Re: Community Ask Me Anything – How to Enable Network Connectivity to Remote Workers

ciscomoderator · ‎05-13-2020

This topic is a great opportunity to learn more about the network connectivity solutions that Cisco offers during this unprecedented COVID-19 situation in order to enable network connectivity to remote workers. The session describes the available solutions and offers in any market segment or industry that wishes to enable employees to work remotely from home or micro office environments.

The event focuses on Cisco Enterprise solutions and offers that are related to secure remote work and micro office network connectivity. These solutions include Cisco Aironet, Catalyst, and OfficeExtend access points, any virtual or physical controller, and Cisco Wireless LAN Controllers (WLC), among others.
The event also covers Cisco Meraki solutions, such as Meraki MX series SD-WAN and security appliances, Meraki Z series teleworker appliances, Meraki MR series access points, Meraki Insight (MI), and Meraki Systems Manager, among others.

This forum event works well as an introduction for those who are not familiar with the tool and have recently started to use it.

To participate in this event, please use the button below to ask your questions

Ask questions from Wednesday, May 13 to Friday, May 29, 2020

Featured Experts

Karla Cisneros is a Support Product Specialist focused on MR wireless products in Cisco Meraki. She has worked with wireless technology for nearly eight years, five of them as part of the Wireless Technical Assistance Center [TAC] team. She holds a CWNE (#270) and a CCIE Enterprise Wireless (#59822) certification.

Rafael Enriquez is a Technical Consulting Engineer of the Wireless team at the Cisco EMEAR Technical Assistance Center (TAC). He has nine years of experience in IT, six of them with Cisco wireless technologies. He has participated as a speaker in Cisco Live technical solutions clinics (TSC) and other partner sessions. Rafael holds a CCIE Enterprise Wireless certification (#60908).

Jhosbell Verdesca works as a Customer Success Specialist focused on Enterprise Networks, Cisco DNA Center, and SD-Access. Before that, he worked as a Cisco Support Engineer for the Wireless Team at the Cisco Technical Assistance Center (TAC). Before Jhosbell joined Cisco, he worked for three years with a Cisco Gold Partner in Venezuela to implement and support network and security solutions. Jhosbell holds two CCIE certifications, one in Enterprise Infrastructure and one in Enterprise Wireless (#58023).

Due to the anticipated volume for this high in-demand event, Karla, Rafael & Jhosbell might not be able to answer each question. Thus, remember that you can continue the conversation directly in the Other Wireless - Mobility Subjects community.

By posting a question on this event you're giving permission to be translated in all languages we have in the community.

Find further events on https://community.cisco.com/t5/custom/page/page-id/Events?categoryId=technology-support

**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions

Yanli Sun · ‎05-18-2020

hi, team,

thanks for this session.

This is a question from Chinese community member liu.zhimin, he would like to know, how to get the unified management of AP by enterprise's national branch Cisco WLC.

Jhosbell Verdesca De Aguiar · ‎05-18-2020

Hi Yanli Sun.

We're happy to help.

If I understand correctly, he wants to know how to get APs managed by a centralized Cisco WLC.

If that is correct, below are some guidelines, otherwise please add more details to the question and we'll help you.

First the APs need to discover the WLC, there are multiple methods you can use but these are the two common ones:

Point the Option 43 of the APs DHCP Pool to the WLC management IP Address. (See How to configure DHCP Option 43 )
Configure the DNS Server to map the string cisco-capwap-controller to the WLC management IP Address.

Keep in mind, if you have local internet connections in the branches you may want to use FlexConnect Local Switching, as it avoids overloading the WAN links. The maximum tolerated latency for FlexConnect is 300 ms.

If this was not your question, just let us know and provide more details. Thanks!

** Please rate helpful posts **

CCIE #58023

rajesh.netratrk · ‎05-28-2020

Have two questions:

ISR 1K

We do not have SD-WAN in the environment, can router still be able to perform firewall stack functionality with autonomous configuration using split tunnel to pass over local internet and VPN intranet to DC?

SD WAN

Is there a use case/presentation on converting site by site to SD WAN while running legacy environment in simultaneously in a cost effective manner. Any videos/documentation would be of great help

Thank you-

Jhosbell Verdesca De Aguiar · ‎06-01-2020

Hi Rajesh.

This event is covering mostly wireless solution. Please post your question in the Routing and SD-WAN communities where experts on that solution will be able to help.

https://community.cisco.com/t5/routing/bd-p/5991-discussions-wan-routing-switching

https://community.cisco.com/t5/sd-wan-and-cloud-networking/bd-p/discussions-sd-wan

Regards.

** Please rate helpful posts **

CCIE #58023

Cisco Moderador · ‎05-21-2020

Hi everyone, I’ve an Aironet 3502E and an Aironet 1662E, both are directly connected to my internet provider modem, nevertheless; in none of the Aironet I have bene able to have a bandwidth greater than 20 Mbps connected via WIFI.
I have carried out tests with only one of the APs turned on and the result remains the same. The cable connection gives me a bandwidth of 100 Mbps, the connection through the modem’s WIFI gives me a bandwidth between 70 and 90 Mbps

Any idea or example of the required configuration?

Note: This question is a translation of a post originally created in Spanish by jharvao. It has been translated by Cisco Community to share the inquiry and its solution in different languages.

Rafael E · ‎05-21-2020

Hello jharvao,

Saw your post also on the Spanish community. Also, reply to that one.

what do you mean with 20 Mbps bandwidth? are you talking about throughput?

If yes, then we need to understand how the test is being done to help you with a better answer, as of now there isn't any good information we can use to tell you whether what you are seeing is a problem or is something expected

Can you help with the following?

how are you performing the throughput test?

what client are you connecting the SSID?

what NIC card? what are the NIC card capabilities? (PHY, spatial streams, band support)

what band are you using to test 2.4Ghz or 5Ghz?

what is the channel utilization that you are using?

what data rate does the client negotiate with the AP?

what is the link quality while performing the test RSSI / SNR?

what AP?

what is the SSID configuration?

On your post, you are talking about 20,70,90 Mbps which one is it if all 3 what is different?

Saludos,
Rafael - TAC

Modérateur Cisco · ‎05-25-2020

Hello,

I am new to the community, so I hope to be in the right place and not make an odd mistake.

My question is about the recently purchased WAP571-E-K9 v02.
The radio scheduler configuration does not work.

When I create a profile, it is saved correctly. The verification in the exported config.xml file does not show anything abnormal: the profile, called "Active" is well saved. However, when I choose this profile in the configuration of a VAP, it is saved in the form, but when I validate my choices, the field takes the value "None" by default.

I am a little clueless because I do not see anything incorrect in my configuration.

Note: this behavior was already present in version 1.0.1.12 of the Firmware; I updated to the latest version 1.1.0.5 this morning but nothing has changed.

Thank you in advance for your help.

Regards,
Christophe HARO

* Note: This question is a translation of a post originally created in French by ChristopheHARO48083. It has been translated by Cisco Community to share the inquiry and its solution in different languages.

Rafael E · ‎05-28-2020

Hello,

We are not really Small business APs experts. I will contact someone from this team so we can guide you further on the question.

Saludos,
Rafael - TAC

Cisco Moderador · ‎05-27-2020

Hi Good day

Certainty we’re experiencing complicated times due to COVID-19 but I wish all of the community members are doing good.

I would like to ask for your assistance, I would like to connect my new AP 3802 “capwap” (form now renamed as NUEVO) to my current AP 2802 with “ME 8.5.151.0” (from now called VIEJO).

When I connect through my controller the “NUEVO” AP, it discovers the “VIEJO” AP and it tries to JOIN (Join Request sent), however, at some point it shows the following message "The WLC has rejected the join request".

From the MobilityExpress GUI of the “VIJO” AP I can see the “VIEJO” AP but I states "AP having MAC Address ["78:0c:f0:fb:d9:d2"] currently Not Joined with this Controller!!!"

I was reviewing this guide to configure the WLC that allows the JOIN on the “VIEJO” AP, Nevertheless; I not able to find how I can connect to the WLC GUI of my “VIEJO” AP, and I don’t even know what IP does it has.

Do you have a procedure guide/steps that I can follow up to achieve this, or could you please provide me a suggestion?

Thank you very much for your support

Note: This question is a translation of a post originally created in Spanish by Marcelo306. It has been translated by Cisco Community to share the inquiry and its solution in different languages.

Rafael E · ‎05-28-2020

Hello,

So ME is the 2800 AP running 8.5MR5

You are trying to join a 3800 to this ME. what code is this 3800 AP running?

ME does not stores AP images for new joined AP to download, as per memory restrictions, so you need to specify from what TFTP server new AP would retrieve their image.

You can do that on the Upgrade section from the ME.

On the tftp server use the .zip to your tftp root folder and unzip it there. file available in cisco.com

If both APs 2800/3800 are running the same image then can you provide show log from 3800 and show msglog from ME for us to understand further.

Saludos,
Rafael - TAC

Cisco Moderador · ‎05-27-2020

Hi everyone
Thank you so much for this opportunity to share our enquiries with you, we know you’re the best and it’s a privilege to have the opportunity to contact you.

I have a question; I don’t know if you can help me. This topic is not totally related to remote connectivity however; it is related to wireless networks.

I need to implement a 5508 device, it will authenticate against an AD, however; in the conversation I have had with the customer on different occasions I’ve indicated that he needs a RADIUS server so he can interact between the WLC and AD. He insists that another branch has the same wireless solution without such a server.

The AD is in a Windows Server 2012, my suspicious is that the NPS service enabled and at the same time the Controller of the site has been registered and that is why the solution works. I’ve noticed that the customer seems afraid to move some configuration of his own Windows Server.

Previously Rafael has explained me the schema that is needed for such integration; however, given the circumstances, I was wondering if there a type of work around to prevent the customer from moving or adding configuration(s) to his Windows Server and last but not least, I cannot add any kind of RADIUS server since it is not considered in the budget.

From my point of view, this sounds complex, but I don’t know if you have any addition advice.

Note: This question is a translation of a post originally created in Spanish by Daniel Ordóñez Flores. It has been translated by Cisco Community to share the inquiry and its solution in different languages.

Jhosbell Verdesca De Aguiar · ‎05-27-2020

Hi Daniel
You can connect the WLC directly with the Active Director (AD) using LDAP.
It’s not as safe, flexible or efficient as RADIUS, but it may probably be the solution that they’re using on the other site.
Have a look to this article, there you can find a detailed integration: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/211277-WLC-with-LDAP-Authentication-Configurati.html
** Please rate helpful posts *

** Please rate helpful posts **

CCIE #58023

Cisco Moderador · ‎05-27-2020

Many thanks! I read the document and the configuration looks quite direct, as you well explain, the issues here could be the credentials and data that the customer provides e to consult the AD.

I’m very grateful, thank you

Greetings

Note: This question is a translation of a post originally created in Spanish by Daniel Ordóñez Flores. It has been translated by Cisco Community to share the inquiry and its solution in different languages.

Cisco Moderador · ‎05-27-2020

We have a Meraki MR33 that has no longer a valid license, it has not been used for a while.
I’ve seen enterprise licenses, are they compatible with LIC-ENT? That’s the AP that was sold to the customer, but he wants to use it only as a simple AP.
Thus, what kind of license we need to reactivate it? And which one would you rather recommend? What cost would they have? And where can you buy them?

Note: This question is a translation of a post originally created in Spanish by dulfranc1. It has been translated by Cisco Community to share the inquiry and its solution in different languages.