This discussion is locked

ASK THE EXPERTS - WIRELESS CONTROL SYSTEM

Unanswered Question
Apr 20th, 2010
User Badges:
  • Gold, 750 points or more

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to learn how to configure and troubleshoot WCS related issues with Cisco expert Lucien Avramov. Lucien is a Customer Support Engineer working in San Jose TAC center. He is a technical leader within the Network Management Team and has been supporting WCS for about 2 years. He handles world-wide escalations related to Network Management, including WCS. He has a Bachelor Degree in General Engineering and a Master's Degree in Computer Science from the French prestigious Ecole des Mines (Mining School). Lucien holds a CCIE in Routing and Switching (CCIE #19945).


Remember to use the rating system to let Lucien know if you have received an adequate response.


Lucien might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through April 30, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
chenxixing Fri, 04/23/2010 - 05:59
User Badges:
Dear sir:
     We are doing the wireless network now, but there has some problems. After add the plus license we can not add the MSE license at the GUI of WCS., the system tell us “Cannot detect valid MSE”, also at the controller item. We delete the plus license and add it again , its also cannot do.  We use the modules:WS-SVC-WISM-1-K9, WSC-STANDARD-K9, WCS-PLUS-100, AIR-MSE-3310-K9, AIR-CAS-1KC-K9, the software : CSACS-4.2-WIN-K9(Cisco Secure ACS 4.2 for Windows) ,WCS(  6.0  for Windows 2003 server) the IOS: MSE( 5.2.91.0) , WISM (4.2.205.0).
       Thank you !
       Best regard to you
Lucien Avramov Fri, 04/23/2010 - 10:41
User Badges:
  • Red, 2250 points or more

Can you please upload your license file? So I can take a closer look?

alex bertran Thu, 04/29/2010 - 06:48
User Badges:

Dear Sir,


we have deployed:

-  2x WLCs 4402-50-k9 software version 5.1.151.0

-  1x WCS software version 5.1.64.0

-  up to 25x 1242AG autonomous APs being migrated to LAP. Till now I have migrated 2 of them in the Production environment

-  The solution is configured that all APs will register with the same WLC, the second one is secondary for all. The WLAN is the same than the one configured in the autonomous APs in order to facilitate a progressive migration, but it is a problem cos I found out that roaming is not allowed between a LAP and an autonomous AP. However, our application doesnt use a terminal session or telnet so is not a big problem. The only issue is that WLC keeps the client associated when the wifi client has already migrated from a LAP to the Autonomous AP, the result is some MAC flappings in the core. I configured the Idle Time Out the mininum 90s, still too high...

- WiFi clients are industrial ones, they dont support CCX.


My concern is about some logs that I see in the WLC and the WCS:


These ones happening all the time... (the MAC address belongs to one of the 2 LAPs


12Thu Apr 29 15:02:33 2010Load Profile Failed for Base Radio MAC: 00:22:0c:25:68:40 and slotNo: 1
13Thu Apr 29 14:56:33 2010Load Profile Updated to Pass for Base Radio MAC: 00:22:0c:25:68:40 and slotNo: 1
14Thu Apr 29 14:48:33 2010Load Profile Failed for Base Radio MAC: 00:22:0c:25:68:40 and slotNo: 1
15Thu Apr 29 14:27:34 2010Load Profile Updated to Pass for Base Radio MAC: 00:22:0c:25:68:40 and slotNo: 1
16Thu Apr 29 14:22:34 2010Load Profile Failed for Base Radio MAC: 00:22:0c:25:68:40 and slotNo: 1
17Thu Apr 29 13:00:34 2010Load Profile Updated to Pass for Base Radio MAC: 00:22:0c:25:68:40 and slotNo: 1


And these ones happening randomly:


85Wed Apr 28 14:35:35 2010Decrypt errors occurred for client 00:02:6f:5c:2b:f6 using WEP key on 802.11a interface of AP 00:22:0c:25:68:40


- Please note that Roaming may happen only INTRA-CONTROLLER, or a "false roaming" between LAP and Autonomous (or opposite)


Q1- Could you bring some light about how to interprete the above messages, and in case, solve them?

Q2- Shall I migrate the other 23 autonomous to LAP in a single migration or better can I follow on with a progressive migration??


thanks a lot for your help!!

Alex Bertrán

Barcelona- Spain.

Lucien Avramov Thu, 04/29/2010 - 10:59
User Badges:
  • Red, 2250 points or more

Looking at the errors, refer to this useful document:

http://www.cisco.com/en/US/docs/wireless/wcs/4.0/configuration/guide/wcsevent.html#wp1134352


Your load profile failed error message is also knowned as : LRADIF_LOAD_PROFILE_FAILED


Symptoms

A radio interface of an access point is reporting that the client load has crossed a configured threshold.

WCS Severity

Minor.

Probable Causes

There are too many clients associated with this radio interface.

Recommended Actions


Verify the client count on this radio interface. If the threshold for this trap is too low, you may need to readjust it.


Add new capacity to the physical location if the client count is a frequent issue on this radio.



For your WEP error: it means that when the AP decrypts a packet received from a client with the key it should be received, the packed contents were not recognizable after decryption. This could be due to the client using an incorrect key. The packet was therefore encrypted incorrectly with a flawed algorithm, or the packet was corrupted in transit or decrypted improperly. I do suggest that you make sure your client is using a latest wireless driver and that the wireless encryption configuration is properly configured on the client and WLC.


The error does not affect the client authentication and connection but produces a lot of messages in the trap logs. You can disable the error message from: WLC GUI -> Management -> SNMP -> Trap Console -> 802.11, Security traps. Uncheck WEP decrypt error.


On a side note I don't recommend you to use 5.1 code on WLC / WCS. I strongly encourage you to think about upgrading to 6.0 codes.

David Cebula Fri, 04/30/2010 - 11:24
User Badges:

I want to disable 802.11b but leave g/n prevent old legacy b devices from greatly slowing n preformance.


I have been told that to disable b and leave g/n, that I should go to 802.11b/g/n Parameters and disable the 1,2, 5.5 and 11 Mbps data rates.


Is that the best way to do it?


WCS version is 6.0.181.0 and my WLC 5508 is running 6.0.196.0

Lucien Avramov Fri, 04/30/2010 - 14:02
User Badges:
  • Red, 2250 points or more

On WCS, go to Configure -> AP Configuration Template -> Lightweight AP

Select the radio tab and check the checkbox admin status and leave enable unchecked to have a radio shut down.


I attach here a screenshot to illustrate it.


Also take a look at the AP template configuration guide :

http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0temp.html#wpxref69135

Attachment: 
George Stefanick Sat, 04/24/2010 - 06:49
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Lucien,


Good job last week.

Lucien Avramov Sat, 04/24/2010 - 22:55
User Badges:
  • Red, 2250 points or more

Thanks George!

Feel free to let me know if there are other topics you may be interested.

Craig Le-Butt Mon, 04/26/2010 - 07:55
User Badges:

HI


Not a controller issue a such, but got 2 AP, 1200 and a 1240.  Trying to convert these from LWAPP mode to autonomous, following the instrauctions on the cisco web site.

Using 3cdaemon for tftp server not anti virus or firewall enabled, but keep getting "could not oped requested file for reading"  Tried this on 2 different PCs


Any help would be appreciated


Cheers


Craig

Lucien Avramov Mon, 04/26/2010 - 10:15
User Badges:
  • Red, 2250 points or more

2 things I'd like you to try:

- Install TFTPD (http://tftpd32.jounin.net/tftpd32_download.html) and try this tftp server. Make sure to select the proper folder where your image is.

- run a packet capture on the PC to see whats failing if you get the same error with TFTPD.

r.massanasanchez Tue, 04/27/2010 - 08:42
User Badges:

Hi,


I have a problem I don't know how to solve with WCS 6.0 and MSE (Aeroscout engine) 6.0

I have many tags around moving.


When I tried to locate a tag on a WCS' map the system reports:


"the floor reported by MSE could not be found in WCS.
Please synchronize your MSE(s)"


The synchronization is OK, the tag is on the system, but is not printed on any map.


Can anybody help me to troubleshoot the problem?


Thanks and best regards

Lucien Avramov Tue, 04/27/2010 - 10:41
User Badges:
  • Red, 2250 points or more

Please provide me your exact versions of WCS and MSE

r.massanasanchez Tue, 04/27/2010 - 11:09
User Badges:

Hi,


WCS
Version - 6.0.170.0
Feature - Plus
AP Limit - 2500 (Actually 1151 APs registered)



MSE 3350
Version - 6.0.100.0
Tag Elements Limit - 6000 (Actually 2398 tags counted)



2710 Location Server
Version - 6.0.97.0



Best Regards

Lucien Avramov Tue, 04/27/2010 - 13:27
User Badges:
  • Red, 2250 points or more

1. We need to have your WCS and MSE version to be matching the release notes.

Either you upgrade WCS to 6.0.181.0 so it works with MSE 6.0.103.0.

Either you downgrade MSE to 6.0.97.0 so it's supported by WCS 6.0.171.0


2. Once this is done, go ahead and re-init the db of your MSE:

Under the MSE CLI:

/etc/init.d/msed stop

mv /opt/mse/db/linux/server-eng.db /opt/mse/db/linux/server-eng.db.old

/etc/init.d/msed start


This should resolve your issue with the tags. Give 15 minutes for the tags to show on your maps after you re-sync the design and controllers with the MSE

r.massanasanchez Wed, 04/28/2010 - 06:51
User Badges:

Hi Lucian,


Actually I have MSE version 6.0.100.0 (interim version solving a bug). I can't downgrade MSE because this bug.


The only solution is to upgrade WCS to 6.0.181.0. As I have MSE 6.0.100.0, do I need to upgrade MSE to 6.0.103.0?


MSE 6.0.103.0 has the bugs solved on MSE 6.0.100.0?


Thanks and best regards

Lucien Avramov Wed, 04/28/2010 - 08:42
User Badges:
  • Red, 2250 points or more

Please upgrade the MSE to 6.0.103.0 as well. The bugs fixed in 6.0.100.0 should be fixed in 6.0.103.0 except if there is a regression which I highly doubt.

We've added a secondary DHCP server to our network so that if one fails or is taken down for maintenance, we don't have a gap in service.  I need to add this new DHCP address to each interface for each controller in WCS.  I have 4 WLC's with 9 interfaces per.  That's 36 slow UI copy and pastes I'm not looking forward too.  Is there a quick way to propogate this secondary DNS to all interfaces?


I've looked at Controller Templates and Controller Config Groups but can't seem to find my way through either to a solution to my situation.  Can you offer any advice?

Lucien Avramov Tue, 04/27/2010 - 15:12
User Badges:
  • Red, 2250 points or more

Use the controller template launch pad.

Go to System -> Dynamic Interfaces and create templates for your dynamic interfaces of your WLC and add the information regarding DHCP there and push it to the controllers.

Lucien Avramov Wed, 04/28/2010 - 08:44
User Badges:
  • Red, 2250 points or more

If you refresh your configuration from controllers, do you see any new template added?

If you did not use templates before, yes then you will have to make all those changes.

It's good practice to use templates from the beginning to avoid those large numbers of repetitive actions.

Craig Le-Butt Wed, 04/28/2010 - 04:36
User Badges:

Hi


We've got a member of staff wanting details on certain devies we have using wireless, is there a way of running custom reports on a group of devices?

We are using WCS 6.0.181.


Or is it possible to interrigate the database directly to get this information?


Cheers


Craig

Lucien Avramov Wed, 04/28/2010 - 19:41
User Badges:
  • Red, 2250 points or more

Craig,


You can query the db directly, I encourage to look at the steps I mentioned on this webcast to do so:

http://www.youtube.com/watch?v=0KQUfszmTJg

You can run a database dump and then query the tables and make a sql script to get the data you need.


WCS 6.0 offers you a few options to customize your reports.

You can go to the report launch pad and there click on new and create your report. You cant select certain clients however you can select how to display them and sort them (by mac address for example), this can help you create reports that will display first the information required if sorted properly.


Attaching screenshots to illustrate.


HTH

robert-olsson Wed, 04/28/2010 - 07:31
User Badges:

Hi,


I got 3 questions from a Lobby-ambassador point of view which we haven't found an answer to so far.

Hopefully you could bring some light on this for us.


We use WCS version 6.0.181.0.


1. How do I change timeout for the lobby-ambassador web session. Since this is used in our receptions around the world we would like to have the portal session active for the receptionists a bit longer than default to assist in having a quick way of creating guest accounts when needed.


2. After upgrading to 6.0.181.0 we get an extra blank page after we print the "Guest account details" for our guests.

When verifying the Guest account details-webpage we can see this on line 165. style="page-break-after: always;" But we can not find where or how to remove this from the source/default page?


3. A request from our Lobby ambassadors to simplify their work is also the following. On the first page of the guestportal the default choice is "-- Select a command --". Since 95 % of all work on this page is the "Add Guest User" choice, having this as the default would probably save a lot of time.


Solving these 3 issues would give us a much happier reception staff and a more proffessional approach to guests using our Cisco wireless network.


Reg

//Robert

Lucien Avramov Wed, 04/28/2010 - 22:15
User Badges:
  • Red, 2250 points or more

Hi Robert,


1. I believe the default is 30 minutes. The way to change the default will be to edit the apache tomcat settings, as this is what WCS uses for webserver.

To do so, go ahead and edit the web.xml file located in /WCSROOT/webnms/apache/tomcat/conf.

Edit:



 
      30    
    


2. This is interesting in my lab I dont get this same value. Here is my source page (attached file) when trying to print a guest user and it does not add an extra blank page. Have you tried different browsers?





3. I understand your need. This is not available yet today and will need further programming in WCS to achieve this. The best is to contact your sales team / account team and ask them to raise an enhancement request so this can be evaluated and added on the roadmap for new features.

wayne.rossetto@... Wed, 04/28/2010 - 03:25
User Badges:

Hi Lucien,


We are in the process of migrating our AP's from autonomous mode to Lightweight mode and are using the Cisco 3750 WLC and WC v 6.0S. The AP's are Cisco 1252's and 1121's. The issue I'm having is that when I convert the AP's using templates I loose any ability to have my clients connect at any 802.11n speeds on 1252's. i have the lastest versions of everything on all components and have checked everything I can think. What do you think I might have missed here? I've run it through WLC config anlyzer and theres no problems from that. What further info do you need?


Any assistance appreciated


Regards


Wayne


I've answerewd my own question. I did not have WMM enabled under QOS for that WLAN.


Message was edited by: [email protected]

Lucien Avramov Wed, 04/28/2010 - 19:33
User Badges:
  • Red, 2250 points or more

Example about how WMM works:


1. While Station X is transmitting its frame, three other stations  determine that they must send a frame.
Each station defers because a  frame was already being transmitted, and each station generates a
random  backoff.
2. Because the Voice station has a traffic classification  of voice, it has an arbitrated interframe space
(AIFS) of 2, and uses  an initial CWmin of 3, and therefore must defer the countdown of its  random
backoff for 2 slot times, and has a short random backoff  value.
3. Best-effort has an AIFS of 3 and a longer random backoff  time, because its CWmin value is 5.
4. Voice has the shortest random  backoff time, and therefore starts transmitting first. When Voice starts
transmitting,  all other stations defer.
5. After the Voice station finishes  transmitting, all stations wait their AIFS, then begin to decrement
the  random backoff counters again.
6. Best-effort then completes  decrementing its random backoff counter and begins transmission. All
other  stations defer. This can happen even though there might be a voice  station waiting to transmit.
This shows that best-effort traffic is  not starved by voice traffic because the random backoff
decrementing  process eventually brings the best-effort backoff down to similar sizes  as high priority
traffic, and that the random process might, on  occasion, generate a small random backoff number
for best-effort  traffic.
7. The process continues as other traffic enters the system.  The AC settings shown in Table 2-3 and
Table 2-4 are, by default,  the same for an 802.11a radio, and are based on formulas defined in
WMM.


Look at page 2-11:


https://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/vowlan/41dg/vowlan_ch2.pdf

Lucien Avramov Wed, 04/28/2010 - 19:32
User Badges:
  • Red, 2250 points or more

Great, Im glad you found this out, it is not an obvious thing to check at first.


Feel free to ask  If you have any other questions related to WCS here.

Lee Nickol Thu, 04/29/2010 - 05:18
User Badges:

Lucien,


We are having an issue with an acces point not joining a controller.  Here is the error information retrieved using "debug lwapp errors":


Thu Apr 29 06:51:39 2010: 00:26:0b:62:80:b4 AP 00:26:0b:62:80:b4: Inv
alid country code ().
Thu Apr 29 06:51:39 2010: 00:26:0b:62:80:b4 AP 00:26:0b:62:80:b4: Invalid countr
y code ().
Thu Apr 29 06:51:39 2010: 00:26:0b:62:80:b4 AP 00:26:0b:62:80:b4: Invalid countr
y code ().
Thu Apr 29 06:51:39 2010: 00:26:0b:62:80:b4 AP 00:26:0b:62:80:b4 not allowed to
join. Regulatory Domain check failed.
                                     Allowed regulatory domain: 802.11bg:-AB
802.11a:-AB


The AP is in H-Reap mode and is located across the WAN at a remoted facility from the controller.  There is a functioning access point connected to the port beside this one on the same switch.


This issue was first noticed when both interfaces on the AP showed as down even though they were administratively up.  After looking for some time, there were no differences found between the configurations (AP config, controller, switch config, etc.) on this device and the functioning device in the same building.  Finally a Reset on the AP was tried in order to resolve the issue.


Since then, the AP has been going up and down with the error shown above.  The AP is only up for a matter of seconds before this error is received and the AP reboots.  I have tried unsuccessfully to change the country code with the following feedback:


(FR0021) >config ap disable AP0026.0b62.80b4


(FR0021) >config ap country US AP0026.0b62.80b4

To change country code: first disable target AP(s) (or disable all networks).
  Changing the country may reset any customized channel assignments.
  Changing the country may reboot disabled target AP(s).

Are you sure you want to continue? (y/n) y


AP0026.0b62.80b4             unchangable (Regulatory domain incompatible with US)


This is done as quickly as possible while the AP is attempting to join the controller.  There is only a few seconds to get this in before the controller loses contact with the AP again.


Controller version is 4.2.207.0

AP config:

Cisco AP Identifier.............................. 11
Cisco AP Name.................................... AP0026.0b62.80b4
Country code..................................... US  - United States
Regulatory Domain allowed by Country............. 802.11bg:-AB    802.11a:-AB
AP Country code..................................  -
AP Regulatory Domain............................. Unconfigured
Switch Port Number .............................. 29
MAC Address...................................... 00:26:0b:62:80:b4
IP Address Configuration......................... DHCP
IP Address....................................... 10.7.6.5
IP NetMask....................................... 255.255.248.0
Gateway IP Addr.................................. 10.7.0.1
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ default location
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
--More-- or (q)uit
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Global: Disabled, Local: Disab
led
Remote AP Debug ................................. Disabled
S/W  Version .................................... 4.2.207.0
Boot  Version ................................... 12.3.8.0
Mini IOS Version ................................      --
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model.........................................
AP Serial Number.................................
AP Certificate Type.............................. Manufacture Installed
Management Frame Protection Validation........... Enabled (Global MFP Disabled)
Console Login Name...............................
Console Login State.............................. Unknown
Cisco AP system logging host..................... 255.255.255.255
--More-- or (q)uit
Ethernet Port Duplex............................. Auto
Ethernet Port Speed.............................. Auto


Any ideas of how to fix this problem?

samikmody Fri, 04/30/2010 - 11:29
User Badges:

Hello.  I relaly hope you can help me! I have two Cisco Aironet 350 AP's which I want to configure.  One of them was no problem since it was reset to the default -- I was able to change the SSID with no issues.


The second one however has a username and password set which I need to have reset.  The model # is specifically: AIR-AP352E2R A K9.


I read the reset instructions http://www.cisco.com/en/US/products/hw/wireless/ps430/products_password_recovery09186a00800949d0.shtml#res350ios.


However, reading the specific reset instructions do not help and I can't get into the setup or reset it.


I don't see the "Loading "flash:/".  It simply states "Inflating xxxxxx".  Pressing ESC or CTRL-W doesn't do anything during any of the boot process.


It takes me to the login screen directly. The boot up is below.  I need to reset the AP completely so I can change the SSID and broadcast options (right now, its not broadcasting).  All and any help is appreciated.



Testing DRAM...
[Packet Forwa
(press to bypass)warding State:  Blockin
DRAM Test Bypassed.                0__
Power-on reset.  
ackground 


Copyright 1996-2000 Cisco Systems, Inc.lease.gurati
Specified Access
[Defaul
Copyright 1984-2000 Wind River Systems, Inc.          0 Length : 2304P Subnet Mask7fe40


System ID: 0040965574D8
(Auto Apply On) :BOtto
Motherboard: MPC855 50MHz, 8192KB FLASH, 16384KB DRAM, Revision B0s           0________________________________ound     


[Radio C
Bootstrap Ver. 1.09: FLASH, CRC 710B6415 (OK)   Transmitennium WiFence String: (:q): 0] of
Initialization: OK  
exit   


  i) FLASH :PC4800 Firmware 04.25a   FE1C821C     53604  .tar.gz  Data  0000
  j) FLASH :AP Installation Key      FE1D5380        64  none     Key   0000
  k) FLASH :VAR Installation Key     FE1D53C0        52  none     Key   0000


Inflating "EnterpriseAP Sys 11.21"...
2745968 bytes OK


Loaded  driver for device "fec0", ifIndex=1.
Loaded  driver for device "awc0", ifIndex=2.
Configured device "fec0" as IP address "10.7.7.125", network mask 0xffffff00.
Attaching network interface lo0... done.
Configured device "lo0" as IP address "127.0.0.1", network mask 0x00000000.
Getting configuration parameters via DHCP over device "fec0"...


00:01:06 (Warning): No DHCPOFFER's received, restarting the negotiation in the b
ackground


Timed out on renewing DHCP boot lease.


Adding 2 symbols for standalone.




Please enter username:  (0)

Lucien Avramov Fri, 04/30/2010 - 14:23
User Badges:
  • Red, 2250 points or more

ESC should be the way to go here.

Can you make sure you have the proper console settings when connecting to it and that you dont use a MAC but just a normal PC with a regular keyboard?


Your console settings should be:


Bits per second (baud): 9600

Data bits: 8

Parity: None

Stop bits: 1

Flow Control: None


You are right, the steps are:

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_password_recovery09186a00800949d0.shtml#reset_ap_1107

Actions

This Discussion