I'm in the process of a demo/protoype using the cisco lightweight products (4402 controllers w/ 1240 LAP), and using Air Fortress gateway for Layer 2 authentication...I have 3 lightweight AP's associated with the controller (running in Layer 3 mode is only way to get AP's to talk to controller), but when my test client loaded with Air fortress gateway associates with the cisco AP, it's not able to aquire DHCP address, the Air Fortress gateway does not let any traffic thru...the Air Fortress gateway does allow connections thru to dhcp server if I associate to a Intermic AP, then I'm corporate network with Layer 2 FIPS 140-2 encryption via Air Fortress gateway...any one run into same situation?
The scenario I have is AF--->Controller---->AP's. We are successfull getting through the AF Gateway (AF7500) when we have the following scenario...
AF7500---->Intermec AP, however once we attempt the AF--->Controller--->AP setup, nothing is getting through the AF.
Cisco suggested our problem was tied to the AF Gateway being confused by having the APs, AP-Mgr., the Management interface, and the WLAN traffic all on one VLAN. Per their suggested we have isolated the WLAN traffic in a separate VLAN, but the Cisco scenario is still not passing through the AF gateway.
i am also facing a similar issue, i have a fortress sec?re gateway AF2100 connected on to a vlan 88 on a 6500 switch. of which one of the modules is Wireless services module (2 WLC 4404 integrated on a module) configured in Layer 3 mode. and i have 1242 LWAP APs connected on to the network. the Pcoket PC gets associated to the SSID (which is clubbed to vlan 88) but it is unable to ping the gateways encrypted leg. when i sniffed the packets using ethreal i am able to see that there is exchange of packets between both mac-addresses (mac-add of the pocket PC and that of the encrypted leg). but the Pocket Pc does not get registered and it shows no reply when a ping is initiated to the encrypted leg IP.
i can also see that there is a sudden increase in the number of the packets that are being decrypted by the fortress when a ping is initiated by the pocket PC.
At the same time if we remove the LWAPP technology and use autonomous APs in the same setup it works perfectly fine.
what did you mean in your post about registering it with ACS. are you referring to Cisco Secure Access control server here.
I more or less have the same problem. I was able to get autonomous APs to work, but not LWAPP APs. I did not have to enter any AP mac addresses to get Autonomous APs to work, so I don't understand why I would need to add the controller if it is between the AirFortress gateway and the AP on the VLAN being used. The controller mac address would not need to go though the AF gateway unless I want to ping it. Still I am not sure how the controller uses the interface IP on that VLAN. I noticed there is a "fortress passthru" setting on the controller, but enabling it did not help. Let me know if you guys figure out a fix.
IntroductionHow to use the Wireless LAN Controller Configuration Analyzer (WLCCA)
Javier Contreras is a Senior Tech Lead for the Wireless Business Unit in Cisco, with over 2 decades of experi...
< PRE >
(#)For this reason being that : - application that doesn't use multicast, sends one copy of each packet ( data unit of traffic at layer 3 ) to each client (" who seeks the traffic ).- application that does use multicast, sends ...
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...