Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to learn how to configure and troubleshoot WCS related issues with Cisco expert Lucien Avramov. Lucien is a Customer Support Engineer working in San Jose TAC center. He is a technical leader within the Network Management Team and has been supporting WCS for about 2 years. He handles world-wide escalations related to Network Management, including WCS. He has a Bachelor Degree in General Engineering and a Master's Degree in Computer Science from the French prestigious Ecole des Mines (Mining School). Lucien holds a CCIE in Routing and Switching (CCIE #19945).
Remember to use the rating system to let Lucien know if you have received an adequate response.
Lucien might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through February 26, 2010. Visit this forum often to view responses to your questions and the questions of other community members.
2 part question.
ACS, upgading ACS Windows V4.0 to 4.2 then 4.2.1. Problem is the CSLOG service keeps flapping. It authenticated wireless users but just doesn't log them.
We seem to be getting a few APs showing up Ieee on sh power inline. We've tried reseting from the controllers and shutting the port down on the switch.
1. Are you using remote logging agent? Can you see the logging on the local ACS logs?
This is more related to an ACS issue at this point as the WLC is able to get you authenticated but ACS does not log it.
I think you may be hitting: CSCta66819 ACS CSLog service stale threads can cause remote logging failure
2. This is more related to a controller WLC problem than WCS here.
This section is oriented for WCS (Wireless Control System).
Please post your questions to the appropriate section:
For 1. :
When you post, please indicate the version of your WLC, the version of code on the AP and the model and post the output of show power inline.
Hi, there is a question, whether it is possible to remove an error from logging history on Catalyst 3560 so that this error did not register any more even if it will occur.
This event is dedicated to the cisco WCS software, and not catalyst. Please post your question on the lan-switching forum:
We have WCS running 220.127.116.11 that is connected to several WiSMs and a 4402 in the dmz for guest access. We are using a NAC guest server to set up guest accounts.
I have a report that runs daily on the WCS that shows busiest guest network clients. I am trying to figure out how clients that are not authed and have not received an IP can have 7MB of data transferred. I also downloaded a very large file from the guest network and did not show up in the log for that day. Can the discrepancy be from that fact that the WCS is not acting as the lobby ambassador? I have attached a copy of the report
I'm glad you asked.
There is a common condition where associated clients show up with 0.0.0.0
as the IP and that is if the client is using an unlearned static IP address and did not obtain an IP via DHCP.
Authentication happens prior to getting an IP address.
Therefore these clients can still authenticate and get on the network, but won't show up with an IP.
You can configure the WLAN to require DHCP and that will prevent these clients with the static IP from being able
to associate. Unfortunately, there's not much that can be done with the report entries in WCS as they just reflect
the client data logged on the controllers.
High memory utilization on WCS server.
The solid.exe and java.exe processes constantly take up most of our memory.
Is this normal behavior?
Out of the blue, no it is not. But this mainly depends on how many APs you are managing with your WCS and what hardware you have.
You can check in what category you fall for the hardware requirements in the release notes:
Standard server—Supports up to 2,000 Cisco Aironet lightweight access points, 1,000 standalone access points, and 450 Cisco wireless LAN controllers.
–3.2-GHz Intel processor.
–2.13-GHz Intel Quad Core X3210 processor.
–2.16-GHz Intel Core2 processor.
–80 GB minimum free disk space is needed on your hard drive.
If you are using VMWare, then the requirements are different then for a standalone server.
I want to use Cisco 1250 series devices ( AIR-LAP1252G-E-K9 at 2.4 GHZ ) with wireless
controller of 4400 or 5500 series.
I want to use wall mount patch antenas (I will choose any one of the following models)
AIR-ANT2460P-R 6 dBi Patch Antenna
AIR-ANT2465P-R Diversity Patch 6.5 dBi
AIR-ANT2485P-R Patch 8.5 dBi
Now my questions are :
01. The 1250 series has options for three antenas connectivity.is it must to use all the three antenas on each LAP ?
02.Suppose I want my Access point to support wireless G and Wireless N ,then can i get it done by using ONLY ONE ANTENA?
03.Suppose I want my LAP to support only wireless n clients then can I use only one antena on each access point?
04.There are thick concrete walls comming on the way.Which of the above antenas you suggest best?
Thanx in advance.Please answer.
The 802.11n standard operates at two frequencies : 2.4 GHz and 5 GHz.
The 5GHz will provide you better coverage for thick walls and longer distance.
The 2.4 GHz will provide you shorter coverage but better bandwitdh.
It's always that compromise: either you have long distance and better coverage, either you are closer to the AP and you have better bw.
Would the AP work with no antennas at all? Yes, but the coverage will be very limited.
The AP can work with as many antennas as you place.
In your case you have selected 2.4 GHz. You can look at their specs, basically, the better antenna, the less signal atenuations (noise) it will have.
If you are looking for best coverage for .N, I would strongly recommend you to have one 2.4 GHz antenna and one 5 GHz antenna.
Specs of the antennas you mentionned:
Also, another useful doc: the data sheet document for the 1250
Late last year, Cisco released a new series of antennaes for the 1240 and/or 1250 APs. Check the PDF files from here:
I've also noticed that your antennaes that your questions are based on are 2.4Ghz. I believe you need both 2.4Ghz and 5.0Ghz to get wireless "n" running.
As to thick concrete, no one but you will be able to answer that. There are many combinations of concrete (including the steel wires). As far as I know, concrete blocks (or cinder blocks) take approximately -5 to -10 dBm off your signal. One way to address the issue is not to do with antennae but the placement.
If you want to use full bandwidth of "n" then it's nice if you can get all three antennaes connected.
To make your setup alot simpler, no hassles as to which antennaes to buy, have you considered looking at the 1142 series AP?
Hope this helps.
I have a question about Per User Rate Limiting with QoS Profiles. I am running WCS 6.0 and have two anchor controllers installed in seperate data centers. I manage a wireless network with 100+ wireless controllers and 1000+ access points. I need to be able to rate limit guest users at our sites with a limited amount of bandwidth. It would help me a bunch if you could provide screen shots with specific Per User Rate limiting examples. My question is this; say I have a site with a 256k circuit.
QoS Profile Plan:
Platinum with no rate limiting for the Voice clients. The defaults are fine with this profile.
Gold with no rate limiting for our infrastructure or enterprise data SSID. The defaults are fine for this profile.
Silver with no rate limiting at our larger site that support guest access.
Bronze with Per User Rate limiting for our smaller sites that have a limited amount of bandwidth.
I plan on rate limiting the network in the DMZ.
1) What is the avarage data rate used for? What would be a good base line for a site with a 256k circuit?
2) What is the burst data rate used for? What would be a good base line to start from for a site with a 256k circuit?
3) What is the avarage real-time rate used for? What would be a good base line to start from for a site with a 256k circuit?
4) What is the burst real-time rate used for? What would be a good base line to start from for a site with a 256k circuit?
The QoS settings on the WCS, are the same on what is set actually on the controllers itself.
1) The Average Data Rate: it's the average rate for non-UDP traffic.
2) Burst Data Rate: it's the peak data rate for non-UDP traffic.
3) Average Real-time Rate: it's the average data rate for UDP traffic.
4) Burst Real-time Rate: it's the peak data rate for UDP traffic.
Think about the rates this way: average real-time = UDP traffic, average = Non-UDP traffic.
The rate values are per user and not for the whole circuit. The rate limits are unidirectional, outbound from the controller to the AP. For example if you have 10 users, and you want to provide them equal bw, you should use the value 25.6 kbps. By default the value entered 0 means, that there is no BW limitations set.
The Burst Data Rate should be greater than or equal to the Average Data Rate. Otherwise, the QoS policy may block traffic to and from the wireless client. Also, the values that you will set are in Kbps.
If you want to achieve QoS as a whole, for example restrict guest user traffic to 256 kbps as a whole, then you apply the QoS on the outbound WAN interface (R2 S0/0) as per the example below: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807e9717.shtml#C2
Another document you may want to read about the QoS: http://www9.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a00807e9717.shtml
I am new to rate limiting on WLAN controllers so please forgive me.
Say I have a 256k circuit and want to rate limit the clients to 56k. I'm not sure hove many clients will connect to the system at any one time, but I suspect it wouldn't be over 5 at any one time. For the most part; I think there would be 1 or 2 guest clients on a normal day. These are very small offices.
Keep in mind; I'm just looking for recommendations.
What would I set the average data rate "56k"?
What would you set the burst data rate to?
What would you set the average real-time rate to?
What would you set the burst real-time rate to?
Just a FYI; I tried to access the links you sent me, but my account wouldn't let me access the doc. I'm not sure why as we have an enterprise account.
If you have an average 1 to 2 users, I suggest the following:
average data rate : 56k
burst data rate : 256k
average real-time : 56k
burst real-time :256k
Let me know if you can access the pdf version:
Wireless Guest Access
I’m looking for advice and if anyone else reads this if they have any solutions.
Basically we are a large NHS Trust, our link to the out side world is via N3 which all the hospitals are on in the UK. We are planning to give guest access over 3 sites which is no problems, just supply an external ISP. What I’m looking for is to minimise the admin side to staff for setting up guest access to possibly 100 odd patients at one go. I wonder what over solutions people of put in place so don’t have to manage there sites instead of using the Lobby Ambassador.
I know there is an programme called Amigopd which will do the job, but can’t find any one who is using it.
Cisco NAC guest server can take care of creating guest users on your controllers:
Got several PCs that I've been told have to go on 802.11a, is there anyway of making sure all other clients that have the capability of going on 802.11a stay on 802.11g?
Don't know if this can be done through group policy, or would have to create a seperate SSID to use 802.11a
We are currently using WCS 6.0.170 and all WiSMs running 5.2.193.
Ever since we upgraded our controllers to 18.104.22.168 We started to see alerts in the WCS that AP are drawing low power from ethernet. Failure reason: 'The AP draws 15.4 watts from ethernet'. We do not use Poe switches. We are using inj4 power injectors with 1142. Do you know if this is a false postive between the wcs and the controller? There are no traps that show any power failures. This may be a controller issue only.
I have seen two issues internally but no yet a trend that leaded to a bug on WCS 22.214.171.124.
If the radios do work properly (turned on), by the power injectors, the message is then a false positive and have no impact on your production.
There is actually a bug that was marked not reproducible for 1232 APs but this can be generalized to any AP running CAPWAP.
The bug id is CSCtb78808.
You may want to turn debugs on the controller to identify if this is an issue on the controller or on the WCS.
Also turn on logging on WCS to full and have a look at the WCS logs to see if you see any messages coming from the WLC.
Let me know how it goes
Would you be able to confirm if the latest boot software file (126.96.36.199 ER.aes) is required when using WiSM software 188.8.131.52 ? I guess my question is what boot software should I be using if I'm currently using a WiSM with 184.108.40.206 software? At the moment I'm using 220.127.116.11 bootloader version.
I'm having to re-install the WiSM IOS to one of my controllers to 18.104.22.168 due to possible corruption. Currently this controller is in production and supporting up to 138 AP's at the moment. As I'm trying to add new AP's they keep erroring out with unable to Tar file, and I've tried with 3 other new 1130's. However, when I pointed the AP's over to a different WLC within the same mobility group they joined with no problems and were able register and download it's software.
My peers who've had this same issue in the past had to re-install the WiSM IOS.
You shouldnt have to upgrade or downgrade the bootloader.
22.214.171.124 ER.aes is fine for 4.2, 5 and 6.0 controller versions
Got a little problem.
Adding a second WISM blade to a 6509
Got a 6509 which has an existing WiSM installed slot 3., I’ve added a second WiSM in to slot8.
The problem is there is not enough address in VLAN600 for the extra WiSM plus future WiSMs, so the plan is to move them all to VLAN617. I’ve installed the second WiSM setup the gateway, ap manager and manager
From the 6059 I can ping the gateway and the management IP of the wism.
But on the WISM I cant ping the service IP or the ap-manager even though they are in the same vlan.
Are you running out of addresses for WiSM & the AP's, or for clients?
From a strictly routing/switching stand of point, you should limit your broadcast domain.
It's normal that you can't ping the ap-manager IP, but just the management IP.
Service port needs to be on a different subnet than the management interface.
I don't think it'll let you put them in the same VLAN even if you try.
As Huang said, you can only ping the management interface.
Also let me here add some good practices:
The management and AP-manager interfaces must be left untagged, for example, VLAN ID 0, when they are on the native VLAN on the trunk. Remove the tags from the management interface.
Also if the ping is attempted over wireless, the management through wireless check box can be unchecked. All the AP-managers and the dynamic interfaces do not support pings. The dynamic interfaces can only be pinged if they are mapped to the same port as the management interface. They only send Internet Control Message Protocol (ICMP) replies if the controller is under a light load, because the ICMP is placed as the lowest priority task.
Also, the management interface must be accessed with Layer 3 connectivity to the subnet on which the interface resides. If the management interface is 10.x.x.x 255.255.255.0, make sure the PC has full access to this subnet. In order to check this, try to access the GUI through secure HTTP. If this does not work, provide full access to the subnet.