Hi Guys,

I am new on the web .

I am installing a new Cisco 5508 controller. they have already got 2 cisco 4402 series controllers in. they have all got the base licences of 50 aps. the 4402 controllers are in a single mobility group and in a single vlan and there is a seperate vlan for the APs. the total number of APs are 82. the first controllers has got 50 aps, the 2nd one has got 15 and they want 17 aps on the new one. due to some reason they cant create a new vlan for the new aps.

Can any one please tell me what can I do to divide the total number of aps on these three controllers for load balancing? so that I can have 25 APs on one controller, 25 on the 2nd and the rest on 3rd? because normally we use DHCP opt 43 or DNS for the aps to find the controller and if w use the existing option 43 or dns then they will first try to login to the first one then the 2nd one and then the third one but the problem is we have atleast 30 licenses free on the 2nd controller, which means the new controller wont register with any ap.

question 2; wondering how a Cisco 1141 authenticates itself against a 802.1x? as they have 802.1x used?

I will really appreciate any help!


Many thanks,

Without manual intervention the APs should divide themselves quite equal on the WLCs.

Sent from my LT26i

_________________
som om sinnet hade svartnat för evigt.

WOW! new on the web? where you been for the past decade or so?

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

All 3 controllers will need to be in the same mobility group for load balancing to work. Also - you will need to go into each AP and remove the static controller entries on the high availability tab. Then just reset all the APs and they will balance themselves across all the controllers.

Thanks Guys,

Wondering if they all need to have the same Firmware version or would it work even if the firmware versions are different as I have 2x 4402 and 1x 5508 controller.

Lol Gandhi! I had been busy sleeping while you guys were sharing valuable knowledge!

Really appreciate your help!


Cheers:)

Sorry another question. Just Mobility group will be enough or would I need to configure them for failover aswell?

question 2; wondering how a Cisco 1141 authenticates itself against a 802.1x? as they have 802.1x used

You would want them all on the same code rev - if not every time an AP switches to a controller of a different rev it will need to download that code, install, and reboot the AP. Plus it is required (pretty much) for the controllers to be in the same mobility group. If they are also using Cisco WCS/NCS make note of the compatible software versions between WCS/NCS and the code rev on the controllers.

Mobility groups "cluster" the controllers and they will load balance each other, know about other clients and APs, roam clients between controllers, etc. Having all the controllers in the same mobility group will be enough, just remember to go into each AP on the controller they're on right now and remove the static entries from the high availability tab or they wont load balance across the controllers.

You would want them to be using the same code, ie you can not run the newest 7.2 code since its not supported on the 4400 series.

I dont think the 1141 can authenticate itself via 802.11x. Or do you mean you're using 802.11x for wireless authentication?

_________________
som om sinnet hade svartnat för evigt.

Hi,
No actually they are using dot1x for port authentication as well. For exAmple the port are not in any specific vlan but instead the device authentuicates itself, based on its details the NPS assigns that port to the appropriate vlan.

Alright, that I do not know if they are able to. How are you doing it with the current APs? I've seen mac bypass beeing used earlier to support APs (and printers etc that doesnt support .1x)

edit: Apparently this can be done: http://www.cisco.com/en/US/docs/wireles ... #wp2031925
Thanks, actually never thought about that before.

_________________
som om sinnet hade svartnat för evigt.

Hi,

Thank you it was very helpful.

A final question.

The 4402 series controller are running on software version 5.2.178.0 how can I find a software version for the 5508 controller that will be compatible with the 4402s.
where can I download the software from as we dont have an account with Cisco. these equipment have been bought from the reseller.


Cheers.

Qasim

The 5508 doesnt support 5.x, I think it was introduced around 6.x. My recommendation is to upgrade the 4402 to the most up to date version that is also supported on the 5508; 7.0.x. If you've bought support on the devices you can add the contract number to your own CCO login, or ask your reseller to provide it to you.

_________________
som om sinnet hade svartnat för evigt.

7.0.235 is the newest 7.0 code - have several customers running this with no issues, would recommend.

Thank you very much guys.

Can any one tell me what are these service and utility ports for on the Cisco controller? and if these service ports can be used instead of those uplink ports?

Many thanks,
Qasim

The Service Port (on 4400 and 5508) are for out of band management, recovery etc. The utility port (4400) and RP/Redundant Port (5508) is for future use and are not activated today.

Neither of them can be used as uplinks to carry traffic.

_________________
som om sinnet hade svartnat för evigt.

If you ever have to deploy 7500 Flex Controllers (just deployed some) - you must also have 10Gb ports/switches to run these. The gig ports are management only.

Heh that's pretty interesting design choice.

_________________
som om sinnet hade svartnat för evigt.

Well - it can handle 3k access points and 30k clients - but the big draw for Flex/HREAP is local switching. I could see the 10Gb ports if you are doing central switching - which would be true in a guest SSID design where you have anchors in your data center DMZ.

Yup exactly my point.

_________________
som om sinnet hade svartnat för evigt.