/active failover using etherchannel on 5585s?
View 1 Replies
View Related
Mar 17, 2013
How to Configure ASA5520 for Active/Active
View 8 Replies
View Related
May 7, 2007
our application team is mandating, that the solution we should come up with for SLB, should support Active/Active mode of SLB operation.
My question, is this mode of operation supported/accredited by Cisco, and what is the draw back from the traditional active/standby.
View 2 Replies
View Related
Sep 6, 2011
My HP laptop (Windows Vista, 4-5 five years old) has started to malfunction. I cannot connect to the router attached to my PC. The message tells me that the wireless capability is turned off. It says "Turn on wireless capability - this can be done by using as switch which can usually be found on side of computer or a function key combination." I can find no switch on my laptop, and don't know how which function key combination to press.
View 3 Replies
View Related
Mar 26, 2011
even after switching on & off external button on laptop but still my laptop states wireless capability is turned off. what do i do.
View 1 Replies
View Related
Oct 3, 2012
the wireless capability says it is turned off, however the switch for wireless is on, and I heard that it might be in powerdown mode, do you know where on a dell this can be changed or the wireless capability turned
View 1 Replies
View Related
Jun 6, 2012
how to turn wireless capability on ,on hp 530?
View 1 Replies
View Related
Sep 5, 2011
My daughter has an old Compaq N600c with OS XP professional. When she visits me she would like to use my wireless broadband, however, her laptop does not seem to have a wireless capability. Is there any way we can install a card or something? I opened the silver multiport cover on the laptop lid � and there is a green card in there, marked PCB-PC7507 TRANSFB-30D-VER 310.Alternatively, would one of those USB dongle adaptors work? If so, can you suggest what to buy?I�m useless with computers.
View 3 Replies
View Related
Feb 23, 2013
Does the Apple MacBook Air MD224LL/A have an integrated wireless network (Airport or otherwise) that will enable it to connect to the internet, even though the specs do not mention Airport?
View 1 Replies
View Related
Jan 9, 2013
My computer the theme of my laptop changed and a lot of programs have now shut off it has now been 30 minutes and I have turned on all the programs that was needed i did ant virus scan and nothing came up, how do i turn my wifi back on? its not my modem cause i manually connected it to the laptop and its working fine and if it was my modem I would still get to see the other connections in my housing area.
View 1 Replies
View Related
