cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
54467
Views
15
Helpful
30
Comments
Javier Contreras
Cisco Employee
Cisco Employee

 

 

WLC CONFIG CHECKS MESSAGES

Notes:

  • Detailed explanation for each message as presented by the WLC Config Analyzer application
  • Please report any disagreement on the content, or recommended settings.
  • Validations compiled from multiple sources
  • Text between % % changes depending on your configuration

Parsing - 10xxx

-Internal errors found while parsing the file

 

  • 10001, Error: Incomplete config or section delimiter not found in %Section Name%
Found new start of a controller config, while processing a section (abrupt end of previous configuration). The trigger is the string "System Inventory"
  • 10002, Error: Wrong File format. Unexpected AP config format (no index or ap name not found)
While parsing AP attributes, the config file points to a AP name, not present in the AP summary list
  • 10003, Error: Wrong File format. Unexpected AP name in AutoRF
Detected a new AP name, which was not present in the AP summary list
  • 10004, Error: Please check, wrong slot number in AP Nearby info -> %AP Name%
The slot number reported in nearby section, is not 0 or 1. The application only supports up to two radio slots per AP
  • 10005: Warning: Incomplete config in middle of file, new controller found in file while processing another
Found new start of a controller config, between the sections (abrupt end of previous configuration). The trigger is the string "System Inventory"
  • 10006, Error: Section delimiter not found. Reached end of file in  %Section Name%
The expected string to exit a section processing was not found, and the application reached end of file. Normally, this points to corrupted configuration file
  • 10007, Error: IP address format error while parsing it
  • 10008, Error: Wrong format on Narby AP entry
  • 10009, Error: Interface Name for WLAN not found, potential configuration file error
  •  
  • 10010 Warning: Sh tech detected in file while parsing sh run-config
  • 10011 Exception catch parsing file
  • 10012 Line parsing error, too short (check config file). Text causing the problem:
  • 10013 Line parsing error,  value not found (check config file). Text causing the problem:
  • 10014 Parsing error on AP during Hreap Static Radius
  • 10015 Parsing error on inventory information
  • 10016 Line structure error while parsing Noise profile
  • 10017 Line structure error while parsing Interference profile
  • 10018 Line structure error while parsing Coverage profile
  • 10019 General: Error while parsing, Duplicated AP name: XX
  • 10020 General: No RF information was found for this AP on XX
  • 10021 General: AP configuration structure error while parsing per AP flex info, Line:

 

 

Access Points - 20xxx

-Validations done on AP configuration

 

  • 20001, AP: Invalid certificate type, possible config error, or file format: %AP name%: Certificate type is not MIC or SSC. Indicates either invalid status or format error in the config file.
  • 20002, AP: Access point without radio, possible domain error: %AP name%: The string "Number Of Slots......" says AP has zero radios. This may happen during AP reload on wrong country settings, on unsupported hardware (802.11b radios) or as a result of a bug.
  • 20003, AP: Access point with more than 2 radios, unsupported hardware by application, or error in config file: %AP name%
The number or reported slots is greater than two, which is not supported by the application currently. This may also indicate a format error in the config file.
  • 20004, AP: Unknown radio type, AP:  %AP name%
Radio type reported is not "RADIO_TYPE_80211g", "RADIO_TYPE_80211b", "RADIO_TYPE_80211a".
  • 20005, AP: Access point without valid TX levels: %AP name% On slot  %Radio%
Transmit power levels reported by radio in AP is zero, which may indicate a bug or wrong country settings.
  • 20006, AP: Unknown radio type in nearby info AP: %AP name%
While parsing the "near by" information, the radio type is not "RADIO_TYPE_80211b/g" or "RADIO_TYPE_80211a". In this case, the controller is referring to RF bands (2.4 GHz or 5 GHz) not radio models.
  • 20007, AP: Possibly incorrect primary switch configuration or not found in controller list: %AP name% , Configured Primary switch name: %WLC name%
The AP has configured a controller name as primary, secondary or tertiary, which is not present in the analyzed config file. This may also indicate a missing controller in the config file -- you should include all controllers in the config file. This may also indicate an error in the AP configuration.
  • 20008, AP: Possibly incorrect secondary switch configuration or not found in controller list: %AP name% , Configured Secondary switch name: %WLC name%
The AP has configured a controller name as primary, secondary or tertiary, which is not present in the analyzed config file. This may also indicate a missing controller in the config file -- you should include all controllers in the config file. This may also indicate an error in the AP configuration.
  • 20009, AP: Possibly incorrect tertiary switch configuration or not found in controller list: %AP name% , Configured Tertiary switch name:  %WLC name%
The AP has configured a controller name as primary, secondary or tertiary, which is not present in the analyzed config file. This may also indicate a missing controller in the config file -- you should include all controllers in the config file. This may also indicate an error in the AP configuration.
  • 20010, AP: Antenna gain set to zero in 802.11b/g radio
Antenna gain may not be valid. If antenna gain was previously configured, then this may indicate an invalid template push from WCS. If antenna gain was never previously configured, then this can be ignored since the gain defaults to 0 for new configs.
  • 20011, AP: Antenna gain set to zero in 802.11a radio
Antenna gain may not be valid. If antenna gain was previously configured, then this may indicate an invalid template push from WCS. If anteanna gain was never previously configured, then this can be ignored since the gain defaults to 0 for new configs.
  • 20012, AP: Empty primary controller. It is recommended, to have a primary controller name configured, for better/more predictive AP join process. This is not mandatory
In general, it is a good practice to have primary controller assigned. It will help the join process, and may speed up mesh network build time.
  • 20013, AP: Primary and secondary switch names are the same, not recommended
This indicates a configuration error, where both controller names are the same.
  • 20014, AP: Secondary and tertiary switch names are the same, not recommended
This indicates a configuration error, where both controller names are the same.
  • 20015 AP: SSH is enabled on this access point. Depending on security policies this may or not be correct
Checks if SSH access to AP has been enabled.
  • 20016 AP: Telnet is enabled on this access point. Depending on security policies this may or not be correct
Check if Telnet access to AP has been enabled.
  • 20017 AP: Syslog messages are sent to broadcast address, if there are errors reported by many APs, and there are too many APs per VLAN, this can cause broadcast storms. It is better to configure to individual server
For VLANs with lots of APS, if there are broadcast traffic generating syslog alerts from the AP, as the APs will be generating syslog to a broadcast destination, this can generate a increase in the total broadcast traffic level on the VLAN. The syslog function is very useful for troubleshooting APs which have not joined controller, but for normal operation is better to have it pointing to a unicast server address.
  • 20018 AP: Local credentials to access access point CLI are not configured. It is recommended to configure to Username/passwords to all APs

Now moved to check 12008 (security)

 

  • 20019 AP: RRM values out of range, potential damaged radio, please double check with direct testing before replacement
     
  • 20020 AP: Channel number not found for 11a on Radio Parsing. Possible corrupted or incomplete config
     
  • 20021 AP: Default gateway not on same subnet as IP address of AP, this may be result of IP redirect or proxy ARP, this can cause severe problems, check your IP/DHCP config

     
  • 20022 AP: Invalid RRM data found for AP. Section: XX

     
  • 20023 AP: More than 4 SSID per radio. High SSID counts may contribute to higher channel utilization. It is advisable to keep the SSID count per radio to the minimum  needed."
    

General - 30xxx

-Checks done on controller general configuration

 

  • 30001, General: Controller with non recommended code version: version number
Version number reported, is on the configured non recommended list. (See Settings\General). List is compiled from "preferred" versions based on known issues
  • 30002, General: Controller with APs with AP-Group in use: Just a notification, so VLAN mappings can be validated, taking them into account for troubleshooting. Also this affects AppleTalk/IPv6/multicast so it is important to know
  • 30003, General: Controller with at least one WLAN with AAA Override is in use
Just a notification, so VLAN mappings can be validated, taking them into account for troubleshooting. RADIUS profile needed, to know the final result
  • 30004, General: Controller is currently on Layer 2 LWAPP mode, this may lead to scalability problems or broadcast control issues
Although defined in the RFC draft, Layer 2 LWAPP mode is considered deprecated in Cisco's implementation. Only Cisco 1000 Series LAPs support Layer 2 LWAPP mode. Also, Layer 2 LWAPP mode is not supported on Cisco 2000 Series WLCs. These WLCs support only Layer 3 LWAPP mode. Using Layer 2 LWAPP mode may also affect the stability of network (i.e., large number of devices on same VLAN). In smaller networks, this may not be an issue. In general, Cisco recommends using Layer 3 LWAPP mode. REFERENCE: Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)
  • 30005, General: Interface has 0.0.0.0, incorrect configuration:  %Interface name%
An interface does not have an IP address assigned. This is not recommended because it might affect DHCP handling in the controller. REFERENCE: Wireless LAN Controller (WLC) Configuration Best Practices
  • 30006, General: AP-manager interface with backup port, incorrect configuration:  %Interface name%
Never configure a backup port for an AP-manager interface, even if it is allowed in older software versions. The redundancy is provided by the multiple AP-manager interfaces. REFERENCE: Wireless LAN Controller (WLC) Configuration Best Practices
  • 30007, General: Interface does not have port assigned, incomplete CLI configuration:  %Interface name%
Interface created without any port assignment, incomplete config.
  • 30008, General: Controller with high temperature:  %temperature%
Possible high operating temperature reported by controller. The operating temperature range is 32 to 104°F (0 to 40°C) for the WLC 2106, WLC 4400 Series, Wireless Services Module (WiSM), Wireless LAN Controller Module (WLCM). The operating temperature range is 32 to 113°F (0 to 45°C) for the Catalyst 3750G with Integrated WLC.
  • 30009, General: Spanning Tree Protocol is enabled in controller, this must be disable, as this may cause stability issues
STP should never be enabled on controller, as it has severe effects over network stability. REFERENCE: Wireless LAN Controller (WLC) Configuration Best Practices
  • 30010, General: Duplicated IP address with controller: controller name , Interface : %Interface name%
Two interfaces have same IP address in different controllers. Either controller is present twice in the config file, or wrong configuration
  • 30011, General: RF Group Name is different with Controller:  %controller name%
RF Group name is different from the other controllers present in the mobility group/processed file. The may be intentional, but normally this is error in the configuration
  • 30012, General: AP-manager interfaces count is less than number of active ports, and no LAG is configured. This is not a supported configuration
When not using Link Aggregation (LAG), the number of connected ports, does not match the AP-manager interface count. This is not a supported configuration.
  • 30013, General: A WLAN has both WPA and WPA2 enabled, this may cause problems with old client drivers and some PDAs
Although the controller and access points do support WLAN with SSID using Wi-Fi Protected Access (WPA) and WPA2 simultaneously, it is very common that some wireless client drivers cannot handle complex SSID settings. In general, it is a good idea to keep the security policies simple for any SSID, for example, using one WLAN/SSID with WPA and Temporal Key Integrity Protocol (TKIP), plus a separated one with WPA2 and Advanced Encryption Standard (AES). REFERENCE: Wireless LAN Controller (WLC) Configuration Best Practices
  • 30014, General: Multicast IP address is same as mDNS (224.0.0.251), this may cause problems with Apple Bonjour, iTunes
Using the same address for multicast as bonjour, would cause controller to drop all ingress traffic from the clients, breaking the discovery. instead, use a private address for this.
  • 30015, General: Current address is x.x.x.x, it is recommended to use a multicast address in the range of 239.0.0.0-239.255.255.255, not including for 239.0.0. and 239.128.0.x.
Warns if address is not on the private range. REFERENCE: Enterprise Mobility 4.1 Design Guide (Chapter 6)
  • 30016, General: Current selected multicast address (x.x.x.x), can generate a flood, as it overlaps with local MAC address. It is strongly recommended to use one on the rage of 239.0.0.0-239.255.255.255, not including for 239.0.0.x and 239.128.0.x
Warns of multicast address conversion to MAC, where resulting traffic can be flooded by switches
  • 30017, General: Error while parsing, duplicated AP name:
This may occur if an AP name is found twice in the configuration file. For example, the same AP name found in two different controllers. The second AP entry is ignored.
  • 30018, General: AP-manager interface on same subnetwork as Management Interface, but VLAN is different, this may generate LWAPP protocol errors
Configuration error that may lead to LWAPP decapsulation errors
  • 30019, General: WLAN settings are different with Controller: XX
WLAN configuration parameters are not the same accross different controllers. The matching is done based on profile and SSID name. This may affect roaming/association for clients
  • 30020, General: WLAN Profile name matched across controller but SSID name is different, so settings were not compared
Reported when doing WLAN configuration comparison across controllers. No details compare is done if the SSID name does not match
  • 30021,General: TX Power threshold not matching:
Compares TX Power threshold per band, warns if this does not match.
  • 30022,General: Coverage Threshold not matching:
Compares global Coverage threshold per band, warns if this does not match.
  • 30023,General: Coverage Clients Global not matching:
Compares global Clients exceptions, warns if this does not match.
  • 30024,General: Channel assignament mode not matching:
Compares Channel assignment mode(auto/manual) warns if this does not match.

 

  •  
  • 30025,General: EDCA value not matching:

Compares EDCA Settings across controllers

 

 

  • 30026 General: Network state not matching:

 

  • 30027 General: Single AP manager interface found, and AP count is aproaching the 48 max supported capacity per intf, it is recomended to configure a secondary AP-Manager or move into LAG config

 

  • 30028 General: Max AP count reached on controller

 

  • 30029 General: RRM Max power limit not maching:

 

  • 30030 General: RRM Min power limit not maching:

 

  • 30031 General: RRM Min power limit  in use

 

  • 30032 General: RRM MAx power limit  in use

 

  • 30033 General: Multicast forwarding address not found for controller

 

  • 30034 General: Multicast forwarding address is same across controllers, to optimize AP CPU load, it is recommended to be different across controllers on same mobilty group,

 

  • 30035 General: WLC configuration taken with no-ap option, this limits all RF analysis and information that can be displayed. It is recommended not to use this option with WLCCA
    This points to a config file received with no Access Point information (usually taken with "sh run-config no-ap".
    it is recommended to use the normal option of "config pagin disable", then "sh run-config" over telnet/ssh.

 

 

  • 30036 General: NAC and Fast SSID must not be used at same time. WLAN: XX

 

  • 30037 General: Non default RRM timer in use. This is not recommended unless directed by Cisco support.

 

  • 30038 General: RRM timer at 1h. This can cause problems on calculations. Must be avoided.

 

  • 30039 General: RRM timer not matching: XX

          RRM timer configuration is not the same across the controllers in the mobility group

 

  • 30040 General: Load Balancing window value too aggresive. Minimum recommended value is 5 or higher

 

 

  • 30041 General: Load Balancing window is zero, it is strongly suggested to use higher value

          Using a 0 as LB window may cause client association errors, this is not recommended

 

 

 

  • 30042 General: Load Balancing window not matching:

          This indicates that the load balancing window size is not configured the same accross controllers

  • 30043 General: Radius config not matching:
     
  • 30044 General: RF Profile not matching:
     
  • 30045 General: Do not configure IP address starting by 127.x, as it may affect webauth. Interface: XX
     
  • 30046 General: GTK Randomization is enabled, this is intended only for Hotspot 2.0 deployments, and will  break normal clients (no multicast/broadcast received anymore), normally not recomeded. WLAN: XX
     
  • 30047 General: Interfaces with overlapping address: XX
     
  • 30048 General: MCS rate disabled, all rates from 0 to 15 must be set minimum, as supported, otherwise it may generate interoperability issues with some clients
     
  • 30049 General: Multicast or Broadcast forwarding enabled, with null multicast address destination. You should configure a multicast address
     
  • 30050 General: RX OP is in use for radio slot XX
     
  • 30051 General: CCA is in use for radio slot XX
     
  • 30052 General: Webauth  is in use, but no pre-auth ACL IPV4 is set, this is required for external webauth, it may not apply depending on your configuration
     
  • 30053 General: Webauth  is in use, but no pre-auth ACL IPv6 is set, this is required for external webauth, it may not apply depending on your configuration
     
  • 30054 General: 802.11ac radios are present, but WMM is disabled on the WLAN
     
  • 30055 General: 802.11n radios are present, but WMM is disabled on the WLAN
     
  • 30056 General: HA is active, bug no vlan set on Manager interface
     
  • 30057 General: Disabling low data rates/11b can help to optimize the channel utilization on the 2.4 band. Depending on RF coverage, or if using legacy clients, this may cause problems. Please validate before enforcing the changes, as this may have important RF dependencies.
     
  • 30058 General: Multicast unicast mode is suboptimal transport for networks with IPv6, mDNS, etc. Multicast mode is recommended. To use it, you also need multicast routing between WLC and Aps
     
  • 30059 General: This controller has a large mobility group count. For optimization purposes, please ensure that controllers with the same mobility group name are only configured when there is a shared RF space where roaming can happen
     
  • 30060 General: Using a low radius timeout is beneficial on high usage networks, but it may have negative effect on slow networks (WAN),  slow clients or BYOD/NAC scenarios. Please validate before enforcing the changes for applicability on your network
     
  • 30061 General: EAP identity may need to be larger if using EAP-TLS, OTP based authentication. Please validate on your specific client types before enforcing the changes
     
  • 30062 General: Internal DHCP server in use. This feature is not intended for large scale deployments. Please check depending on your network size, it may  be recommended to use external DHCP Server
     
  • 30063 General: Local EAP in use. This feature is not intended for very large scale deployments. Please check depending on your network size, it may  be recommended to use external Radius Server
     
  • 30064 General: EAP request timeout larger than 400ms. EAP requests may benefit for faster recovery, and better behavior on bad RF, by using higher counts, lower retry timeout. Please validate on your specific client types before enforcing the changes
     
  • 30065 General: EAP request retries lower than 3. EAP requests may benefit for faster recovery, and better behavior on bad RF, by using higher counts, lower retry timeout. Please validate on your specific client types before enforcing the changes
     
  • 30066 General: Tacacs management timeout lower than 5 seconds. Using longer TACACS timeout is recommended for OTP systems
     
  • 30067 General: Minimum Rogue RSSI detection threshold should be set to -80 or higher, unless mandated by your security policies
     
  • 30068 General: Rogue Policy not matching: XX
     
  • 30069 General: At least one Autocontain policy is enabled. Rogue contention has severe impact on client serving time, it should be avoided unless mandated by your security policies
     
  • 30070 General: AVC visibility is recommended. Ensure you are using 7.4.121.0,  7.6.110.0 or higher. WLAN: X
     
  • 30071 General: Fast SSID enabled is recommended for networks that may have Apple IOS client devices
     
  • 30072 General:  CleanAir detection is highly recommended if your current  AP HW types support the feature.
     
  • 30073 General:  CleanAir Configuration not matching:XX
     
  • 30074 General: WLAN with standalone TKIP policy. This will be deprecated soon due to certification requirements, or migrated to WPA2 AES+TKIP. It is advisable to modify the configuration. WLAN:XX
     
  • 30075 General: WLAN with WPA AES policy. This will be deprecated soon due to certification requirements, or migrated to WPA2 AES. It is advisable to modify the configuration. WLAN:XX
  • 30077 General: Controller with telnet enabled,  this is not advisable for security issues
     
  • 30078 General: Controller with mismatched Fast SSID setting: 
     
  • 30079 General: Controller with mismatched DHCP Proxy setting
     
  • 30080 General: Controller with mismatched Management Over Wireless setting: 
     
  • 30081 Enterprise: Load Balancing is a recommended best practice for high density environments

 

  • 30082 General: Local Profiling is a recommended best practice for better client visibility
     
  • 30083 General: High Availability is a recommended redundancy solution for supported platforms
     
  • 30084 General: Virtual Gateway IP is not on 192.0.2.0/24 
     
  • 30085 General: If not using Cisco WGB or Voice devices
     
  • 30086 General: If using sleeping client feature
     
  • 30087 General: If using Interface Groups
     
  • 30088 General: Controller with 90% or more of capacity in use
     
  • 30089 General: Controller with 90% or more of capacity in use and join priority enabled
     
  • 30091 General: Band Select  is not in use on any WLAN. it is a recommended feature when there is a good AP density in Enterprise deployments
     
  • 30092 General: For enterprise environments
     
  • 30093 General: AP groups are not in use. For enterprise environments
     
  • 30094 General: RF profiles are not in use. For enterprise environments
     
  • 30095 General: DCA is not set to Auto. For general deployments it is recommended to use RRM. Band: 
     
  • 30096 General: TPC configuration is not matching across WLCs. Band {0}
     
  • 30097 General: TPC is not set to Auto. For general deployments it is recommended to use RRM. Band: 
     
  • 30098 General: ED-RRM is not in use. It is recommended to enable for enterprise environments. Band: 
     
  • 30099 General: AP Load is not a recommended metric for Enterprise DCA. Disable to avoid possible channel flapping. Band:
     
  • 30100 General: Controller with mismatching DCA setting: 
     
  • 30101 General: Detected channels on band 100-140 as not in use for DCA. If country regulations allows it
     
  • 30102 General: Controller with mismatched User Idle timeout setting: 
     
  • 30103 General: Untagged Management interface

 

 
 
 

Voice - 40xxx

-Voice related checks. Mostly focused on Cisco 792x Series deployments.

 

  • 40001, Voice: 802.11a network has RRM Transmit Power Control set to automatic.
Unless using WLC 4.1.185.0 (or later), using Radio Resource Management (RRM) can cause radio setting changes during the day, which trigger client disconnections. If this happens during a call, it will be disrupted, or end on one-way voice situation. How much affects this, depends a lot on RF conditions in the site, so it is not a black or white situation, and should be evaluated case by case. After 4.1.185.0 and above, using DCA is possible if correctly configured. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 40002, Voice: 802.11b network has RRM Transmit Power Control set to automatic.
Unless using WLC 4.1.185.0 (or later), using Radio Resource Management (RRM) can cause radio setting changes during the day, which trigger client disconnections. If this happens during a call, it will be disrupted, or end on one-way voice situation. How much affects this, depends a lot on RF conditions in the site, so it is not a black or white situation, and should be evaluated case by case. After 4.1.185.0 and above, using DCA is possible if correctly configured. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 40003, Voice: 802.11a network has RRM Dynamic Channel Assignment set to automatic.
Unless using WLC 4.1.185.0 (or later), using Radio Resource Management (RRM) can cause radio setting changes during the day, which trigger client disconnections. If this happens during a call, it will be disrupted, or end on one-way voice situation. How much affects this, depends a lot on RF conditions in the site, so it is not a black or white situation, and should be evaluated case by case. After 4.1.185.0 and above, using DCA is possible if correctly configured. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 40004, Voice: 802.11b network has RRM Dynamic Channel Assignment set to automatic.
Unless using WLC 4.1.185.0 (or later), using Radio Resource Management (RRM) can cause radio setting changes during the day, which trigger client disconnections. If this happens during a call, it will be disrupted, or end on one-way voice situation. How much affects this, depends a lot on RF conditions in the site, so it is not a black or white situation, and should be evaluated case by case. After 4.1.185.0 and above, using DCA is possible if correctly configured. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 40005, Voice: 802.11a Power Threshold %Controller Current Threshold% , is higher than recommended value of  % App Configured Setting%
Original value of -65 dBm is in general, too high. Recommended value is -70 dBm. If the version is before 4.1.185.0. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 40006, Voice: 802.11b Power Threshold %Controller Current Threshold% , is higher than recommended value of  % App Configured Setting%
Original value of -65 dBm is in general, too high. Recommended value is -70 dBm. If the version is before 4.1.185.0. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 40007, Voice: Aggressive load balancing is enabled. Check if providing voice services or low density of APs to disable it
Do not enable aggressive load balancing unless the network has available a high density of access points in the area, and never if there is voice over wireless. If you enable this feature with access points spaced to far away from each other, it might confuse the roaming algorithm of some clients, and induce coverage holes in some cases. In the latest software versions, this feature is disabled by default. REFERENCE: Wireless LAN Controller (WLC) Configuration Best Practices
  • 40008, Voice: arpunicast is enabled, it must be disabled.
arpunicast setting should not be enabled in normal circumstances. It may cause connectivity problems between devices on the same VLAN. Note that the original 7920 Deployment Guide incorrectly recommended that arpunicast should be enabled.
  • 40009, Voice: DTIM value should be 2, currently it is  %DTIM value% , check in %band% Configuration
For optimal battery life and performance, we recommend setting the DTIM period to “2”. REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40010, Voice: Beacon Interval should be 100, currently it is  %Controller Current Beacon interval% , check in %band% Configuration
For optimal battery life and performance, we recommend setting the beacon period to 100 ms. REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40011, Voice: Short Preamble should be enabled, check in 802.11b Configuration
Recommended value for the 792x. Use the short preamble setting in the radio configuration setting on the access point when no legacy clients that require a long preamble are present in the WLAN. By using the short preamble instead of the legacy long preamble, the wireless network performance is improved. REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40012, Voice: Low data rates (1 and 2 Mbps) should be disabled for voice, check in 802.11b Network Configuration
REFERENCES: Cisco Unified Wireless IP Phone 7921G Deployment Guide, Cisco Unified Wireless IP Phone 7920 Design and Deployment Guide (Chapter 2)
  • 40013, Voice: 5.5 Mbps should be disabled for voice, check in 802.11b Network Configuration
REFERENCES: Cisco Unified Wireless IP Phone 7921G Deployment Guide, Cisco Unified Wireless IP Phone 7920 Design and Deployment Guide (Chapter 2)
  • 40014, Voice: 802.11g speed set as mandatory, this will generate association problems with 7920. Check in 802.11b Network Configuration
Wrong configuration to support 7920.
This warning is deprecated and no longer present after application version 2.2
  • 40015, Voice: ACM is not enabled, check in 802.11b Voice Configuration
Reported recommended value for the 792x
  • 40016, Voice: ACM is not enabled, check in 802.11a Voice Configuration
Reported recommended value for the 792x
  • 40017, Voice: SSID WLAN has WMM disabled. It should be optional or enabled for voice.
Recommended value for the 7921. REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40018, Voice: SSID WLAN has DHCP Required enabled. It must be disabled for voice
This option might affect some client implementations which do not do a DHCP renew until the lease time expires. For example, Cisco 7920 or 7921 phones might have voice problems while they roam if this option is enabled, as the controller does not allow voice or signaling traffic to pass until the DHCP phase is completed. Some third-party printer servers might also be affected. In general, it is a good idea not to use this option if the WLAN has non-Windows clients. This is because the more strict controls might induce connectivity issues, based on how the DHCP client side is implemented. REFERENCE: Wireless LAN Controller (WLC) Configuration Best Practices
  • 40019, Voice: SSID WLAN does not have AP CAC limit enabled
Reported recommended value for the 792x
  • 40020, Voice: SSID WLAN has Client CAC limit enabled, must be disabled
Reported recommended value for the 792x
  • 40021, Voice: SSID WLAN Client MFP as enabled, must be either optional or disabled
Recommended value for the 792x. REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40022, Voice: SSID WLAN Platinum QoS settings are not set to 802.1p.
On the 792x, to avoid issues on the time sensitive queue for APs, it is recommended to tag the frames this QoS profile. Check in Controller QoS Profiles. REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40023, Voice: No platinum level SSID found, possible incorrect configuration, or controller not intended for voice support
No SSID found with platinum level QoS configured. This may be intentional (no voice support needed) or an incorrect configuration. REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40024, Voice: 802.11a Coverage Min Clients  %Controller Current Threshold%, is less than recommended value of %App settings Current Threshold%
In some situations, while using RRM, it may be useful to change the current threshold. The effect is varies depending on the version used (RRM enhancements or not), so use with care. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 40025, Voice: 802.11b Coverage Min Clients  %Controller Current Threshold%, is less than recommended value of %App settings Current Threshold%
In some situations, while using RRM, it may be useful to change the current threshold. The effect is varies depending on the version used (RRM enhancements or not), so use with care. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 40026, Voice: 802.11a Tx Power Threshold %Controller Current Threshold%, is higher than recommended value of %App settings Current Threshold%
In some situations, while using RRM, it may be useful to change the current transmit power threshold. The effect is varies depending on the version used (RRM enhancements or not), so use with care. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 40027, Voice: 802.11b Tx Power Threshold %Controller Current Threshold%, is higher than recommended value of %App settings Current Threshold%
In some situations, while using RRM, it may be useful to change the current transmit power threshold. The effect is varies depending on the version used (RRM enhancements or not), so use with care. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 40028, Voice: Low data rates (6 and 9 Mbps) should be disabled for voice, check in 802.11a Network Configuration (7921 recommendations)
This is a "recommendation", with lots of variations depending on RF conditions, and desired coverage.
  • 40029, Voice: Session timeout should be high, to avoid voice disruptions during authentication
Warns if the session timeout is less than 24 hours. Frequent reauthentications can disrupt active calls. Configure the session timeout as necessary. REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40030, Voice: WLAN with EAP, without CCKM, call quality during roaming may be disrupted
When using 802.1x type authentication, you should implement CCKM for authentication. 802.1x can introduce delay during roaming due to its requirement for full re-authentication. CCKM centralizes the key management and reduces the number of key exchanges. REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40031, Voice: Global Peer-to-Peer blocking is enabled, this is not recommended for Voice services
REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40032, Voice: WLAN Peer-to-Peer blocking is enabled, this is not recommended if using Voice services on this WLAN:XX
REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40033, Voice: WLAN has TKIP as L2 policy, and Hold Down timer is not disabled, this is not recommended, as it may cause voice problems in case of MIC errors introduced by other devices,
TKIP countermeasure mode can occur if the Access Point receives two message integrity check (MIC) errors within a 60 second period. When this occurs, the Access Point will de-authenticate all TKIP clients associated to that 802.11 radio and holdoff any clients for the countermeasure holdoff time (default = 60 seconds). REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40034,Voice: WLAN has exclusion timer enabled, it is recommended to disable on voice WLANs to allow faster recovery
Clients can be denied association to the network if they do not abide by the default Client Exclusion policies configured on the WLC.
  • 40035,Voice: AP does not have antenna diverstity enabled. It is recommended to use diversity in all voice deployments, as much as possible in the given RF environment. This may not be possible depending on AP model
REFERENCE: Cisco Unified Wireless IP Phone 7921G Deployment Guide
  • 40036,Voice: Max RF bandwidth is not matching the recommended: X%
  • 40037,Voice: Max reserved roaming bandwidth is not matching the recommended: X%
  • 40038,Voice: Traffic Stream Metrics collection is disabled. It is recommended, although not mandatory, to enable it"
Traffic Stream Metrics (TSM) can be used to monitor voice-related metrics on the client-access point air interface. It reports both packet latency and packet loss. An administrator can isolate poor voice quality issues by studying these reports. REFERENCE: Voice over Wireless LAN 4.1 Design Guide - Voice over WLAN Troubleshooting and Management Tools
  • 40039,Voice: Aironet Extensions are disabled, it is recommended to enable them, WLAN:
  • 40040,Voice: More than one WLAN with Platinum level found. Check if this is intentional (for example servicing 7920/7921). Not recommended otherwise
Platinum QoS level provides a higher quality of service for voice over wireless.
  • 40041,Voice: Depending on your RF coverage, and desired call density, it may be recommended to disable high data rates for voice services (36, 48, 54 mbps)
Having higher data rates enabled, without a very good RF signal coverage, may result in many dropped frames resulting in reduced voice quality. Enable high data rates only when sufficient RF signal coverage is available.
  • 40042,Voice: Mac filtering in voice WLANs is not recommended due to potential delays on association process/roaming"
For WLANs with voice services, MAC address filtering can introduce delays on roaming, as association/reassociation requests need to be validated against AAA before they are finally answered.
  • 40043,Voice: DCA interval is recommended to be high, to prevent channel changes during working hours."
It is good idea to have a long timer for DCA channel calculation, to minimize the possibility to have any disruptive channel change while a phone call is active
  • 40044 Voice: 12 mbps rate should be enabled or mandatory, as it is the default PHY rate for 7921. This can be an issue on 7921 firmware 1.2.1 or later
     
  • 40045 Voice: Load balancing is enabled on the wlan, and globally, this can generate problems on voice services:
     
  • 40046 Voice: Load balancing is enabled on the wlan, but globally is disabled. The feature is not active, but for precaution is recommended also to disable on WLAN configuration:
     
  • 40047 Voice: Low Latency Mac or Voice optimizations, are not supported currently with 802.11n Aps models. This must be disabled
     
  • 40048  Voice: Too many clients with SNR lower than 25 has been detected, it may be indication of poor RF coverage or bad roaming in clients
     
  • 40049 Voice: If your RF coverage is adecuate, it is  advisable to use 11a band for voice deployments, as it offers more channels and less interference than 11b band. A proper site survey should be done first to ensure coverage for 11a band. WLAN: X
     
  • 40050 Voice: DTPC should be enabled to help adjust  TX power in client to match AP and prevent half-way voice issues. Found in X

     
  • 40051 Voice: Scan defer time should be enabled, ideally with 100ms as defer time. Wlan: X
     
  • 40052 Voice: Scan defer priorities should contain 5,6. Wlan: XX
 

 

 

 

Mobility - 50xxx

-Mobility group related checks

 

  • 50001, Mobility: Virtual interface IP address is different with Controller:  % controller name  % my Address : % address %
This application assumes that all controllers present in this configuration, belong to the same mobility group. In a mobility group, the virtual interface IP address of all controllers should be the same. Otherwise, client mobility/roaming problems may occur.
  • 50002, Mobility: Mobility Group Name is different with Controller: % controller name%
This application assumes that all controllers present in the configuration, belong to the same mobility group. In a mobility group, the mobility group name of all controllers should be the same. Otherwise, client mobility/roaming problems may occur. The mobility group name is case-sensitive.
  • 50003, Mobility: Peer  % address % on invalid status  % status %
In WLC release 4.1, it is possible to detect a broken mobility communication with another peer. This points to wrong mobility configuration, ACLs, or WLC down.
  • 50004, Mobility: System name is duplicated with another controller, or the same controller appears twice in the configuration file
Found same system name in another controller. This may be configuration error, or duplicated information in the configuration file.
  • 50005, Mobility: Controller is configured with wrong MAC address in controller:  % controller name %
Indicates a possible typo of the MAC address in the mobility group configuration.
  • 50006, Mobility: Controller is not referencing itself as <local>
Verify that the mobility configuration is correct. For controller version 5.x and later in the mobility group config, the controller will show the actual Mobility Group name for itself. For earlier versions, the WLC will refer to itself as "local".
  • 50007, Mobility: Controller is referenced as <local> in controller  % controller name %
This should not be accepted by controller (bug opened). Wrong mobility configuration
  • 50008, Mobility: Controller has different group name as configured in controller % controller name % mobility peer config
This is a warning. It can be intentional (i.e., DMZ configuration, or failover configuration), or a typo in the mobility configuration. Please validate case by case.
  • 50009, Mobility: Controller is not a configured peer of  % controller name%
One controller present in the configuration file is not configured in the mobility section of another controller.
  • 50010, Mobility: No Management interface found! Probably an incorrect configuration file
Warning if no Management interface found. Verify that the configuration file is complete.
  • 50011, Mobility: Controllers have different Symmetric Tunneling setting
     
  • 50012, Mobility: This controller does not have a Multicast Address assigned, but other peers have. Validate that this is intentional, that this is not a mix of different controllers versions, or error in parsing configuration file
     
  • 50013, Mobility: Controllers have different Mobility Multicast Address. Verify the configuration.
     
  • 50014, Mobility: Multicast address is same as mDNS (224.0.0.251), this may cause problems with Apple Bonjour, iTunes
     
  • 50015, Mobility: Current address is x.x.x.x, it is recommended to use a multicast address in the rage of 239.0.0.0-239.255.255.255, not including for 239.0.0.x and 239.128.0.x.
     
  • 50016, Mobility: Current selected multicast address (x.x.x.x), can generate a flood, as it overlaps with local MAC address. It is strongly recommended to use one on the range of 239.0.0.0-239.255.255.255, not including for 239.0.0.x and 239.128.0.x
     
  • 50017: Mobility: One of the following situations has been found: AAA Override, AP groups, of different subnetwork across same WLAN between WLCs evaluated. As you may have L3 mobility, it is recommended to enable Symmetric Tunneling if using voice services, or network core performs reverse path forwarding checking (e.g., anti-address spoofing, firewall).
Note that all controllers in a mobility group should have the same symmetric tunneling mode.
  • 50018: Mobility: In WLC release 5.0 and above, it is recommended to enable multicast mobility, to optimize Mobility Group traffic
Mobility Multicast Messaging enables the controller to use multicast mode to send Mobile Announce messages to the mobility members. If you do not enable this feature, the controller uses unicast mode to send the Mobile Announce messages.
  • 50019: Mobility: For RF adjacent controllers, it is necessary that the country selection list match, to permit proper RF grouping
This validates that all controllers in the same mobility group, have the same country list. This is only relevant if they are RF adjacent. (i.e., Their APs are neighbors with signal better than -80 dBm)

 

  • 50020 Mobility: The number of peers is less than the total number of loaded controllers in the config file. It is strongly suggested to load all controllers in the mobility group to enable all possible checks
     

 

Radio Frequency - 60xxx

-Radio Frequency messages

 

  • 60001, RF: High RSSI is detected in 2.4 GHz radio by  %AP count% nearby APs, with an RSSI higher than the threshold of %App configured threshold% dBm
Detects APs running at probable too high power. Intended to help on RF troubleshooting. Please evaluate case by case. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 60002, RF: High RSSI is detected in 5 GHz radio by  %AP count% nearby APs, with an RSSI higher than the threshold of  %App configured threshold% dBm
Detects APs running at probable too high power. Intended to help on RF troubleshooting. Please evaluate case by case. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 60003, RF: Coverage Profile failed on 2.4 Ghz radio, per controller profile settings
AP failed coverage profile (reported by slot). REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 60004, RF: Coverage Profile failed on 5 GHz radio, per controller profile settings
AP failed coverage profile (reported by slot). REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 60005, RF: Interference Profile failed on 2.4 GHz radio, per controller profile settings
AP failed Interference profile (reported by slot). REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 60006, RF: Interference Profile failed on 5 GHz radio, per controller profile settings
AP failed Interference profile (reported by slot). REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 60007, RF: Load Profile failed on 2.4 GHz radio, per controller profile settings
AP failed Load profile (reported by slot). This is just a warning to emphasize that the load profile of this radio has failed. If the case/customer problem is involving RF issues, this help on finding where potential problems may exist. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 60008, RF: Load Profile failed on 5 GHz radio, per controller profile settings
AP failed Load profile (reported by slot). This is just a warning to emphasize that the load profile of this radio has failed. If the case/customer problem is involving RF issues, this help on finding where potential problems may exist. REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 60009, RF: Noise Profile failed on 2.4 GHz radio, per controller profile settings
AP failed Noise profile (reported by slot). REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 60010, RF: Noise Profile failed on 5 GHz radio, per controller profile settings
AP failed Noise profile (reported by slot). REFERENCE: Radio Resource Management under Unified Wireless Networks
  • 60011, RF: AP has a neighbor on same channel for 2.4 GHz radio, with power
These reports on possible co-channel interference. This may or may not be relevant depending on power and application used
  • 60012, RF: AP has a neighbor on same channel for 5 GHz radio, with power
These reports on possible co-channel interference. This may or may not be relevant depending on power and application used
  • 60013, RF: AP has a neighbor on an adjacent channel for X GHz radio, with power
This reports possible adjacent channel interference, which may be disruptive depending on how far is the AP on channel distance, and the power received
  • 60014, RF: AP has channel utilization for X GHz radio higher than a threshold of YY
This reports if either TX + RX utilization or total radio utilization (CCA) is higher than a configured threshold. Default is 40%
 
  • 60015 RF: AP detected a persistent device with duty cycle higher of X%, type Y on band Z

 

 

 

Mesh - 70xxx

-Basic Mesh checks

  • 70001, Mesh: 'AP Zero Config' is disabled in network configuration, this can cause problems on mesh environments. Recommended setting is enabled

This setting is normally enabled. If disabled, it may lead to longer times to associate
  • 70002, Mesh: 'Allow Old Bridging Aps To Authenticate' is enabled in network configuration, this can cause longer AP join times, on mesh environments. Recommended setting is disabled
Old config switch, removed in 4.1. For 4.0, it must be disabled
  • 70003, Mesh: Bridge Shared Secret is set to the default value, it is recommended to set a user defined secret on mesh environments
Just a best practice recommendation.
  • 70004 Mesh: It is recommended to have more than one RAP per BGN for redundancy on sectors with multiple MAPs
     
  • 70005 Mesh: if AP density/channel allocation allows it
     
  • 70006 Mesh:  it is recommended to use EAP as authentication method for mesh networks
     
  • 70007 Mesh:  Use of UNI-II channels is necessary for some outdoor domains (p. e. ETSI)
     
  • 70008 Mesh: configuration is not matching across WLCs.

Spectralink - 80xxx 

 

  • 80001, Spectralink: Aggressive load balancing is enabled. Disable if providing Spectralink services
  • 80002, Spectralink: arpunicast is enabled, it must be in disable state, check in network config
  • 80003, Spectralink: DTIM value should be 2, currently it is
  • 80004, Spectralink: Short Preamble should be disabled, check in 802.11b Configuration
  • 80005, Spectralink: 802.11b datarates lower than 11 Mbps should be disabled. Check in 802.11b Network Configuration
  • 80006, Spectralink: Depending on phone model, 802.11g datarates should be disabled. Check in spectralink documentation
  • 80007, Spectralink: DTPC is not used. Check that phones have matching power to AP config
  • 80008, Spectralink: Multicast forwarding should be enabled
  • 80009, Spectralink: Multicast mode should be multicast
  • 80010, Spectralink: Multicast address must not be 224.0.1.116
  • 80011, Spectralink: SSID X has Client CAC limit disabled, must be enabled
  • 80012, Spectralink: SSID X has WMM enabled or optional. It should be disabled for Spectralink services
  • 80013, Spectralink: SSID X has broadcast SSID disabled. It should be enabled for Spectralink services
  • 80014, Spectralink: No platinum level SSID found, possible incorrect configuration, or controller not intended for Spectralink support
  • 80015, Spectralink: EDCA paramaters is not set to spectralink, check 802.11b advanced configuration
  • 80016, Spectralink: EDCA information, not checked (not visible if not using WLC 4.2 and above), please validate that EDCA is set to spectralink in 802.11b advanced configuration

 

Vocera - 90xxx 

 

  • 90001, Vocera: Aggressive load balancing is enabled. Disable if providing Vocera services.
REFERENCE: Vocera IP Phone Deployment in Cisco Unified Wireless Network Infrastructure
  • 90002, Vocera: arpunicast is enabled, it must be in disabled state, check in network config
One-way audio can occur if if arpunicast is enabled. REFERENCE: Vocera IP Phone Deployment in Cisco Unified Wireless Network Infrastructure
  • 90003, Vocera: DTIM value should be 1, currently it is
REFERENCE: Vocera IP Phone Deployment in Cisco Unified Wireless Network Infrastructure
  • 90004, Vocera: Short Preamble should be disabled when using B1000 Series badge. Check in 802.11b/g Global Parameters
The Vocera B1000 Series badge supports 802.11b only and requires long preambles. The Vocera B2000 Series badge supports long preambles. REFERENCE: Vocera IP Phone Deployment in Cisco Unified Wireless Network Infrastructure
  • 90005, Vocera: 802.11b data rates lower than 11 Mbps should be disabled. Check in 802.11b/g Global Parameters
REFERENCE: Vocera IP Phone Deployment in Cisco Unified Wireless Network Infrastructure
  • 90006, Vocera: 802.11g data rates should be disabled when using B1000 Series badge. Check in 802.11b/g Global Parameters
The Vocera B1000 Series badges support 802.11b only and may experience association problems if 802.11g data rates are mandatory. REFERENCE: Vocera IP Phone Deployment in Cisco Unified Wireless Network Infrastructure
  • 90007, Vocera: DTPC should be disabled. Check in 802.11b Network Configuration
REFERENCE: Vocera IP Phone Deployment in Cisco Unified Wireless Network Infrastructure
  • 90008, Vocera: Multicast forwarding should be enabled
The Vocera Badge utilizes multicast packet delivery to enable a Vocera badge user to call and communicate to a group of Vocera badge wearers at the same time by using the Broadcast command. REFERENCE: Vocera IP Phone Deployment in Cisco Unified Wireless Network Infrastructure
  • 90009, Vocera: At least one access point with AP-Groups enabled, if using version before WLC release 4.2 this is not recommended
  • 90010, Vocera: AP has transmit power level higher than 14 dBm, not recommended. Current power level:
The maximum transmit power of Vocera badges is 16 dBm. One way audio may result if the AP transmit power exceeds this level.
  • 90011, Vocera: WLAN should be marked as Broadcast SSID. Detected platinum SSID:
The SSID for vocera services should have Broadcast SSID flag enabled
  • 90012, Vocera: No Platinum level WLAN found
  • 90013 Vocera: Recommended TPC threshold is X, currently it is Y . This setting depends on site RF characteristics, adjust only if needed to insure device coverage
     
  • 90015 Vocera: Beacon interval is different from 100. Please use recommended setting

     
  • 90016 Vocera: Peer to Peer blocking is enabled. It must be disabled  globally (4.0) or/and in  Vocera service WLANs (4.2+)
     
  • 90017 Vocera: Channel selection is marked as Auto, with a timer lower than 12h. Depending on site RF characteristics, it could be advisable to use 12h channel change period
     
  • 90018 Vocera: Recommended version must be 4.1.185 or higher, recommended Assurewave certified
     
  • 90019 Vocera: Transmit Power Control is set as Auto, but the max power level is not restricted to  14 dBm
     
  • 90020 Vocera: Load balancing is enabled on the wlan, but globally is disabled. The feature is not active, but for precaution is recommended also to disable on WLAN configuration: X
     
  • 90021 Vocera: Load balancing is enabled on the wlan and globally, this can generate problems on voice services: X
     
  • 90022 Vocera: Multicast forwarding mode should be in use. If APs and WLC management are on different vlans, please make sure multicast routing is properly set on the network infrastructure
     
  •  90023 Vocera: Only a single basic rate must be enabled
     
  •  90024 Vocera: SSID X has WMM enabled. It should be disabled or optional
     
  •  90025 Vocera: SSID X has DHCP required enabled. It must be disabled 
     
  • 90026 Vocera: Percentage of clients with low SNR detected, it may be indication of poor RF coverage or bad roaming in clients
     
  • 90027 Vocera: Low Latency Mac or Voice optimizations, are not supported currently with 802.11n Aps models. This must be disabled
     
  • 90028 Vocera: More than 5 WLANs are enabled, depending on AP Group settings, this may generate a high RF utilization
     
  • 90029 Vocera: Client exclusion is enabled, this may generate issues on voice wlans if device is excluded. Correct setting may depend on your security policies.
     
  • 90030 Vocera: it is recommended to use a AssureWave  tested version
     
  • 90031 Vocera:  Session timeout should be 8h or higher to minimize voice disruptions
     
  • 90032 Vocera:  EAP key retry timer should be minimum 1 second
     
  • 90033 Vocera:  Low speed 11b rates (1,2,5.5 mbps)  must be enabled if B1000 badges are in use.  If only  newer badges are in use, this can be ignored

Security

 

  • 120001 Security: It is recommended to disable Management over wireless for security reasons
  • 120002 Security: HTTPS for management is disabled
  • 120003 Security: It is recommended to monitor all channels for rogue detection. Band:
  • 120004 Security: No 802.1x WLAN was detected
  • 120005 Security: No Rogue entries found. If Rogue detection is not enabled
  • 120006 Security: SSH is disabled
  • 120007 Security: Client exclusion not detected on any WLAN. It should be enabled as a general security precaution.
  • 120008 Security:  AP Local credentials to access access point CLI are not configured. For best security practices
  • 120009 Security: it is recommended to set a CPU ACL
 
  • 120010 Security: WLAN may be using management vlan. It is recommended to split user traffic from management. WLAN:
  • 120011 Security: if high security is needed
  • 120012 Security: it is recommended to set policy to reject WiFi Direct clients for security purposes. Be aware this may impact some default smartphone configurations. WLAN:
  • 120013 Security: Minimum management password length should be 8 or higher
  • 120014 Security: Management Password policy not set: 
  • 120015 Security: HTTP access to management is enabled
  • 120016 Security: High encryption for management is not enabled

 

NGWC General

 

  • 230001 General: Controller with non recommended code version. Please go to http://software.cisco.com/download/navigator.html?i=!ch for latest version.
  • 230014 General: Multicast address is same as mDNS (224.0.0.251)
  • 230015 General: Current address is  . It is recommended for best practices to use a multicast address on the rage of 239.0.0.0-239.255.255.255
  • 230016 General: Current selected multicast address ( )
  • 230057 General: Disabling low data rates/11b can help to optimize the channel utilization on the 2.4 band. Depending on RF coverage
  • 230058 General: Multicast unicast mode is suboptimal transport for networks with IPv6
  • 230060 General: Radius Timeout is recommended to be configured to be 1.
  • 230064 General: EAP request timeout larger than 400ms. EAP requests may benefit for faster recovery
  • 230065 General: EAP request retries lower than 3. EAP requests may benefit for faster recovery
  • 230067 General: Minimum rogue RSSI detection threshold should be set to -70 or higher
  • 230069 General: At least one Autocontain policy is enabled. Rogue contention has severe impact on client serving time
  • 230070 General: AVC visibility is recommended. Please refer to this link for configuration: http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/5700/software/release/ios_xe_33/iosXE_3point3_AVC_DG.html
  • 230071 General: Fast SSID enabled is recommended for networks that may have Apple IOS client devices.
  • 230072 General: CleanAir detection is highly recommended if your current  AP HW types support the feature.
  • 230081 General: Band Select is recommended on WLAN for better client experience.
  • 230082 General: Load Balance is recommended on WLAN for better client experience.
  • 230083 General: DHCP Snooping is recommended both globally and on each vlan. Please make sure the dhcp trust is enabled on upstream port of the controller as well.
  • 230084 General: Radius load balancing is recommended for better performance.
  • 230085 General: If Web authentication is configured
  • 230086 General: Web authentication parameter is not configured correctly.
  • 230087 General: Max Cocurrent Logins for a user name is recommended to be configured. The recommended value is 5.
  • 230088 General: Strong password policy is recommended.
  • 230090 General: SNMPv3 is recommended to be configured.
  • 230091 General: Rogue min transient time is recommended to be configured 1200.
  • 230092 General: It is recommended that all the client exclusion policies are enabled.
  • 230093 General: It is recommended that bootP broadcast dhcp snooping is enabled.

 

  • 320006 General: SSH support is recommended to be configured.
     
  • 320008 AP: Local credentials to access access point CLI are not configured. For best security practices
The expected QoS level expected for general voice services is Platinum. No SSID configured with this level was found
 

Flex

  • 100001 Flex: Flex Aps detected
     
  • 100002 Flex: Efficient AP upgrade is not enabled
     
  • 100003 Flex: Flex AP without vlan support detected
 

NGWC AP

  • 220023 AP: More than 4 SSID per radio. High SSID counts may contribute to higher channel utilization.\n It is advisable to keep the SSID count per radio to the minimum  needed.
 

NGWC Voice

  • 240015 Voice: ACM and SIP is recommended to be configued.
  • 240023 Voice: No platinum level SSID is found. Voice checks could not complete. Ensure you have the voice SSID configured with Platinum QoS.
  • 240053 Voice: SIP snnoping is recommended if SIP calling is required.

NGWC Mobility

  • 250018 Mobility: it is recommended to enable multicast mobility to optimize Mobility Group traffic.

NGWC Security

 
 
 
 
Comments
u297863AG
Level 1
Level 1

Awesome thank you!

Gem Tat Huang
Level 1
Level 1

..

Can we receive some clarity on the following message/fix?

120016 Security: High encryption for management is not enabled

 

Thanks!

christinakish
Level 1
Level 1

Scott

why would you recommend a bogus IP address?

christinakish
Level 1
Level 1

In the GUI -

On the wireless controller

Management Tab

Logs

config

Syslog Server IP Address

Ralph Olsen
Level 1
Level 1

It's better to have the AP send a syslog to a unicast address that just gets drop, than have the syslog message broadcasted to the entire subnet.

warickwinter
Level 1
Level 1

Hey Javier 

I am getting the following two messages even though I have lag enabled? Is this something to worry about?

30012,General: AP manager interfaces count less than number of active ports, and no LAG, not supported configuration

30027,General: Single AP manager interface found, and AP count is approaching the 48 max supported capacity per interface, it is recommended to configure a secondary AP-Manager or move into LAG config

Javier Contreras
Cisco Employee
Cisco Employee

Hi

you can send me the config file zipped (wlc-conf-app-dev@cisco.com), so I can review what is happening. Most probably, the hw model was not identified properly

regards

edwin
Level 1
Level 1

I have a question, trying to figure out how to fix this/where do you change this?

AP: Syslog messages are sent to broadcast address, if there are errors reported by many APs, and there are too many APs per vlan, this can cause broadcast storms. For best practices, it is better to configure to individual server (From AP : ATP1.A1MagsaysyRm.LAP1142N.AP.18 / FCW1417S02A)

Javier Contreras
Cisco Employee
Cisco Employee

hi

config ap syslog host global <syslog ip or bogus ip>

regards

edwin
Level 1
Level 1

Hi Javie,

Thanks for your reply. I would like to know what will be the effect of this command and why do we need to set this command?.

Javier Contreras
Cisco Employee
Cisco Employee

Hi

the effect is to tell APs to use a specific syslog server, instead of broadcasting error messages on the vlan. The broadcast is good to get information from APs on scenarios where the AP lacks any config (out of the box), but as best practices, it is good idea to send the information to a server for storage, plus to lower the total broadcast on AP management vlan.

ilja.sas
Level 1
Level 1

Javier,

I receive the exact same notifications on a 5520

30012,General: AP manager interfaces count less than number of active ports, and no LAG, not supported configuration
30027,General: Single AP manager interface found, and AP count is approaching the 48 max supported capacity per interface, it is recommended to configure a secondary AP-Manager or move into LAG config

Find config attached

Manish Mathur
Level 1
Level 1

Hi Javier,

The message

60013, RF: AP has a neighbor on an adjacent channel for X GHz radio, with power

 

I am using WLCCA version 4.4 (4) and am seeing the message no. 60013. It says:

"AP on channel 48 has a neighbor on side channel for slot 1 , radio power -60 MAC : **:**  Effect depend on RF conditions".

 

Now two points:

1. How do I get the AP for which this issue is being reported ? I tried with this MAC but failed to get the AP.

2. Which channels are considered as side channels for 48 ? 44 and 52 will be adjacent channels as they are each 20 MHz away from 48. As per the 802.11a document 44 and 52 will be the adjacent channels for 48 and an adjacent channel is a non-overlapping channel which would would not cause interference.

 

Thanks,

Manish

 

Hi

These seems to be just error what analyzer show, but we need what could be possible cause.

For ex: 230086,General: Web authentication parameter is not configured correctly.

Dont know what could be possible cause, which setting is not configured properly.

 

 

Below are the errors which we are getting. Any suggestions are welcome.

 

230065,General: EAP request retries lower than 3. EAP requests may benefit for faster recovery, and better behavior on bad RF, by using higher counts, lower retry timeout. Please validate on your specific client types before enforcing the changes.

230072,General: CleanAir detection is highly recommended if your current AP HW types support the feature. For 802.11a band

230072,General: CleanAir detection is highly recommended if your current AP HW types support the feature. For 802.11b band

230083,General: DHCP Snooping is recommended both globally and on each vlan. Please make sure the dhcp trust is enabled on upstream port of the controller as well.

230093,General: It is recommended that bootP broadcast dhcp snooping is enabled.

230084,General: Radius load balancing is recommended for better performance.

230084,General: Radius load balancing is recommended for better performance.

230060,General: Radius Timeout is recommended to be configured to be 1.

230086,General: Web authentication parameter is not configured correctly.

230087,General: Max Concurrent Logins for a user name is recommended to be configured. The recommended value is 5.

230088,General: Strong password policy is recommended.

320006,General: SSH support is recommended to be configured.

230090,General: SNMPv3 is recommended to be configured.

230092,General: It is recommended that all the client exclusion policies are enabled.

240023,Voice: No platinum level SSID is found. Voice checks could not complete. Ensure you have the voice SSID configured with Platinum QoS.

230091,General: Rogue min transient time is recommended to be configured 1200.

240015,Voice: ACM and SIP is recommended to be configured.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: