tag:blogger.com,1999:blog-1988432060681510848.post6091553595597692136..comments2024-03-25T23:51:47.067-05:00Comments on Revolution Wi-Fi: Cisco WLC 7.0.116.0 New FeaturesAndrew von Nagyhttp://www.blogger.com/profile/12658799453646609565noreply@blogger.comBlogger40125tag:blogger.com,1999:blog-1988432060681510848.post-66650244055074276682012-12-13T14:24:48.120-06:002012-12-13T14:24:48.120-06:00Hi Armando,
SKC is part of the 802.11i amendment. ...Hi Armando,<br />SKC is part of the 802.11i amendment. It essentially provides a method for a client an AP to cache a previous authentication through that individual AP only. The caching does not work across APs. Therefore, the client has to associate and authenticate to each individual AP before the cache can be established. This is not very effective, especially in larger environments. The client and AP also usually only provide support for a limited number of cache entries (for example 8 or 16).<br /><br />You can read more here:<br /><a href="http://revolutionwifi.blogspot.com/2012/02/wi-fi-roaming-analysis-part-2-roaming.html" rel="nofollow">Wi-Fi Roaming Analysis Part 2</a><br /><br />Cheers,<br />AndrewAndrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-58622235633172999642012-12-12T17:08:09.503-06:002012-12-12T17:08:09.503-06:00Hi Andrew. Can you elaborate on where Sticky Key ...Hi Andrew. Can you elaborate on where Sticky Key Caching fits in with PKC/OKC? I know that SKC is beneficial in a intra-controller roaming scenario with Apple devices. It seems that there is limited information SKC though, any thoughts on it?Anonymoushttps://www.blogger.com/profile/08307237528813506972noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-32412936853048311542012-07-19T03:03:35.023-05:002012-07-19T03:03:35.023-05:00Thanks Andrew. This worked great!! I additionally ...Thanks Andrew. This worked great!! I additionally had to change my VLAN Mappings under flexconnect details to the same VLAN for both SSIDs to make it work.<br /><br />Thank you.Achin Bansalnoreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-43976588663932963002012-07-16T01:30:59.357-05:002012-07-16T01:30:59.357-05:00Yes, in Cisco WLCs simply select the same interfac...Yes, in Cisco WLCs simply select the same interface in each SSID.<br /><br />AndrewAndrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-56333026305832736912012-07-13T02:56:37.852-05:002012-07-13T02:56:37.852-05:00Hi Andrew,
First up, a fantastic write-up!
Is th...Hi Andrew,<br /><br />First up, a fantastic write-up!<br /><br />Is there a way we can bind Multiple SSIDs to a single VLAN. I understand Cisco by default deny's doing this as not being a good practice. I have a scenario where same VLAN/Network policy needs to apply to different authentication methods based on different SSIDs.<br /><br />Thanks.Achin Bansalnoreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-56756924698177325282012-06-07T18:09:49.526-05:002012-06-07T18:09:49.526-05:00Interface groups are useful so that one SSID can s...Interface groups are useful so that one SSID can support multiple VLANs without using AAA override. It will round-robin load balance clients between multiple VLANs.<br /><br />I'm not sure it's possible to block services between AP Groups. They only define VLAN to SSID mappings and SSIDs that are advertised for users (replacing the older WLAN Override settings in individual AP configurations).<br /><br />AndrewAndrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-50797155760564422632012-06-07T18:07:40.544-05:002012-06-07T18:07:40.544-05:00Hi Paul,
Yes, Cisco VLAN Select allows a single so...Hi Paul,<br />Yes, Cisco VLAN Select allows a single source VLAN for multicast. The problem with that is that all multicast must originate from that single VLAN, which limits applicability. With Bonjour services, for example, it would require all AirPrint printers, AirPlay AppleTVs / MacBooks / Airport Express units to be in that one VLAN. That's not realistic in a layer 3 enterprise network with printers and projectors scattered throughout the network. Also, AirDrop can't be used for client to client file sharing. It also doesn't support wired client subnets, so printers that are plugged into Ethernet won't work (which is probably the most common connection method for printers). It also can't filter Bonjour services by service type.<br /><br />Overall, it's a multicast hack that has limited applications in my opinion.<br /><br />AndrewAndrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-59165765444529713862012-06-06T09:38:21.813-05:002012-06-06T09:38:21.813-05:00Hi, I used it to contain MultiCast in a specific V...Hi, I used it to contain MultiCast in a specific VLAN. Very convenient when using VLAN Select and when you want to support AppleTV (to perform presentations wirelessly).Paulhttps://www.blogger.com/profile/18287749604287529008noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-62475087119563398192012-06-05T03:24:32.552-05:002012-06-05T03:24:32.552-05:00hi everyone,
Can someone tell about the roles of ...hi everyone,<br /><br />Can someone tell about the roles of Interface groups and Multicast Vlan Feature in WLC 7.0.116?<br />Secondly, how can i disable/block services according to AP Groups?Irfan Qalamkarhttps://www.blogger.com/profile/07840609318629836714noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-39872196770198202992012-05-16T10:26:32.118-05:002012-05-16T10:26:32.118-05:00No known system ever has required a reboot after b...No known system ever has required a reboot after backing up configurations and if they did the product should be kilt.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-51675473888483873062012-02-24T18:37:46.163-06:002012-02-24T18:37:46.163-06:00You should call TAC for assistance with upgrade is...You should call TAC for assistance with upgrade issues.Andrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-62287472816331307792012-02-24T04:24:15.129-06:002012-02-24T04:24:15.129-06:00tftp upgarding to this version fails after 82%.
f...tftp upgarding to this version fails after 82%.<br /><br />following error comes. pls suggest.<br /><br /><br /><br />Connection received from 10.113.9.250 on port 7705 [24/02 15:31:32.381]<br />Read request for file <\/AIR-WLC4400-K9-7-0-116-0.aes>. Mode octet [24/02 15:31:32.381]<br />Using local port 1888 [24/02 15:31:32.381]<br />File <\AIR-WLC4400-K9-7-0-116-0.aes> : error 10054 in system call recv An existing connection was forcibly closed by the remote host. [24/02 15:32:23.100]Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-1441631200352565042012-01-30T11:29:13.488-06:002012-01-30T11:29:13.488-06:00Hi Tom,
In order to support DHCP reservations with...Hi Tom,<br />In order to support DHCP reservations with VLAN Select, you will need to use Dynamic VLAN or WLC Interface assignment by the AAA RADIUS server. You have to assign a specific interface, not the interface group.<br /><br />See this link:<br />http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b78900.shtml#topic1<br /><br />Cheers,<br />AndrewAndrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-17126466684657410412012-01-30T08:56:55.356-06:002012-01-30T08:56:55.356-06:00Andrew,
Is there any way to support DHCP reservati...Andrew,<br />Is there any way to support DHCP reservations with VLAN Select? In my environment, we have devices that need stable IP addresses, so we are using reservations, but I'm seeing issues with the round robin dhcp assignments. The reserved address isn't mapped to the correct VLAN.Tomhttps://www.blogger.com/profile/12126501993758664789noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-11610893192413025882011-11-15T20:52:15.529-06:002011-11-15T20:52:15.529-06:00Hi,
Backing up the WLC config does not require a ...Hi, <br />Backing up the WLC config does not require a reboot. Restoring or importing a config does, however.<br /><br />AndrewAndrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-66878772364008670892011-11-15T20:50:56.671-06:002011-11-15T20:50:56.671-06:00Hi Edward,
If the VLANs are only wireless, then th...Hi Edward,<br />If the VLANs are only wireless, then they should be utilized at the same rate and one should not get full without the others being in the same situation.<br /><br />There are a few cases where this would not be true, if wired clients shared the same VLANs or if DHCP lease times are different between VLANs.<br /><br />I'm not sure if the WLC can monitor DHCP responses or lack thereof and re-assign users to another VLAN. That is an interesting question that I will have to follow-up on.<br /><br />Thanks,<br />AndrewAndrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-44668348335552540632011-11-14T15:33:00.430-06:002011-11-14T15:33:00.430-06:00When backing up the controller (WLC 4404) configur...When backing up the controller (WLC 4404) configuration to a TFTP server, does the controller require a reboot?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-58720725074481981702011-09-07T23:03:38.291-05:002011-09-07T23:03:38.291-05:00Hi Andrew,
Thank you kindly for your information....Hi Andrew,<br /><br />Thank you kindly for your information.<br /><br />May I have one more question about the VLAN Select:<br />Is there any potential DHCP black hole in the VLAN Select?<br /><br />Like if you put 3 different subnets into one group interface, if one of their dhcp ip pool is full. As WLC is running round-robin load-balanced. <br />How does the WLC know that special vlan DHCP pool is full and avoid it? <br /><br />Cheers,<br /><br />EdwardDadhttps://www.blogger.com/profile/01675983136401475672noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-86359754905087894702011-09-07T15:34:58.132-05:002011-09-07T15:34:58.132-05:00Hi Edward,
Yes, you are correct with AP Groups and...Hi Edward,<br />Yes, you are correct with AP Groups and Dynamic VLAN Assignment. However, VLAN Select is solving a distinctly different problem, one in which we don't care what VLANs specific clients are placed into, just that the broadcast domain is not large and split up amongst several VLANs.<br /><br />AP Groups can also achieve this, as you stated. But that does not consider the Anchor controller case where the WLC is not controlling APs. VLAN Select provides a solution, and arguably does it in a simpler fashion than AP Groups for Local controllers too.<br /><br />Dynamic VLAN Assignment is completely different, and assigns different user groups to VLANs based on policy definitions attached to those users. It cannot really solve for situations where we need to seperate users in the same group, or we don't have or care about user group definitions.<br /><br />As always, there are always many ways to skin the cat. VLAN Select gives us a great tool for Anchor controllers and an arguably better tool for Local controllers than what exists today.<br /><br />Cheers,<br />AndrewAndrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-18884591713007326322011-09-06T23:30:15.093-05:002011-09-06T23:30:15.093-05:00Hi Andrew,
A very nice post.
Just back to the to...Hi Andrew,<br /><br />A very nice post.<br /><br />Just back to the topic about the "WLCs don't support multiple VLANs assigned to a single SSID".<br />Actually we can achieve this even in verion 7.0.98.0. <br />we setup different AP groups and use the WLANs SSID overwrite to achievement.<br />From the other hand we also use the AAA overwrite to achieve that.<br /><br />Cheers,<br /><br />EdwardDadhttps://www.blogger.com/profile/01675983136401475672noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-6906047883574042222011-08-20T04:50:29.531-05:002011-08-20T04:50:29.531-05:00Hi Tulga,
No, Cisco does not provide time restrict...Hi Tulga,<br />No, Cisco does not provide time restrictions on SSIDs in the WLC. However, a workaround is available in WCS to apply configuration templates to WLCs at specific times.<br /><br />AndrewAndrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-30690534145902079912011-08-20T02:55:06.129-05:002011-08-20T02:55:06.129-05:00Andrew,
Thanks, on WLC possible to manage time r...Andrew,<br /><br /> Thanks, on WLC possible to manage time restriction on SSID?Tulgahttps://www.blogger.com/profile/12512101001602686284noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-84863003810147887892011-08-12T15:58:46.993-05:002011-08-12T15:58:46.993-05:00Hi Tulga,
I think what you meant to say was WLCs d...Hi Tulga,<br />I think what you meant to say was WLCs don't support multiple VLANs assigned to a single SSID. That was correct previously, but WLC code version 7.0.116.0 now supports a feature called VLAN Select which allows definition of interface groups. By assigning an interface group to an SSID, the clients will then be round-robin load-balanced into multiple VLANs.<br /><br />Cheers,<br />AndrewAndrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-76453920255293229522011-08-12T10:42:19.603-05:002011-08-12T10:42:19.603-05:00Hi Andrew,
As i heard LWAP doesn't support mu...Hi Andrew,<br /><br />As i heard LWAP doesn't support multiple vlans to multiple SSIDs, so is that fixed on new version? because right now im using 2 different ssids for 2 vlans, going to deploy 4402 and LWAPs replacing current Auton APs. Can ask you few questions related with this issue by chatting?Tulgahttps://www.blogger.com/profile/12512101001602686284noreply@blogger.comtag:blogger.com,1999:blog-1988432060681510848.post-79400099322423721892011-07-13T19:27:59.106-05:002011-07-13T19:27:59.106-05:00Johnny,
Not quite...
PMK Caching - client caches ...Johnny,<br />Not quite...<br /><br />PMK Caching - client caches the PMK established with each individual AP. The client must have already auth'd to that specific AP to create the cache for future instances where it roams back to it.<br /><br />PKC/OKC - Proactive Key Caching or Opportunistic Key Caching is where the PMK is cached at the controller (or a central point) and is slightly modified using known variable for all controller APs (using each AP radio BSSID). Therefore, both the client and the controller can determine a unique PMK cache entry for each AP the client can roam to. A single PMK is established on any 1 AP and then dynamically distributed to individual APs as the client roams to them.<br /><br />WLC code 7.0.116.0 extended support for PKC/OKC to H-REAP APs. It was previously supported for Local mode APs only.<br /><br />Also, H-REAP already supported CCKM fast roaming too.<br /><br />Hope this helps,<br />AndrewAndrew von Nagyhttps://www.blogger.com/profile/12658799453646609565noreply@blogger.com