ASK THE EXPERTS:Branch Office Wireless Strategies

Similar Messages

• Ask the Expert: Cisco BYOD Wireless Solution: ISE and WLC Integration

  With Jacob Ideji, Richard Hamby  and Raphael Ohaemenyi   
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about  the new Identity Solutions Engine (ISE) and Wireless LAN Controller (WLC) hardware/software, integration, features, specifications, client details, or just questions about  Cisco's Bring-your-own device (BYOD) solution with cisco Experts Richard Hamby, Jacob Ideji, and Raphael Ohaemenyi. The interest in BYOD (Bring You Own Device) solutions in the enterprise has grown exponentially as guests and company users increasingly desire to use personal devices to access .  Cisco BYOD enhances user experience and productivity while providing security, ease-of-administration, and performance. The heart of the Cisco wireless BYOD solution is Identity Solutions Engine (ISE) utilizing the Cisco Unified Wireless portfolio.  Starting with ISE v1.1.1MR and WLC (Wireless LAN Controller) code v7.2.110.0 and higher, end-to-end wireless BYOD integration is reality. 
  Jacob Ideji is the technical team lead in the Cisco authentication, authorization and accounting (AAA) security team in Richardson, Texas. During his four years of experience at Cisco he has worked with Cisco VPN products, Cisco Network Admission Control (NAC) Appliance, Cisco Secure Access Control Server, and Dot1x technology as well as the current Cisco Identity Services Engine. He has a total of more than 12 years experience in the networking industry. Ideji holds CCNA, CCNP, CCSP, CCDA, CCDP, and CISM certifications from Cisco plus other industry certifications.
  Richard Hamby  works on the Cisco BYOD Plan, Design, Implement (PDI) Help Desk for Borderless Networks, where he is the subject matter expert on wireless, supporting partners in the deployment of Cisco Unified Wireless and Identity Services Engine solutions. Prior to his current position, Hamby was a customer support engineer with the Cisco Technical Assistance Center for 3 years on the authentication, authorization, accounting (AAA) and wireless technology teams. 
  Raphael Ohaemenyi  Raphael Ohaemenyi is a customer support engineer with the authentication, authorization and accounting (AAA) team in the Technical Assistance Center in Richardson, Texas, where he supports Cisco customers in identity management technologies. His areas of expertise include Cisco Access Control Server, Cisco Network Admission Control (NAC) Appliance, Cisco Identity Services Engine, and IEEE 802.1X technologies. He has been at Cisco for more than 2 years and has worked in the networking industry for 8 years. He holds CCNP, CCDP, and CCSP certification.
  Remember to use the rating system to let Jacob, Richard and Raphael know if you have received an adequate response.  
  Jacob, Richard and Raphael might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the wireless mobility sub community forum shortly after the event. This event lasts through Oct 5th, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

  OOPS !!
  I will repost the whole messaqge with the correct external URL's:
  In  general, the Trustsec design and deployment guides address the specific  support for the various features of the 'whole' Cisco TS (and other  security) solution frameworks.  And then a drill-down (usually the  proper links are embedded) to the specifc feature, and then that feature  on a given device.  TS 2.1 defines the use of ISE or ACS5 as the policy  server, and confiugration examples for the platforms will include and  refer to them.
  TrustSec Home Page
  http://www.cisco.com/en/US/netsol/ns1051/index.html
  http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/at_a_glance_c45-654884.pdf
  I find this page very helpful as a top-level start to what features and capabilities exist per device:
  http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
  The TS 2.1 Design Guides
  http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html
  DesignZone has some updated docs as well
  http://www.cisco.com/en/US/netsol/ns982/networking_solutions_program_home.html#~bng
  As  the SGT functionality (at this point) is really more of a  router/LAN/client solution, the most detailed information will be in the  IOS TS guides like :
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x.html
  http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/asr1000/sec-usr-cts-xe-3s-asr1000-book.html
  http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/trustsec.html

• ASK THE EXPERTS : High Density Wireless Deployments and CleanAir Technology

  with
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to get an update on High Density Wireless Deployments and CleanAir technology with Cisco expert Fred Niehaus. Fred is a technical marketing engineer for the Wireless Networking Business Unit at Cisco, where he is responsible for developing and marketing enterprise wireless solutions using Cisco wireless LAN products. In addition to his participation in major deployments, Fred has served as technical editor for several Cisco Press books including the "Cisco 802.11 Wireless Networking Reference Guide" and "The Business Case for Enterprise-Class Wireless LANs." Prior to joining Cisco with the acquisition of Aironet, Fred was a support engineer for Telxon Corporation, supporting some of the very first wireless implementations for major corporate customers. Fred has been in the data communications and networking industry for more than 20 years and holds a Radio Amateur (Ham) License "N8CPI."
  Remember to use the rating system to let Fred know if you have received an adequate response.
  Fred might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the shortly after the event. This event lasts through June 3, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

  You are correct, between the higher numbers of users with multiple devices the bandwidth requirements keep increasing.
  The limitation of three non-overlapping channels in the 2.4 GHz space is driving more customers to 5 GHz, it is important to have both bands when high density deployments are needed.  While many older devices only support 2.4 GHz, we are now seeing far more devices with 5 GHz as well.
  The recomendation of 20-25 clients and 8 voice calls on a given 2.4 GHz channel is still a good "rule of thumb" with actual customer data requirements driving those numbers higher or lower. You are right when you say "throwing Access Points" at the problem can degrade the wireless quality as co-channel interference and overall noise floor can rise with multiple Access Points that can all hear each other.
  A better approach to the problem is to throw more spectrum at this issue (using 5 GHz channels) and elements of 802.11n (20 MHz) bandwidth on 2.4 GHz.
  What we have been doing in high density deployments is to try to minimize the propagation of a cell and focus it in a given direction.  This can be done by
  1. Managing the RF power of the radios (Access Points) and in some cases the client's power (using elements of CCX).
  2. Using the right antennas to shape both Tx and Rx cell size to help isolate, we have recently introduced a new high gain antenna for stadiums that does this well.
  3. Limit supported rates, obviously the higher the data rate the less sensitive the receiver is and the smaller the cell size becomes.
  4. Enable 5 GHz (that adds far more channels for data throughput)
  5. Limit the number of SSIDs in use as each requires a separate beacon (adding to RF utilization)
  6. Co-locating access points with non-overlapping channels
  There are some challenges, for example; many dual -band clients prefer to connect to 2.4 GHz, and 2.4 GHz is more likely to be busier and subject to interference, so we also enable Cisco "Band-Select" which basically "nudges" those clients off 2.4 GHz and pushes them to 5 GHz so as to free up the 2.4 GHz band when we can determine the client has 5 GHz capability.
  So how is this done? well, we do this by listening to the clients and if we detect that the client is sending out probe requests on both bands we know the client can use 5 GHz so we essentially make the 5 GHz band "appear more attractive" to that client.
  Note: Client load balancing and Band select are features in the Cisco Unified controller menu.
  Also enabling client link (intelligent beam forming) helps direct the signal directly at the client and reduces same channel interference.

• ASK THE EXPERTS : Wireless Teleworking Solutions with Bruce Tiff

  with Bruce Tiff
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn about the Cisco OfficeExtend 600 Series Solution that comprises the Cisco Aironet® 600 Series OfficeExtend Access Points, Cisco wireless controllers and the Cisco Wireless Control System with Cisco expert Bruce Tiff. Bruce Tiff is a Product Marketing Manager for the Wireless Networking Business Unit (WNBU) at Cisco, where he is responsible for developing and marketing Enterprise Indoor & Teleworking Access Points (AP). Bruce joined Cisco in 2008 in the Broadband Wireless Business Unit (BWBU) where he served as the Product Manager for the WiMAX Broadband Wireless Access CPE product line.
  Remember to use the rating system to let Bruce know if you have received an adequate response.
  Bruce might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the shortly after the event. This event lasts through July 1st, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

  Hey Bruce,
  I have a question about the map editor in the WCS software, after uploading a map image (blueprint) I go into the editor to start adding objects (such as walls and doors) but when I look at my map the right hand side of the building is cut off about 30ft too soon. The map appears correctly in the heatmap and planning mode pages but not in the editor. This happens to about 50% of the maps that I upload. Some are cut off in the editor while others upload just fine.
  This could be related to my second part of my question: after adding walls on some of the maps that are showing up properly (no cut off) I save, generate the heatmap and exit. I look at the heatmap and it was not lining up with how I drew my walls, so I went back into the editor and all of my objects seem to have an incorrect scale to the building drawing. the upper left corner is lined up properly but as you move down and right the lines get more and more skewed from where they were originally drawn! This is very annoying and I cannot find any way to fix this. I have remade entire maps (hundreds of objects) and it screws it up every time!
  Am I doing something wrong in the process or is this a 'feature' ?
  EDIT: We are running version 7.0.164.0

• Ask the Expert: Technical Discussion on UCS-Mini platform

  Welcome to the Cisco Support Community Ask the Expert conversation.
  Ask your technical questions on UCS-Mini platform.
  The Discussion/Q&A is from November 24th through December 5th, 2014
  Cisco UCS, originally designed for the data center, is now optimized for branch and remote offices, point-of-sale, and smaller IT environments with Cisco UCS Mini. UCS Mini is for customers who need fewer servers (expandable to 15 servers) but still want the robust management capabilities provided by UCS Manager.  UCS 6324 Fabric Interconnect is main component which makes this solution possible on UCS 5108 Chassis with B200 M3 Blade Servers
  This solution delivers servers, storage, and 10 Gigabit networking in an easy-to-deploy, compact form factor.
  Vishal Mehta is a customer support engineer for Cisco’s Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco Nexus® 5000, Cisco UCS, Cisco Nexus 1000V, and virtualization. He presented at Cisco Live in Orlando 2013, Milan 2014, and San Francisco 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in Electrical and Computer Engineering and has CCIE® certification (number 37139) in Routing/Switching, Service Provider & Data Center.
  Rosalind Lee is customer support engineer specializing in Unified Computing System (UCS) blade servers including B series, C series, and E series. Rosalind holds a bachelor’s degree from UC Berkeley in Electrical Engineering and Computer Science and is currently pursuing her Masters of Information and Data Science at UC Berkeley. 
  Please use the rating system to let the experts know if you have received an adequate response. 
  Remember that you can continue the conversation in Data Center under the sub-community Unified Computing discussion forum shortly after the event. This event lasts through Dec 5th, 2014. Visit this forum often to view responses to your questions and the questions of other community members.

  Hello Wilson,
  This series is focused to answer any queries related with UCS-Mini deployments
  We are not doing webinar, however below is detailed UCS-Mini session done by Product Manager on Google Hangout+ 
  https://www.youtube.com/watch?v=gRVhLGsH8oI
  Thanks,
  Rosalind

• Ask the Experts Live Chat - Home Hub 4

  Hello,
  Stephanie and I are pleased to announce our next live discussion with some of our BT experts! It's about one of our latest new products, the Hub 4. This will be a great chance to get our Hub 4 experts onto the community to tell you a bit more about that and answer any questions you may have.
  We have added the Chat transcript below for any of you guys who missed this event.
  7:02
  JacquiBT: 
  Hello everyone.
  Thank for you joining our ‘Ask the Experts’ Live chat. I would like to introduce Dave, Sam and Emma who are our hub 4 experts and will be answering your questions tonight. I would like to invite you to ask your questions now.
  7:03
  [Comment From imjolly imjolly : ] 
  why are there no adsl stats available on the HH4
  7:04
  [Comment From DS DS : ] 
  evening all. Are the antennae omni directional?
  7:05
  Sean Donnelly: 
  Thanks for the question, Emma will respond
  to that question Imjolly
  7:05
  JacquiBT: 
  Thanks DS, Dave will respond to your question now
  7:05
  Dave: 
  Hi DS, yes they are
  7:05
  [Comment From Steve Steve : ] 
  Are there any plans for new firmware on the hub 4 to bring new features?
  7:06
  JacquiBT: 
  Thanks Steve, Dave is answering that question for you
  7:07
  Dave: 
  Hi Steve - yes there are. There will be more information available about this - and any new features - before each firmware drop.
  7:07
  [Comment From Steve Steve : ] 
  why can you not opt out of BT WIFI on the home hub 4?
  7:07
  Dave: 
  Hi Steve - you should have no problem doing this through the Hub Manager
  7:09
  JacquiBT: 
  Some great questions coming through, the experts are typing up responses now
  7:09
  [Comment From DS DS : ] 
  Personal testing - Why is the 2.4GHz range less than the HH3 when at a distance from the hub, but better close up than the HH3?
  7:10
  JacquiBT: 
  Thanks DS, Dave is answering this now for you
  7:10
  [Comment From George George : ] 
  Will the 'Home Network' page show a HH4 instead of the Current image of the HH3?
  7:11
  JacquiBT: 
  Thanks George, Sam will answer that for you
  7:11
  Sam: 
  Hi George, the HH4 image will be displayed in place of the HH3 in the next firmware release
  7:12
  Dave: 
  Thanks again DS - you shouldn't find that, but this can depend on a lot of different factors in the home. I've found mine to be a bit better actually! But it should be pretty much the same for most customers.
  7:12
  Sean Donnelly: 
  Did you know the Hub 4 has Smart Setup?
  Easy set up in just a few minutes. No CD or computer needed, it's all online and works on any device. Set up your Hub 4 router and access all your free extras like BT Cloud and BT Family Protection in just a few clicks.
  7:12
  [Comment From DS DS : ] 
  Is it possible for BT to allow us to move the BTWifi SSID's to another channel, leaving our own SSID on a less congested channel?
  7:12
  Dave: 
  Hi imjolly, sorry for the delay, Emma asked me to reply on her behalf. We have made the stats in the Hub manager simpler for customers to understand, we were reacting to feedback that it was too general for the wide range of customers and tech understandings.
  7:12
  JacquiBT: 
  Hi DS, Sam is replying to you now
  7:14
  [Comment From JamesS JamesS : ] 
  What speeds can I achieve over wifi, assuming I'm connected to 5ghz? Thanks.
  7:14
  Sean Donnelly: 
  Did you know the hub offers Easy Wireless?
  Connect wirelessly by selecting your BT Home Hub connection on any compatible device and just push a button on the Hub and you're connected. It's that simple. No passwords needed.
  7:14
  JacquiBT: 
  Hi JamesS. Dave will reply to your question
  7:14
  Emma: 
  Hi imjolly, we have made the stats in the Hub manager simpler for customers to understand, we were reacting to feedback that it was too general for the wide range of customers and tech understandings.
  7:15
  Sam: 
  Hi DS, moving BT Wifi SSID's to another channel is not possible on the HH4. However, we are looking closely at the wi-fi SSID's the hub broadcasts to see whether we can improve this experience.
  7:15
  Dave: 
  Hi James, 5GHz maximum data transfer rate of 300Mb/s; this will tend to translate as an optimal actual speeds of up to 100 Mb/s - depending on lots of factors in your home
  7:15
  [Comment From George George : ] 
  Why did you remove the built in plastic wireless info tab with a card?
  7:15
  JacquiBT: 
  Hi George, Dave is going to reply to that question
  7:16
  Dave: 
  Hi George - this was part of the design process, we've tried to make it even easier for customers to find their wireless information. Now it's not integrated it's a little bit more accessible.
  7:16
  [Comment From thebennyboy thebennyboy : ] 
  I currently have the HH3 and would like to know what noticable difference it will make having a HH4 over a HH3? We use the ethernet ports and the wireless.
  7:17
  JacquiBT: 
  Hi Bennyboy. Emma is going to reply to that question.
  7:17
  [Comment From Paul Paul : ] 
  How much faster is the processor in the home hub 4, compared to previous versions? how will this effect my online experience?
  7:18
  JacquiBT: 
  Hi Paul. Sam will answer that for you
  7:18
  Sam: 
  Hi Paul, the processor is a staggering 3x faster compared to the HH3
  7:19
  [Comment From Guest Guest : ] 
  Although opted out of BT wifi the hub still shows as being active
  7:19
  JacquiBT: 
  Hi Guest, could we ask that you post this on the community so the moderators can pick this up
  7:19
  Sean Donnelly: 
  Did you know that the hub 4 offers Dual band frequency which makes for a more reliable wireless connection?
  Smart dual-band technology reduces wireless interference and drop out’s giving you a reliable connection for all your devices.
  7:20
  [Comment From Guest Guest : ] 
  When you opt out of BT WIFI it appears to only opt out on the 2.4ghz channel and not the 5ghz channel. Are you looking into this?
  7:20
  JacquiBT: 
  Hi Guest. Dave will reply to your question
  7:21
  Dave: 
  Hi - thanks for this feedback, we'll definitely look in to it for you
  7:21
  Sean Donnelly: 
  Excellent questions coming through folks
  7:21
  Sean Donnelly: 
  Our experts are typing answers so please keep them coming
  7:22
  [Comment From Josh Josh : ] 
  Is it a known issue that the HomeHub 4 has problems identify the Xbox 360 as a media center extender when connected through a wired connection?
  7:23
  JacquiBT: 
  Hi Josh. Sam is replying to your question
  7:23
  [Comment From Winston Winston : ] 
  How much power does the home hub 4 use?
  7:24
  JacquiBT: 
  Hi Winston. Dave will respond to your question
  7:24
  Sam: 
  Hi Josh, we are aware of this issue. This is a problem with the Xbox rather than the HH4 but something we are reviewing together.
  7:24
  Emma: 
  Hi the bennyboy, the main advantages of the hub 4 are the faster processor (3 x faster) and 5 GHz wifi. There is no interference with 5GHz so you get better performance and as the range isn't as wide you dont have to share the bandwidth with neighbours etc. the hub still has 2.4 GHz so you still have the range you have withhub 3 too!
  7:24
  Dave: 
  Hi Winston, I am afraid there's no simple answer as it really depends on what features are in use. But the Hub 4 meets the latest Broadband Equipment Energy Code of Conduct targets for energy consumption.
  7:25
  [Comment From Mel Mel : ] 
  Why did you ignore your existing customers loyalty by charging them for a new hub, don't they pay enough already in their monthly fees?
  7:25
  JacquiBT: 
  Hi Mel, Dave will reply to your question
  7:25
  [Comment From Winston Winston : ] 
  How long did it take you to design and develop the home hub 4?
  7:26
  JacquiBT: 
  Hi Winston, Emma will reply to your question
  7:27
  [Comment From George George : ] 
  Will we get manual power save back?
  7:27
  JacquiBT: 
  Hi Gerorge. Sam will answer your question
  7:28
  [Comment From Jade Jade : ] 
  Does the home hub 4 support ip6 through a future upgrade?
  7:28
  Emma: 
  Hi Winston, It was about 2 years when we first started the project with the first ideas and concepts
  7:29
  JacquiBT: 
  Hi Jade. Emma will reply to your question.
  7:29
  Emma: 
  Hi Jade, thats something we are working on so yes something for the future
  7:30
  Sam: 
  Hi George. With regards to the manual power save feature, we have looked to make this automatic for all of our customers. However, you are able to change the brightness of the lights as an additional step.
  7:30
  Dave: 
  Hi Mel - we've made a lot of changes for our existing customers since the launch of the Hub 3 a couple of years ago. Our customer offer for the Hub 4 only £35 - a really big discount compared to the full price of £109! We've also created a range of recontracting deals that contain a Hub 4 for only the cost of delivery. If you're out of contract or in the last 3 months, you could take advantage of those offers as well. We really want all of our customers to be able to take advantage of these options!
  7:31
  Sean Donnelly: 
  Did you know the Hub 4 has a faster processor? Inside the BT Home Hub 4 router is our latest Broadband processor – the brains of your Hub. It allows you to pass information between connected devices quicker than ever. So if you are transferring files from one computer to another or watching a film streamed from another device, the BT Home Hub 4 won't slow you down.
  7:31
  [Comment From thebennyboy thebennyboy : ] 
  Our house has very thick stone walls and the wireless is weak in certain rooms. We have a few devices in our house that support 5Ghz Wi-Fi. Does the HH4 also work ok with home plugs that use your power cables to provide network connectivity?
  7:32
  JacquiBT: 
  Hi thebennyboy. Sam will respond to your question
  7:32
  [Comment From Calvin Calvin : ] 
  What future developments are in the works for home hub 4?
  7:33

  DS wrote:
  Not many of my Q's are showing either. Could be busy I guess......
  yeah I can tell, I know your quesitons are pretty good but if you notice that JacquiBT is deliberately choosing the questions she wants to go through. The whole chat is based around the fact that they have added 5ghz. I am appauled as I was hoping to at least ask one question. 

• ORA-06502 - Error when running "Ask The Expert 0.9"

  Hi ,
  I successfully installed "Ask the Expert" package with Apex 3.0 on Oracle 10g Database 10.2.0.1.0. No error ocurred during the import in my Apex environment.
  Besides that, i'm having problems when i tried to run the "Aks the Expert". It always shows the following message errors:
  ORA-06502: PL/SQL: numeric or value error: character string buffer too small
  Error Unable to write activity log.
  I think it was a problem with APEX instalation, but i could run the Sample Application of Apex without any problem.
  I opened an SR in Metalink, but to my surprise, the analist of support don't know what's wrong with the demo "Ask de Expert".
  The debug function of the application show the following commands before the error ocurrs:
  0.01:
  0.01: S H O W: application="103" page="1" workspace="" request="" session="6648566035252817"
  0.01: Language derived from: FLOW_PRIMARY_LANGUAGE, current browser language: en-us
  0.01: alter session set nls_language="AMERICAN"
  0.01: alter session set nls_territory="AMERICA"
  0.01: NLS: CSV charset=WE8MSWIN1252
  0.01: ...NLS: Set Decimal separator="."
  0.01: ...NLS: Set NLS Group separator=","
  0.02: ...NLS: Set date format="DD-MON-RR"
  0.02: ...Setting session time_zone to -03:00
  0.02: NLS: Language=en-us
  0.02: Application 103, Authentication: CUSTOM2, Page Template: 667896385843019243
  0.02: ...Determine if user "N3COUTINHO" workspace "951808960237899" can develop application "103" in workspace "951808960237899"
  0.02: ...ok to reuse builder session for user:nobody
  0.03: ...Application session: 6648566035252817, user=nobody
  0.03: ...Determine if user "N3COUTINHO" workspace "951808960237899" can develop application "103" in workspace "951808960237899"
  0.03: Session: Fetch session header information
  0.03: ...Metadata: Fetch page attributes for application 103, page 1
  0.03: Fetch session state from database
  0.03: Branch point: BEFORE_HEADER
  0.03: Fetch application meta data
  0.04: Computation point: BEFORE_HEADER
  0.04: ...Perform computation of item: P1_CLEAN_CRITERIA, type=FUNCTION_BODY
  0.04: ...Performing function body computation
  0.06: ...Session State: Save "P1_CLEAN_CRITERIA" - saving same value: ""
  0.06: Processing point: BEFORE_HEADER
  0.06: ...Process "Read and Write Activity Cookie": PLSQL (BEFORE_HEADER) declare l_cookie_id number; begin owa_util.mime_header('text/html', FALSE); -- ate_api.read_activity_cookie; l_cookie_id := ate_api.fetch_activity_cookie_val( 'COOKIE_ID' ); -- if l_cookie_id is null then l_cookie_id :=
  Content-type: text/html; charset=ISO-8859-1 Set-Cookie: activity_ask_expert=1|2400346189796; expires=Wed, 01-Jan-2020 08:00:00 GMT; path=/;
  0.06: Encountered unhandled exception in process type PLSQL
  0.06: Show ERROR page...
  0.06: Performing rollback...
  Please, could any one help me to solve this problem ? Metalink couldn't help me diagnosing what's wrong.
  Thanks,
  Sergio Coutinho

  Hi,
  I don´t know if it help the analisis, but i collect some informations about my environment:
  1) HTML DB version
  3.0.1
  2) Database version
  Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
  With the Partitioning, OLAP and Data Mining options
  3) Database server operating system (as well, if 32-bit or 64-bit)
  Solaris 5.9 - 64 bits
  4) Database Parameters:
  PARAMETER VALUE
  NLS_CALENDAR GREGORIAN
  NLS_CHARACTERSET WE8ISO8859P1
  NLS_COMP BINARY
  NLS_CURRENCY $
  NLS_DATE_FORMAT DD-MON-RR
  NLS_DATE_LANGUAGE AMERICAN
  NLS_DUAL_CURRENCY $
  NLS_ISO_CURRENCY AMERICA
  NLS_LANGUAGE AMERICAN
  NLS_LENGTH_SEMANTICS BYTE
  NLS_NCHAR_CHARACTERSET AL16UTF16
  NLS_NCHAR_CONV_EXCP FALSE
  NLS_NUMERIC_CHARACTERS .,
  NLS_RDBMS_VERSION 10.2.0.1.0
  NLS_SORT BINARY
  NLS_TERRITORY AMERICA
  NLS_TIMESTAMP_FORMAT DD-MON-RR HH.MI.SSXFF AM
  NLS_TIMESTAMP_TZ_FORMAT DD-MON-RR HH.MI.SSXFF AM TZR
  NLS_TIME_FORMAT HH.MI.SSXFF AM
  NLS_TIME_TZ_FORMAT HH.MI.SSXFF AM TZR
  Could it explain why ASK THE EXPERT is running on hosted apex site and it´s
  generating error when running in my environment?
  Thanks for the help !
  Sergio

• Ask the Expert: One Management with Prime Infrastructure 1.2

  With Tejas Shah
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions from Cisco expert Tejas Shah on One Management with Prime Infrastructure 1.2 Combining the wireless functionality of Cisco Prime Network Control System (NCS) with the wired functionality of Cisco Prime LAN Management Solution (LMS),  Cisco Prime Infrastructure simplifies and automates many of the day-to-day tasks associated with maintaining and managing the end-to-end network infrastructure from a single pane of glass. The new converged solution delivers all of the existing wireless capabilities for RF management, user access visibility, reporting, and troubleshooting along with wired lifecycle functions such as discovery, inventory, configuration and image management, automated deployment, compliance reporting, integrated best practices, and reporting.
  Tejas Shah is a senior technical marketing engineer for Cisco Prime Infrastructure and Collaboration products. He has deployed Cisco Prime Collaboration Manager at various customer sites to help customers monitor and troubleshoot their video infrastructure. In addition, he is part of the Network Operations Center team at Cisco Live events for six years. Shah joined Cisco in 1995 and was in the Technical Assistance Center team supporting various network management system products for more than six years.
  Remember to use the rating system to let Tejas know if you have received an adequate response. 
  Tejas might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Wireless Mobility sub-community discussion forum shortly after the event. This event lasts through Sept 21, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

  Raun, please see my responses inline:
  Can you go over the licensing method with Prime Infrastructure 1.2 please? 
  Raun, you can check out the following link for ordering guide at
  http://www.cisco.com/en/US/products/ps12239/products_data_sheets_list.html
  I currently have NCS and do NOT currently have LMS.  I know I can move to Prime Infrastructure through Cisco Product Upgrade Tool.  However, what I am confused about is do I still have to buy LMS to have LMS functionality in Prime Infrastructure 1.2? 
  ==> Not at all.  The converged product will give you basic management capability for routers and switches that LMS provided in this release.   Feature/Functionality will keep on growing with upcoming releases.
  If not, do the licenses I transfer into Prime Infrastructure 1.2 from NCS also work for devices to work under LMS? 
  ==> Licensing is different than NCS or LMS.  You don't have to transfer the license.  Each install of Prime Infrastructure will have a unique UID string on which the licenses are based.  A new license will be applied to the product.
  Mean, can my currently 350 licenses be used for AP's as in NCS and routers in the LMS portion of Prime Infrastructure 1.2?
  ==> I would recommend getting a total count of your wired and wireless devices and match the right SKU based on that.
  Hope this helps.. Let me know if you have any further questions,
  Tejas

• Ask the Expert: Plan, Design, and Implement Mobile Remote Access, the Cisco Collaboration Edge Architecture

  Welcome to the Cisco® Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about planning, designing, and implementing mobile remote access (Cisco Collaboration Edge Architecture) with Cisco subject matter experts Aashish Jolly and Abhijit Anand.
  Cisco Collaboration Edge Architecture is an architecture that provides VPN-less access of Cisco Unified Communications resources to Cisco Jabber® users. This discussion is dedicated to addressing questions about design best practices while implementing mobile remote access.
  For more information, refer to the Unified Communications Mobile and Remote Access via Cisco VCS deployment guide. 
  Aashish Jolly is a network consulting engineer who is currently serving as the Cisco Unified Communications consultant for the ExxonMobil Global account. Earlier at Cisco, he was part of the Cisco Technical Assistance Center (TAC), where he helped Cisco partners with installation, configuring, and troubleshooting Cisco Unified Communications products such as Cisco Unified Communications Manager and Manager Express, Cisco Unity® solutions, Cisco Unified Border Element, voice gateways and gatekeepers, and more. He has been associated with Cisco Unified Communications for more than seven years. He holds a bachelor of technology degree as well as Cisco CCIE® Voice (#18500), CCNP® Voice, and CCNA® certifications and VMware VCP5 and Red Hat RHCE certifications.
  Abhijit Singh Anand is a network consulting engineer with the Cisco Advanced Services field delivery team in New Delhi. His current role involves designing, implementing, and optimizing large-scale collaboration solutions for enterprise and defense customers. He has also been an engineer at the Cisco TAC. Having worked on multiple technologies including wireless and LAN switching, he has been associated with Cisco Unified Communications technologies since 2006. He holds a master’s degree in computer applications and multiple certifications, including CCIE Voice (#19590), RHCE, and CWSP and CWNP.
  Remember to use the rating system to let Aashish and Abhijit know if you have received an adequate response. 
  Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation on the Cisco Support Community Collaboration, Voice and Video page, in the Jabber Clients subcommunity, shortly after the event. This event lasts through June 20, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hi Marcelo,
     Yes, there are some requirements for certificates in Expressway.
  Expressway Core (Exp-C)
  - Can be signed by either External or Internal CA
  - Better to use a cluster name even if you start with 1 peer in Exp-C cluster. In the future, if more peers are added, changes would be minimal.
  - Better to use FQDN of cluster as CN of certificate, this way the traversal zone configuration on Expressway-E won't require any change even if new peers are added to Exp-C cluster.
  - If CUCM is mixed mode, include security profile names (in FQDN format) as Subject Alternate Names
  - The Chat Node Aliases that are configured on the IM and Presence servers. They will be required only for Unified Communications XMPP federation deployments that intend to use both TLS and group chat. (Note that Unified Communications XMPP federation will be supported in a future Expressway release). The Expressway-C automatically includes the chat node aliases in the CSR, providing it has discovered a set of IM&P servers.
  - For TLS b/w CUCM, IM-P & Exp-C
    + If using self-signed certificates on CUCM, IM/P. Load Cisco Tomcat, cup, cup-xmpp certificates from IM-P on Exp-C. Load callmanager, Cisco Tomcat certificates from CUCM on Exp-C.
    + If using Internal CA signed certificates on CUCM, IM/P. Load Root CA certificates on Exp-C.
    + Load CA certificate under tomcat-trust, cup-trust, cup-xmpp-trust on IM-P.
    + Load CA certificate under tomcat-trust, callmanager-trust on CUCM.
  Expressway Edge (Exp-E)
  - Signed by External CA
  - Configured Unified Communications domain as Subject Alternate Name
  - If using a cluster, select FQDN of this peer as CN and FQDN of Cluster + this peer as Subject Alternate Name.
  - If XMPP federation is being deployed, enter the same Chat Node Aliases as entered in Exp-C.
  For more details, please refer to the Certificate Creation Guide for Cisco Expressway x8.1.1
  http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-1.pdf
  - Aashish

• Ask the Expert: Overview of Cisco Prime Service Catalog and Process Orchestrator Solutions

  Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about the Cisco Prime Service Catalog and Process Orchestrator solutions.
  Cisco expert Jason Davis will discuss Cisco’s network management products offered under the Cisco Prime framework. If you have questions about Cisco Prime infrastructure or data center automation with our Cisco Prime Service Catalog and Process Orchestrator solutions, join us on the Cisco Support Community.
  Jason Davis is a distinguished services engineer in the Intelligent Infrastructure Practice team of Cisco Advanced Services. His role is to provide strategic and tactical consulting for hundreds of Advanced Services customers, lead service innovation, and assess new services and technologies. Jason's primary expertise areas are in network management systems, intelligent automation, virtualization, data center operations, software-defined networking, and network programmability.
  Based out of the Research Triangle Park (RTP) campus, Jason is also responsible for administering the Research Triangle Park Network Management Lab, Cisco's largest network management lab.
  Since joining Cisco in 1998, Jason has been a frequent speaker at Cisco's Networkers and CiscoLive conferences in the United States and Europe. In the past five years he has also been involved in the conference network setup and monitoring. He is a much sought-after resource by the field sales teams to assist with presales solutions and executive briefings. He has provided strategic and tactical network management consulting for several hundred customers.
  Jason is a subject matter expert with the following products and features:
  Cisco Prime LAN management solution
  Cisco Prime infrastructure
  CiscoSecure ACS
  Cisco Prime Network Registrar
  Cisco Process Orchestrator
  Cisco Prime Service Catalog
  Cisco IP SLA
  Embedded Event Manager
  SNMPv3
  onePK and OpenFlow
  Cisco UCS
  Device instrumentation
  VMware ESX, ESXi, and vCenter
  ITIL
  Jason received his bachelor of science degree in electrical engineering from the University of Miami (FL). He has been married for 20 years and has 4 children. His interests include providing audiovisual technical support for churches and conference venues, camping and biking with his family, remote-control helicopter piloting, paintball, and recreational shooting.
  Remember to use the rating system to let Jason know if you have received an adequate response.
  Because of the volume expected during this event, Jason might not be able to answer every question. Remember that you can continue the conversation in Data Center > Intelligent Automation under the subcommunity Cisco Prime Service Catalog shortly after the event. This event lasts through September 12, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Jason,
  Thank you very much for welcoming me to your expert discussion :) I feel to be in the right place, at the right time. Thank you also for answering question beyond your scope here, much appreciated. The information received will help me to go further as such I have submitted a 5 start rating for your first reply.
  That sounds promising about the LMS part so yes, I stay tuned and wait patiently.
  Ok, now let’s revert to the actual topic discussed here. Cisco Prime Service Catalog and Process Orchestrator solutions I have briefly read up on this on CCO (where elseJ) and picked out the following quote
  ---- Quote from the Cisco Prime Service Catalog Data Sheet
   Today’s end users want self-service and easy access to IT tools and services.
  Simultaneously, organizations are seeking ways to extend their cloud management
  platforms beyond self-service delivery of virtual machines and infrastructure resources
  while increasing their use of cloud-based solutions to enhance business agility and effectiveness.
  Cisco Prime™ Service Catalog offers tremendous benefits to organizations that want to unify the ways in
  which all types of IT services are ordered and fulfilled, not just infrastructure requests
  ---- un quote ---
  I try to understand what (at high level of course) happens in the back ground when an order is raised and which vendor solution your product can interact with.
  As mentioned in the quoted text, this service catalogue goes beyond the standard infrastructure.
  Let’s say, a user wants to deploy a new email services, or in your example,  extends or create a new web-portal (i.e. for HR to view and manage holiday, staff absence and benefits).
  Your solution will need to interact somehow with the 3rd party vendor application that is capable building such portal I believe.
  Without disclosing to many information, I assume the portal is linked to backend VM,s that spin up requested resources (and more magic of course). Perhaps I am mixing this up with another cisco product where a user can go on the portal and spin up virtual Firewalls, virtual Routers can be provisioned in now time.
  Out if interest; Is this product also known as Mozart? (project code within Cisco?)
  I hope query is ok.
  Best wishes
  Markus

• Ask the Expert: Upgrading Cisco Unified Communications Manager (CUCM) to Version 9.1 (Drive to 9)

  Welcome to the Cisco Support Community Ask the Expert conversation. Learn from experts Vijay Rao and Amit Singh about simplified upgrade process and focused support from Cisco to migrate to version 9.1. 
  This is a continuation of the live Webcast
  Drive to 9 is a comprehensive and holistic program designed to help you upgrade the current Cisco® Unified Communications Manager installed base to version 9.1 or higher. This upgrade will enable customers to have next-generation collaboration experiences.
  During the live event, Cisco subject matter experts Vijay Rao and Amit Singh focussed on the simplified upgrade process and focused support from Cisco to migrate to version 9.1. They also talked about the changes made to the licensing model of User Connect Licensing and Cisco Unified Workspace Licensing.
  Vijay Rao is a Network Consulting Engineer and is currently a unified communications (UC) consultant for Bank of America. He has been providing consulting assistance to the bank for the past 6 years. He helps design complex UC networks for large enterprise customers. He was previously part of Cisco IT in the Asia Pacific, Japan, and China (APJC) region and was instrumental in designing and implementing the Bangalore campus. He has been working with Cisco for 9 years and has 12 years of UC experience. He has a Cisco CCVP® certification. 
  Amit Singh is a customer support engineer at the Cisco Technical Assistance Center in Bangalore, India. He has 7 years of experience in his areas of expertise: wireless, Cisco Unified Communications Manager, multiservices, Cisco Unity®, and Cisco Unified Contact Center Express. He has been involved in various escalation requests from India, Singapore, and Australia and is currently working as a technical lead for the Voice team in Bangalore, India. He is a computer science graduate.
  Remember to use the rating system to let Vijay and Amit know if you have received an adequate response.  
  Vijay and Amit might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice and Video sub-community   forum shortly after the event. This event lasts through July 19, 2013. Visit this forum often to view responses to your questions and the questions of other community members.
  Webcast related links:
  Webcast Video
  FAQ from the live webcast
  Slides from the live webcast

  Hello Robert,
  Apologies for a delayed response, some days get very hectic.
  In CallManager, we only define the SRST reference, and CUCM version and SRST version are independent of each other.
  The only thing, which is related and will change with CUCM upgrade is Phone F/w version.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/compat/ccmcompmatr1.pdf
  You may just want to check your, phone f/w compatibility with the SRST version running on your ISR G1 Gateways:
  http://www.cisco.com/en/US/products/sw/voicesw/ps2169/products_device_support_tables_list.html
  For Example: SRST version 7.1
  http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps2169/data_sheet_c78-520521.html
  You may want to do some lab testing with CUCM 9.1 and an SRST supported f/w on your phones.
  If you decide to run the old Phone/F/w to support the SRST version, you may not be able to take advantage of new features.
  Also, you can try and upgrade your phones(Wih CUCM 9.1) and test them with your SRST version.
  It should work fine, but from a troubleshooting perspective, TAC may request you to come into a Cisco Supported combination.
  Please, let me know if this clarifies your doubt or we can have a quick phone call.
  Regards
  Amit Singh

• Ask the Experts :LAN Switching

  With Matt Blanshard and Jane Gao
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to ask your toughest layer 2 questions to two of the technical leaders of the San Jose LAN Switching team, Matt Blanshard and Jane Gao. Learn more about Spanning Tree, VTP, Trunking, Resilient Ethernet Protocol, IGMP Snooping, Private VLANS, Q-in-Q Tunneling, QoS, various switching platforms including all desktop switches, Metro Ethernet switches, 4500 and 6500 switches, Blade Center switches, and Nexus 7000 switches. 
  Matt Blanshard began his Cisco career as an intern in 2007.  He is now a technical leader at the Cisco Technical Assistance Center on the LAN Switching team. He holds a bachelor's degree from the University of Phoenix in computer science, and has CCNA certification.
  Jane Gao is a technical leader in the Lan Switching Technical Assistance Center (TAC) team in San Jose. She has been working with LAN switching technologies and supporting Cisco switching platforms Jane's Bio since 2009. Ms. Gao was previously a technical leader in the Wireless TAC team in San Jose. Prior to joining Cisco Ms. Gao was working in software development. She has a Master of Science degree in Computer Science from DePaul University in Chicago.
  Remember to use the rating system to let Matt and Jane know if you have received an adequate response.  
  They might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Lan Switching and Routing discussion forum shortly after the event. This event lasts through August 12, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

  you can load you IOS from the tftpd32 , first donload tftpd32 from google its free, run it but make it sure that you have you IOS image bin file in you PC, then , follow these steps ,
  STEP 1.
                  Store the IOS image on the computer in any drive with its original name .
  STEP2.
             Connect the Switch to the Computer through straight cable.
  STEP 3.
               Come to the Switch , come in the enable or privilege mode by entering   enable
               Then come to the configuration mode , type  config terminal push enter
             Now type interface fast Ethernet or giga Ethernet port what ever the port is connected to the PC , example interface fast Ethernet 0/1 then push enter
  Now give ip address, like
  Ip address 1.1.1.1 255.0.0.0   enter
  No shut   enter
  STEP 3 .
                   Come to the PC GO TO THE NETWORk CARD and give the ip address 1.1.1.2 subnet mask 255.0.0.0 gateway 1.1.1.0 nothing else.
  STEP 4.
               Now download    tftpd32  you can get it on google download it  AND RUN IT . AFTER THAT OPEN THE TFTP WHICH WILL BE ON DESKTOP , DOUBLE CLICK IT AND COME TO current directory and brows the IOS IMAGE FILE where you save that and select that it will then comes to the current directory , now below current directory you will see server interface , in front of that you will have to click show dir and see that the IOS file can be seen .
  STEP 5. COME TO THE SWITCH AGAIN , GO in enable mode.
  Type this.
                     Copy tftp flash. Push enter
                   It will ask you the name and address of remote host ?
  Give the IP ADDRESS of the system , 1.1.1.2 and push enter .
  Now it will ask you about the source file name ?
  Copy the file name from pc where the IOS IMAGE which is saved on the PC and past on the switch and type.bin in the end and push enter.
  Now the SWITCH will ask you about the destination file name , you can create your own name or use the same default name that is saved on the PC which you copy past on switch , after entering the name push enter. NOW WAIT FOR 10 MINUTES IF IT WILL ASK YOU SOMETHING PUSH ENTER AND WAIT FOR THE IMAGE TO UPLOAD.
  AFTER THAT COME TO THE enable mode and type wr  and the type reload and wait for the reboot process, in case you are using same destination file name as kept on the pc otherwise. Look below
  If you have create your own choice name then,
  Come to configuration mode , by typing config terminal push enter.
  Type this command
     Boot system switch all flash:/new name that you have created and type.bin in the end push enter.
  Now type exit come to the enable mode .
  Type WR push enter.
  Now run these commands for verification.
  Show boot. ( after running this command check if the file name of the IOS is there then its ok )
  Dir flash. ( after running this command check if the file name of the IOS is there then its ok )
  Now TYPE THE LAST COMMAND
  Reload and allow the switch to reboot and wait .

• ASK THE EXPERTS - WI-FI NETWORKS

  Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on different aspects of wireless network design and installation with Fred Niehaus.  Fred is a Technical Marketing Engineer for the Wireless Networking Business Unit at Cisco, where he is responsible for developing and marketing enterprise wireless solutions using Cisco Aironet and Airespace wireless LAN products. In addition to his participation in major deployments, Niehaus has served as technical editor for several Cisco Press books including the "Cisco 802.11 Wireless Networking Reference Guide" and "The Business Case for Enterprise-Class Wireless LANs." Prior to joining Cisco with the acquisition of Aironet, Niehaus was a support engineer for Telxon Corporation, supporting some of the very first wireless implementations for major corporate customers. Fred has been in the data communications and networking industry for more than 20 years and holds a Radio Amateur (Ham) License "N8CPI."
  Remember to use the rating system to let Fred know if you have received an adequate response.
  Fred might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through July 16, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Expert,
                   Before all, thank you for your great advice and helps. I've decided to implement a few of them. However, during preliminary test , i run into some issues. Hopefully, you will be able to help one last time.
  During my test, I implemented a few SSID wich worked fine in my lab with WEP encryption. And i decided to change the encryption, some of the SSID did work with wpa2. However, two remains my attention, the guess SSID which uses wpa with tkip and one of the test SSID. The guess SSID worked fine untill I decided to reload the AP. When the AP came back it could not grabs an ip, but sho commands shows that it is associate with the AP. See below. I am 100% certain that the config is correct as it was working fine before the reload.
  a) Show commands
  #sh dot11 associations
  802.11 Client Stations on Dot11Radio0:
  SSID [SAVY_GUESS] :
  MAC Address    IP address      Device        Name            Parent         State
  000e.9b6e.XXXX 169.254.97.66   ccx-client    -               self           Assoc
  Address           : 000e.9b6e.XXX     Name             : NONE
  IP Address        : 169.254.97.66      Interface        : Dot11Radio 0
  Device            : ccx-client         Software Version : NONE
  CCX Version       : 2
  State             : Assoc              Parent           : self
  SSID              : SAVY_GUESS
  VLAN              : 9
  Hops to Infra     : 1                  Association Id   : 13
  Clients Associated: 0                  Repeaters associated: 0
  Tunnel Address    : 0.0.0.0
  Key Mgmt type     : WPA PSK            Encryption       : TKIP
  Current Rate      : 54.0               Capability       : ShortHdr ShortSlot
  Supported Rates   : 1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
  Voice Rates       : disabled
  Signal Strength   : -31  dBm           Connected for    : 11592 seconds
  Signal to Noise   : 61  dBm            Activity Timeout : 57 seconds
  Power-save        : Off                Last Activity    : 3 seconds ago
  Apsd DE AC(s)     : NONE
  Packets Input     : 8830               Packets Output   : 9
  Bytes Input       : 435094             Bytes Output     : 1154
  Duplicates Rcvd   : 15                 Data Retries     : 0
  Decrypt Failed    : 0                  RTS Retries      : 0
  MIC Failed        : 0                  MIC Missing      : 0
  Packets Redirected: 0                  Redirect Filtered: 0
  Session timeout   : 0 seconds
  Reauthenticate in : never
  b) SSID config
     dot11 ssid SAVY_GUESS
     vlan 9
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 1240321A241F5B367B29281F6200133524422D325C
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 9 mode ciphers tkip
  encryption vlan 16 mode ciphers aes-ccm
  ssid SAVY_GUESS
  ssid Wireless-Test
  interface Dot11Radio0.9
  encapsulation dot1Q 164
  no ip route-cache
  bridge-group 9
  bridge-group 9 subscriber-loop-control
  bridge-group 164 block-unknown-source
  no bridge-group 9 source-learning
  no bridge-group 9 unicast-flooding
  bridge-group 9 spanning-disabled
  interface FastEthernet0.9
  encapsulation dot1Q 9
  ip helper-address 10.XXX.ZZZ.254
  no ip route-cache
  bridge-group 255
  no bridge-group 255 source-learning
  bridge-group 255 spanning-disabled
  ps. Wired Device connected on the vlan did grab an IP.
  2. Wireless_Test
  This SSID was working fine until I change the vlan associate to it.
  SSID [Wireless-Test] :
  MAC Address    IP address      Device        Name            Parent         State
  001f.3b51.XXXX 169.254.90.253  ccx-client    00C00070        self           EAP-Assoc
  Address           : 001f.3b51.XXXX     Name             : I00000070
  IP Address        : 169.254.90.253     Interface        : Dot11Radio 0
  Device            : ccx-client         Software Version : NONE
  CCX Version       : 4
  State             : EAP-Assoc          Parent           : self
  SSID              : Wireless-Test
  VLAN              : 16
  Hops to Infra     : 1                  Association Id   : 12
  Clients Associated: 0                  Repeaters associated: 0
  Tunnel Address    : 0.0.0.0
  Key Mgmt type     : WPAv2              Encryption       : AES-CCMP
  Current Rate      : 54.0               Capability       : WMM ShortHdr ShortSlot
  Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
  Voice Rates       : disabled
  Signal Strength   : -43  dBm           Connected for    : 14298 seconds
  Signal to Noise   : 52  dBm            Activity Timeout : 14 seconds
  Power-save        : On                 Last Activity    : 6 seconds ago
  Apsd DE AC(s)     : NONE
  Packets Input     : 15322              Packets Output   : 256
  Bytes Input       : 913707             Bytes Output     : 19866
  Duplicates Rcvd   : 249                Data Retries     : 14
  Decrypt Failed    : 0                  RTS Retries      : 0
  MIC Failed        : 0                  MIC Missing      : 0
  Packets Redirected: 0                  Redirect Filtered: 0
  Session timeout   : 0 seconds
  Reauthenticate in : never
  b) config
  dot11 ssid Wireless-Test
     vlan 16
     authentication open eap eap_methods2
     authentication network-eap eap_methods2
     authentication key-management wpa
     accounting acct_methods3
     mbssid guest-mode
  interface Dot11Radio0.16
  encapsulation dot1Q 16
  no ip route-cache
  bridge-group 16
  bridge-group 16 subscriber-loop-control
  bridge-group 16 block-unknown-source
  no bridge-group 16 source-learning
  no bridge-group 16 unicast-flooding
  bridge-group 16 spanning-disabled
  interface FastEthernet0.16
  encapsulation dot1Q 16
  ip helper-address 10.zzz.xxx.254
  no ip route-cache
  bridge-group 16
  no bridge-group 16 source-learning
  bridge-group 16 spanning-disabled
  Can the radio interface get mess by the reload? How can I verify theradio? Debug did not show Client asking for IP...
  3. My last question, my ACLs to limit guess access. Should i implement them in my firewall or in my distribution router? The distribution router has a sub_interface for each SSID. Would it be better  to block traffic right from the distribution router rather let unecessary traffic flow to the network?
  Thanks a lot for great advice and guidance,
  ---Jean Paul.

• ASK THE EXPERTS - Update on 802.11n with Fred Niehaus

  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to get an update on 802.11n with Cisco expert Fred Niehaus. Fred is a Technical Marketing Engineer for the Wireless Networking Business Unit at Cisco, where he is responsible for developing and marketing enterprise wireless solutions using Cisco Aironet and Airespace wireless LAN products. In addition to his participation in major deployments, Fred has served as technical editor for several Cisco Press books including the "Cisco 802.11 Wireless Networking Reference Guide" and "The Business Case for Enterprise-Class Wireless LANs." Prior to joining Cisco with the acquisition of Aironet, Fred was a support engineer for Telxon Corporation, supporting some of the very first wireless implementations for major corporate customers. Fred has been in the data communications and networking industry for more than 20 years and holds a Radio Amateur (Ham) License "N8CPI."
  Remember to use the rating system to let  Fred know if you have received an adequate response.
  Fred might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Other Mobility Subjects discussion forum shortly after the event. This event lasts through March 25, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

  So there are two parts of this question, the latter part I cannot address as it is a future question.  Cisco does not comment on products that have not been released or on the strategy of next generation products.
  That said, Cisco was first to market with an 802.11n Access Point and well (we didn't all go on vacation after we did that)
  So let's talk a little about spatial streams in general and how it relates to what customers are doing today.
  The Cisco 1040, 1140, 1250, 1260 and 3500 Series Access Points are all two spatial streams (2SS).
  As of the time of this writing, a critical mass of 3SS and 4SS compatible clients have yet to be deployed, and the vast majority of WiFi clients that will be deployed over the next 18 months will be 1SS and 2SS clients.
  The higher SS clients are likely only show up in some higher end notebooks -- Why? well it is a given that smartphones and tablets are likely to continue to be 1SS and in some rare cases 2SS.
  This is because additional radios used in this technology consume battery life, add to the physical size of the device and increase the cost. Also many devices leverage the same single antenna for cellular as well as WiFi.  Therefore, it is my opinion that 3SS Access Points provide little if any performance benefit for smartphones or tablets in the enterprise today, and any real throughput gain is likely to occur with high end notebooks in close proximity to the Access Point and those are rolling out very slowly and we are monitoring this.
  Now we get to my favorite part of this..  I get to ask myself a question and then answer it..
  So Fred are you saying that there is no value in 3SS and 4SS?
  Of course not, 3SS performs similar to 2SS beyond a short distance, and with any multi-SS product RF interference must be addressed to capture the performance benefits of higher SS Access Points. Actual throughput in any WiFi environment is highly dependent on the presence of interferers and obstacles.
  Without the ability to mitigate the impact of interference, 3SS solutions will "downshift" to 2SS of 1SS and lose all the performance benefits anyway IMHO.
  I don't want to sound like a commercial, but you really do need Cisco cleanair technology in the AP and Cisco innovations deliver more and will go beyond the simple 3SS aspects of the 802.11n standard.
  IMHO it's more about CleanAir, good RF system design, and what we put into the AP with regard to performance "in the environment" and not what is on some spec sheet today.
  For more on Cisco CleanAir see the following URL http://www.cisco.com/en/US/netsol/ns1070/index.html
  Fred

• Ask the Expert: Hierarchical Network Design, Includes Core, Distribution, and Access

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about hierarchical network design. 
  Recommending a network topology is required for meeting a customer's corporate network design  needs in their business and technical goals and often consists of many interrelated components. The hierarchical design made this easier like "divide and conquer" the job and develop the design in layers.
  Network design experts have developed the hierarchical network design model to help to develop a topology in discrete layers. Each layer can be focused on specific functions, to select the right systems and features for the layer.
  A typical hierarchical topology is
  A core layer of high-end routers and switches that are optimized for availability and performance.
  A distribution layer of routers and switches that implement policies.
  An access layer that connects users via lower-end switches and wireless access points.
  Ahmad Manzoor is a Senior Pre-Sales Engineer at AGCN, Pakistan. He has more than 10 years of experience in first-rate management, commercial and technical skills in the field of data communication and services lifecycle—from solution design through sales pitch, designing RFPs, architecture, and solution—all with the goal toward winning projects (creating win/win situations) of obsolete solutions.  Ahmad also has vast experience in designing end-to-end data centers, from building infrastructure design to data communication and network Infrastructure design. He has worked for several large companies in Pakistan and United Arab Emirates markets; for example, National Engineer, WATEEN Telecom, Emircom, Infotech, Global Solutions, NETS International, Al-Aberah, and AGCN, also known as Getronics, Pakistan.
  Remember to use the rating system to let Ahmad know if he has given you an adequate response. 
  Because of the volume expected during this event, Ahmad might not be able to answer every question. Remember that you can continue the conversation in the  Solutions and Architectures under the sub-community Data Center & Virtualization, shortly after the event. This event lasts through August 15, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Dear Leo,
  We are discussing the following without any product line, discussing the concept of hierarchical design, which will help you to take decision which model is better for you Two Layer or Three Layer hierarchical model.  
  Two-Layer Hierarchy
  In many networks, you need only two layers to fulfill all of the layer functions—core and aggregation
  Only one zone exists within the core, and many zones are in the aggregation layer. Examine each of the layer functions to see where it occurs in a two-layer design:
  Traffic forwarding—Ideally, all interzone traffic forwarding occurs in the core. Traffic flows from each zone within the aggregation layer up the hierarchy into the network core and then back down the hierarchy into other aggregation zones.
  Aggregation—Aggregation occurs along the core/aggregation layer border, allowing only interzone traffic to pass between the aggregation and core layers. This also provides an edge for traffic engineering services to be deployed along.
  Routing policy—Routing policy is deployed along the edge of the core and the aggregation layers, generally as routes are advertised from the aggregation layer into the core.
  User attachment—User devices and servers are attached to zones within the aggregation layer. This separation of end devices into the aggregation permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, it is best not to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the aggregation layer. You can also place traffic admittance controls at the aggregation points exiting from the aggregation layer into the core of the network, but this is not common.
  You can see, then, how dividing the network into layers enables you to make each layer specialized and to hide information between the layers. For instance, the traffic admittance policy implemented along the edge of the aggregation layer is entirely hidden from the network core.
  You also use the core/aggregation layer edge to hide information about the topology of routing zones from each other, through summarization. Each zone within the aggregation layer should have minimal routing information, possibly just how to make it to the network core through a default route, and no information about the topology of the network core. At the same time, the zones within the aggregation layer should summarize their reachability information into as few routing advertisements as possible at their edge with the core and hide their topology information from the network core.
  Three-Layer Hierarchy
  A three-layer hierarchy divides these same responsibilities through zones in three vertical network layers,
  Traffic Forwarding—As with a two-layer hierarchy, all interzone traffic within a three- layer hierarchy should flow up the hierarchy, through the layers, and back down the hierarchy.
  Aggregation—A three-layer hierarchy has two aggregation points:
  At the edge of the access layer going into the distribution layer
  At the edge of the distribution layer going into the core
  At the edge of the access layer, you aggregate traffic in two places: within each access zone and flowing into the distribution layer. In the same way, you aggregate interzone traffic at the distribution layer and traffic leaving the distribution layer toward the network core. The distribution layer and core are ideal places to deploy traffic engineering within a network.
  Routing policy—The routing policy is deployed within the distribution layer in a three- layer design and along the distribution/core edge. You can also deploy routing policies along the access/distribution edge, particularly route and topology summarization, to hide information from other zones that are attached to the same distribution layer zone.
  User attachment—User devices and servers are attached to zones within the access layer. This separation of end devices into the access layer permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, you do not want to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the access layer. You can also place traffic admittance controls at the aggregation points along the aggregation/core edge.
  As you can see, the concepts that are applied to two- and three-layer designs are similar, but you have more application points in a three-layer design.
  Now the confusion takes place in our minds where do we use Two Layer and where the Three layer hierarchical model.
  Now we are discussing that How Many Layers to Use in Network Design?
  Which network design is better: two layers or three layers? As with almost all things in network design, it all depends. Examine some of the following factors involved in deciding whether to build a two- or three-layer network:
  Network geography—Networks that cover a smaller geographic space, such as a single campus or a small number of interconnected campuses, tend to work well as two-layer designs. Networks spanning large geographic areas, such as a country, continent, or even the entire globe, often work better as three layer designs.
  Network topology depth—Networks with a compressed, or flattened, topology tend to work better as two-layer hierarchies. For instance, service provider networks cover large geographic areas, but reducing number of hops through the network is critical in providing the services they sell; therefore, they are often built on a two-layer design. Networks with substantial depth in their topologies, however, tend to work better as three-layer designs.
  Network topology design—Highly meshed networks, with many requirements for interzone traffic flows, tend to work better as two-layer designs. Simplifying the hierarchy to two levels tends to focus the design elements into meshier zones. Networks that focus traffic flows on well-placed distributed resources, or centralized resources, such as a network with a large number of remote sites connecting to a number of centralized Data Centers, tend to work better as three-layer designs.
  Policy implementation—If policies of a network tend to focus on traffic engineering, two-layer designs tend to work better. Networks that attempt to limit access to resources attached to the network and other types of policies tend to work better as three-layer designs.
  Again, however, these are simple rules of thumb. No definitive way exists to decide whether a network should have two or three layers. Likewise, you cannot point to a single factor and say, “Because of this, the network we are working on should have three layers instead of two.”
  I hope that this helps you to understand the purposes of Two Layer & Three layer Hierarchical Model.
  Best regards,
  Ahmad Manzoor