Adding a Second Public IP Range

Our current environment is configured as follows and is in the attached image.  We have two routers on the front end that are running BGP with three different ISP's.  Each ISP connects to a different interface on our routers.  The ISP interfaces use ISP supplied /30 IP's.  Our existing ARIN IP block is advertised out BGP and assigned to the inside interface of each router.  We run iBGP and GLBP on the routers inside interfaces.  We are close to using up our /24 block of ARIN assigned IP's.  We have received a new /24 block of ARIN assigned IP's that we want to use along with the existing /24 block.  What is the best way to add the new /24 block of IP's to our routers?  Do I need to assign them as a second IP to each router's inside interface?  Or, can I just advertise the new block out of BGP and add a static route to route the new block out the inside interfaces and not assign any secondary IP's to the inside interfaces?

You won't be able to port forward the same port on the same public IP to different local IPs  because the router will have no way of knowing which local IP it is meant for.
But what you could do is use your existing IP for one of the translations and the second IP for the other eg.
ip nat inside source static tcp 192.168.5.10 5060 interface gi0/1 5060
where gi0/1 is the outside interface and then
ip nat inside source static tcp 192.168.5.11 5060 <unused public IP> 5060
In terms of how it works with the second public IP the ISP has a router with an IP from the same public IP range. So when traffic gets to ISP router inbound from the internet the ISP router requests the mac address of the public IP.
Your router performs proxy arp for that public IP so it responds with the mac address of it's outside interface.
This means that traffic for that IP is sent to your router.
Jon

Similar Messages

  • Add a second WAN CIDR range to ASA 5505

    Forgive me if this has already been covered as i couldn't find any clear answers to do this with a lone ASA 5505 running sec plus. 
    How would i go about adding a second /28 CIDR range on anther segment given to us by our ISP which is on another segment? 
    Our outside is configured with 68.2.2.2/255.255.255.255 and we have been given a new block of 98.98.98.0/255.255.255.240. ISP has routed the 98 to the 68 on their side as of now. 
    Curious is the 5505 capable of doing this without a router in front? Any suggestions are welcomed. thanks!

    You really do not want to use it as a second physical connection unless you intend to use the second address block only as a backup in case the primary physical connection has a problem. And given the description that the ISP has routed the 98 to the 68 I think it is highly likely that there is only a single physical connection from the ISP. So putting a switch in place to split them does not really buy you any redundancy.
    What you really want to do is to use the second address block to create a pool of addresses to use for address translation. The ASA5505 should do this quite easily and well.
    HTH
    Rick

  • Using a second Public IP Address:

    Guys, 
    My client has been allocated 2 Public IP Addresses from the ISP, but we always just used one of them because there was never a need to use the second. Well, we now have a situation, where we need to port forward port 5060 to two different local IP addresses. The obvious solution would be to use the second public IP Address and port forward it to 5060 and then call it a day. I just don't understand how that works on a cisco router. Does the router know about all of the Public IP's because when I added the main public IP Address on the WAN port, I put the subnet mask in that accounts for the 2 IP's? How do I make the Router aware of my second Public IP Address? 
    Thanks in advance for all of your help,  

    You won't be able to port forward the same port on the same public IP to different local IPs  because the router will have no way of knowing which local IP it is meant for.
    But what you could do is use your existing IP for one of the translations and the second IP for the other eg.
    ip nat inside source static tcp 192.168.5.10 5060 interface gi0/1 5060
    where gi0/1 is the outside interface and then
    ip nat inside source static tcp 192.168.5.11 5060 <unused public IP> 5060
    In terms of how it works with the second public IP the ISP has a router with an IP from the same public IP range. So when traffic gets to ISP router inbound from the internet the ISP router requests the mac address of the public IP.
    Your router performs proxy arp for that public IP so it responds with the mac address of it's outside interface.
    This means that traffic for that IP is sent to your router.
    Jon

  • I can't get my ICloud started. Each time i try to sign in..it indicates that theres a problem with my email apple address but never indicates what. I added a second email but the same result. Have changed my password numerous times...no result?????

    I have followed the instruction relating to Icloud connection.When i went to system preferences, my Apple address is continually rejected. I have added a second email as suggusted by an Apple site but i still get the same message. Im not told why the Apple ID/email is not accepted when it is accepted in all other Apple sites. I changed my password numerous times to ensure it wasnt the password but to no result. It continued to state that my Apple ID was the problem. I live in Malta,Europe. Have new Apple Mac Pro and Ipod. The annoying thing is that ICloud continually send me the problem notice but do nothing to tell me how to fix it? Can i switch this notice off? Help???????

    Welcome to the Apple community Yao.
    If you mean that Find My Phone is asking for a password to a different Apple ID to your current Apple ID.
    This feature has been introduced to make stolen phones useless to those that have stolen them.
    However it can also arise when the user has changed their Apple ID details with Apple and not made the same changes to their iCloud account/Find My Phone on their device before upgrading to iOS 7, or if you restore from a previous back up made before you changed your details.
    The only solution is to change your Apple ID back to its previous state with Apple at My Apple ID using your current password, you don’t need access to this address if it’s previously been used with your Apple ID, once you have saved these details enter the password as requested on your device and then turn off "find my phone" and delete the account from your device.
    You should then change your Apple ID back to its current state, save it once again and then log back in using your current Apple ID. Finally, turn "find my phone" back on once again.
    This article provides more information about Activation Lock.

  • Adding a second time capsule?

    I've reviewed some of he discussion on adding a second Time Machine but two issues arise.  The information relates to older Time Machine software and leads to confusion.
    I have an Airport Extreme with S/W version 7.6.4 and would like to add a newer Airport Extreme to back up the older one.  Reading the suggestions on adding a new TC didn't cover the newer Time Machines and I could find Apple's instructions for doing it.
    Somewhere I read that the new TC could be connected to the old TC but forgot the port setup.  Also, newer instructions for adding a second TC so both the old and the new acquire the same data could not be found.
    Hope This question is clear.  Is there help on this?

    The network setup is fairly trivial.
    Plug TC2 into TC1. (the hardware is Time Capsule.. TC as per your title.. or is it Airport Extreme as per your question..?? Time Machine is software on your computer.. and totally unrelated to the hardware.)
    Makes no difference which way around you do it. Plug WAN of the 2nd device into LAN of the 1st device. And setup the 2nd device in bridge.. wireless is up to you.. off or on?? Roaming or not??
    As far as backup is concerned.. you need to be clear in the question. And sorry it is a bit mixed up now.
    But I can tell you what you cannot do.
    You cannot backup to both units at once. You can however setup Time Machine in the computer to backup sequentially to both.
    See Q34 http://pondini.org/TM/FAQ.html
    The TC itself cannot backup to another TC.
    (extreme with hard disk amounts to the same thing.. with caveats)
    You can backup one TC to another manually via a computer.. it is slow and I do not recommend it.. if a fault creeps into backup1, you are simply copying said fault to backup2.. AND it is poor for another reason.. Time Machine cannot do it.. you will need another utility eg Carbon Copy Cloner.. and even then you will probably end up backing up a huge amount of data every time.. since TM works so strangely you cannot just backup differences.

  • I am considering a Apple iMac but would be interested in adding a second monitor. Does it have to be an Apple monitor or can i add any monitor with a thunderbolt cable and DVI or vGA adapter?

    I am considering a Apple iMac but would be interested in adding a second monitor. Does it have to be an Apple monitor or can i add any monitor with a thunderbolt cable and DVI or vGA adapter?

    I found that the Thunderbolt input accepts the mini-DVI (in my case converter to VGA for a tutorial use monitor)
    BUT, you have to really oush it in 'til it clicks.  I thought it too loose until I tried it.  works just fine!!
    i get a solved for my own  LOL
    Ed

  • Adding a second internal HDD on a Satellite A350-20s

    I have a Satellite A350-20s.
    It is described in its documentation as having the option to add a second internal 2"5 hdd, and a indeed there is a place reserved for it..
    The problem is that when I remove the cover to insert the hdd there is no connector.
    So, how to do it ?

    Hi buddy,
    Well, I have even checked the manual of my Satellite A350 and there you can see that the manual shows second HDD slot. But as Paolo30 wrote installing such a HDD is depending on the HDD controller You can only install such a HDD if you have a second HDD connector.
    In my opinion all its ok because the manual doesnt mention that adding a second HDD is possible on every notebook. ;)
    By the way: If you need more disk space you can use an external HDD, for example 2.5 one. Such HDDs dont need an additional power supply, you need only an USB cable to connect it. ;)

  • How to change security questions after adding a second email address?

    I'm at a loss and really really frustrated with Apple for the first time in my life.
    I've added a second email address and tried over the last 3 days on my iPad and Mac to change my security questions. There is no option present that I can see that allows you to do this without first entering the answers. (to which I don't know anymore)
    I called Apple support (even in english) and every time the call has been dropped.
    In all the years since switching to Apple I've always been impressed with the level of customer service. This is the first time that I've felt this level of sincere frustration.
    I'm not sure why I have to book a time to speak with someone. Updating or changing security questions, should be a process one can do over the internet. I'm confused either way why questions are necessary if the apple password entered was correct. It's not my bank account; why the need for such extreme security just to download an app paid for by an iTunes card!
    Any help or direction would be appreciated!!
    Thank you
    Kate

    Hello there, Kate.
    Apologies for your frustration. For your security the existing questions need to be answered before new ones can be created. The following Knowledge Base article provides some additional steps to try if you are unsure of the answers to the existing ones:
    Apple ID: All about Apple ID security questions
    http://support.apple.com/kb/HT5665
    Specifically:
    What should I do if I don't remember the answers to my Apple ID security questions?
    Try answering them at least once to see if you can get them right, even if you are not sure you remember the answers to your security questions.
    If you are confident you can't remember them, try one of the following:
    If you have three security questions and a rescue email address
    sign in to My Apple ID and select the Password and Security tab to send an email to your rescue email address to reset your security questions and answers. 
    If you have one security question and you know your Apple ID passwordsign in to My Apple ID and select the Password and Security tab to reset your security question.
    If you have one security question, but don't remember your Apple ID password
    contact Apple Support for assistance. Learn more about creating a temporary support PIN to help Apple confirm your identity when you contact Apple Support.
    Note: If you have forgotten your password and answer your security questions incorrectly too many times in a row, you will be unable to try to answer your security questions for a period of time. During that time you will not be able to reset your password and will not have access to your account.
    Thanks for reaching out to Apple Support Communities.
    Cheers,
    Pedro D.

  • Adding a second optical drive

    Hi,
    I've have just added a second optical drive to my MP, it's an LG, "HL-DT-ST DVDRAM GSA-4120B" according to system profiler. I'v left the original apple superdrive as-is, and put this in the second bay. I'm pretty sure I've set it's jumpers to "slave", but it was in an external bay and I don't have a manual or anything, so I'm not 100% sure.
    Both drives work fine, on their own, but they don't seem to want to work together. Programs seem to have to wait for the 2nd drive to finish whatever it is it's doing, before they can get access to 1st drive (or vice-versa).
    I was under the impression that both drives can be working at the same time, and it would seem pointless having two drives if they can't work at the same time?
    I don't have to change anything about the original superdrive when adding a second drive, do I?

    Hi,
    I've have just added a second optical drive to my MP,
    it's an LG, "HL-DT-ST DVDRAM GSA-4120B" according to
    system profiler. I'v left the original apple
    superdrive as-is, and put this in the second bay. I'm
    pretty sure I've set it's jumpers to "slave", but it
    was in an external bay and I don't have a manual or
    anything, so I'm not 100% sure.
    Both drives work fine, on their own, but they don't
    seem to want to work together. Programs seem to have
    to wait for the 2nd drive to finish whatever it is
    it's doing, before they can get access to 1st drive
    (or vice-versa).
    I was under the impression that both drives can be
    working at the same time, and it would seem pointless
    having two drives if they can't work at the same
    time?
    I don't have to change anything about the original
    superdrive when adding a second drive, do I?
    Looking at your specs. the drive is an LG. I have an LG as well not the same model but I set my jumper to Cable Select, that is what worked and it is the same setting as the original Sony SuperDrive.
    I am certain it will work as it did no mine.
    My specs:
    ATA Bus:
    SONY DVD RW DW-D150A:
    Model: SONY DVD RW DW-D150A
    Revision: 1.MD
    Serial Number:
    Detachable Drive: No
    Protocol: ATAPI
    Unit Number: 0
    Socket Type: Internal
    Low Power Polling: No
    HL-DT-ST DVDRAM GSA-H10L:
    Model: HL-DT-ST DVDRAM GSA-H10L
    Revision: LL10
    Serial Number: K18E8582228
    Detachable Drive: No
    Protocol: ATAPI
    Unit Number: 1
    Socket Type: Internal
    Low Power Polling: No
    William

  • Adding a Second Airport Express

    Is there a trick to adding a second Airport Express?  My network is created by an Airport Extreme.  Six months ago, I added an Airport Express to get better coverage upstairs (no problems).  Now I want to add a second Airport Express to extend coverage to the back of our house.  I plug in the Airport Express but it never shows in the Airport Utility.  I have tried over and over and it never appears.

    The second Express can "extend" the signal provided by the AirPort Extreme, but it cannot "extend" the signal from the AirPort Express that is already "extending".
    The Express always needs to be located where it can receive a strong signal from the main router in order to "extend" that signal.
    Might that be the issue here?  The second Express is possibly located too far from the AirPort Extreme?
    If we need to do some more checks, is your Mac runnign OS X 10.6.8 as your profile indicates?

  • Added a second IP to our server = Now users can't log-in

    Hi,
    I had a server that was working fine. It had one external IP address. I then added a second external (dedicated) IP address to the same ethernet port, by adding a second port in "Network Preferences" and manually typing in the IP configuration - just as I did for the original ethernet interface when the server was originally configured.
    The reason I added a second IP address is so that I could run Apache2 on port 80 on the new IP while continuing to run Apache1.3 on port 80 of the original IP.
    Of course now I've screwed up the reverse DNS and such and my users can't login over AFP (though SMB is ok). My initial IP has a properly configured reverse lookup, the new IP does not. The new IP is using the ISP's default domain name.
    In a situation like this, am I supposed to configure both IPs to resolve to the same computer name? myServer.company.com ? Or should each IP resolve differently..
    Thanks
    Woody

    Of course now I've screwed up the reverse DNS and
    such and my users can't login over AFP (though SMB is
    ok).
    How do the users connect to AFP? WAN or LAN, Hostname or IP ?
    My initial IP has a properly configured
    reverse lookup, the new IP does not. The new IP is
    using the ISP's default domain name.
    In a situation like this, am I supposed to configure
    both IPs to resolve to the same computer name?
    myServer.company.com ? Or should each IP resolve
    differently..
    Reverse lookups (PTR records) shouldn't come into it. If users use a hostname to connect then all you will need is an A record to convert the hostname to an IP. If they use an IP to connect, then no DNS is accessed. So if you cannot connect directly using the IP address then it suggests firewall or config - test for open 548 port etc.
    -david
        Server 10.4.8

  • Itunes page pops up continually on the pc since we added a second ipod. how do I stop the pop up? help/ to the same pc

    itunes page pops up continually on my windows Vista pc since we added a second ipod and sync it to the same pc. How do I stop the pop ups??

    Many thanks lllaass,
    The Touch Copy third party software for PC's is the way to go it seems and although the demo is free, if you have over 100 songs then it costs £15 to buy the software which seems not a lot to pay for peace of mind. and restoring your iTunes library back to how it was.
    Cheers
    http://www.wideanglesoftware.com/touchcopy/index.php?gclid=CODH8dK46bsCFUbKtAod8 VcAQg

  • What is the RFC for public ipv4 ranges?

    is there an RFC for public ipv4 ranges? I understand RFC 1918 is for private ipv4 ranges

    After a very fast check on http://www.rfc-editor.org/rfc-index.html  I find this:
    RFC 1366 Guidelines for Management of IP Address Space
    and subsequent RFC that obsolete one another
    Bye,
    enrico.
    PS please rate if useful

  • Issues adding a second 4402 wireless controller

    I currently have 1 4402 wirless controller that is controlling the 17 APs I have in our corporate office and 18 APs we have in a warehouse 10 miles away. The warehouse has all of the APs set to H-REAP so that they can connect across the WAN to reach the controller.I have purchased a second 4402 and have placed the controller at the warehouse to handle all traffic out at that site and to relieve issues we have when the WAN gets saturated.
    I have configured the 4402 at the Warehouse with the same basic setup as the first controller (well, different IP and different VLAN and different SSIDs so I can tell I am on the new one easily). The problem I am having is that I cannot get any of the access points to log onto the second controller. All access points still show up on the first controller.
    To reach the first controller I had placed the information in the WIndows DHCP scope (Option 241 I believe) to talk to the first controller. I have change dthat to point to the second controller but that does not help. I saw that the first controller was set to be the MAster, so I turned that off to no avail. I even created a new vlan, created the DHCP information, and then added the Access Points to the new VLAN. Still, they connect to the first controller.
    Lastly, I logged into the APs and reset them to factory defaults. The APs still find the first controller.
    Any ideas what I may be missing to have them hit the new controller?
    Thanks much!
    Dave

    These are from the AP I am trying to join to the Controller and the logs on the Controller. Looks like I have a setting wrong somewhere on the Controller that I am just missing.
    *Mar  1 00:00:05.066: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
    *Mar  1 00:00:06.275: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
    *Mar  1 00:00:06.370: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 144 messages)
    *Mar  1 00:00:06.403:  status of voice_diag_test from WLC is false
    *Mar  1 00:00:07.429:  STUB Called : crypto_ssl_init
    *Mar  1 00:00:08.472: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
    *Mar  1 00:00:08.533: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(23c)JA, RELEASE SOFTWARE (fc3)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2010 by Cisco Systems, Inc.
    Compiled Tue 01-Jun-10 11:44 by prod_rel_team
    *Mar  1 00:00:08.621: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Mar  1 00:00:08.622: bsnInitRcbSlot: slot 1 has NO radio
    *Mar  1 00:00:08.873: %SSH-5-ENABLED: SSH 2.0 has been enabled
    *Mar  1 00:00:08.873: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:09.472: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
    *Mar  1 00:00:09.876: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:09.914: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
    *Mar  1 00:00:09.927: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:00:10.331: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:16.997: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 172.16.12.60, mask 255.255.255.0, hostname ap
    *Mar  1 00:00:27.497:  status of voice_diag_test from WLC is false
    *Mar  1 00:00:27.565: Logging LWAPP message to 255.255.255.255.
    Translating "CISCO-CAPWAP-CONTROLLER.madden.com"...domain server (172.16.12.11)
    *Mar  1 00:00:38.623: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.12.12 obtained through DHCP
    Translating "CISCO-LWAPP-CONTROLLER.madden.com"...domain server (172.16.12.11)
    *Mar  1 00:00:38.623: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
    *Mar  1 00:00:39.624: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
    *Mar  1 00:00:39.626: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.madden.com
    *Mar  1 00:00:39.629: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER.madden.com
    *Mar  1 00:00:50.632: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *May 17 21:33:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.12.13 peer_port: 5246
    *May 17 21:33:15.002: %CAPWAP-5-CHANGED: CAPWAP changed state to 
    *May 17 21:33:16.822: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.12.13 peer_port: 5246
    *May 17 21:33:16.824: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
    *May 17 21:33:16.824: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *May 17 21:33:21.823: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
    *May 17 21:33:21.825: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.12.13
    *May 17 21:33:21.825: %DTLS-5-PEER_DISCONNECT: Peer 172.16.12.13 has closed connection.
    *May 17 21:33:21.826: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.12.13:5246
    *May 17 21:33:21.827: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *May 17 21:33:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.12.13 peer_port: 5246
    *May 17 21:33:14.001: %CAPWAP-5-CHANGED: CAPWAP changed state to 
    *May 17 21:33:15.831: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.12.13 peer_port: 5246
    *May 17 21:33:15.833: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
    *May 17 21:33:15.833: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *May 17 21:33:20.832: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
    *May 17 21:33:20.834: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.12.13
    *May 17 21:33:20.834: %DTLS-5-PEER_DISCONNECT: Peer 172.16.12.13 has closed connection.
    *May 17 21:33:20.834: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.12.13:5246
    *May 17 21:33:20.836: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *May 17 21:33:13.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.1.105 peer_port: 5246
    *May 17 21:33:13.001: %CAPWAP-5-CHANGED: CAPWAP changed state to 
    *May 17 21:33:14.937: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.1.105 peer_port: 5246
    *May 17 21:33:14.939: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.1.105
    *May 17 21:33:14.939: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *May 17 21:33:15.184: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
    *May 17 21:33:18.402: %CAPWAP-5-CHANGED: CAPWAP changed state to DOWN
    *May 17 21:33:18.404: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *May 17 21:33:18.478: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller INWDPWC01
    *May 17 21:33:18.547: %LWAPP-3-CLIENTEVENTLOG: SSID Madden_Guest added to the slot[0]
    *May 17 21:33:18.572: %LWAPP-3-CLIENTEVENTLOG: SSID LEX_Guest added to the slot[0]
    *May 17 21:33:18.590: %LWAPP-3-CLIENTEVENTLOG: SSID Madden_Internal added to the slot[0]
    *May 17 21:33:18.607: %LWAPP-3-CLIENTEVENTLOG: SSID LEX_HAND_SCANNERS added to the slot[0]
    *May 17 21:33:18.632: %LWAPP-3-CLIENTEVENTLOG: SSID Madden_Zebra added to the slot[0]
    *May 17 21:33:18.756: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    *May 17 21:33:19.404: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    (Cisco Controller) >debug capwap events enable
    (Cisco Controller) >debug capwap errors enable
    (Cisco Controller) >debug pm pki enable
    (Cisco Controller) >
    (Cisco Controller) >*sshpmLscTask: May 17 16:30:44.379: sshpmLscTask: LSC Task received a message 4
    *sshpmLscTask: May 17 16:32:44.380: sshpmLscTask: LSC Task received a message 4
    *spamReceiveTask: May 17 16:33:14.641: 00:16:47:75:19:30 Discovery Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:14.642: 00:16:47:75:19:30 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 50, joined Aps =0
    *spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Discovery Response sent to 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Discovery Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 50, joined Aps =0
    *spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Discovery Response sent to 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:14.644: 00:16:47:75:19:30 Received LWAPP DISCOVERY REQUEST to 00:1b:d4:6b:bb:a0 on port '2'
    *spamReceiveTask: May 17 16:33:14.644: 00:16:47:75:19:30 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamReceiveTask: May 17 16:33:25.638: 00:16:47:75:19:30 DTLS connection not found, creating new connection for 172:16:12:60 (28081) 172:16:12:13 (5246)
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: called to get cert for CID 1824fb87
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: called to get key for CID 1824fb87
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: match in row 2
    *spamReceiveTask: May 17 16:33:25.793: sshpmGetIssuerHandles: locking ca cert table
    *spamReceiveTask: May 17 16:33:25.793: sshpmGetIssuerHandles: calling x509_alloc() for user cert
    *spamReceiveTask: May 17 16:33:25.793: sshpmGetIssuerHandles: calling x509_decode()
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: C=US, ST=California, L=San Jose, O=Cisco Systems, CN=C1200-0015fae6db09, [email protected]
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles:   O=Cisco Systems, CN=Cisco Manufacturing CA
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: Mac Address in subject is 00:15:fa:e6:db:09
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: Cert Name in subject is C1200-0015fae6db09
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: called to get cert for CID 26a39b4a
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.798: ssphmUserCertVerify: calling x509_decode()
    *spamReceiveTask: May 17 16:33:25.806: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.806: sshpmGetIssuerHandles: ValidityString (current): 2012/05/17/21:33:25
    *spamReceiveTask: May 17 16:33:25.806: sshpmGetIssuerHandles: ValidityString (NotBefore): 2006/01/17/19:00:47
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetIssuerHandles: ValidityString (NotAfter): 2016/01/17/19:10:47
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetIssuerHandles: getting cisco ID cert handle...
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.808: sshpmFreePublicKeyHandle: called with 0x31b5178c
    *spamReceiveTask: May 17 16:33:25.808: sshpmFreePublicKeyHandle: freeing public key
    *spamReceiveTask: May 17 16:33:27.455: 00:16:47:75:19:30 DTLS Session established server (172.16.12.13:5246), client (172.16.12.60:28081)
    *spamReceiveTask: May 17 16:33:27.455: 00:16:47:75:19:30 Starting wait join timer for AP: 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:27.460: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 Deleting AP entry 172.16.12.60:28081 from temporary database.
    *spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 MIC AP is not allowed to join by config
    *spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 State machine handler: Failed to process  msg type = 3 state = 0 from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.456: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.456: 00:16:47:75:19:30 Join request received from AP which is already present. Deleting previous connection
                                                                                                                                                 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 Multiple Join Request: Join request received from AP which is already present. Deleting previous conne
    *spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 Finding DTLS connection to delete for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 Disconnecting DTLS Capwap-Ctrl session 0x13869100 for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 CAPWAP State: Dtls tear down
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 DTLS connection not found. Ignoring join request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 State machine handler: Failed to process  msg type = 3 state = 0 from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 DTLS connection closed event receivedserver (172:16:12:13/5246) client (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 No entry exists for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 No AP entry exist in temporary database for 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  172.16.12.60:28081)since DTLS session is not established
    *spamReceiveTask: May 17 16:33:32.462: 00:16:47:75:19:30 DTLS connection not found, creating new connection for 172:16:12:60 (28081) 172:16:12:13 (5246)
    *spamReceiveTask: May 17 16:33:32.462: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: called to get cert for CID 1824fb87
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: called to get key for CID 1824fb87
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: match in row 2
    *spamReceiveTask: May 17 16:33:32.614: sshpmGetIssuerHandles: locking ca cert table
    *spamReceiveTask: May 17 16:33:32.614: sshpmGetIssuerHandles: calling x509_alloc() for user cert
    *spamReceiveTask: May 17 16:33:32.614: sshpmGetIssuerHandles: calling x509_decode()
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: C=US, ST=California, L=San Jose, O=Cisco Systems, CN=C1200-0015fae6db09, [email protected]
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles:   O=Cisco Systems, CN=Cisco Manufacturing CA
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: Mac Address in subject is 00:15:fa:e6:db:09
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: Cert Name in subject is C1200-0015fae6db09
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: called to get cert for CID 26a39b4a
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.619: ssphmUserCertVerify: calling x509_decode()
    *spamReceiveTask: May 17 16:33:32.627: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: ValidityString (current): 2012/05/17/21:33:32
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: ValidityString (NotBefore): 2006/01/17/19:00:47
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: ValidityString (NotAfter): 2016/01/17/19:10:47
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: getting cisco ID cert handle...
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.628: sshpmFreePublicKeyHandle: called with 0x31b53840
    *spamReceiveTask: May 17 16:33:32.628: sshpmFreePublicKeyHandle: freeing public key
    *spamReceiveTask: May 17 16:33:34.288: 00:16:47:75:19:30 DTLS Session established server (172.16.12.13:5246), client (172.16.12.60:28081)
    *spamReceiveTask: May 17 16:33:34.288: 00:16:47:75:19:30 Starting wait join timer for AP: 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:34.293: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 Deleting AP entry 172.16.12.60:28081 from temporary database.
    *spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 MIC AP is not allowed to join by config
    *spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 State machine handler: Failed to process  msg type = 3 state = 0 from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Join request received from AP which is already present. Deleting previous connection
                                                                                                                                                 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Multiple Join Request: Join request received from AP which is already present. Deleting previous conne
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Finding DTLS connection to delete for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Disconnecting DTLS Capwap-Ctrl session 0x138691e8 for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 CAPWAP State: Dtls tear down
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 DTLS connection not found. Ignoring join request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 State machine handler: Failed to process  msg type = 3 state = 0 from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 DTLS connection closed event receivedserver (172:16:12:13/5246) client (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 No entry exists for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 No AP entry exist in temporary database for 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.292: 00:16:47:75:19:30 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  172.16.12.60:28081)since DTLS session is not established

  • Does adding a second airport extreme slow the wifi speeds?

    I get 17mbps from my airport base station hardwired to uverse router. On the new 5th gen extreme.used to extend network, speeds are 7mbps at best. is a second device incapable of the same bandwidth as the originating extreme?even when well within range?

    My only issue is, i've not got the AE's on "bridge Mode"
    That's quite an issue, since you only want to have one router handling DHCP and NAT on the network. You have two routers both trying to provide the same services if the AirPort Extreme is distributing IP addresses. Conflicts are inevitable. The AirPort Extreme needs to be in Bridge Mode.
    I can't seem to put the AE back into the connection sharing option that says "distrubute a range of ip address"
    This setting would be used only if your ISP has assigned multiple IP addresses to you....and the AirPort Extreme is the "main" router on the network.
    "Share a public IP address" would be the setting to use.....if the Uverse router will tolerate another router on the network. Sometimes you can find a workaround, but then you have to put up with Double NAT errors and other unpredictable things on the network.
    I used to be able to operate without bridge mode off the uverse router/modem but can't anymore.
    Probably due to updates on both the Uverse and AirPort routers to prevent users from trying to run two routers on the same network.
    Uverse routher which is impossible to figure out to reserve ip's etc for externetal devices.
    Is this a Motorola router, or 2-Wire?  Either should have online support for this type of basic router service.

Maybe you are looking for