Connection to a wlc on subnets

Similar Questions

• AP failed to connect with the WLC.

  We have 5 sets of 1700 APs works on the mode of the controller and cisco WLC 2500.
  I configured the controller as I always used to do, but this time the access points have been unable to reach the controller.
  That's what I did:
  controller IP address:192.168.1.250/24
  GW:192.168.1.1
  Primary DHCP: 192.168.1.250
  I have connected the port1 controller with ethernet cable from the switch and the same switch I connected the AP.
  We used the adapter instead of the POE switch.
  I even tried assigning address to AP directly through the console as:
  CAPWAP ap controller ip address and so on. This did not help either.

  There was this message in the AP "% CAPWAP-5-DHCP_RENEW: could not find WLC by using DHCP IP." DHCP IP renewal. "
  Moreover, the POE ports in the controller, they provide enough energy for the PA to operate?
  Help, please.
  I have attached the PuTTY log as well.

  Hello
  WLC connection has successfully been created. Then he for some reason any. I don't know if this helps, but try to connect the ethernet cable directly to the AP instead of port POE port to THE.
  You can use port POE on AP even if you don t use the POE switch.

  And regarding the port POE on WLC. Cisco doesn´t recommend that you directly connect AP to WLC, but it is possible.

  Also I Don t see that the IP address is assigned by DHCP.
  Try also to use the commands:
  CAPWAP ap ip address...
  CAPWAP ap ip default-gateway...

  I guess the WLC and switch are configured correctly.

  EDIT:

  I had similar problem today.
  Just connect the cable from the console to AP, go to mode and type the commands:
  Claire capwap private-config
  Claire lwap private-config

  then reload AP with command "reload".

  After these commands AP joined succesfully WLC

• Connection 5520 s WLC to 7706 Nexus s

  I "inherited" a bunch of material that the customer wants to use me to a local wireless network. The interesting bit connects the WLCs 5520 to the 7706 s nexus.

  Ideally, because I have two WLCs and two Nexus, I would like to connect a port of each WLC to each link, but it is complicated by the fact that the Nexus is running vPC, not VSS and speaks only LACP, but the WLC includes only coy LAG.

  It has been suggested that if I created the Nexus (Nexii?) to run the WLC and LACP to run LAG, it will work, but I want to be reasonably sure before going to the risk of exposing myself to ridicule when a CEP fails.

  So, in a nutshell: can (and if so, how) I connect two 5520 WLCs to a pair of Nexus 7706, such as incoming traffic or Nexus can get WLC and criticaly, BACK to the source using only the features of L2, or if this is not possible, how do this with routing rather than go without making a rod for my back?

  Thanks for any help

  Jim

  Hello Jim,

  Cisco TAC, topology I tried was invalid itseems. By their suggestion a configured WLC LATE can be connected to a single switch upstream :(

  Please find attachment as the physical topology that I was recommended.

• Access point does not connect to my WLC

  Hi all

  I have a strange...

  I have 5 AP1000 used to connect to my WLC without problem, now they will not join with the WLC.

  I have the following error in syslog "no Council payload of data found in the join query? I'm also 10 AP1242 who register without problem. Does anyone have any ideas how I can get these babies to join the WLC?

  See you soon

  Colin

  Yes, 1000 access points are supported only on code 4.2... They do not have enough memory to support higher levels of code...

• Unable to connect to storage as "different subnet."

  Have just updated my LenovoEMC device to the latest version of the software (4.1.114.33421) and now get the message

  "Unable to connect to the storage because it is in a different subnet.

  but I can go to the Admin in the usual way, through devices and can change anything, as all the mapped drives as if it worked and all the data is visible?

  Reset the system and all users etc., verified that DHCP is select rather than fixed, tried fixed without result.

  Someone has an answer that works or is a reset?

  Got it finally - works had to install a new version of Storage Manager - Version 1.4.8.33485

  After installation, restart the PC only and ran it Storage Manager - it took forever, but she finally found my nas and created links to explore.

  Can't believe that they a D A M N blip! in my previous post - AR even if you ask me.

• Internet Auth users simultaneous connections by Cisco WLC 5508?

  Hello

  We have 2 WLC5508 (7.2.111.3) with multiple SSID.

  One of them is configured as Passthrough with an external boot server. Works very well.

  Now, we want to use the "failure of MAC filtering on.

  If the client MAC address is configured under filtering MAC on the WLC, authentication is done without WebAuth.

  If the MAC address is not known, the client will be redirect to the external WebAuth server for authentication.

  To preserve the functionality of relay for the user, we have hard coded a username & password in the start page.

  Thus, each customer WebAuth uses the same user name & password for authentication against the WLC.

  Strategies of user login is set to unlimited.

  So far so good, it seems to work, but I've read that the controllers of Cisco 5500 supports only 150 concurrent connections to Auth users.

  The two WLC have abount 100-170 clients connected.

  Question:

  -It's going to be a problem with 150 connections simultaneous, despited when the not usin only one user for all customers-Wifi?

  -L' user WebAuth is possible with a Cisco ISE as Passthrough, no username & password must be entered by the user.

  If so, some guide information wolud be great.

  -When it is properly authenticated, a logout screen shows on the Windows client. Can he hide some how?

  Thanks for the replies ;-)

  Kind regards

  Norbert

  Its probably a limitation to the treatment of patients with the same credentials.  I never ran into a questions, but how many comments will complain, if they hit the button to accept a few seconds after :)

  Thank you

  Scott

  Help others using the system of rating and marking answers questions like "answered."

• (Resolved) lost vCenter connections to ESXi in other subnet

  Nice day. Faced with the following problem and I can not find a solution.
  
  I have two subnets 192.168.1.0/24 and 192.168.2.0/24. Subnets connected through VPN.
  The first subnet a vCenter Server (192.168.1.10) and a computer with vSphere Client (192.168.1.11).
  In the second subnet has ESXi (192.168.2.8) and a computer with vSphere Client (192.168.2.11).
  
  The problem is this: after a random time vCenter Server will see more ESXi.
  
  In a thorough investigation revealed the following distribution:
  (1) when the vCenter no longer see the ESXi, is not possible to ping from the OS Server ESXi. (Windows Server 2012).
  (2) computer with vSphere Client (192.168.1.11) continues to see ESXi, pings and can be connected directly to the ESXi.
  (a) If you don't touch anything, then after a while is more able to ping ESXi and this computer.
  (3) computer with vSphere Client (192.168.2.11) continues to see ESXi, pings and can be connected directly to the ESXi. No problem to connect from this workstation at any time.

  
  After connecting directly to the ESXi, for example to change the IP address of 192.168.2.9, and then back to 192.168.2.8 - vCenter Server immediately starts see the ESXi (including pings).
  First of all, I decided that the problem in ESXi firewall and turned off by this command 'esxcli network firewall set - fake license', but this does not solve the problem.
  
  In any case, firewall turned off completely on the server vCenter Server just does not solve the problem.
  
  ESXi version: 5.1.0 1065491
  vCenter version: 5.1.0 1235232
  
  In what may be a catch?
  
  Thank you for your help.

  P.S. Sorry for my bad English

  In general, after a few weeks of turmoil, experimentally is that the problem in the router. More precisely in the metrics of routes. The metric for the route to the subnet to subnet 2.0 1.0 has more default gateway metric. Therefore, when the VPN tunnel to the bottom of ESXi immediately heading for another router, without going through the fact that he needed to get directions in 1.0 and is then reached the border, packages out there is dead. Yes... Truth is somewhere near =)

• Connect two networks with different subnets

  I have a network that is totally excluded from the rest of the network. It consists of a switch Allied Telesis AT - 8624T layer / 2M 3, a computer and a few PLC devices.

  It is the only switch Allied Telesis, the rest of our network is Cisco. Allied was by a seller.

  Our network uses a 10.10.1.X network, but this standalone network uses a 192.168.201.x. I need to connect the two networks, because a system on the network 10.10.1.x need to access the computer on the network 192.168.201.x. I wonder if I can do it with a 2960 s Cisco or if I should get a router between the two switches.

  I am pretty new to the implementation of this type of equipment, was suddenly thrown into the mix, I appreciate any help that can be offered. Thank you.

  Hello!

  You can do this with your switch 2960, they take over the static routing. Please see the following link for detailed configuration instructions:

  http://www.Cisco.com/c/en/us/TD/docs/switches/LAN/catalyst2960/software/...

  You will not be able to perform routing inter - vlan but pointing your static routes to the other managed switch interface you will be able to achieve. BE aware that the other switch must have some sort of routing capabilities too or you will need to get a router.

  I hope this can help, greetings!

  JC

• WLC Flex connect local authentication does not work

  Hi guys,.

  I'll give you a brief description of our current flexconnect configuration. We have APs configured mode flexconnect in the remote office and in local mode in the local office. Wireless LANs are the same in both locations and we have detected a problem in one specific SSID. It is a voice SSID and configured in 802.1 x mode that authenticates to a RADIUS server in the remote desktop.

  We detected only when the WAN line gets collapsed the IP phones unplugged wireless SSID and when the WAN line become free, reconnected.

  We have seen that we can configure Flexconnect local auth mode to avoid this problem, but it of esn can't work properly. We have set up APs in remote site with an IP address static and configured as NAS in the RADIUS server, but we did not see any which authenticayion in th RADIUS server package when change us the SSID to «FlexConnect auth» local

  Can you give me an idea to help solve this problem?

  Thanks in advance.

  Joel

  I suppose that clients connected by access points Flexconnect have problems where the WAN connection is down (?)

  It depends on your current configuration and security policy what are the feasible options in this scenario. If there is an available RADIUS server - who can still authenticate your users while the WAN line is down, you can configure your access points to access this server directly. You must use a FlexConnect for this group and configure the external server on the general tab, in the menu "AAA". You already made the point of access-static IP addresses and add them as clients on the RADIUS server, then it should work.

  Another option is that in the event of failure, access points to will authenticate the client based on a local data base and/or certificate. Also, this requires a FlexConnect group and the option 'Enable local authentication AP'. For example: If you are using PEAP and a specific user for VoWLAN account you can download the server and the certificates of CA to the WLC and add the credentials of this account to build the same configuration with the external server. Downside of this is the lack of central logging that may not match your security policy.

  Remember that the access point itself can't remember the relationship between the access point and FlexConnect group, in both scenarios, you need to configure all controllers manually with these MAC to the Group mappings. This behavior is different in comparison with the "groups of AP" what access point you remember during the passage of the controllers.

  The "FlexConnect local authentication" option on the SSID itself forces always use local authentication that has been configured on the FlexConnect group even if the connection with the WLC is available. I don't think that it is feasible to use it in your scenario.

  Please rate helpful messages... :-)

• 3702 AP loss connectivity to WLC in local mode

  Hi Experts,

  I have an AP 3702 which loses connectivity to the WLC and line protocol goes down.

  PoE is always present on the connection to the switch, but only to 15.4 instead of the full 16.8 as with normal operation 3702.

  There are 8 other 3702 AP this floor who have no problem.

  "Could arp not the ip address of the controller, try again later" is a common phenomenon in their newspapers so I don't think it has any bearing on the issue with this particular access point.

  All 9 x 3702 are connected to a switch of edge double accommodation 3750 X battery via 3 x 3560CX in the ceilings.

  If I close and (after some time) put to the port of the switch, the AP will get back in touch with the WLC, but then drop again as before in an hour or two.

  I deleted the config on the AP and let it sit in mode monitor/sniffer for a few days and he stayed until perfectly so I thought everything was ok. I've reconfigured to accept clients, and since then, it has dropped again.

  Hope that this is not a hardware failure and your advice is really appreciated.

  Thank you

  Stem

  *Jul 22 05:14:49.539: %DPAA-3-ERROR: ! MINOR FM-MAC Error No Device;  Read wrong data (0xffff): phyAddr 0x0, reg 0x-Traceback= 119B108z 26FFF24z 26FFA8Cz 26C1870z 15090ECz 150B3C8z 150AC30z 15065C4z 12250DCz 122CF08z 132B150z 1310*Jul 22 05:14:50.099: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up*Jul 22 05:14:50.539: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down*Jul 22 05:14:52.539: %LINK-6-UPDOWN: Interface BVI1, changed state to down*Jul 22 05:14:53.539: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down*Jul 22 05:14:54.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up*Jul 22 05:14:59.099: %LINK-6-UPDOWN: Interface BVI1, changed state to up*Jul 22 05:14:59.539: %DPAA-3-ERROR: ! MINOR FM-MAC Error No Device;  Read wrong data (0xffff): phyAddr 0x0, reg 0x-Traceback= 119B108z 26FFF24z 26FFA8Cz 26C1870z 15090ECz 150B3C8z 150AC30z 15065C4z 12250DCz 122CF08z 132B150z 1310*Jul 22 05:15:00.099: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up*Jul 22 05:15:00.539: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down*Jul 22 05:15:02.539: %LINK-6-UPDOWN: Interface BVI1, changed state to down

  Messages above give me the feeling that there is a problem with communication between the physical network of the access point connection and control software. This can be hardware and associated software. Your best bet to analyze tracing messages is TAC, so my advice is to connect a case and let send them your registration. The 3700's have "limited lifetime warranty" so you can ask a new in case it is broken (even without a smartnet) you have to wait at least 10 days. Keep us informed about the solution! Please rate helpful messages... :-)

• WLC connect through ACS 5.1

  Hello

  I was wondering if someone managed to configure ACS 5.1 to accept the connection of a WLC 5500 request?

  I managed to get configured following the tracking https://supportforums.cisco.com/docs/DOC-14908 link
  but when I try to connect to the WLC by using my credentials for GBA I just get the login again screen.  I checked the logs of GBA and it says my user name has passed the authentication process and it corresponds to all the rules that I set myself.  The only thing I have noticed is my 'privilege level' is only 1 but I don't know if it is right for an http connection.

  Any help would be appreciated.

  OK, so it seems that there is a space or a carriage return after ALL

  * tplusTransportThread: 11:38:45.980 24 Jan: arg [0] = [28] [role1 = ALL]

  Can rebuild you the attribute, then click on apply, you might be able to put the cursor behind ALL and click on delete.

  Steve

• How can I ensure that only known AP to connect to WLC

  I have a Cisco 2112 WLC with of 1131 LWAP

  How can I ensure that only known AP to connect to the WLC?

  Thanks in advance

  Richard

  Hi Richard,

  You can use allow the PA against AAA to make sure that all AP registering on your WLC are allowed the AP network.

  By activating this feature, only these AP whose mac addresses are present in the list of permission, will be able to register at the WLC.

  This list of authorization may be present externally on a server or a local list on the WLC himself. The link below explains in detail:

  http://www.Cisco.com/en/us/products/ps6366/products_configuration_example09186a00808c7234.shtml

  Another feature, which has already been mentioned in this thread, is the unreliable detection. With this feature, the WLC will be able to detect any access point that is not a part of his band RF and contain them.

  Please see the document below for more information in this regard:

  https://www.Cisco.com/application/PDF/paws/70987/rogue_detect.PDF

  Kind regards

  Stéphane

• WLC design question

  Hello NetPros,

  I really need someone to clarify a few things about ssid/interfaces/VLAN!

  I would like to put a wlc to a central site and have the lwapps installed in remote locations.

  There is layer 3 between the central site and remote sites connectivity.

  Suppose that the management interface of the WLC is vlan 10 on HQ site. Then I have 2 LANs wireless VLAN 20 and 30.I have created interfaces in WLC under separate subnets and their partner to the SSID.

  My concern is this: VLAN 10,20, and 30 is created on the L3 switch that is directly connected to the WLC via trunk port. I create a VLAN 20.30 on the remote switches as well in order for the clients to connect to wireless LANs?

  To be more precise, what configuration is required on the side of switches (site HQ / remote) in order to implement?

  Thank you people!

  If you want to * ALL * your wireless traffic to your remote sites to go back through your WLC to your HQ then yes it is correct, you will not need to build each VLAN on each switch on remote sites.  Wireless traffic will be placed in a tunnel secure LWAPP/CAPWAP and travel on your back layer 3 to your HQ and put an end to the WLC.  The WLC will then pass the traffic on its ports the to your HQ switches.

  However, if you configure REAP H access points to your remote offices, then the configuration should be different.  REAP: allows to switch the traffic to the remote desktop on the remote desktop instead of tunneling switch it all back to the front controller is done move to the network.  It is local vs. centralized switching of switching. Maybe that remote users will have access to their remote cable network from the wireless remote (maybe they have a local storage device in the office and want to be able to connect wireless without having to have ALL that data travel back at the HQ of routing office).  In this scenario, you would have to create all the VLANS on remote sites like you for the first time.

  See the attached photo, which shows how REAP H works.  If you have both your AP radio wireless LANs, we can be a switched local WLAN REAP H and the other can be switched to the Center to the WLC (perhaps for customers who do not require local access)

• 5508 WLC works only with small business unit SA 520 security

  Cisco 5508 is new Wireless LAN Controller supporting 802.11ac new Giga bit wireless. It has been connected to the port of SA 520 LAN LAN port of small business Security Appliance (trunk). VLAN by default 1 works fine, which is for the management but vlan data does not work.

  However, I can ping from WLC until SA 520 on vlan data but no ping SA 520. Also the wireless clients connected to the AP cannot connect to SA 520 on the data vlan 2702 as gateway?

  both have the latest firmwares. These devices are supported?

  Any suggestion?

  Hello

  I guess your VLAN DATA is another VIRTUAL local network that you have configured on the WLC.

  Make sure of the ff.
  1. you have configured the correct WLAN interface
  2. you have assigned the right WLAN interface on your SSID
  3. the DHCP of your users (where btw?) if in the WLC, check if it is on the correct subnet and that it is enabled

  Also considering it is a safety device, check that the ff:
  1. you have configured the necessary policies and fro the AP and WLC
  -Note that traffic CAPWAP able, to avoid any problem, just allow and fro WLC and AP for example, two policies a WLC-> AP and another AP-> WLC

  2. of course, the policies necessary to allow traffic

  PS: The compatibility is not a problem, note that your servers SMB of device as a connection of the WLC. You should have no problem integrating the two

  If it is not much, kindly rate helpful messages :)

• SMB file sharing problem when connecting EA6350 to a larger network.

  Hi all

  I tried to set up a server of media for my colleagues, but have had problems for the last 3 days.  I searched all possible solutions on various forums and have managed to operate, only to discover the next day that he stopped.  I was able to get it working again, but the same problem occurred and stop randomly with additional problems.

  I will now do my best to explain the installation program. Windows 10.

  I have a line entering my room, I don't know where will the line nor can I trace it (I guess to a switch where everyone connects to).  When I connect it dirrectly on my laptop I have an internet connection.

  My ethernet card is set to automatically get IP & DNS.

  I'm affected: IP: 192.168.68.231 DOOR: 192.168.68.254 subnet: 255.255.255.128 DNS: 8.8.8.8

  I bought a Linksys EA6350 set up sharing of media files with a hard drive plugged into the USB port on the router.

  I plug in the bathroom line to the WAN port on the router and a cable from my laptop to the Router 1 LAN port and still have web connectivity.  The problem is that no one can access my shared SMB drive since it is on IP:192.168.1.1 and all the other computers are on IP:192.168.68. ***

  My router IPv4 connection report is: Auto DHCP, subnet: 255.255.255.128 DOOR: 192.168.68.254, IP:192.168.68.242, DNS:8.8.8.8

  I can't to ping other computers in the range * 192.168.68 my laptop and routers ping function.  The firewall of the router is turned off to allow them to connect. But, still no access for someone else on the shared drive because it is IP:192.168.1.1

  The way I could make it work until it stopped working randomly the day after was by pluging the line room in LAN 2 port, LAN 1 port is connected to the laptop.  The value of my computer laptop ethernet static with these values: IP: 192.168.68.231 DOOR: 192.168.68.254 subnet: 255.255.255.128 DNS: 8.8.8.8 and changed the configuration in the router for what is in the pictures.

  It worked.  I had an internet connection, and people were able to copy movies on the shared drive.  Then it just stops the next day.  The router was no longer able to ping any, but my laptop couldn't yet.  The list of devices on my router tab showed all was connected on the subnet 192.168.68 * but that's all she could do.  I have everything reset, went through the same procedures and then a day later it worked just (if I remember correctly, I've changed the "type of internet connection" on the automatic router to "DHCP").  Only to stop again but this time cut of my Internet connection of laptops until I put the ethernet adapter to obtain automatically IP address and DNS.

  I ran out of ideas runs take the router out of the equation and the pluging directly on my laptop HD and share it from there.

  Any assistance that can be provided would be greatly appreciated, thank you.

  You give the router specified a wrong IP address for the subnet mask of 255.255.255.128.

  Valid IP addresses for this subnet is 192.168.68.2 - 192.168.68.127.