Cisco 3750 with integrated WLC, wpa2 ent, 802.1x and ms IAS.

Similar Messages

• App-V 5.0 // Visio - Project with Integration + local Office 2010 Deployment Kit and COM settings

  Hi, I did read all the Microsoft and non-microsoft documentation first. However, I didn't find an answer to these 3 questions: 
  Situation:
  * Locally installed Office 2010.
  * Visio and Projects 2010 sequenced with App-V 5.0 SP3 sequencer with integration scenario (http://support.microsoft.com/kb/2830069)
  * User-target of Visio and Project (I now according to documentation this should be published globally. Since not every user has a license this is no option. So far my tests do not show any problems with user-targeted visio/project)
  * Visio has "allow COM objects to interact with the local system" and "OutOfProcessEnabled" enabled
  1) When targeting both visio and project to the user with integration the licensing component only works for the first started application. Therefore I also install the licensing kit locally which make both the visio and project licensing work just fine.
  Anyone sees a problem with having the license kit installed locally and stream the applications with integration on top? With my tests all seems to work well. The advantage of this is that I do not have to have separate packages for integration and non-integration
  scenario's.
  2) To make drag-and-drop from visio drawings in word work I enabled the COM interaction and I need also to set OutOfProcessEnabled="true". Does anyone now how to set OutOfProcessEnabled to true inside the .appv (it is possible with application
  virtualization explorer) and not only manually afterwards in the xml's?
  3) Should these COM settings be enabled for project as well? It seems that pasting in word from project has not the same interaction, it just pastes a table.

  1.  We did similar, installed that MSI for the licensing component locally, and streamed Project and Visio 2010, and so far so good.
  2. There is no way to set those COM options inside the .appv.  You can set integrated vs isolated, but no IP or OoP COM, you have to use the deployment XML.
  3.  This gets tougher to answer, but it goes to how much isolation do you want.  Some of the articles are great just go over my head slightly, but have to deal with how the filter driver processes certain kinds of COM, IP or OoP.  With Isolated
  (as opposed to integrated) the COM systems (local and package) are totally isolated except for global exceptions.
  With integrated, you can further 'integrate' the COM subsystems by enabling those options.  Correct me if I'm mistaken though.
  So do you need to?  If everything works for you I'd say no, but you might find something else doesn't work without those settings.
  Also very important, you cannot join a CG without those subsystems being equal.  So if Project and Visio ever need to be in a CG together and the COM settings aren't identical, you will get an error at the client.
  I really like this article but not going to lie it goes over my head a bit (a bit or a lot depending on my coffee intake)
  http://blogs.technet.com/b/gladiatormsft/archive/2015/01/14/app-v-5-further-into-com-and-dynamic-virtualization.aspx

• 802.1x and MS IAS and Nortel IP phone

  hi,
  i have setup 802.1x MS IAS. All seems to work fine when i am using a plain pc connection to switch but the moment IP phone is involved i start facing issues.
  I am using cisco 3750 switch with version 12.2(25)SEB4
  dhcp server is on windows which is on a different network i.e. 10.50.1.9
  dhcp relay agent is defined on firewall subinterces
  All works when phone is not involved. BTW i am using Nortel IP phone
  when the phone is plugged and cable is throug the phone, i provide the user name and credentials and also when i say show vlan on switch i can see i am aprt of corrent vlan but i do not get an ip address.
  This is the error i get on switch when is said debug radius:
  pls find two attachments of debug dot1x events and radius.
  pls help
  Regards
  AI

  Hi Adil,
  I'm testing with a Catalyst 3560 running IOS version 12.2(44)SE2.
  I have a Nortel-LG IP phone which does not have 802.1x supplicant.
  I tried configuring MDA on the switchport and use MAB to authenticate the phone.
  My questions:
  1. In the ACS, I created a group for the IP phone and specify "device-traffic-class=voice" as the cisco-av-pair. Is this what I should be doing for a non-Cisco phone?
  2. I know the phone's MAC address is 00-40-5A-17-C6-30. I created a user 00405a17c630 (password is also 00405a17c630) and assign it to the IP phone group I created above. Is this correct?
  My testing wasn't successful. I got the following output:
  Switch#sh dot1x int f0/48 de
  Dot1x Info for FastEthernet0/48
  PAE = AUTHENTICATOR
  PortControl = AUTO
  ControlDirection = Both
  HostMode = MULTI_DOMAIN
  Violation Mode = PROTECT
  ReAuthentication = Disabled
  QuietPeriod = 60
  ServerTimeout = 30
  SuppTimeout = 30
  ReAuthPeriod = 3600 (Locally configured)
  ReAuthMax = 2
  MaxReq = 2
  TxPeriod = 30
  RateLimitPeriod = 0
  Mac-Auth-Bypass = Enabled
  Inactivity Timeout = None
  Guest-Vlan = 999
  Dot1x Authenticator Client List
  Domain = UNKNOWN
  Supplicant = 0040.5a17.c630
  Auth SM State = AUTHENTICATING
  Auth BEND SM State = REQUEST
  Port Status = UNAUTHORIZED
  Authentication Method = Dot1x
  Domain = UNKNOWN
  Port Status = UNAUTHORIZED
  My switch config is as follows:
  aaa new-model
  aaa authentication dot1x default group radius
  dot1x system-auth-control
  radius-server host 1.1.1.1 auth-port 1645 acct-port 1646 key cisco123
  radius-server source-ports 1645-1646
  radius-server vsa send authentication
  interface FastEthernet0/48
  description *** 802.1x Test Port ***
  switchport access vlan 70
  switchport mode access
  switchport voice vlan 71
  no snmp trap link-status
  dot1x mac-auth-bypass
  dot1x pae authenticator
  dot1x port-control auto
  dot1x host-mode multi-domain
  dot1x violation-mode protect
  dot1x guest-vlan 999
  spanning-tree portfast
  In the ACS' Failed Attempts logs, I saw entries for:
  User-Name = 00405a17c630
  Group-Name = IP_Phone_Test_Group
  Caller-ID = 00-40-5A-17-C6-30
  Authen-Failure-Code = Internal error
  ACS version is 4.1.
  what am I missing? Please advise.
  Thank you.
  B.Rgds,
  Lim TS

• Connect Cisco 3750 with Fiber

  "Is Cisco 3550 using a WS-G5486 Gigabit module? What's SFP module would you use to connect a Cisco WS-C3750X-48P-L PoE switch ? Does anyone have experience with SX to LX adapters and if they are reliable?"
  A:Hi, to connect them well, you would need to use a GLC-LH-SMD transceiver for this, and a LC-SC single-mode patch cord (if they're being connected directly without an intermediate patch-panel).

  I am not an expert with Cisco WS-C3750X-48P-L PoE switch but you may want to post it to Cisco community forum. Here's the link to that: https://supportforums.cisco.com/community/5976/small-business-switches

• Windows 8.1 compatibility with WLC v7.0.98.218 and DELL DEVICES

  hello,
  We have a lot wlc (4400, WiSM, WS-C3750G-24PS and 5500) running on version 7.0.98.218.
  Windows 7 and Windows 8 clients are able to connect to the WiFi, which has Windows 8.1 can no longer connect.
  we tested two WLAN's, one with security policy: [WPA2] [Auth (802.1X)] and another with [WPA2] [Auth (PSK)], MAC Filtering
  in any of the WLAN's the clients with Windows 8.1 did not bind (cannot connect).
  the outup obtained is attached
  one of the devices which are having problems is a dell laptop E5430.
  We've update the wireless card drivers ... according to the dell ... I did downgrade for old version... upgrade to last versions given by broadcom ... but still the problem
  can you help me ?!?
  Regards,
  Tiago Marques

  To enable that your network is ready for 802.11w and Windows 8 ensure that you are running the latest Cisco Unified releases in your wireless controller network.
  Please find the link :-
  http://www.my80211.com/home/2012/10/19/bug-cscua29504-upgrade-that-code-if-you-want-windows-8-to-wo.html

• Throughput of Cisco 3750-E

  Hi,
  Can anyone let me know the actual throughput of Cisco 3750-E (WS-C3750E-24TD-S) Standalone switch and the throughput when stacked with 4 nos of WS-C3750E-24TD-S ?
  Is WS-C3750E-24TD-S ports oversubscribed?
  Sam.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  I think the 68 Gbps backplane supports the 48g port variants plus two 10g ports; i.e. 48+10+10=68.
  What's a bit confusing, fabric specifications are normally "doubled" to allow for duplex ports but Cisco, in the posted spec uses the term "backplane" rather than "fabric".
  Also confusing, when stacked, there's a pair of 16g stack ports too.  It's unclear whether the same backplane or fabric bandwidth is shared with those, or whether there's additional capacity to support them too.  I.e. the 3750-E might support wire rate bandwidth when used standalone but might not when stacked.
  In any case, when 3750-E units are stacked, the stack ring can be a potential bottleneck.  Fortunately, besides StackWisePlus offering twice the stackport bandwidth of StackWise, it also supports (for unicast) destination stripping and also (for unicast) only puts traffic on the stack ring when it must.  Still, again, it's a potential bottleneck.  It's also a ring, not a fabric.
  PS:
  Besides bandwidth, you need to check a switch's PPS capacity.  I believe the 3750-E has sufficient PPS it can generally support wire rate.
  However, one common problem with 2960/3560/3750 series switches is lack of RAM for deep buffering.  The 3750 series, I understand, to have 2 MB per 24 copper ports and 2 MB for the uplink ports.
  The 3750 stacks are often fine for user edge ports, often not so fine for more demanding roles.
  PPS:
  Also believe the 3750-E is end-of-life and end-of-sale.

• 802.11n and Airport Express iTunes Base station Help me ?

  I'll try to keep this simple :
  In my Office I have a 24" iMac Intel and the
  802.11n resides also in my Office
  About 40ft away is my Den which resides:
  My MacBook Pro 17" Intel and a Airport Express iTunes
  Base Station
  Going Back to the 802.11n I have a 2.0 USB AC Powered
  Hub connected to the USB port on the back of the 802.11n
  of which  said is OK to do
  Connected to the USB on the back of the 802.11n:
  is a Epson R200 USB InkJet Printer and also on that
  Hub is a Lacie Porche 500gb External USB Hard Drive
  Again  says is Ok to do
  The problem I'm having is that the Cable Modem is
  in my Office and is connected via Ethernet to the 802.11n
  and I can get a strong connection to the internet
  on my iMac 24" Intel in my Office but the MBP 17"
  in my Den is having issues getting onto the Internet
  now about a week ago I spent 8hrs on the phone W/Apple
  about such issues so we erased all the information in
  the Disk Utility and started over with the information
  in the 802.11n and the iTunes Base Station Express
  this has helped until the recent FirmWare Update that
  Apple Released a few days ago,
  I've tried to actual bring my MBP 17" into the Office
  and it gets a better Internet signal than in the Den,
  but this wasn't the way it was before the FirmWare Update
  Any Suggestions on what I can do to fix this situation
  As all worked well with the Express iTunes in the Den
  and the 802.11n in the Office and the Cable Modem has
  always been in the Office ?
  P.S> One problem I forgot to mention is I keep dropping
  The Macbook Pro 17" and a Lacie 400gb Hard Drive which is
  connected directly to the MBP 17" USB Port which keeps
  dropping from my iMac 24" networking it will be working
  fine and then I get a message stating that either or both
  the MBP 17" and the Lacie Disk (400gb) is Disconnecting
  from iMac 24" and then the same will happen on the
  MBP 17" with the iMac 24" and any connected drives I'm
  sharing from the iMac 24" ?
  I'm having a connection problem and I can't get to the
  bottom of it and I need some help please
  Feel free to email me [email protected]

  Updates fixed issue closed question

• Cisco 3750G Integrated WLC upgrade failure

  I am trying to upgrade our Cisco 3750G Integrated WLC from version 5 to version 7, at 92% I receive an error
  Code file transfer failed - Error while writing output file
  There is enough space on WLC,
  Total System Memory............: 529088512 bytes
  Used System Memory.............: 121180160 bytes
  Free System Memory.............: 407908352 bytes
  I have tried 2 different TFTP servers..
  Any thoughts?

  Hi,
  1. Is it OK to upgrade to SWLC3750K9-5-2-193-0.aes ? or do I need to go through 4.2 first ?
  ANS - Yes you have to upgrade to 4.2 first and then to 5.2, here is the doc..
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn52xgmr1.html#wp233853
  2. Will that code upgrade the bootloader at the same time?
  ANS - Yes, after upgrading the WLC code upgrade the boot loader.. the boot loader is 5.2.157 (BOOT)
  3. How can I make sure there is enough flash space on the WLC?
  ANS - Dont worry.. we have enough flash!!
  4. Are there any special considerations to plan/prepare for?
  ANS - Yes, please upgrade the WLC in a planned , scheduled maitenance window.
  The DHCP issue is failure of associated clients to get an IP address with this message found in WLC debugging:
  Wed  Jul 20 17:16:37 2011: 00:19:db:5b:38:73 dhcpProxy: Dropping packet (no  mscb) from STA 00:19:db:5b:38:73, giaddr:0.0.0.0, udpSrcPort:68, op:1
  ANS - Issue the command ans see if that helps!!
  WLC CLI access...
  config dhcp proxy disable
  Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
  Regards
  Surendra

• Cisco wired guest with one wlc

  Hello my name is Ivan
  I have a question:
  You can configure wired guest for wired network users so that appears the cisco wlc web portal for guest user authentication? having the following:
  Only one (1) cisco wlc 5508 no settings for auto  anchor  or foreing controller, a cisco acs v5.4,  cisco switches, and access points.
  I'm using 802.1x, and when the user because autententicacion policies fall into the guest vlan, the user receives full IP routing vlan guest, comes to internet through the router for guest users, but not redirected to the website of wlc .
  I would like to redirect http traffic from cisco switch to the cisco wlc for wlc web portal
  My deployment is to flex connect wireless authentication, and local switching center
  How I can do this?
  Thanks for your answers.

  Hi Scott, thanks for your answer:
  My scenary is:
  Site A Corporate
  WLC 5508 Flex Connect Central Auth + Local Switching
  1. int management:  vlan 10 - 10.1.1.2/24
  2. int virtual: 1.1.1.1
  3. wired-guest: vlan 30
  wlans:
  1. corporate - mapped to interface  management 802.1x wpa, 2pa2
  2. guest - mapped to interface management web auth
  3. wired-guest: web auth, ingress wired, egress management
  Cisco ACS v5.4
  Site B: Branch
  AP Ligthweight in the vlan 10, vlans mapped 100 and 30, 100 for wlan corporate and 30 for wlan guest.
  Switches Cisco,
  The branch have a router of internet to users guest.
  The switch cisco have a 802.1x configuration, and the method to authenticate users can not have a supplicant 802.1x is web auth.
  Actually i can not redirect the traffic from the switch in the branch to cisco wlc 5508 in the corporate site. The users bypass the interception of the cisco wlc and they can goes to internet without the portal of authentication.
  Please could you give and advice to resolv it?
  Regards for your answers.

• HT4718 wpa2 enterprise 802.11x protocol with pap authentication.  Lion Reformat

  My school has only wpa2 enterprise 802.11x protocol with pap authentication.  Due to this I can not reinstall lion as a fresh copy.  I realized that I can download lion again from the app store.  Can it do a fresh install?

  I am having the exactly same problem as ecko04. I also tried to intall the certificate provided by my university but it failed. Could somebody help us out? Thanks

• Challenge: Spanning Tree Control Between 2 links from Switch DELL M6220 to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy)

  Hello,
  I have an Spanning tree problem when i conect  2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior  like one switch  for redundancy, with one IP of management)
  In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
   I dont know but do you like this solutions i want to try on sunday?:
   Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
  Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
  Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
  ¿could you help me to control the root? ¿Do you think its better another solution? thanks!
   CONFIG WITH PROBLEM
  ======================
  3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
  interface GigabitEthernet2/0/28
   description VIRTUAL SNMP2
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   logging event trunk-status
   shutdown
  interface GigabitEthernet1/0/43
   description VIRTUAL SNMP1
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   shutdown
  DELL M6220: (its only one swith)
  interface Gi3/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit
  interface Gi4/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• WLC with 2 WLANs, 1 voice @ 2.4GHz and 1 data @ 5GHz 802.11n

  I have a WLC 4400 series and am using 1142n APs.  Am planning on adding Wireless IP Phones such as 7921/7925 as well as a couple 9971's.  Is it possible to have 2 WLANs, one to connect the voice endpoints to running @ 2.4GHz and another WLAN with a different SSID for data clients @ 5GHz?  All data clients have 802.11n NICs and can operate @ 5GHz.  I have enough APs so that the lessened range of 5GHz won't pose any issues.  Ideally I'd like to see connection rates in the 240mbps-300mbps range on the data clients with data throughput rates of 100mbps+ (I don't think this ought to be an issue, I'm aware that wireless is half-duplex and that connection rates do not necessarily indicate actual throughput rates).  I am also NOT a wireless expert.  I'm still fairly new to working with the WLC and the managed APs as such.  
  The reason for 2.4GHz and 5GHz simultaneously is that the voice endpoints are all 2.4GHz radios, I believe 802.11b/g.  I also want to keep voice clients separate.  This way, I believe I can optimize one WLAN for data clients without having them "suffer" so to speak by having to operate at a lower level as the voice clients.  Also, I want the voice separate for quality there (separate voice VLAN).  If I am correct, 802.11n data rates can also be achieved @ 2.4GHz, but only using the 20MHz as opposed to 40MHz width.  So I'd like one WLAN to be 2.4GHz, 20MHz (voice) and the other WLAN 5GHz, 40MHz (data).
  I'd like to hav both WLANs broadcasted from all the APs simultaneously.  Am I correct that such a configuration is possible with the WLC 4400 series and Aironet 1142n APs?  WLC is running 7.0.240 btw, current stable.  I'm also starting with a clean config on the WLC.  All DHCP will be handled by an external DHCP server also.  Thank you very much for any suggestions/guidance on this.  Your thoughts are greatly appreciated!
  I'll be happ to supply any config information to assist with this, just let me know what is desired/useful.

  Thank you for your prompt response.  I only have 1 WLC, it is a 4402-50.  I believe that 7.0.240 is the most current release for that model.  I think anything higher I need to go to the WLC5508 (or vWLC?)
  Also, I wasn't aware that the 7921/25 were 5GHz, since they are both 802.11g.  Thank you for the information. 
  If I understand you correctly, I'm best creating 2 WLANs, but both at 5.0GHz for both data and voice?
  Also, sorry to confuse the issue further, but I was thinking about this after writing the original post, I'd like to also have a "guest" WLAN that supports both 2.4GHz and 5.0GHz for maximum client compatibility (as I have no way of knowing what tpye of WLAN NIC would be in guest devices).  Am I correct in assuming that I would create a separate WLAN for all these, including a separate SSID.  
  The part that is confusing me some now is the "AP Groups".  Do I leave a single "Default-group" and create multiple WLANs with that.  If I'm correct, this way I can push the WLANs and SSIDs out through all the WAPs in that group.  I want these WLANs to be available from any AP in the organization, not have some APs for one WLAN, other APs for another WLAN, etc.

• How to configure a Cisco 3560 with MAC-based 802.1x authentication by radius server

  Hi dearI 
  How can I configure a Cisco 3560 to authenticate a client based on its mac address with 802.1x and radius server. Many tanks in advance!

  Olivier,
  You can't reference WLP visitor roles in weblogic.xml, but you can
  reference global roles (created using the WLS console):
  - <security-role-assignment>
  <role-name>PortalSystemAdministrator</role-name>
  <externally-defined />
  </security-role-assignment>
  -Phil
  "Olivier" <[email protected]> wrote in message
  news:[email protected]..
  >
  We need to have login page to our portal app.
  When using "form based" authentication is it possible to map the securityon a
  "entitlement role" ?
  Our need is to be abled to give direct url acces to some pages of theportal (for
  exemple by sending urls like"http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_page
  Label=mypage")"
  by email to portal users) and need a simple mecanism of authenticationbefore
  redirecting to the portal page.
  Inste

• Configuring - Cisco 2921 with Switch Module/POE PS and 3750-x 24 port switch

  This is what I have
  - Cisco 2921 router
           with SM-ES2-24-P switch module and
                   POE power supply
  -Cisco 3750x- 24 port Switch
  I have port G1/0 (which connects to 24p Switch Module port g0/26 logically) configured with 3 sub interfaces (management, User and VOIP)
  I want to connect 3750x to G0/1 on 2921 via fiber GBIC but want to use same three VLANs
  I can not daisy chain 3750x via the switch module because it does not have fiber port.
  I do not want to create another routed (g0/1) interface because I want to keep Users on both switches on the same subnet without further splitting the subnet in two.
  I hope I am not making this confusing.
  How can I bridge g1/0 and g0/1 so I can pass vlan traffic between two switches?
  Second problem i have is ...
  I have a VOIP connected to switch module (SM) and it is not getting any power.
  I went in to all the interfaces on SM and issued power inline auto command
  On the SM (sh power inline) - available is 0.0(w)
  on the 2921 (sh power inline)
     - power supply status is good,
     - maximun power available is 280.
     - interface G1/0( which connects to SM)
        *device is unknown
        * powered off
       * allocated 0.0 watts.
  I already tried resetting SM
  Is there any other command I need to issue?
  thanks for your help.

  I'm having a similar issue. I can get trunked connectivity between the switch module and the router if I put the IP address on the router sub interface, but not if I put it on a VLAN interface. I was hoping to have it on a VLAN sub interface on the router so I could use Gig0/1 and Gig0/2 to connect other switches and have them on the same VLANs. I'm using Gig1/0 on the router side and Gig0/51 on the switch side (48-port module).
  Any help? Am I on the wrong track altogether?

• Local printers not working with 2504 WLC

                     I have a 2504  WLC with 3 1262 WAPs in lightweight mode.
       Clients connect using WPA2 PSK AES with no problem.  Clients are Windows XP Home SP3.  Test pages end up in print queue and eventually get a error printing status.  Clients are not part of a domain and in a standalone workgroup - techstream.
  Printer can be pinged from wireless client.
  Another 1262N WAP in standalone mode connected to same lan from windows 7 sp1 clients have no problem printing to a local printer.
  What does work on the Windows XP Home client is connecting to a network shared printer authenticating with domain admin id and password and it works.  Reboot and the network shared printer can not connect multiple reasons are "access is denied" and message box says "only security tab will be displayed....."   Another Windows XP Home SP3 client on reboot can't open the network shared printer with message "Can't find printer"
  The local printers do work on these pc's with an old colubris router that has an outside interface on our lan and internal network with clients getting dhcp address from colubris router of 192.168.3.XXX  . 
  What is wrong with the wireless 2504 WLC?
  Thanks
  Broadcast forwarding was enabled.

  Although a cisco tech support was helpful in making sure multicasting was enabled and a multicast server defined, the problem was at the CP2025DN printer. It had old network ip mask and gateway configured on the printer.
  The new devices were part of the new network configuration (Mask and gateway had changed). I didn’t change that printer when I changed all the other printers at the facility because it was still active thru the old wireless network. I forgot to change the printer ip config when I brought the new wap on the new wireless network with the wlc 2504.
  End result was the clients were part of a different subnet and gateway configuration then the printer and this disrupted the communication between clients and the printer. Once I corrected the mask and gateway on the printer to be the same as the dhcp scope of the wireless network, communication and printing worked.
  Problem solved.  User error