Allow client to client traffic

Similar Messages

• Show dot11 statistics client-traffic

  I'm trying to interpret output from the 'show dot11 statistics client-traffic' command in autonomous IOS version 15.2(4)JB4 on a 3600-series access point.  Finding a detailed description of each data point being reported has been very difficult - c'mon Cisco!  For my purposes I'm most interested in what is being reported in the 'Retry' and 'RSSI' fields.  It seems like RSSI in dBm is being reported but I'd like confirmation from someone who knows because in older versions of IOS it seems like this value might have been a percentage value on a scale of 0 to 100% with 0 being -113dBm and 100 being -10dBm.
  Here is a sample of the output from my access point:
  SURVEY_AP1#show dot11 statistics client-traffic
  Dot11Radio0: -- Client Statistics
  ---Clients 0  AID VLAN Status:S/I/B/A Age TxQ-R(A) Mode Enc Key  Rate  Mask Tx   Rx   BVI   Split-ACL Client-ACL L2-ACL
                   RxPkts KBytes  Dup Dec Mic   TxPkts  KBytes  Retry RSSI SNR
                 (Client) MaxPri DefUniPri DefMultPri WiredProt
                 IP Address      Pauses  Idle   RateTx   RateDataTx   RSC
  MVL Req=0, In=0
  Video Report:  Cnt  Rate  Retries/Tot
  8021x auth in prog 0 allowed 0
  Dot11Radio1: -- Client Statistics
  ---Clients 0  AID VLAN Status:S/I/B/A Age TxQ-R(A) Mode Enc Key  Rate  Mask Tx   Rx   BVI   Split-ACL Client-ACL L2-ACL
  7cd1.c379.2d10    1    0 30 40144 000 03E 60   0-0 (0) 3F80 200 0-10 00FFFFFFFF000000000  0817 00C              
                   RxPkts KBytes  Dup Dec Mic   TxPkts  KBytes  Retry RSSI SNR
  7cd1.c379.2d10      294     25   59   0   0      155      16     98   43  45
                Agr TxLt   TxRP   St ACQ/TW  TxACQ  Stats
  7cd1.c379.2d10 p0 64 138  0  0 1 1  0 243 243  0  0  0
  7cd1.c379.2d10 p1 20 30  0  0 1 1  0  0  0  0  0  0
  7cd1.c379.2d10 p2 20 30  0  0 1 1  0  0  0  0  0  0
  7cd1.c379.2d10 p3 20 138  0  0 1 1  0  0  0  0  0  0
  7cd1.c379.2d10 p4 20 30  0  0 1 1  0  0  0  0  0  0
  7cd1.c379.2d10 p5 20 30  0  0 1 1  0  0  0  0  0  0
  7cd1.c379.2d10 p6 20 30  0  0 1 1  0 10 10  0  0  0
  7cd1.c379.2d10 p7 20 30  0  0 1 1  0  5  5  0  0  0
      Tx Params  Pri BA TxLt AggrSz MaxL AvgL
  7cd1.c379.2d10   0   4 138   64 65460  111
  7cd1.c379.2d10   1   0  30   20 65460    0
  7cd1.c379.2d10   2   0  30   20 65460    0
  7cd1.c379.2d10   3   0 138   20 65460 1500
  7cd1.c379.2d10   4   1  30   20 65460    0
  7cd1.c379.2d10   5   1  30   20 65460    0
  7cd1.c379.2d10   6   0  30   20 65460    0
  7cd1.c379.2d10   7   0  30   20 65460    0
                 (Client) MaxPri DefUniPri DefMultPri WiredProt
  7cd1.c379.2d10             0          0           0          0
                 IP Address      Pauses  Idle   RateTx   RateDataTx   RSC
  7cd1.c379.2d10 192.168.0.100   00004 000000      0      0 [0]0x10C [6]0xA7
      Block Ack  Pri, Rcv Wind  Timeout SeqNum Held, Xmt Wind  Timeout
  7cd1.c379.2d10   0        64        0    D20    0        64        0 4, 0 0 0
  7cd1.c379.2d10   4                                        0        0 1, 0 0 0
  7cd1.c379.2d10   5                                        0        0 1, 0 0 0
      LBF             Indx     BfPkts   NbfPkts  BfTmr    PktCnt
  7cd1.c379.2d10  RIA    1         18       130      4        17
  MVL Req=1, In=1
  Video Report:  Cnt  Rate  Retries/Tot
  8021x auth in prog 0 allowed 0
  SURVEY_AP1#
  Thanks in advance for any assistance.

  You want the RSSI (Radio Signal Strength Indicator) and the SNR (Signal-to-Noise Ratio) of a particular client?
  You have to run one or two commands then.  The first one is "sh dot11 s".  This will show you the wireless MAC address of a client.  Copy-n-Paste the MAC address of your choice and use the command "sh dot11 s ".
  Does this answer your question?
  Please don't forget to rate useful posts.  Thanks.

• How to restrict AP client-to-client traffic in same SSID

  Dear all,
  Please kindly advise how wireless client-to-client traffic can be restricted? The AP is controlled by WLC.
  Thanks.
  Eric

  Hi Eric,
  Great question! Here is the related info, note the nice change in WLC Version 4.2.x.x;
  Q. In autonomous APs, Public Secure Packet Forwarding (PSPF) is used to avoid client devices associated to this AP from inadvertently sharing files with other client devices on the wireless network. Is there any equivalent feature in Lightweight APs?
  A. The feature or the mode that performs the similar function of PSPF in Lightweight architecture is called peer-to-peer blocking mode. Peer-to-peer blocking mode is actually available with the controllers that manage the LAP.
  If this mode is disabled on the controller, which is by default, it allows the wireless clients to communicate with each other through the controller. If the mode is enabled, it blocks the communication between clients through the controller.
  It only works among the APs that have joined to the same controller. When enabled, this mode does not block wireless clients terminated on one controller from the ability to get to wireless clients terminated on a different controller, even in the same mobility group.
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml
  Configuring Peer-to-Peer Blocking
  In controller software releases prior to 4.2, peer-to-peer blocking is applied globally to all clients on all WLANs and causes traffic between two clients on the same VLAN to be transferred to the upstream VLAN rather than being bridged by the controller. This behavior usually results in traffic being dropped at the upstream switch because switches do not forward packets out the same port on which they are received.
  In controller software release 4.2, peer-to-peer blocking is applied to individual WLANs, and each client inherits the peer-to-peer blocking setting of the WLAN to which it is associated.
  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42wlan.html#wp1084832
  Hope this helps!
  Rob

• Looking for an online LR3 gallery that allows clients to give feedback.

  Tried FSS Select from LightroomGalleries but no luck (I only get an endless "loading gallery"). I just want something simple that would allow clients to provide feedback (comments/picks/ratings) on a series of photos I just took for them.
  Any suggestions?
  Thanks very much!

  Wonderful - thanks a lot for the suggestions.
  Paul
  Date: Thu, 17 Mar 2011 03:11:57 -0600
  From: [email protected]
  To: [email protected]
  Subject: Looking for an online LR3 gallery that allows clients to give feedback.
  http://theturninggate.net/galleries/html-galleries/ttg-client-response-gallery/
  >

• AP WLC Client Traffic Query

  Hi Experts,
  I was trying to find any documentation explaining how return traffic works for wifi client data traffic in a capwap AP WLC architecture where the APs are in local mode (no HREAP) but was unable to find any detailed references for this.  I am specifically interested to find out if return traffic goes directly back to the client or whether it still goes via the WLC. 
  Some docs state that all traffic goes via the WLC-AP tunnel.  If this is the case then this means the WLC is performing NAT on the client traffic.  This assumption would also support the need for anchors in a roaming-mobility design.  The thing is i can't find any excerpts stating that NAT is indeed being performed by the WLC.
  Hope you could enlighten me on this.
  Thanks in advance.

  All traffic to and from a client will traverse the WLC and CAPWAP tunnel.
  NAT is not performed by the WLC for any client traffic.  The WLC is a layer 2 devices that needs to have all the client vlan's trunked to it.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• WAP561 - After 2-3 days the AP will not allow clients to fully authenticate (628911547)

  Have a total of 5 APs and every 2-3 days these devices seem to not allow clients to connect. Clients appear to associate but never authenticate. I have opened a case with Cisco (Case number in title) but want to see if anyone else is having this issue and how you may have resolved this.
  I received an email from an engineer and one of the options he asked me to change was not even an option on the screen. I have UNTAGGED VLAN selected however MANAGEMENT VLAN is not an option. Below is his email.
  Making a bit of reasearch i discovered that maybe you have fallen into a firmware bug.
  It should be related to VLAN.
  If you go on VLAn and IPv4 setting you should see somewhere the MANAGEMENT VLAN and UNTAGGED VLAN settings.
  Both of them should be ENABLED.
  On the next fw release this should be fixed because it’s normal to have both disabled, but just to workaround the problem you could try with this settings enabled and see if the “freeze” is not happening again.
  Please update me so i can close this case or go on with the process.

  The Fix Multicast rate setting can be found on the Wireless - Radio Page. In the advanced settings section. Below the
  Transmit Power settings.
  Thanks
  Eric Moyers    .:|:.:|:.
  Cisco Small Business US STAC Advanced Support Engineer
  Wireless Subject Matter Expert
  CCNA, CCNA-Wireless
  866-606-1866
  Mon - Fri 09:30 - 18:30 (UTC - 05:00)
  *Please rate the Post so other will know when an answer has been found.

• WiSM2 WLC 7.2 Maximum Allowed Clients under Global Parameters 802.11a/n b/g/n

  Hello everyone,
  Just loaded the 7.2.103.0 software onto the brand new WiSM2. Going throught the options and have found that under the global parameters for 802.11a/n, 802.11b/g/n radios is now the "Maximum Allowed Clients" option. The allowed setting is from 1 - 200 clients.
  Does that mean only 200 clients will be allowed to associate to the WLC on that radio at a maximum?
  Doesn't seems to make sense... I have the 500 AP license on this WiSM2... I know this option used to be an optional setting under a WLAN in previous releases.
  Any ideas?
  Regards,
  Sasha.

  Does that mean only 200 clients will be allowed to associate to the WLC on that radio at a maximum?
  As what Scott has responded, this means 200 clients per WAP.
  If you do exceed 200 clients per WAP (or whatever value you put in there) the clients will just get a nag and the system will let you in eventually.

• WCS 6.0 client traffic reports

  I've looked around in the reports trying to find one that generates the Client Traffic report on the Home page under the Client tab. It is just a plain and simple graph that shows how much bandwidth has been used. I've only seen reports that show how much bandwidth a client has used or each individual wlc. I just need an overall bandwidth usage. Does anyone know how to create this graph via Reports or any other way?
  Thanks
  Brock

  How about this:
  Reports > Report Launch Pad > Client > Client Summary > Client Summary Report Details
  Customize the report and only include:
  Number of Sessions - Required
  Number of Users - Required
  Total Traffic (MB)
  Total Throughput (Mbps)

• WCS v7.0 - Client Traffic Stats

  Hi,
  I have a demo license version of WCS v7.0 set up for a customer trial which is controlling a WLC-4402 and approx 10 access points.
  Everything is working normally and as I would expect apart from the 'Client Traffic' reporting. When I check the graphs on 'WCS Home' > 'Client' tab, the Client Count graphs are working and showing correct data but the Client Traffic graph is showing 0Kbps. I have also tried running a Client Traffic report and this also shows a graph with 0Kbps. I know that there are a number of users associated and passing traffic but I cannot find any reason why this is not recording and reporting correctly.
  Does anyone have any pointers or advice for what to check next?
  Many thanks,
  Paul.

  Hi Paul,
  That's exactly the issue as v1 doesn't have the ability to poll objects which have 64 bit counters which the client traffic metrics are.
  Change the version to SNMP v2 from WCS
  Configure --> Controllers --> Click on the IP of the WLC ---> Under 'SNMP parameters' --> click save.
  Wait for few hours & you should start seeing the graph getting populated.
  Ram

• SSID with PSK not allowing clients to reconnect

  I have a 2504 that has 2 SSID's configured. 1 SSID is corp and has WPA2-PSK enbabled and works just fine.  SSID 2 is guest and I would like to lock it down with a WPA2-PSK.  This works fine for 24hours then the clients that have been connected to SSID 2 can no longer connect.  I have had a laptop, an Android phone, Ipad 2, and an Iphone all get kicked off SSID 2 after 24 hours. Even if I put the correct password in they can't connect to SSID 2 I end up resetting the password and then it happens again the next day. Any thoughts?

  Duplicate post.
  Go here:  https://supportforums.cisco.com/discussion/12222096/ssid-psk-not-allowing-clients-reconnect

• Configure Wireshark on 3850 to capture bi-directional Wireless Client Traffic

  I'm trying to configure Wireshark to capture bi-directional client traffic of a single wireless client only. The IP address is 10.10.10.14 on VLAN 1.  Since I can't apply filters to the CAPWAP interface, I chose VLAN 1, with the following base commands.
  monitor capture MCAP interface VLAN1 both
  monitor capture MCAP file location usbflash:mcap.pcap buffer-size 1
  monitor capture MCAP limit duration 120
  If I configure "monitor capture MCAP match ipv4 any any"  I get too much information.   If I use "monitor capture MCAP match ipv4 host 10.10.10.14 any" I get packets transmitted by 10.10.10.14, but not the responses.
  Is there a way to accomplish this, or do I need to use Wireshark to filter unwanted packets?   If this were a busy AP, this could result in a very large capture file.   Thanks for the help.

  I'm trying to configure Wireshark to capture bi-directional client traffic of a single wireless client only. The IP address is 10.10.10.14 on VLAN 1.  Since I can't apply filters to the CAPWAP interface, I chose VLAN 1, with the following base commands.
  monitor capture MCAP interface VLAN1 both
  monitor capture MCAP file location usbflash:mcap.pcap buffer-size 1
  monitor capture MCAP limit duration 120
  If I configure "monitor capture MCAP match ipv4 any any"  I get too much information.   If I use "monitor capture MCAP match ipv4 host 10.10.10.14 any" I get packets transmitted by 10.10.10.14, but not the responses.
  Is there a way to accomplish this, or do I need to use Wireshark to filter unwanted packets?   If this were a busy AP, this could result in a very large capture file.   Thanks for the help.

• Allow client to administer a page on a site?

  I don't even know how to efficiently ask this question, so I'll just wade in.
  I'm making a small site for my brother, more or less on a hobby basis. Nothing has been posted yet, we're still talking about the look. But this issue has come up with other clients in the past, so I thought this would be a good time to plunge in.
  One or two "news" pages on the site will need to be updated on an irregular basis. Of course I could open my GoLive file and make changes, and repost the updated pages. But is there a reasonable way to integrate some technology (PHP, a blog?) into the site from the beginning that would allow my bro' to update the pages himself, from his computer, without having to edit HTML text files and post them?
  He did that kind of "editing" for an older site years ago, way before all the new web technologies. It worked but was cumbersome. About two years ago, I bought a PHP based suite called TNG and used it to create the pages at http://lovebunnies.luckypro.biz/genealogy/intro.php, but I know nothing about PHP and just used the editing/posting/changing features of the suite more or less out-of-the-box.
  It was fun doing all the editing online, from within a browser, and I wondered if some similar edit-it-himself function can be created using GoLive? Is there another, easier way to give him editing capabilities for a few pages? Note he will only want to change text, not layout or design. Thanks for any thoughts or suggestions!

  Thank you, Nate. I see that the short answer is "No, there is no way to use GoLive CS2 itself to allow my client to create and edit a blog or static pages." I have looked at the uselessly verbose, uninformative and fluffy Adobe pages on Contribute. It seems to be intended for Dreamweaver users, not GoLive. I'm not spending $170 for my brother to muck about.
  I do know of WordPress and TypePad. The question is how to integrate them into a site built with GoLive.
  "...a plain text file that's later imported into your HTML" is exactly what I'm trying to avoid. At that rate, I could just edit and update myself in GLCS2.
  I'll try to pull in some favors and see if my pals have any bright ideas. Thanks!

• How to make all "allowed" clients visible at the log on/welcome screen at start of the computer

  Assuming this is controlled by the Active Directory Server 2012 R2..
  I allow 3 users to be able to log on to computer A.
  I now start computer A. At the welcome / start screen I only see the person who was logged on latest.
  However, it would be great to see which 3 users actually can log on to that computer, have their user pic and names
  on the welcome / start screen instead of the "latest logged on" and then click on the person you are to log on.
  How do I configure the Server 2012 R2, or Client computer, so they won't see last person logged on, but simply everyone
  who actually is able to log on?

  You are not going to be able to do this on a domain computer. You can disable the last logged on user prompt though. This would make the computer prompt for a username at all times. That group policy setting is called: Interactive logon: Do not display
  last user name and is available under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options.
  If my answer helped you, check out my blog:
  Deploy Happiness

• TS1398 I'm on a public network that doesn't allow client-to-client communication.

  I'm trying to make my Mom's iPad work with the Epson Stylus NX430 ("Small in One") printer I just bought from Apple, with the iPad 2. She's in a retirement community with free WiFi, but the service provider prevents client-to-client communication. So, I can get the printer registered to have internet access, but the iPad doesn't see it.
  If I connect a router to the public service, and get the iPad to connect to the router, that may work. Or, I can get a router with a USB connection for the printer, one that acts as a print server.
  Does anyone have experience with these configurations? Will an Apple router do this, connecting to the public WiFi,
  If I do this, it creates another problem: my Mom will have to select the local network when in her room and wanting to print. Because the public router names are all the same, I don't think I can get the iPad to forget the local public access point (in favor of her router), and still have it remember the other public ones, though I'll have to try it. My Mom isn't going to take to this technical issue. She's doing fine with the iPad for mail, solitare, etc., but at 87 the technical stuff will cause her trouble.
  Dick

  Some printers support ad hoc printing. That is the printer can be configured to communicate with an iPad without the need for a router.  Perhaps such a printer would be of help.
  Some of the Internet comments on the Epson Stylus NX430 indicate it doesn't support ad hoc printing.   You could check in the user setup manual.
  How do you switch between networks on the iPad?  I'd assume a printer  on a router would be the same.  Perhaps you could configure your router to be a relay for http traffic and route the print traffic to your iPad. That's what a router is far anyway.  Whether you configure a consumer grade router like this is another story.
  Can you return the printer & get one that supports ad hoc printing? Might be safer in the long run.  Printing is one of the big hassles for my parents.  It's usually the ink has run out on the printer.  You may still have to switch networks to print.
  Some printers support ad hoc printing. That is the printer can be configured to communicate with an iPad without the need for a router.  Perhaps such a printer would be of help.  Some of the comments on the Epson Stylus NX430 indicate it doesn't support ad hoc printing.  How do you switch between networks on the iPad?  I'd assume a printer  on a router would be the same.  Can you return the printer & get one that supports ad hoc printing? Might be safer in the long run.  Printing is one of the big hassles for my parents.  It's usually ink as run out on the printer.

• NFS4: Allow client to create files with arbitrary uid and/or gid

  Hello.
  I've got a ZFS, which is supposed to be used for storing backups of client machines. I've set:
  --($ ~)-- zfs get sharenfs data/backup/winnb000546
  NAME                     PROPERTY  VALUE                                                 SOURCE
  data/backup/winnb000546  sharenfs  ro,root=winnb000546:10.0.4.5,rw=winnb000546:10.0.4.5  localOn winnb000546, I can then mount and access this directory. "root" can also create files (eg. "sudo touch $mountpoint/file") and this file is then owned by root:root (0:0).
  But this directory is supposed to hold a backup of the client machine; we don't use NIS or LDAP and thus /etc/passwd and /etc/group don't match. As winnb000546 is a Linux system (Arch Linux, to be exact), it would be somewhat hard to set it up so, that passwd/group completely match anyway.
  Now, as said, it's supposed to be for backup and thus I need to retain the ownership information exactly as it was on the client system. But it doesn't work...
  --($ /mnt/server/data/backup/winnb000546)-- sudo touch file
  --($ /mnt/server/data/backup/winnb000546)-- sudo chgrp hal file
  chgrp: changing group of `file': Invalid argument
  --($ /net/winds07-bge0.win.ch.da.rtr/data/backup/winnb000546/oink/UIDs/nfs3)-- getent group hal
  hal:x:82:askwarIt failed, because the Solaris server doesn't have a group with gid 82.
  What do I need to do on the Solaris 10 server, so that it allows the client to create files on the NFSv4 export with arbitrary gid and/or uid values (ie. even with values it knows nothing about)?
  Regards,
  Alexander

  Mount it as NFSv3