Ask the Expert: Cisco Wireless LAN Controllers (WLCs) - Page 5

ciscomoderator · ‎06-11-2013

with Cisco Expert Nicolas Darchis

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about how to trobuleshoot, configure and deploy any Cisco Wireless LAN controller with Cisco subject matter expert Nicolas Darchis.

Nicolas Darchis is a wireless and authentication, authorization, and accounting expert for the Technical Assistance Center at Cisco Europe. He has been troubleshooting wireless networks, wireless management tools, and security products, including Cisco Secure Access Control Server since 2007. He also focuses on filing technical and documentation bugs. Nicolas Darchis holds a bachelor's degree in computer networking from the Haute Ecole Rennequin Sualem and a master's degree in computer science from the University of Liege. He also holds CCIE Wireless certification number 25344.

Remember to use the rating system to let Nicolas know if you have received an adequate response.

Nicolas might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Wireless sub-community, Getting Started with Wireless discussion forum shortly after the event.

This event last through Friday June 28, 2013. Visit the community often to view responses to youe questions of other community members.

gnijs · ‎06-25-2013

hum. It can als run all APs in local mode.

Rasika Nayanajith · ‎06-21-2013

Hi,

I hope 7.5 will include "new mobility" feature (CAPWAP for mobility tunnel). If so when upgrading from 7.4.x to 7.5.x how this will work ? Does 7.5 have configurable option to change EoIP to CAPWAP or will that only comes with CAPWAP mobility by default ?

Also when this 7.5 code expect to release for public ?

Regards

Rasika

Nicolas Darchis · ‎06-22-2013

7.5 brings mobility-compatibility with 3850/5760

But it will not be a mandatory migration. Upgrading your 7.4 WLC will keep your existing mobility tunnels. There will be a separate page to configure Next-gen WLC mobility system tunnels. 7.5 WLCs will not act as gateway between older WLCs and 3850/5760. You will have a group of next-gen mobility tunnels and a separate group of old-fashioned mobility tunnels if you like, you cannot roam from one to the other

huangedmc · ‎06-21-2013

hi Nicolas,

We recently implemented Polycom video conference soft-client on a few test laptops.

It works when clients call each other, when:

both clients are on wired connections, or

one client's on wired, the other's on wireless,or

both clients are on wireless, but associated to different WAP's.

The soft-client does not work, when both clients are associated to the same WAP.

Why do you think that is?

We're running HREAP/FlexConnect mode WAP, and the user traffic is local-switched.

The controller is WiSM2, running 7.2.111.3, & WAP's are 1142's.

Nothing on the Cat3K or the SVI would prohibit clients from talking to each other on same subnet.

On the WLC, the WLAN is configured to "forward upstream" for P2P Blocking, but once again, the traffic is local-switched, so I don't see how the P2P Blocking is relevant here.

I've heard multi-cast needs to be enabled to get things like Apple's Bonjour protocol, but this is a different application that runs on unicast, not multicast.

If you think this requires detailed TSHOOT we can open an SR w/ TAC, but wanted to know if there's a simple explanation/solution first.

thx

Kevin

Nicolas Darchis · ‎06-22-2013

You are wrong about peer-to-peer blocking not being the problem. It is :-)

When setting peer-to-peer to "forward upstream", it means that the AP will send to its local switch even if the destination is also on the same AP. Switches by default, never send traffic back from the port where it's coming from, it's basic loop avoidance. This is also explaining why it works when the destination is on another AP, then the switch lets the frame through.

The solution is to simply disable p2p blocking and not to forward upstream.

Forwarding upstream requires in-depth configuration of the switch where the APs are connected in order to allow traffic to go back to the port where it's coming from but to also avoid loops (which would normally happen if you allow this behavior).

By not forwarding upstream and just allowing peer-to-peer, the AP will receive the frame from source client and directly send it to the destination client since it's also on that AP.

Rasika Nayanajith · ‎06-21-2013

Hi Nicolas,

Is there are ways to get multicast working in OEAP602I deployment? I know it is not a supported feature as at today. what is the technical reason behind that? ( I would assume unalbe to ensure bidirectional traffic is going via same path across service provider networks is a cause )

Rasika

Nicolas Darchis · ‎06-22-2013

There are many limitations on the 600 AP. For example it will also have a limited throughput. It is what it is : the cheapest Cisco AP made for single user working from home. It does not have the CPU capacity to capwap-encrypt more than 6-7Mbps of traffic, so it may be 11n but you won't be uploading at 100Mbps through the WAN :-)

So for similar reasons, multicast is simply not supported. If you have thougher requirements than what the 600 offers, it's preferable to go with ISRs probably.

andy.winford · ‎06-22-2013

Hello Nicolas. Quick one here.

When I make WLAN changes on a controller it resets all the WLANs. This is an H-REAP AP. Does a configuration change on an H-REAP WLAN force a reset of the entire H-REAP AP?

Thanks...

Andy

Nicolas Darchis · ‎06-25-2013

Hi Andy,

it depends on the setting. But indeed most settings on a WLAN configuration would require the AP to turn down its radio and turn it back on again immediately. So since it has to flap the radio, yes it affects all WLANs.

This is when the setting you are changing needs to have the capabilities sent in beacons to be modified typically

andy.winford · ‎06-27-2013

"Hi Andy,

it depends on the setting. But indeed most settings on a WLAN configuration would require the AP to turn down its radio and turn it back on again immediately. So since it has to flap the radio, yes it affects all WLANs.

This is when the setting you are changing needs to have the capabilities sent in beacons to be modified typically"

Thanks Nicolas. To be clear, I have changed settings in WLANs before with locally controlled (local mode) APs and the APs did not reset client connections. Is this a Flex AP behavior. In this case, we just changed the RADIUS server for an 802.1x authentication based SSID and the AP disconnected all clients.

Thanks

Andy

patrick.kofler · ‎06-23-2013

Hi Nicholas,

as far as I understood the new mobility architecture dictates a mobility oracle.

Can a mobility oracle execute mobility controller functions as well or do you really need two dedicated devices acting as MC and MO?

Regards,

Patrick

Nicolas Darchis · ‎06-25-2013

Hi Patrick,

The MO is not mandatory. It's just for ISE/Prime integration to have one WLC having the list of all clients.

A 3850 cannot be MO, only a 5760 can be.

The MO doesn't have to be a dedicated WLC, it can be an MC as well

grabonlee · ‎06-24-2013

Hi Nicholas,

I inherited a network with 6 4402-25 WLCs distributed at different sites. I recently had 2 of the 6 which reside at 2 DCs changed to 5508. All sites are connected through an MPLS backbone with varying bandwidths. I am revaluating the entire wireless network and would like some recommendation from you based on the following:

1. I have purchased an ISE and Prime Infrastructure

2. I want to remove the 4402 WLCs and upgrade the 2 5508 WLCs from 50 AP Licenses each to the total number of APs that covers that managed by the 4402. The 2 5508 WLCs will be deployed as N + N redundancy.

3. Change from Flexconnect/HREAP (Central authentication/Local Switching) to Local mode/Central switching with site specific VLANs, as 90% of network services are central at the DC.

Do you advice that I maintain the status quo with having WLCs distributed at different locations? Anyway, I would still have to change the 4402 to 5508 as 4402 is not compatible with Prime Infrastructure.

Do you think that my idea of just having 2 WLCs with more AP licenses is optimal as I would save cost replacing the 4402 WLCs and moreover network services are central.

Do you think Flexconnect/HREAP (Central authentication/Local Switching) is not recommended as network services are central including authentication.

I would appreciate any help.

Nicolas Darchis · ‎06-24-2013

It all depends the round trip time between the APs and WLC.

if the RTT is less than 300ms and if you can afford all the traffic to go between AP and WLC all the time, having 2 central WLCs is the preferred solution, by far.

FlexConnect local switching is only there if you want to avoid having all traffic go back to central site all the time and if the RTT is pretty high to the central site.

grabonlee · ‎06-24-2013

Hi

Thanks for the response. May I ask what is the average rate for CAPWAP control packets across a WAN link. Also what are other implications if CAPWAP control packets are not prioritized over other traffic apart from the issue of traffic spikes. My major concern is that I may apply QoS policies for CAPWAP, but as it traverses an MPLS network not under my control, the purpose may be defeated.