WLC in SSO

Hello

My client wants to convert 2 standalone WLC as below in HA SSO redundancy. First wlc (AIR-CT5508-100-K9) has 100 licenses AP (need 50 upgrade) and second(AIR-CT5508-12-K9) there are 12 AP licenses.

The two WLCs have the same number of licenses enabled for SSO or licenses in a WLC is sufficient for SSO? Please explain.

The HA unit should have a minimum of 50 licenses of AP. This is the 'cost' to the license HA.

Tags: Cisco Wireless

Similar Questions

WLC existing 8510, switch mode with additional 8510-HA new HA SSO

Hello

I have a stand-alone WLC 8510 running 8.0.100 and the need to turn it into a pair of SSO HA (high availability) with a new 8510-HA (SKU HA shows its designed to be a standby WLC)

The existing WLC is loaded with APs and I need to add the new WLC and configure SSO HA without interruption of service. I read about this and the documentation is not clear as to the best approach.

Can I preconfigure the new 8510-HA with its service port IP, IP and redundancy of peer IP redundancy and just connect the uplinks on the heart and the port of redundancy to the port of redundancy of 8510 without problem/shut down the existing system? (ensure the redundancy mode is still independent existing 8510) Then when I get a window of change, I will then configure existing redundancy 8510 and 2 synchronize upward without reset it primary. Am I wrong? Or change of redundancy will introduce two 8510 refills?

Or y at - it a better method? and it's documented anywhere?

Thanks for the tips!

Darren

Please check the link for the HA (SSO) deployment guide-

http://www.Cisco.com/c/en/us/TD/docs/wireless/controller/TechNotes/7-5/H...

WLC controller anchor Cisco HA

Team - we're going for a refresh of the WLC anchor. Current is 4402 which is used only for the guest user connections, there is no recorded on this AP. We would replace it with 5508 but this time in HA.

Q. you really go for AIR-CT5508-HA-K9. Cant we buy only 2 amount of AIR-CT5508-12-K9.

Please notify.

Thank you

It does not work with zero licenses, but it can work temporary with the evaluation license. So if you order two C1 5508 s you must have at least one license of AP to make it work with HA - SSO in a permanent installation.

Please rate helpful messages... :-)

5508 WLC reset intermittently

I have a controller 5508 which resets intermittently, I updated to 8 of our other 7.6.130.0 to 8.0.133.0 without problem. Has anyone else had similar problems? If Yes, what is the reference as appropriate. Output below SysInfo & WLC Log:

(Cisco Controller) > show sysinfo

Name of the manufacturer... Cisco Systems Inc..
Product name... Cisco controller
Version of the product... 8.0.133.0
Bootloader Version... 1.0.20
Retrieving Image Version field... 7.6.101.1
Firmware version... FPGA 1.7, 1.8 Env, USB 2.2 console
Build Type....................................... DATA + WPS

Name of the system... ABM-GLAN-LS-WLC1
Location of the system... Glanrhyd LS Hub 1
Contact System...
ObjectID of system... 1.3.6.1.4.1.9.1.1069
Redundancy mode... SSO
IP Address....................................... 10.*. *. *
IPv6 address...:
Last Reset....................................... Software reset
Time system... 0 days 19 hours 1 minutes 0 seconds
Location of the time zone of the system...
System Stats in real time interval... 5
System Stats Normal range... 180

The country is set... GB - United Kingdom

-Other - or ITU (q)
Operating environment... Utilities (0 to 40 ° C)
Limits the internal temperature alarm... 0 to 65 ° C
... Internal temperature + 34 C
Outdoor temperature... + 19 C
Fan Status....................................... Ok

State of 802. 11 b network... Activated
State of 802. 11A network... Activated
Number of wireless LANs... 8
Number of Active Clients... 39

Built-in MAC address... 7 C: 0E:CE:49:C4:C0
Power supply 1... Currently, OK
Power supply 2... Absent
Maximum number of taken access points supported... 500
Nas - Id system...
Types of certificate MIC WLC... SHA1/SHA2

Before the WLC crash even once, kindly would coredump 'config coredump enable '.

How about "sh stat of memory"?

And get ready to upgrade to 8.0.140.0. Release notes can be found HERE.

Don't WLC 2504 media HA or not?

We have Cisco WLC 2504 (software version: 7.3.101.0) in our network and management access 10 points, we are now trying to build High Availability (HA) in the WLAN settings. So I need details that this existing platform is capable of supporting HA.

Required clarification as follows.

1 support WLC 2504 HA?
2. If the AP is supported if a license is required to enable it.
3. What is prerequisite software to enable it.
4 Setup guide to enable HA

Attached: existing WLC BOMs

HA PA SSO:

http://www.Cisco.com/en/us/products/ps10315/products_tech_note09186a0080bd3504.shtml

HA N + 1

http://www.Cisco.com/en/us/docs/wireless/technology/hi_avail/N1_HA_Overview.html

AP high availability

http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml

Thank you

Scott

Help others by using the rating system and marking answers questions as 'response '.

Problem with NAC and 5508 WLC OOB

I have a wlc 5508 to shared resources to a 6500 switch. Shared resources to the switch on eth0 and eth1 is also the CASE. The CAM is connected to an access port.

The SCS and CAM are on VLANS separated and the CASE has been added to the CAM without problem.

I followed the example of document for OOB WLAN (VLANs and mapping etc.), but I don't get all current identifications. The client is associated and the WLAN interface is the quarantine VLAN but it seems that the client can connect to the network without problem (may web access a server in-house to campus)

The customer indicated in customers wireless on the device of the cam page

If I either CASE interfaces close client connectivity is broken.

Once, randomly the own access connection Page appeared on the client (battery dead and waited for about an hour) but when I rebooted the CASE check it was she never came back.

I do not set up the SSO part, must it be filled or is it a valid test without it so far?

No idea where to start with this problem?

Thank you

Yes, it looks like that somewhere, your 'placing in quarantine/no authenticated' vlan is filled to the full network, I do not see another explanation.

Try to configure the WLC for a new vlan quarantine which does not exist anywhere.

Then you should not have any access at all to anything whatsoever. Then try to leave this vlan gradually reach the heap and constantly test. You should find the point where the vlan 'flows '.

Nicolas

===

Remember responses of the rate that you find useful

WLC high Availbility SKU

Hello!

My company has purchased two Cisco WLC 5508. One of them is AIR-CT5508-100-K9 (100 AP license) and the other is AIR-CT5508-HA-K9 (high availability).

I have read around in the data sheet and forums and tried to understand what is AIR-CT5508-HA-K9 all around. So far I have cam to the conclusion that this model (AIR-CT5508-HA-K9) is material authorized for HA, but still confused about his concept.
1. Is possible to use this AIR-CT5508-HA-K9 as a stand-alone controller or its functionality only means for high availability?
2. What does HA SKU?
3. If you have two WLC AIR-CT5508-100-K9 they used to be able to put them in HA mode? or, you should have the AIR-CT5508-HA-K9 to deploy HA?
This is for now, thanks in advance!

The AIR-CT5508-HA-K9 is designed for high availability. You have to put up with a 5508 under license, that you already have.
1. Is possible to use this AIR-CT5508-HA-K9 as a stand-alone controller or its functionality only means for high availability? No, the purpose of this reference of product is for authentication ONLY or N + 1
2. What does HA SKU? HA sku is for high avaialability and does not require a license
3. If you have two WLC AIR-CT5508-100-K9 they used to be able to put them in HA mode? or, you should have the AIR-CT5508-HA-K9 to deploy HA? You can configure SSO if you have at least a controller with a minimum of 50 licenses of ap. If you have a controller of SKUs HA, you can do SSO or N + 1. If you want to have access on both controllers points, then you should of bought two certified controllers.
Here are some links to check out:

http://www.Cisco.com/c/en/us/products/collateral/wireless/Aironet-1130-a...

http://www.Cisco.com/c/en/us/TD/docs/wireless/technology/hi_avail/N1_Hig...

http://www.Cisco.com/c/en/us/TD/docs/wireless/controller/TechNotes/7-5/H...

-Scott

Microsoft - Google SSO

Dear All;

I have set up a "Windows 2012 R2 - AD FS" to deploy a SSO for Google APP, use the following guide:

https://shuggill.WordPress.com/2012/01/12/setting-up-Google-Apps-single-sign-on-SSO-with-ADFS-2-0-and-a-custom-STS-such-as-IdentityServer/

but I got an error trying to authenticate, I contacted Google and they replied with the following:

-On the section for the SAML saml:issuer = urn: oasis: names: tc: saml:2.0:assertion "> you must include only google.com here, and you have included your domain name on this setting."

-On your SAML response, there is no present NameID, which means that when we receive your confirmation of SAML information, there is no this e-mail in the call, so we do not have anyone to authenticate.

Now, I don't know how to apply it, please help

Hello

Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

See you soon.

SSO not working doesn't not with RemoteApps

Hello everyone,

I faced a very strange situation: trying to troubleshoot the SSO for remoteApps in Windows Server 2012R2. Everything is installed and configured correctly. I ran the commands:

Import-module remotedesktop

Game-rdsessioncollectionconfiguration - collectionname "RemoteApps" - customrdpproperty "authentication level: i: 0. »

Game-rdsessioncollectionconfiguration - collectionname "RemoteApps" - customrdpproperty "address:s:remote.ccim.com complete alternative."

Added <> domainname.com> policies allow delegating default credentials and forced gpupdate

Added the name of the server individually to the policy allow delegating default credentials

Checked and confirmed that the registry entry is updated according to the changes of policy

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation]

"AllowDefaultCredentials" = DWORD: 00000001

"ConcatenateDefaults_AllowDefault" = DWORD: 00000001

"AllowDefCredentialsWhenNTLMOnly" = DWORD: 00000001

"ConcatenateDefaults_AllowDefNTLMOnly" = DWORD: 00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials]

' 1 '=' "TERMSRV /".

' 2 '=' "TERMSRV /".

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefCredentialsWhenNTLMOnly]

' 1 '=' "TERMSRV /".

' 2 '=' "TERMSRV /".

Made sure that - political 'always prompt client password during the connection' located in computer userconfiguration\administrative ordinateur\strategies\modeles Windows\Services Office Office Session to distance\securite. is not set to "not configured". It changed to 'Disable '.

However, still situation: I connect on the page web app remote with my credentials and to try to start Let's say Word, logon window will appear saying:

Your credentials did not work.

When I get my credentials that do not work and it asks me to enter it again.

At the same time, strange record appears in the event viewer:

New RemoteApp and desktop connection (RDS01.domain.com) is started by the user (esy8OkZAZ94BHhbY + 3 + KU95NykY =) without authentication credentials

Could you please hint me what to do next and I missed something?

UPD: I did a few tests. When I logging to remote.domain.com of the Organization to the outside, I get credentials on the first page of connection. Then I try to run Word, he asks the credentials again, I enter it and everything works. When I go to the terminal server server and go to remote.domain.com I enter the identification information on the first page of connection. Then I try to run word, windows with 'your credentials did not work' is displayed. Certificate is signed by a CA and shown as OK in Internet Explorer.

UPD1: also when trying to launch published web app such event logged:

Object:
Security ID: NULL SID
Account name: -.
Account domain: -.
Logon ID: 0x0

Logon type: 3

The account to which the connection failed:
Security ID: NULL SID
Account name: magent
Domain account: cciminstitute

Failure information:
Reason for the failure: an error occurred during logon.
Status: 0xC000006D
Void / status: 0x0

Process information:
Calling process ID: 0x0
The name of the calling process: -.

Network information:
Name of the workstation: CMIC-RDS01
Source network address: -.
Source port: -.

Detailed authentication information:
Process connection:
Authentication package: NTLM
Transited Services: -.
Package Name (NTLM only): -.
Key length: 0

Hello

Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

See you soon.

SSO on vworkspace 8.0

Hello

I'm not able to activate SSO to work for the transparent window applications. I use Wyse ThinOS ver 8. In wnos.ini I SignOn = Yes and currently whwn I start the first application of transparent window, I am prompted to enter the user password. All additional seamless windows starts without asking for password.

Any idea?

Thanks in advance, Robert

I thank the Andrew for the follow-up.

I have solved the problem, so you can ignore the case.

The problem is within the parameters of security layer RDP, which was the value security layer RDP, after negotiating it works

Robert

On Monday, January 13, 2014 at 09:39, Andrew Wood

WebWorks app and E - SSO

Hello, hoping someone can help me solve this little problem. I have an app webworks running in the scope of work that makes a call to a webserver using Jquery ajax, the Web server expects the user to be authenticated, from what I've read about the Enterprise SSO, this should be available out of the box, but I do not get the login prompt?

E - SSO is configured on the BES/device and I tested it. If I navigate to the same URL on the browser to work, I can authenticate and retrieve the data (JSON), the credentials are then cached and used on future attempts.

E - SSO is supported with Jquery? I need to enable/check all services within the Webworks app?

Thank you

Hello

Yes, it's a bug of the platform. Thanks for bringing it to our attention. I do not have exact time lines, but 10.3.2 will be out soon.

Thank you

Naveen M

Finesse SSO Bypass URL

Dear users of the forum.

I know these are the URL in order to bypass the SSO admin UCCX and ease of maintenance, but y at - it for Finesse? My customer is having some problems with Finesse and we suspect it might be THAT SSO associate who has been activated after they upgraded to 11.5 UCCX.
- For Cisco Unified CCX Administration URL: https:///appadmin/recovery_login.htm
- URL for Cisco Unified CCX of maintainability: https:///uccxservice/recovery_login.htm
Thank you, Tim.

Tim, it's not a URL of derivation for the Finesse you for the Administration of the CCX. The only option in the case of SSO does not will be to turn it off and let the agents login and authenticate either against CM or LDAP where CM is integrated with AD.

Concerning

WLC 5508 high availability

Hello

Today I have two WLC 5508 (with license for 100 AP each of them), on a single site.

The WLC work availability (active-standby).

However, we have a new scenario, with 02 sites: A and B (attachment).

I would like to know if it is possible to work as follows:

The WLC - A as the main controller of site A. WLC - B as a backup (BDC) of WLC.-a.

The WLC - B that has the PDC site B. WLC - as a backup (BDC) to WLC - B.

For example:

If WLC - a falls, site access Points are managed by B WLC site - B and vice versa.

Is this possible?

How can I configure the new scenario? Don't forget, there is a site-to-site between Site A and Site b.

Another point:

If I add more than 50 APs on Site A. How does the license number?

Should I buy a license for the two WLC?

TKS,

>....

>.. .is it possible?

No. , high availability in terms of controller is supposed to be what is said, the backup controller is not 'full' - stby and cannot play other roles.

M.

Problem after formatting flash wlc 2504

Hi people! I have had problems with the update of the WLC 7,0 to 7,2 image and made a BIG mistake... I had formatted the flash. So now, I have not installed on my WLC RTOS. The only thing I have is the bootloader 1.0.16. Of course, I can not install the code file (*.aes). I think I need a RTOS install first? but where can I get one for this unit? Or maybe I can install one of the RTOS of openwrt (for example) simply enter a line of normal control or web GUI, after I install (upgrade) the image normal .aes. Please give some suggestions what to do. Thank you!

You will need to open a folder of TAC and the engineer can guide you through to the image on the WLC.

Sent by Cisco Support technique iPhone App

How to assign a vlan per port cisco all point of access by wlc 702w 5508

My environment have WLC 5508 and ap 702w 250 units in my site. I need on port port config example all the ap 702w 2 > Vlan 20 port 3 > vlan 30

Now I canfig one by one.

Please everyone tell me best way to config a time 250 units.

Thank you very much...

Here is the config CLI involved. If you have a list of your AP names you can config CLI of training for all your AP on Notepad & then configure this CLI
```
config ap lan port-id  enable config ap lan enable access vlan   
```
See this post for more details https://mrncciew.com/2014/09/26/702w-with-wlc-8-0/ HTH Rasika * Pls note all useful responses *.

WLC in SSO

Similar Questions

Maybe you are looking for