I have the following config on my controller and am plugging in a new out of the box LWAPP into a switch that the ap-manager interface is linked to via gigabit. I would assume that since I see the lightweight AP start a process that makes me think it's looking for the controller it would send a message and receive an address from the internal scope on the 4402 that I think I setup, doesn't seem to be happening though. The config is below and I am wondering the best practice for the interfaces, and whether or not my ap-manager interface can/should be on the same network as the management interface?
ap-manager 188.8.131.52/24 Vlan1 (connected to a 2960 8port on Vlan1)
management 192.168.1.39/24 untagged (connected to a 2960T)
service port 192.168.88.1/24 untagged
virtual interface 184.108.40.206
I believe I have setup an internal DHCP scope for the ap-manager interface, but seeing as it's not working I would assume I'm missing something. The management interface has a DHCP server on it's /24 network which is the gateway for the network. Does the Cisco 4402 act as a router? Does it hand out addresses if you make internal scopes that correspond with the networks you have interfaces for, or do you always need a separate DHCP server on each network?
Hey William, untag the AP-Manager interface, move it to the same subnet as the Management (192.168.1.x) interface on the same port as the management interface.
You can create DHCP scopes for the internal "dynamic" interfaces (so you can hand out addresses to each BSSID) and as long as those VLANs are trunked and terminated on a router you should be fine. You will not need a DHCP scope set up for the AP-Manager interface. The APs will call out for a DHCP address when they first boot up, then attempt to discover a LWAPP controller (thus why you don't need a DHCP pool for that interface).
If the AP does not receive DHCP option 43 or a response to the CISCO-LWAPP-CONTROLLER.domain.com request, it will send a broadcast (layer 2) for the controller. If the AP-Manager IP address is not on the same subnet as the AP, then it will reboot and run through the same search parameters. Thus if the port the AP is plugged into on the switch does not have a native-VLAN associated with it (making it VLAN 1), then you want to make sure the AP-Manager IP is on the same subnet as the AP and make sure it is untaged (VLAN 0).
Here's how it is right now... I think i see from your post that everything is how you expect it to be...
The management interface is port 1 and has 192.168.1.39/24 untagged
The ap-manager interface is port 2 and has 192.168.1.40/24 untagged
The LWAPP is plugged into a switch that is trunked into the management interface on the 4402. There is also another switch trunked into port two on the 4402 but when I plug the LWAPP into that switch it doesn't seem to even go through the DHCP process. When it is plugged into the switch that goes through the management interface its gets an IP, via the Linksys on the 192.168.1.0/24 network, then looks for and finds the controller, sends a request to join, but almost right after says it didn;t get a response and then reboots, and does it all over again. This sort of gives me the idea that the controller setup must be missing something that would allow it to send responses to the LWAPP's requesting to join?
Move the AP-Manager interface over to Port 1 as well. I have a feeling this will solve the problem. Cisco pretty much recommends that Management and AP-Manager be configured the same except for IP addressing (same subnet). Try that and see if it comes up. You should see the AP under Wireless and it'll initially download a new LWAPP image then reboot. If you wait too long to see if it shows up, it'll look like it's not there yet even though it's rebooting after downloading the new image. Thus, either watch immediately or wait 10 minutes and see if it shows up.
Yup, port channeling and if you have a 50 AP license, you have to use both ports (since each port supports 48 APs).
Not sure on the best practices for AP templates (since I haven't used them yet), but I do know that it takes the entire template, so make sure you have everything set correctly or you could wipe something out. Depending on the version of code you're using, look up the Configuration Guide for your WLC version; those have a lot of really good info in them.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...