WLC controller anchor Cisco HA

Similar Questions

• Two WLC 5508 anchor high availability

  Hello.

  It is possible use 2 WLC 5508 EN HOW to ANCHOR in an active scenario?.

  For example, if a WLC down the service, another Dungeon provide service to customers of anchor?

  At the moment we have just a WLC 5508 anchor mode. What do I have to configure high availability of the ANCHOR.

  Thank you very much!!!

  You have redundant WLC as anchor points, but if an anchor fails, the user must reconnect.

  There is a feature on the WLC HA, but it is mainly for foreigners redundancy WLC anchor no redundancy. With guest several anchors overseas WLC balance the load between the two. You will not be able to put a primary or backup.

  Sent by Cisco Support technique iPhone App

• Cisco WLC SSID anchored several subnets

  Hello

  I have a requirement to land a SSID on a controller of the anchor but that AP customer connect I need them to receive certain IP address.

  Then...

  I have a LWAP called AP1 connection to WLC1, WLC1 uses WLC2 as the anchor for the ssid SSID1 DC. When a user connects, I want the user to get an address of SUBNET1. If a user connects to AP2 is also linked to the WLC1 I want the user to get an address of SUBNET2

  Now... If the AP is it is located directly on the WLC2 I could use groups AP to provide this feature, no one knows if its possible to combine it with anchor?

  Thank you

  RG

  Fix... You can't do what you are trying to accomplish. If you were doing 802. 1 x, you can use override AAA to assign users to a vlan, but other than that, the WLC cannot perform this task.

  Sent from my iPhone

• WLC (foreign-anchor), problem with external web authentication-> ISE

  Hello guys

  I am designing a platform for a network of comments, which must be isolated from the LAN, the following facilities:

  • ISE 1.2 (SNS-3415-K9 Cisco)
  • WLC 7.0.230.0 (Cisco 5508 controller)---> foreign wlc
  • WLC 7.0.230.0 (Cisco 5508 controller)---> wlc anchor.

  The PAES tunnel between wlc is successfully completed.

  The wireless client gets the IP address of the anchor wlc (DHCP server).

  Test 1:

  I have set up the ANCHOR WLC with local web authentication (internal), the wireless client is authenticated by WLC and successfully navigate.

  Test 2:

  Configure the authentication web external anchor (ISE) WLC. Configure a user to the portal comments ISE.

  The wireless client gets the IP address of the anchor wlc (DHCP server), attempting to engage not display comments portal.

  Debugging a wireless client, try to connect to the guest network is attached.

  That's right... they have a version of code required minimum supported for this.

  Thank you

  Scott

  Help others using the system of rating and marking answers questions like "answered."

• Certificate on controller anchor comments number

  Hi all

  We have an anchor inside a demilitarized zone controller. The GW standart for customers is the virtual interface (in this case 1.1.1.1). because it's a site https clients must accept the certificate manually (we all know this problem..).

  I work with the internal DHCP scope and also give them Internet DNS servers.

  no idea how to get this installed certificate? I read that the IP virtual (1.1.1.1) got to have a DNS entry (in this case Internet DNS). It's bad enough, as we have several anchors in several countries, all work with 1.1.1.1. And also, this virtual IP address that is accessible from the internet to perform a DNS lookup?

  Would be great if someone has an idea or already has some experiences.

  TIA

  Thom

  Thom,

  The Virtual Interface needs an IP address is because a certificate cannot be issued to an IP address, it is granted FULL domain name. I have a client who is international where I set it up and I had to get their external DNS host (since they don't have a DNS server in the DMZ) to add a host for each of the controllers entry.  for example: WiSM1a.someplace.com has been reported to 1.1.1.1, WiSM1b.someplace.com pointed to 1.1.1.1, etc... you get the general idea. Then, you must take the device real certificate and the certificate of the intermediate range and combine them in a package of certificate required of the WLC.  This problem is much easier to solve if you have a DNS server in your DMZ that you control.

  I hope this helps... Please evaluate the useful messages.

  Thank you

  Kayle

• authenticate the cisco WLC 5508 with cisco ACS 1120 (version 5.0) using GANYMEDE +.

  My installation has cisco WLC 5508 and ACS 1120 ver 5.0. How to authenticate users who access to the WLC via the ACS 1120 users GANYMEDE +. I am able to authenticate users for routers and cisco switches, but when I try the same for the CMT, it fails.

  Can someone explain please the config/basic steps that must be configured on both services ACS & WLC.

  You use plain vanilla 5.0 or have installed patches?

  the ACS 5.1 has new GANYMEDE related functionaity, including support for custom services and attributes. If they are necessary for the WLC yo need support it would improve.

  He could also relevant corrective patch from calendar 5.0 but I can't find any relevant specific at this stage CDETS

• Access to Motorola RF controller via Cisco ACS

  Hi all

  I want to be able to use authentication on our Motorola RF using Cisco ACS 5.2 controllers remotely. We have the responsible ASB and you can choose different user roles outside of "Super User".

  The reason is that the ID attribute for the role of 'Super user' is 32768 and but ID attribute within the ACS can take only 3 digits (see fig. 1 gasket)

  Anyone had any experience of this or know how to edit this field for more than 3 digits?

  Any help will be much appreciated.

  Thank you

  John

  I can see the issue you are referring to and does not seem to be a bug - dig when it exist and if is not open

  An entire book would not use an enumeration attribute Type but rather an unsigned integer

  Then you must enter the value directly in the authorization profile rather than selecting from a list

• Cisco WLC 2504 internal DHCP does not work properly

  Hi all

  I m trials with a Cisco WLC 2504 and some APs of 1832. I set up a DHCP scope on the interface of the controller with 2

  a large number of different configurations, but the DHCP protocol does not work and Don t Access Point to obtain an IP address. My first question: is it possible to do DHCP for Access Points or only for wireless clients?

  These are my interfaces:

  Interfaces

  

  Interface of the PA-Manager:

  Interfaces1

  

  Interfaces2

  

  My DHCP scope:

  Scope1 DHCP

  

  Portee2 DHCP

  

  Advanced DHCP:

  DHCP Scope3

  

  I forgot something? Is there anyone using DHCP for its access points?

  Thank you!

  Hello

  On Cisco WLC internal DHCP, you can add the option 43 to say where APs must register. In this case, they will try to resolve the DNS CISCO-CAPWAP-CONTROLLER or CISCO-LWAPP entry.

  Let me explain briefly how AP-Manager works on WLC:

  1. Boots of Access Point and sends a discovery request to the management interface of the controller using the intellectual property you configured as DHCP Option 43 (as described above, it can be resolved by the DNS entry)
  2. Controller, sends it a response discovered that contains the name of the system, addresses AP-Manager, the number of access points already connected to each interface AP-Manager and the overall capacity of the controller.
  3. Joints access point controller using the less loaded interface AP Manager.

  With this, every AP Manager must have a good configured interface and be connected to a different port, no LAG.

  I drop a post here sometimes there is which might help:

  https://supportforums.Cisco.com/document/118311/configuring-multiple-AP-...

  Thank you

  PS: Please do not forget to rate and score as correct answer if this answered your question

• Migration of Cisco WLC 5508 to 5520

  Hi all

  I need to migrate cisco 5508 to 5520 wlc. This Cisco 5508 WLC is in production, it is possible, I can import this 5508 configuration file and export again 5520.

  Please provide the steps to follow while making the migration.

  (1) how cisco WLC-2 AP WLC-1 transfer since both have the same versions of IOS. Any URL available Cisco?

  WLC-2, enter the command "config primary ap .

  (2) applicant tried to transfer 2 points of access for LAP 1130 2 WLC WLC - 1 2 days back but still not reflective in WLC - 1. Measures to solve the problems there?

  Distance or console in the AP.  Post the output of the command 'sh' full record when trying to move the access of a controller to another point is entered.

• SSID anchored

  Hello

  We have a couple of corporate Wireless LAN Controller (WLC 5508). They are used for corporate purposes. Now, we have added an anchor (WLC 2504) controller located in the demilitarized zone to offer access as a guest. We threw the anchor two SSID. The first is completely free with only internet access. It works very well. But we have a problem with the second SSID.

  The other requires authentication. This authentication must be made through RADIUS. We don't have work and finally, we understood why. The authentication process is done by the controller from abroad. We have confirmed that this network as a point of capture. Foreign controllers do not know how to get to the Radius server. And we want to anchor the controller to be one who makes authentication. His IP address is the IP address that is accepted on the Radius server.

  In all of literature, we read that it is said that authentication is always via the controller to default anchor. For example:

  • http://www.Cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-...

  In an anchor - WLC foreign scenario, which WLC sends RADIUS account management?

  In this scenario, authentication is always made by the WLC anchor. Therefore, RADIUS account management is sent by the WLC anchor.

  • http://wirelessccie.blogspot.com.es/2009/12/WLC-layer-2-and-layer-3-SECU...

  -RADIUS server: in the WLAN security > AAA Servers tab, you controller anchor can set specific RADIUS servers to use, that your foreign controller does not care. Authentication is performed on the anchor, not on Foreign Affairs, you can call the RADIUS servers on the anchor and not on Foreign Affairs, no problem. It can also be a difference.

  This is not the case in this way on our scenario. We have:

  • Layer Security 2 management of 'WPA + WPA2' keys and authentication set to the value "802.1 x."
  • 3-layer security the value 'None '.
  • • We read--> http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configurati...
    • • "Authenticationfor Layer 3 RADIUS, RADIUS for authentication requests are sent by the controller of the anchor."
      • We need to define an authentication type of layer 3?
  • Set us the RADIUS AAA Servers tab.
  • We took the version of the 8.0.132.0 software.

  So we would like to know if any other configuration is needed to get the anchor being the source of the authentication process.

  I thank very you much in advance!

  Josu,

  This is where your needs must be defined?  Encryption of the client to the access point is done only when you use the layer 2 encryption.  So that being said, the RADIUS is also done on the foreign controller to layer 2.  Therefore, decide what is the best solution for you. When I hear about erase the text when you anchor, I ask if encryption is required.  Generally, you anchor a SSID to a controller of the DMZ to access internet only so do you really care?

  -Scott

  Please rare useful messages *.

• WLC 5508 joined connected vs status

  Hello

  What is the difference between the status of 'Joint' and 'Connected' AP on the controller of Cisco 5508 wireless in HA configuration?

  I have two WLC 5508 in HA configuration. October 3 the controller switchovered with reason "Active controller failed" (attached file 1). I tried to understand why the controller has failed, but I did not find the reason.

  Now, there are a lot of AP (not all) in the 'connected' State, not 'Supported in status' (attached file 2).

  What is the meaning? and why in the details ' AP join stats ' (attachment 3 and 4) tha AP are well attached status? It's a licensing issue? I can solve this problem with a manual failover to main controller?

  Thank you for the help

  You have a license for 250 AP on your primary controller and the secondary is a SKU or has at least 50 AP license to act like a HA.

  As long as the main unit is available for the secondary unit (active) it will not perform the countdown. 90 days don't apply if the main unit is unavailable for more than 90 days in a row. If the secondary image (active) loses power and the principal is unavailable when it starts again, it will go into maintenance mode.

  Please rate helpful messages... :-)

• AP failed to connect with the WLC.

  We have 5 sets of 1700 APs works on the mode of the controller and cisco WLC 2500.
  I configured the controller as I always used to do, but this time the access points have been unable to reach the controller.
  That's what I did:
  controller IP address:192.168.1.250/24
  GW:192.168.1.1
  Primary DHCP: 192.168.1.250
  I have connected the port1 controller with ethernet cable from the switch and the same switch I connected the AP.
  We used the adapter instead of the POE switch.
  I even tried assigning address to AP directly through the console as:
  CAPWAP ap controller ip address and so on. This did not help either.

  There was this message in the AP "% CAPWAP-5-DHCP_RENEW: could not find WLC by using DHCP IP." DHCP IP renewal. "
  Moreover, the POE ports in the controller, they provide enough energy for the PA to operate?
  Help, please.
  I have attached the PuTTY log as well.

  Hello
  WLC connection has successfully been created. Then he for some reason any. I don't know if this helps, but try to connect the ethernet cable directly to the AP instead of port POE port to THE.
  You can use port POE on AP even if you don t use the POE switch.

  And regarding the port POE on WLC. Cisco doesn´t recommend that you directly connect AP to WLC, but it is possible.

  Also I Don t see that the IP address is assigned by DHCP.
  Try also to use the commands:
  CAPWAP ap ip address...
  CAPWAP ap ip default-gateway...

  I guess the WLC and switch are configured correctly.

  EDIT:

  I had similar problem today.
  Just connect the cable from the console to AP, go to mode and type the commands:
  Claire capwap private-config
  Claire lwap private-config

  then reload AP with command "reload".

  After these commands AP joined succesfully WLC

• WLC cli command "sho memory summary" displays free memory in 2%

  It is a licensed for 500 APs 5508 controller and currently 407 APs.

  MISTLETOE, (monitor-> summary) shows 69 percent of memory in use.

  Should I bother with the release of the memory to see the CLI summary?

  (wlc-5600) > see the sum of the memory
  -Summary of system memory-
  System name: WLC-5600 primary SW Ver: 8.2.121.0
  Course time: Tue 4 Oct 14:01:21 2016 system UP time: 52 days 8 hours 59 minutes 17 seconds
  NAME: "Chassis", DESCR: "Cisco 5500 Series Wireless LAN Controller.
  PID: AIR-CT5508-K9, VID: V01, SN: FCW1502L00N
  Total system memory... (1000568 KB) 977 MB
  Total free memory in the system... (25280 KB) 24 MB (2%)
  Total memory in buffers... (18824 KB)
  Total memory cache... (256712 KB) 250 MB
  Total Active memory... (786064 KB) 767 MB
  Total InActive memory... (122884 KB) 120 MB
  Total memory in Pages Anon... (633440 KB) 618 MB
  Total memory in the slab... (53200 KB) 51 MB
  Total memory in the tables of the Page... (2624 KB) 2 MB
  WLC Peak Memory... (1159212 KB) 1132 MB
  Virtual memory size WLC... (1150316 KB) 1123 MB
  WLC memory resident... (669820 KB) 654 MB
  WLC Data memory Segment... (1073480 KB) 1048 MB
  Total lot including mapped Pages. (418284 KB) 408 MB
  Total memory in pools of Pmalloc... (437076 KB) 426 MB
  Total memory used in pools of Pmalloc... (417099 KB) 407 MB
  Total free memory in pools of Pmalloc... (15920 KB) 15 MO

  Thank you

  Time Stamp....................................... Fri Jul 29 21:43:31 2016

  Hold on. The dates DO NOT MATCH with the time of operation of the controller. The time stamp that shows the above there are two falls during July 29, 2016.

  System Up Time................................... 53 days 3 hrs 42 mins 45 secs

  The difference between July 29, 2016 until October 5, 2016 (hour US) is only 68 days. So, this means that about 15 days after that July 29, 2016 he could potentially have been a 'silent crash' with the controller. Cisco has recently published 8.2.130.0 a few days ago.

• 5508 WLC reset intermittently

  I have a controller 5508 which resets intermittently, I updated to 8 of our other 7.6.130.0 to 8.0.133.0 without problem.  Has anyone else had similar problems? If Yes, what is the reference as appropriate.  Output below SysInfo & WLC Log:

  (Cisco Controller) > show sysinfo

  Name of the manufacturer... Cisco Systems Inc..
  Product name... Cisco controller
  Version of the product... 8.0.133.0
  Bootloader Version... 1.0.20
  Retrieving Image Version field... 7.6.101.1
  Firmware version... FPGA 1.7, 1.8 Env, USB 2.2 console
  Build Type....................................... DATA + WPS

  Name of the system... ABM-GLAN-LS-WLC1
  Location of the system... Glanrhyd LS Hub 1
  Contact System...
  ObjectID of system... 1.3.6.1.4.1.9.1.1069
  Redundancy mode... SSO
  IP Address....................................... 10.*. *. *
  IPv6 address...:
  Last Reset....................................... Software reset
  Time system... 0 days 19 hours 1 minutes 0 seconds
  Location of the time zone of the system...
  System Stats in real time interval... 5
  System Stats Normal range... 180

  The country is set... GB - United Kingdom

  -Other - or ITU (q)
  Operating environment... Utilities (0 to 40 ° C)
  Limits the internal temperature alarm... 0 to 65 ° C
  ... Internal temperature + 34 C
  Outdoor temperature... + 19 C
  Fan Status....................................... Ok

  State of 802. 11 b network... Activated
  State of 802. 11A network... Activated
  Number of wireless LANs... 8
  Number of Active Clients... 39

  Built-in MAC address... 7 C: 0E:CE:49:C4:C0
  Power supply 1... Currently, OK
  Power supply 2... Absent
  Maximum number of taken access points supported... 500
  Nas - Id system...
  Types of certificate MIC WLC... SHA1/SHA2

  Before the WLC crash even once, kindly would coredump 'config coredump enable '.

  How about "sh stat of memory"?

  And get ready to upgrade to 8.0.140.0.  Release notes can be found HERE.

• WAP321 & 2602e Aironet wireless 2504 controller?

  Hello

  I am new to Cisco network. I am currently in an environment with no controller wireless and wifi uses two WAP321 Cisco.  The company wants to expand the wireless and bought a Cisco 2504 wireless controller and a controller of Cisco Aironet 2602e WAP.  My question is when we will start using the controller can he control the WAP321 formerly controller - less or will be replaced by a different Cisco Aironet 2602e?  Thank you.

  My question is once we start using the controller can it control the formerly controller-less WAP321's
  

  WLC 2504 will not support AP321s.  Talk to your dealer of Cisco and see if they accept if you want to trade the AP321 for the AP 2602.

  Make sure that your AP 2602 have the appropriate regulatory domain.  If you are not sure, DO NOT open the boxes.

  For more information, go here:

  http://www.Cisco.com/en/us/prod/collateral/wireless/ps5679/ps5861/product_data_sheet0900aecd80537b6a_ps10981_Products_Data_Sheet.html

  Another thing, for AP 2600, your 2504 should have the minimum firmware of 7.2.110.X.  IF you do not, then talk to the Cisco authorized dealer who sold you the controller and kindly ask (nicely) if they can download the firmware for you.