Guest wlan design questions

Similar Messages

• WLAN Design Question

  Hi all,
  I'm looking for some advice on WLAN design best practices.
  I'm "overhauling" my companies current wireless infrastructure and i'm a little unsure how to implement this following "scenario":
  I would like to segment the WLAN into 6 separate blocks (same SSID) each with the capacity to support 100 users. I have 7 subnets (1 spare) in the 10.201.x.x /24 range and have configured the wireless controller (5508) in LAG mode for redundancy.
  My preference would be to use a separate VLAN for each address block (which also represents a physical location) but I would also appreciate more experienced suggetions.
  Thanks guys.   

  Interface group is bundling subnets together. If you want a location to be designated for a vlan then AP Groups is what you need. If you require multiple subnets for a location or other locations, then you still need AP Groups but you need to create Interface groups.
  Example
  Site 1
  AP Group Site1
  WLAN 1 vlan 101
  WLAN 2 vlan 102
  Site 2
  AP Group Site2
  WLAN 1 vlan 201
  WLAN 2 vlan 202
  Site 3
  AP Group Site3
  WLAN 1 vlan 301
  WLAN 2 vlan 302,303 <- interface Group
  Sent from Cisco Technical Support iPhone App

• WLAN design Questions

  I am using the AP1200(12.0t1 img) and I have been having issus regarding the root AP and repeater AP's communicating.
  1.) I have made sure the VLAN info is correct on all AP's
  2.) verefied the SSID is correct and selected to SSID 0.
  I think I might of missed something??

  Check your channel assignments.
  Make sure they are on the same channel (repeaters match the AP).
  Good Luck
  Scott

• WLAN 4402 Design question

  Dear Support,
  Wondering if anyone could help me, after some basic design advice on a WLAN implementation and if it is achievable.
  Summary
  VLAN 201 - Wired user LAN and 2003 Server running IAS (10.115.2.x /24)
  VLAN 201 - Secure WLAN on 10.115.2.x /24
  VLAN 60 - Management LAN for WLAN 4402 controller and 4 1130 LW (layer 2 mode) APs (172.16.31.x /24)
  WLAN 99 - Guest WLAN with web auth (192.168.252.x /24).
  I have a DSL router for the 192.168.252.x subnet for internet access for Guest users. A DHCP scope if configured on the WLAN controller
  I am wondering if I can have the same subnet (and addresses assigned via the server running IAS) for both the wired users and secure WLAN.
  Thank you for your assistance in advance.
  I always rate helpful replies.
  Best regards, Adrian.

  Hi Ankur,
  Many thanks for replying, ideally this is what I need to know is possible.
  Currently the wired users on vlan 201, get an IP address via DHCP from the server, the same server is also configured with IAS for the implementation of MS-CHAP-V2 for authentication using their AD username and password (still yet to get working).
  Ideally I would prefer that the wired and secure wireless (ms-chap-v2 on vlan 201) get their IP addresses from the same server. I need to know if it is possible to have both a wired VLAN and wireless WLAN using the same VLAN id (in this case 201).
  I?m not over concerned with using either L2 or L3 mode on the APs, they currently are set to L2, but happy to define another scope either on the WLAN controller of the IAS (w2003) server.
  Think the fundamental question I?m asking, is ;
  Is it possible to have both the Wired users (VLAN 201) and Secure WLAN users (also on vlan 201) to share the same subnet. The reason this is crucial to the design is that the 10.115.2.x subnet is routed via a third party and getting them to add additional routes (i.e. one for the wired users and one for the wireless users is a pain! And a lot of paperwork!)
  I have tried to do the config already the issues I have is that pings from the server to the management address of the WLAN controller sometimes work and sometimes don?t. I have 2 x 3560 switches doing the routing between the user (v201) and wlan management (v60). This is also the same in the opposite direction (4402 to the DHCP/IAS server). I am always able to ping the SVI of the v60 from the server. I'm also not seeing any authentication requests being passed to the IAS server.
  Thanks again in advance for your assistance.
  Best regards, Adrian.

• Guest Anchor N+1: Multiple guest WLANs and Mobility List

  Hi Experts,
  We are going to replace two guest anchor controllers WLC4402 sitting in different DMZs with two WLC5508 as N+1 redundant pair in one DMZ.
  I assume each guest anchor controller should support multiple guest WLANs. Is it correct?
  And between these two new anchor WLCs, do they need to add each other to Mobility List?
  Or maybe I should ask first, does it matter if they are in the same mobility group or not?
  Thanks
  Cedar

  N+1 for guest anchors isn't what N+1 was designed for.  N+1 was designed for redundancy for WLC's supporting access points, not mobility anchors.  This solution might work, but I really doubt Cisco will support this setup, but I can be wrong.... you can always talk with your local Cisco SE or open a TAC case and ask.
  Guest anchors should have a different mobility group name from the foreign WLC's.  You do need the foreign to have both guest anchors and the guest anchor to just have the foreign WLC(s).  The redundant guest anchors do not need to have each other in the mobility group list.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• WLAN Design w/ LWAPP

  I am working on WLAN design that spans single floor of a building with two data closets, an east and a west side.
  On each side of the building we are going to plug in LWAPP AP's, 1100 series, into our Cat 4500's In the data center, we are going to use the 4402 WLC to control these APs.
  Requirements:
  1) One set of users will need to access the internal LAN.
  2) Guest users will be granted only Internet access.
  3) We cannot trunk the same VLANs to each of the APs, since we are isolating each switch from the rest of the network in case of an outage.
  I was thinking that we setup a WLAN with two SSID's. (SSID 1 for internal users and SSID2 for guest users.) We then tunnel the users in SSID 2 out to our firewall via a IPSec tunnel. SSID 1 users will be dumped at the WLC and allowed access to internal resources.
  How would you go about accomplishing this?

  All I did was create VLANs for each specific WLAN and trunk them to the WLC. At the WLC, I created WLAN interfaces that were in the same subnet as the VLANs on the switch. I then created a DHCP scope that leased out to each of the WLANs and went from there. Since we are dual homed with the WLC, I have VLAN interfaces that are HSRPed between one another and the DHCP scop default gateway is the HSRP address. (On a side note, I have a guest WLAN but I cannot seem to get their ACL's to work properly in order to prevent access to the LAN.)
  Search for Cisco 440X Series Wireless LAN Controllers on Cisco.com and hit the first link that pulls up...the downloadable file should be dep.pdf
  Check that deployment guide out and let me know if you have questions. Feel free to hit me up at [email protected] and we'll take it offline.
  Stevan

• Basic Design Question - Firewall Router segment

  I'm at a new place and have to re-do the current lan.  Small office, 80-100 users. Existing setup is flat network, no QoS, no VLANs.  I have already replaced an older PIX with a new ASA (5525x) and added a DMZ.  
  I am currently trying to draw up a proposed design which currently will be single firewall, multiple VLans(user, server, voice, guest).  My question is regarding the link between core router(L3 switch, whatever) and firewall.   I'm thinking the correct setup is to have a seperate /30 subnet on the interfaces between the firewall and router as below, and then router will just have a default route of 0.0.0.0 0.0.0.0 10.1.100.2     Is this correct? 
  Internet-------Firewall-(10.1.100.2/30)----------------------------(10.1.100.1/30) --Router ----(10.1.1.1/24, 10.1.2.1/24, 10.1.3.1/24, etc)                 
  Thanks,

  Your design is good. But as for the subnet between the core (router or L3 switch - switch preffered) and edge FW, i suggest something a little larger than a /30. Like a /28. You may want to add a standby FW in a few months or years, or a new WAN connection to that 'demarc' subnet' at some point. It's good practice to leave some romo for growth. Even if you dont forsee it right now.
  ==========================
  http://www.rConfig.com 
  A free, open source network device configuration management tool, customizable to your needs!
  - Always vote on an answer if you found it helpful

• ISE guest self service question

  Hi experts
  Is there any way to implement this scenario on ise 1.2.1:
  guest registers himself on the portal and either selects or enters sponsor details
  sponsor gets notified by mail and can approve or deny
  guest gets a sms text message with password and can use the guest wlan
  Grateful for any hint
  Cheers
  Albert

  No,  to enable SMS messaging, you need to be running v1.3.
  Good news, though.  With a current Service Agreement, ISE upgrades are free.  If you can schedule downtime, you can upgrade from 1.2.1 to 1.3 without stress.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• Guest WLAN and Web Auth?

  Hi Guys,
  Maybe someone can help me out?
  I just finished setting up a trial "Cisco Virtual Wireless Controller" with nearly the same configuration as our Physical
  "Cisco Wireless Controller" with the exception of having 2 ports.  Anyhow, I managed to get everything working except for the WEB AUTH on the Guest WLAN.  When a client connects, he gets a DHCP address from our ASA but when we try to get to a website, we never reach the WEB AUTH page. 
  What I tried so far is..
  add a DNS Host Name to the virtual interface and assign it to our internal DNS server.dns name was resolving but we were unable to ping 1.1.1.1
  changed the virtual ip from 1.1.1.1 to 2.2.2.2 and modified the DNS entrydns name resoved but still could not ping 2.2.2.2(I think this is normal)
  changed the virtual IP to a private address of 192.168.102.1 and modified the dns entrysame result
  I've attached some screenshots of our configuration.

  Troubleshooting Web Authentication
  After you configure web authentication, if the feature does not work as expected, complete these
  troubleshooting steps:
  Check if the client gets an IP address. If not, users can uncheck
  DHCP Required
  on the WLAN and
  give the wireless client a static IP address. This assumes association with the access point. Refer to
  the
  IP addressing issues
  section of
  Troubleshooting Client Issues in the Cisco Unified Wireless
  Network for troubleshooting DHCP related issues
  1.
  On WLC versions earlier than 3.2.150.10, you must manually enter
  https://1.1.1.1/login.html
  in
  order to navigate to the web authentication window.
  The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client
  connects to a WLAN configured for web authentication, the client obtains an IP address from the
  DHCP server. The user opens a web browser and enters a website address. The client then performs
  the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the
  website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web
  authentication login page.
  2.
  Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On
  Windows, choose
  Start > Run
  , enter
  CMD
  in order to open a command window, and do a  nslookup
  www.cisco.com" and see if the IP address comes back.
  On Macs/Linux: open a terminal window and do a  nslookup www.cisco.com" and see if the IP
  address comes back.
  If you believe the client is not getting DNS resolution, you can either:
  Enter either the IP address of the URL (for example, http://www.cisco.com is
  http://198.133.219.25)
  ♦
  Try to directly reach the controller's webauth page with
  https:///login.html. Typically this is http://1.1.1.1/login.html.
  ♦
  Does entering this URL bring up the web page? If yes, it is most likely a DNS problem. It might also
  be a certificate problem. The controller, by default, uses a self−signed certificate and most web
  browsers warn against using them.
  3.
  For web authentication using customized web page, ensure that the HTML code for the customized
  web page is appropriate.
  You can download a sample Web Authentication script from Cisco Software Downloads. For
  example, for the 4400 controllers, choose
  Products > Wireless > Wireless LAN Controller >
  Standalone Controllers > Cisco 4400 Series Wireless LAN Controllers > Cisco 4404 Wireless
  LAN Controller > Software on Chassis > Wireless Lan Controller Web Authentication
  Bundle−1.0.1
  and download the
  webauth_bundle.zip
  file.
  These parameters are added to the URL when the user's Internet browser is redirected to the
  customized login page:
  4.
  ap_mac The MAC address of the access point to which the wireless user is associated.
  ♦
  switch_url The URL of the controller to which the user credentials should be posted.
  ♦
  redirect The URL to which the user is redirected after authentication is successful.
  ♦
  statusCode The status code returned from the controller's web authentication server.
  ♦
  wlan The WLAN SSID to which the wireless user is associated.
  ♦
  These are the available status codes:
  Status Code 1: "You are already logged in. No further action is required on your part."
  ♦
  Status Code 2: "You are not configured to authenticate against web portal. No further action
  is required on your part."
  ♦
  Status Code 3: "The username specified cannot be used at this time. Perhaps the username is
  already logged into the system?"
  ♦
  Status Code 4: "You have been excluded."
  ♦
  Status Code 5: "The User Name and Password combination you have entered is invalid.
  Please try again."
  ♦
  All the files and pictures that need to appear on the Customized web page should be bundled into a
  .tar file before uploading to the WLC. Ensure that one of the files included in the tar bundle is
  login.html. You receive this error message if you do not include the login.html file:
  Refer to the Guidelines for Customized Web Authentication section of Wireless LAN Controller Web
  Authentication Configuration Example for more information on how to create a customized web
  authentication window.
  Note:
  Files that are large and files that have long names will result in an extraction error. It is
  recommended that pictures are in .jpg format.
  5.
  Internet Explorer 6.0 SP1 or later is the browser recommended for the use of web authentication.
  Other browsers may or may not work.
  6.
  Ensure that the
  Scripting
  option is not blocked on the client browser as the customized web page on
  the WLC is basically an HTML script. On IE 6.0, this is disabled by default for security purposes.
  7.
  Note:
  The Pop Up blocker needs to be disabled on the browser if you have configured any Pop Up
  messages for the user.
  Note:
  If you browse to an
  https
  site, redirection does not work. Refer to Cisco bug ID CSCar04580
  (registered customers only) for more information.
  If you have a
  host name
  configured for the
  virtual interface
  of the WLC, make sure that the DNS
  resolution is available for the host name of the virtual interface.
  Note:
  Navigate to the
  Controller > Interfaces
  menu from the WLC GUI in order to assign a
  DNS
  hostname
  to the virtual interface.
  8.
  Sometimes the firewall installed on the client computer blocks the web authentication login page.
  Disable the firewall before you try to access the login page. The firewall can be enabled again once
  the web authentication is completed.
  9.
  Topology/solution firewall can be placed between the client and web−auth server, which depends on
  the network. As for each network design/solution implemented, the end user should make sure these
  ports are allowed on the network firewall.
  Protocol
  Port
  HTTP/HTTPS Traffic
  TCP port 80/443
  CAPWAP Data/Control Traffic
  UDP port 5247/5246
  LWAPP Data/Control Traffic
  (before rel 5.0)
  UDP port 12222/12223
  EOIP packets
  IP protocol 97
  Mobility
  UDP port 16666 (non
  secured) UDP port 16667
  (secured IPSEC tunnel)
  10.
  For web authentication to occur, the client should first associate to the appropriate WLAN on the
  WLC. Navigate to the
  Monitor > Clients
  menu on the WLC GUI in order to see if the client is
  associated to the WLC. Check if the client has a valid IP address.
  11.
  Disable the Proxy Settings on the client browser until web authentication is completed.
  12.
  The default web authentication method is PAP. Ensure that PAP authentication is allowed on the
  RADIUS server for this to work. In order to check the status of client authentication, check the
  debugs and log messages from the RADIUS server. You can use the
  debug aaa all
  command on the
  WLC to view the debugs from the RADIUS server.
  13.
  Update the hardware driver on the computer to the latest code from manufacturer's website.
  14.
  Verify settings in the supplicant (program on laptop).
  15.
  When you use the Windows Zero Config supplicant built into Windows:
  Verify user has latest patches installed.
  ♦
  Run debugs on supplicant.
  ♦
  16.
  On the client, turn on the EAPOL (WPA+WPA2) and RASTLS logs from a command window, Start
  > Run > CMD:
  netsh ras set tracing eapol enable
  netsh ras set tracing rastls enable
  In order to disable the logs, run the same command but replace enable with disable. For XP, all logs
  will be located in C:\Windows\tracing.
  17.
  If you still have no login web page, collect and analyze this output from a single client:
  debug client
  debug dhcp message enable
  18.
  debug aaa all enable
  debug dot1x aaa enable
  debug mobility handoff enable
  If the issue is not resolved after you complete these steps, collect these debugs and use the TAC
  Service Request Tool (registered customers only) in order to open a Service Request.
  debug pm ssh−appgw enable
  debug pm ssh−tcp enable
  debug pm rules enable
  debug emweb server enable
  debug pm ssh−engine enable packet

• Internal WLAN vs Guest WLAN

  Hello
  I have a Cisco AIR-CT5508-K9 running revision 7.
  Can anyone explain to me the differences between a guest type WLAN and a WLAN type WLAN please? I have searched a fair bit but can't actually find an explanation.
  Also, can any one please let me know what the profile name is for please? I see that the SSID is removed on a guest lan so it must be important in some way.
  Thanks all in advance
  Anthony

  Hi,
  Q1>> Can anyone explain to me the differences between a guest type WLAN and a  WLAN type WLAN please? I have searched a fair bit but can't actually  find an explanation.
  ANS - Guest WLAN is mostly for the WIRED GUEST USERS and the Normal WLAN is for the Wireless users.. so If you want to create a guest LAN for wired guest users, choose Guest LAN
  The below link will explain you on the Wired Guest users..
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70users.html#wpxref20380
  Also most of the Guest WLAN will have a time stamp configured for  the client so that after that time stamp the client entry will be inactive..
  lemme know if this answered your question..
  Regards
  Surendra
  ====
  Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

• Deployment a Guest WLAN

  Hello guys, thanks for everyone I have another questions I'm going to deploy a new guest WLAN I'm working with the addressing and one questions come to me.. I have this central site and I have some remote offices this new WLAN will be available in different sites so... what is the best option... have just one segment for this WLAN or have different addressing for site? and the most important part... is this posible? I mean one WLAN can has differente Addressing between sites? 

  Ok Let me try to explain.
  For this SSID I created on my WLC one interface the addressing is: 10.10.20.2/24 This WLC is in my central site.
  In my central site I have too one 3750 Switch this Switch has and SVI "20" and his adressing is 10.10.20.1. This Switch is working as DHCP Server.
  In my remote site I have already my AP's on Flex-Connected mode and my users (in this case me) I can see the SSID FERROMEX. I'm joined to FERROMEX SSID and I have Internet services. My question was because I'm not using any ACL and everything looks fine. I guess I need to use ACL this type of connection.
  One questions is possible that one SSID with same scheme have different addressgin in every location?
  For Example:
  My QH in en L.A here reside my WLC and I have one SSID "AMERICA" the adressing is 10.10.10.0 /24
  one Branch Office is in NY this office can see the SSID "AMERICA" they can use a diferrente addresing?

• Design question: Scheduling a Variable-timeslot Resource

  I originally posted this in general java programming, because this seemed like a more high-level design descussion. But now I see some class design questions. Please excuse me if this thread does not belong here (this is my first time using the forum, save answering a couple questions).
  Forum,
  I am having trouble determining a data structure and applicable algorithm (actually, even more general than the data structure -- the general design to use) for holding a modifiable (but more heavily read/queried than updated), variable-timeslot schedule for a given resource. Here's the situation:
  Let's, for explanation purposes, say we're scheduling a school. The school has many resources. A resource is anything that can be reserved for a given event: classroom, gym, basketball, teacher, janitor, etc.
  Ok, so maybe the school deal isn't the best example. Let's assume, for the sake of explanation, that classes can be any amount of time in length: 50 minutes, 127 minutes, 4 hours, 3 seconds, etc.
  Now, the school has a base operation schedule, e.g. they're open from 8am to 5pm MTWRF and 10am to 2pm on saturday and sunday. Events in the school can only occur during these times, obviously.
  Then, each resource has its own base operation schedule, e.g. the gym is open from noon to 5pm MTWRF and noon to 2pm on sat. and sun. The default base operation schedule for any resource is the school which "owns" the resource.
  But then there are exceptions to the base operation schedule. The school (and therefore all its resources) are closed on holidays. The gym is closed on the third friday of every month for maintenance, or something like that. There are also exceptions to the available schedule due to reservations. I've implemented reservations as exceptions with a different status code to simplify things a little bit: because the basic idea is that an exception is either an addition to or removal from the scheduleable times of that resource. Each exception (reservation, closed for maintenance, etc) can be an (effectively) unrestricted amount of time.
  Ok, enough set up. Somehow I need to be able to "flatten" all this information into a schedule that I can display to the user, query against, and update.
  The issue is complicated more by recurring events, but I think I have that handled already and can make a recurring event be transparent from the application point of view. I just need to figure out how to represent this.
  This is my current idea, and I don't like it at all:
  A TimeSlot object, holding a beginning date and ending date. A data structure that holds list of TimeSlot objects in order by date. I'd probably also hold an index of some sort that maps some constant span of time to a general area in the data structure where times around there can be found, so I avoid O(n) time searching for a given time to find whether or not it is open.
  I don't like this idea, because it requires me to call getBeginningDate() and getEndDate() for every single time slot I search.
  Anyone have any ideas?

  If I am correct, your requirement is to display a schedule, showing the occupancy of a resource (open/closed/used/free and other kind of information) on a time line.
  I do not say that your design is incorrect. What I state below is strictly my views and should be treated that way.
  I would not go by time-slot, instead, I would go by resource, for instance the gym, the class rooms (identified accordingly), the swimming pool etc. are all resources. Therefore (for the requirements you have specified), I would create a class, lets say "Resource" to represent all the resources. I would recommend two attributes at this stage ("name" & "identifier").
  The primary attribute of interest in this case would be a date (starting at 00:00hrs and ending at 24:00hrs.), a span of 24hrs broken to the smallest unit of a minute (seconds really are not very practical here).
  I would next encapsulate the availability factor, which represents the concept of availability in a class, for instance "AvailabilityStatus". The recommended attributes would be "date" and "status".
  You have mentioned different status, for instance, available, booked, closed, under-maintainance etc. Each of these is a category. Let us say, numbered from 0 to n (where n<128).
  The "date" attribute could be a java.util.Date object, representing a date. The "status", is byte array of 1440 elements (one element for each minute of the day). Each element of the byte array is populated by the number designation of the status (i.e, 0,1,2...n etc.), where the numbers represent the status of the minute.
  The "Resource" class would carry an attribute of "resourceStatus", an ordered vector of "ResourceStatus" objects.
  The object (all the objects) could be populated manually at any time, or the entire process could be automated (that is a separate area).
  The problem of representation is over. You could add any number of resources as well as any number of status categories.
  This is a simple solution, I do not address the issues of querying this information and rendering the actual schedule, which I believe is straight forward enough.
  It is recognized that there are scope for optimizations/design rationalization here, however, this is a simple and effective enough solution.
  regards
  [email protected]

• Client unable to get IP address on guest wlan

  Hi all,  I recently setup a 2504 WLC that has two primary WLANs (internal and guest) which get their IP addresses from a central DHCP server using the local router's broadcast forwarding.  Things seem to be working well for the internal wlan, but clients on the guest wlan don't seem to be getting IP addresses.  If I give the client a static IP they are able to communicate across the wlan okay.
  It is worth noting that I am using LAG between the controller and router and this guest wlan is really just a regular wlan (with PSK) that has an access-list applied to force it to the internet only.  The access-list should be allowing dhcp requests through, but in any case, I removed the access-list and it made no difference.
  Here is a debug client for a machine connected to the guest vlan (vlan 33).  The internal wlan is on the 10.10.10.0/24 network (same as wired and same that the AP's are connected to) and the guest wlan is 10.33.0.0/16.     I don't understand why I am seeing the dhcp request come from the internal vlan/wlan first and it gets an IP address on this network.  I then see a request on the guest wlan/vlan at which point it appears to get a valid IP address on the guest network (10.33.0.0), but the client never sees this.  
  Thoughts? 
  Thanks,
  Bryan
  (Cisco Controller) >debug client 8c:2d:aa:36:ca:a3
  *DHCP Socket Task: Feb 25 00:49:32.991: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREQUEST (1) (len 308,vlan 1, port 13, encap 0xec03)
  *DHCP Socket Task: Feb 25 00:49:32.991: 8c:2d:aa:36:ca:a3 DHCP processing DHCP DISCOVER (1)
  *DHCP Socket Task: Feb 25 00:49:32.991: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
  *DHCP Socket Task: Feb 25 00:49:32.991: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 0, flags: 0
  *DHCP Socket Task: Feb 25 00:49:32.991: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
  *DHCP Socket Task: Feb 25 00:49:32.992: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
  *DHCP Socket Task: Feb 25 00:49:32.992: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  *DHCP Socket Task: Feb 25 00:49:32.992: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to DS
  *DHCP Socket Task: Feb 25 00:49:32.992: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREPLY (2) (len 331,vlan 1, port 13, encap 0xec00)
  *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP processing DHCP OFFER (2)
  *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
  *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 0, flags: 0
  *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
  *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 10.10.10.165
  *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 10.10.10.246,  giaddr: 0.0.0.0
  *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   server id: 10.10.10.246  rcvd server id: 10.10.10.246
  *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to STA
  *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREPLY (2) (len 308,vlan 33, port 13, encap 0xec00)
  *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP processing DHCP OFFER (2)
  *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
  *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 0, flags: 0
  *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
  *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 10.33.1.1
  *DHCP Socket Task: Feb 25 00:49:32.995: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 10.10.10.246,  giaddr: 10.33.0.1
  *DHCP Socket Task: Feb 25 00:49:32.995: 8c:2d:aa:36:ca:a3 DHCP   server id: 10.10.10.246  rcvd server id: 10.10.10.246
  *DHCP Socket Task: Feb 25 00:49:32.995: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to STA
  *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREQUEST (1) (len 308,vlan 1, port 13, encap 0xec03)
  *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP processing DHCP REQUEST (3)
  *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
  *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 1, flags: 0
  *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
  *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
  *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   requested ip: 10.10.10.165
  *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   server id: 10.10.10.246  rcvd server id: 10.10.10.246
  *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to DS
  *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREPLY (2) (len 308,vlan 1, port 13, encap 0xec00)
  *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP processing DHCP NAK (6)
  *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
  *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 0, flags: 8000
  *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
  *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
  *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   server id: 10.10.10.246  rcvd server id: 10.10.10.246
  *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to STA
  *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREPLY (2) (len 308,vlan 33, port 13, encap 0xec00)
  *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP processing DHCP NAK (6)
  *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
  *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 0, flags: 8000
  *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
  *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
  *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 0.0.0.0,  giaddr: 10.33.0.1
  *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   server id: 10.10.10.246  rcvd server id: 10.10.10.246
  *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to STA
  *apfMsConnTask_1: Feb 25 00:49:35.320: Stats update: Non Zero value

  One way to test also is to connect a laptop to a port assigned for the guest vlan. If the device gets an IP, then it's something on the WLC you have to configure. If the device doesn't, then it's a network issue or dhcp server issue.
  Sent from Cisco Technical Support iPhone App

• LDAP design question for multiple sites

  LDAP design question for multiple sites
  I'm planning to implement the Sun Java System Directory Server 5.2 2005Q1 for replacing the NIS.
  Currently we have 3 sites with different NIS domains.
  Since the NFS over the WAN connection is very unreliable, I would like to implement as follows:
  1. 3 LDAP servers + replica for each sites.
  2. Single username and password for every end user cross those 3 sites.
  3. Different auto_master, auto_home and auto_local maps for three sites. So when user login to different site, the password is the same but the home directory is different (local).
  So the questions are
  1. Should I need to have 3 domains for LDAP?
  2. If yes for question 1, then how can I keep the username password sync for three domains? If no for question 1, then what is the DIT (Directory Infrastructure Tree) or directory structure I should use?
  3. How to make auto map work on LDAP as well as mount local home directory?
  I really appreciate that some LDAP experta can light me up on this project.

  Thanks for your information.
  My current environment has 3 sites with 3 different NIS domainname: SiteA: A.com, SiteB:B.A.com, SiteC:C.A.com (A.com is our company domainname).
  So everytime I add a new user account and I need to create on three NIS domains separately. Also, the password is out of sync if user change the password on one site.
  I would like to migrate NIS to LDAP.
  I want to have single username and password for each user on 3 sites. However, the home directory is on local NFS filer.
  Say for userA, his home directory is /user/userA in passwd file/map. On location X, his home directory will mount FilerX:/vol/user/userA,
  On location Y, userA's home directory will mount FilerY:/vol/user/userA.
  So the mount drive is determined by auto_user map in NIS.
  In other words, there will be 3 different auto_user maps in 3 different LDAP servers.
  So userA login hostX in location X will mount home directory on local FilerX, and login hostY in location Y will mount home directory on local FilerY.
  But the username and password will be the same on three sites.
  That'd my goal.
  Some LDAP expert suggest me the MMR (Multiple-Master-Replication). But I still no quite sure how to do MMR.
  It would be appreciated if some LDAP guru can give me some guideline at start point.
  Best wishes

• Design question for database connection in multithreaded socket-server

  Dear community,
  I am programming a multithreaded socket server. The server creates a new thread for each connection.
  The threads and several objects witch are instanced by each thread have to access database-connectivity. Therefore I implemented factory class which administer database connection in a pool. At this point I have a design question.
  How should I access the connections from the threads? There are two options:
  a) Should I implement in my server class a new method like "getDatabaseConnection" which calls the factory class and returns a pooled connection to the database? In this case each object has to know the server-object and have to call this method in order to get a database connection. That could become very complex as I have to safe a instance of the server object in each object ...
  b) Should I develop a static method in my factory class so that each thread could get a database connection by calling the static method of the factory?
  Thank you very much for your answer!
  Kind regards,
  Dak
  Message was edited by:
  dakger

  So your suggestion is to use a static method from a
  central class. But those static-methods are not realy
  object oriented, are they?There's only one static method, and that's getInstance
  If I use singleton pattern, I only create one
  instance of the database pooling class in order to
  cionfigure it (driver, access data to database and so
  on). The threads use than a static method of this
  class to get database connection?They use a static method to get the pool instance, getConnection is not static.
  Kaj