Cisco 7921 - Does anyone Use EAP-TLS in their VoWLAN Deployments?

Similar Messages

• HT4623 I'm new to using apple products, recently was asked to consider using a ipad mini for my specific business needs. Does anyone use the mini for their business?  How does it work for you?

  I'm new to using the apple OS.  Recently had business partner buy an ipad mini, was thinking of buying more for our businesses.  I'm used to using Windows Office products for my reports, wanted to know how apple's Pages, Keynote and Numbers compared and whether they could be used on the ipad mini. 

  I have asked a moderator to provide assistance, they will post an invite on this thread.
  Once you get a reply, if you click on their name, you will see a screen like this. Click on the link as shown below.
  Please do not send them a personal message, as they may not be on duty for a long time, and your message will not be tracked properly.
  There are some useful help pages here, for BT Broadband customers only, on my personal website.
  BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

• Does anyone use Brushes 3 with their Ipad 2 first generation?

  I cannot get dense black lines when I try draw thin lines.
  Is it because I have 1st gen. Ipad2?

  The iPad 2 is the second generation iPad.
  I suggest you contact the app developer.

• 7921 or 7921G - Is there a Difference - Want to use EAP-TLS

  Hi All,
  I have a Cisco 7921G and there is conflicting info about the phones supporting eap-tls.
  Some docs say yes it does, some say it does not?
  Many thx indeed,
  Ken
  I dont have the option on my phones (under wlan config), and was wondering if I need to order a different phone?
  Also, As just posted in another thread, can you use MS AD to manage the phones, like you can have data devices doing a compare of SAN/CN/Binary to MS AD?
  Many thx indeed,
  Ken

  thx dude.
  this is almost real-time :)))
  Top-man
  A question out to all else, does anyone use MS AD to manage phones? Like you can with laptops running windows, or is this a no-go
  Thx
  Ken

• Cisco ACS with External DB - EAP-TLS

  Hi Guys,
  I understand how the EAP-TLS exchange works (I think), but If I have a client (wireless or wired) that is using EAP-TLS with an ACS, can I confirm the following.
  Let say both user and computer certs are employed:
  1. Both Client and ACS perform check with each others certs to ensure they are know to each other. The eap-tls exchange.
  2a. At some stage and I am assuming before the eap-tls success message is sent back to the client, the ACS has to check if either the username or computer name is in the AD database?
  2b. Wot is the paramater that is checked against the AD database?
  I read here that it can be : http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/peap_tls.html#wp999517
  Client Certificates
  Client Certificates are used to positively identify the user in EAP-TLS. They have no role in building the TLS tunnel and are not used for encryption. Positive identification is accomplished by one of three means:
  CN (or Name)Comparison-Compares the CN in the certificate with the username in the database. More information on this comparison type is included in the description of the Subject field of the certificate.
  SAN Comparison-Compares the SAN in the certificate with the username in the database. This is only supported as of ACS 3.2. More information on this comparison type is included in the description of the Subject Alternative Name field of the certificate.
  Binary Comparison-Compares the certificate with a binary copy of the certificate stored in the database (only AD and LDAP can do this). If you use certificate binary comparison, you must store the user certificate in a binary format. Also, for generic LDAP and Active Directory, the attribute that stores the certificate must be the standard LDAP attribute named "usercertificate".
  3. With the above, if options 1 or 2 are used (CN or SAN comparison), I assume this is just a check between a value pulled out of the CERT by the ACS and checked with AD, is that correct? With option 3, does the ACS perform a full compaison of the certificate between what the client has and a "client stored cert" on the AD DB?
  Please can someone help me with these points.
  I am so lost in this stuff :)) I think.
  Many thx and many kind regards,
  Ken

  only TLS *handshake* is completed/succcessful, but because user authentication fails,
  CryptoLib.SSLConnection.pvServerInfoCB - Process TLS data: SSL state=SSLv3 read client key exchange A
  CryptoLib.SSLConnection.pvServerInfoCB - Process TLS data: SSL state=SSLv3 read certificate verify A
  CryptoLib.SSLConnection.pvServerInfoCB - Process TLS data: SSL state=SSLv3 read finished A
  CryptoLib.SSLConnection.pvServerInfoCB - Process TLS data: SSL state=SSLv3 write change cipher spec A
  CryptoLib.SSLConnection.pvServerInfoCB - Process TLS data: SSL state=SSLv3 write finished A
  CryptoLib.SSLConnection.pvServerInfoCB - Process TLS data: SSL state=SSLv3 flush data
  CryptoLib.SSLConnection.pvServerInfoCB - Process TLS data: SSL state=SSL negotiation finished successfully
  EAP: EAP-TLS: Handshake succeeded
  EAP: EAP-TLS: Authenticated handshake
  EAP: EAP-TLS: Using CN from certificate as identity for authentication
  EAP: EAP state: action = authenticate, username = 'jatin', user identity = 'jatin'
  pvAuthenticateUser: authenticate 'jatin' against CSDB
  pvCopySession: setting session group ID to 0.
  pvCheckUnknownUserPolicy: session group ID is 0, calling pvAuthenticateUser.
  pvAuthenticateUser: authenticate 'jatin' against Windows Database
  External DB [NTAuthenDLL.dll]: Creating Domain cache
  External DB [NTAuthenDLL.dll]: Loading Domain Cache
  External DB [NTAuthenDLL.dll]: No UPN Suffixes Found
  External DB [NTAuthenDLL.dll]: Failed to get Domain Controller for trust dwacs.com, [Error = 1355]
  External DB [NTAuthenDLL.dll]: Failed to get Domain Controller for trust enigma.com, [Error = 1355]
  External DB [NTAuthenDLL.dll]: Failed to get Domain Controller for trust acsteam.com, [Error = 1355]
  External DB [NTAuthenDLL.dll]: Failed to get Domain Controller for trust vikram.com, [Error = 1355]
  External DB [NTAuthenDLL.dll]: Domain cache loaded
  External DB [NTAuthenDLL.dll]: Could not find user jatin [0x00005012]
  External DB [NTAuthenDLL.dll]: User jatin was not found
  pvCheckUnknownUserPolicy: setting session group ID to 0.
  Unknown User 'jatin' was not authenticated
  So the EAP-Failure(Radius Access-Reject( is sent, not EAP-Success(Radius Access-Accept).
  And any port/point wont be allowed to pass traffic unless the NAS device gets an EAP-Success(Radius Accept) for the user.
  HTH
  Regards,
  Prem

• Apple macosx machine authentication with ISE using EAP-TLS

  Hello,
  On a ongoing setup we are using eap-tls authentication with account validation against AD. We have our own CA (microsoft based). ISE version 1.2.1 patch 1.
  With windows machines all is working well. We are using computer authentication only.
  Now the problem is that we wish to do the same with MAC OSX machines.
  We are using casper software suite and are able to push certificates into macosx, and are doing machine authentication.
  in ISE the certificate authentication profile is being set to look at the subject alternative name - DNS name of the machines. Whenever we set it to the UPN (hostname$) windows accounts are not found in ad.
  When MAC OSX authenticate as machines (they have a computer account in AD) they present themselves with RADIUS-Username = hostname$ instead of host/hostname.
  The consequence is that by lacking the host/, ISE considers that this is a user authentication, instead of a computer one, and when it sets off to find the account, it searches in User class instead of Computer - which obviously returns no results.
  Is anybody aware of any way to force MAC OSX to present a host/hostname RADIUS-Username when authenticating?
  Any similar experiences of authenticating MAC OSX with ISE and machine/computer authentication are welcome.
  Thanks
  Gustavo Novais

  Additional information from the above question.
  I have the following setup;
  ACS 3.2(3) built 11 appliance
  -Cisco AP1200 wireless access point
  -Novell NDS to be used as an external database
  -Windows 2003 enterprise with standalone Certificate Authorithy Services Installed
  -Windows XP SP2 Client
  My Goal is to use Windows XP Native Wlan Utility to connect to AP using EAP-TLS authentication against Novell NDS.
  Tried to connect using Cisco compatible wlaN utility and authenticate using EAP-GTC against Novell NDS for for users, it works fine and perfectly.
  When connecting using EAP-TLS, I am getting an error from ACS failed attempt "Auth type Not supported by External DB". But in the ACS documentation says that it supports EAP-TLS. How true is this? Is there anybody have the same problem? Do I need to upgrade my ACS? What should I do? What other authentication type could be used to utilize native WinXP Wlan Utility?
  Please help...
  Thanks

• L2TP/IPSec with PIX using EAP-TLS

  Hi,
  i have big problems with using my PIX515 (SW 7.2.1) for L2TP/IPSec VPN-Connections using EAP-TLS. With the option EAP-Proxy activated on PIX a RADIUS Access-Request Message reaches the configured RADIUS-SERVER (IAS2003), but the request is rejected by Radius. I did inspection of the packets with a sniffer and see following strange behavior:
  - There is a Tunnel-Client-Endpoint AVP with no value and, even stranger, an existing AVP titled User-Password with an encrypted value.
  I dont understand where the encrypted Password comes from in the first RADIUS Access-Request message received from the PIX, since the authentication method should be certificate-based (EAP-TLS). And I dont know either if the Tunnel-Client-Endpoint MUST be present in the message. Fact is the RADIUS responds with an Access-Reject Message.
  The other AVPs in the request seem to be OK, and there is an existend AVP titled EAP-Message (79) that seems alright...
  Other detail: In the event log on the IAS the request is logged as Type "PAP" (and not EAP as it should be!) and the log tells me about a problem with wrong username/password.
  Tested the same client and Radius configuration using a RRAS-Server from Microsoft instead of the PIX and it worked fine! Could this be a bug of the Pix EAP-Proxy function?
  EAP-Proxy should pass all EAP packets unmodified to the Radius, right? This seems not to be the case. Comparing the RADIUS Access-Request Message received from the Pix (which fails) with the RADIUS Access-Request Message received from the RRAS-Server (which successes) shows significant differences.
  Every help appreciated. Please ask me for further infos if needed or if you would like me to post the Packet Capture file (Ethereal format)/Configuration information.
  Thank you very much!!
  Best regards,
  Matthias

  The Cisco Secure PIX Firewall Software Release 6.0 supports VPN connections from the Cisco VPN Client 3.5 for Windows.Refer the following URL for more information
  http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml#configuringthepixfirewall

• Does anyone use a LaCie external hard drive with their Mac using imovie '09?  I have some questions.

  Does anyone use a LaCie external hard drive with their Mac using imovie '09?  I have some questions.

  Are you actually having a problem with the new Lacie drive, or are you just asking is the Lacie drive somehow different from your old G-Drive?
  From a connection standpoint, most Lacie desktop drives have both USB and FireWire connections, just like the G-Drives do.  You would connect and use it the same as a G-Drive.
  Regarding capturing to the external HD, if you are using a camcorder that has FireWire (iLink) connection, it is not advisable to have an external FireWire HD connected to your Mac at the same time as your camcorder; there are often communication conflicts between the camcorder and the hard drive if they are connected at the same time.  The conflicts usually appear as either dropped frames or a complete freeze.   This is more common with Canon miniDV camcorders but I have also seen this behavior with Sony miniDV camcorders.  (The problem is the camcorder's FW implementation, not the hard drive.)  The workaround is to capture to your Mac's internal HD and later copy the captured video to your external HD.

• Does anyone have problems occasionally with their slide to unlock on iphone 4s with the ios7 update? And do you think there will be a bug fix? Bit worried

  Hi everyone,
  I've recently updated my iphone 4s with the ios7 update and there was a bug fix I also downloaded recently but I hadn't noticed anything wrong at the time. I know it's not happened that often today but does anyone have any problems with their 'slide to unlock' button and have to reload their iphone again? Do you think there'll be a bug fix for it? Just worried as it's not old and I have a feeling I shouldn't have bothered with the update at all.

  Why would you think it's a bug?  If it were a bug EVERYONE would be having the same issue.
  Basics from the user guide are restart, reset, restore from backup, restore as new.

• Authentication failed using EAP-TLS and CSSC against ACS

  Hi.
  Playing with a trial version of CSSC (Cisco secure services client) I had a problem that really I don´t understand.
  Any 802.1x configuration work fine but when I use anything involving the use of certificates (EAP-TLS or PEAP using a certificate instead a password to autenticate) I always see the same log message in ACS:
  "Authen session timed out: Challenge not provided by client" It seems that my client supplicant does not repond to the ACS when the first one proposed an EAP method.
  First I discart a certificate error because the same certificate works fine with Intel Proset Wireless supplicant and Windows Zero Configuration. EAP Fast works fine using auto provisioning or manual provisioning.
  Any idea? I red the CSSC administration guide but I did not find anything that explains this behaviour or defines the right configuration for this EAP method.
  I´m using Windows XP SP3, Intel Wireless 4965AGN and CSSC 5.1.1.18; My CA is a Windows CA.ACS version 4.2
  Thanks in advanced.
  Best regards.

  Today is not mmy day.
  It´s still failing and maybe I will open a TAC case.
  I´m looking at the log file of the CSSC and I don´t like what I have seen.
  2125: portable-9b7161: oct 28 2010 20:34:29.156 -0100: %CSSC-6-INFO_MSG: %[tid=344][mac=1,6,00:1d:e0:9f:05:ef]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: EAP suggested by server: leap
  2126: portable-9b7161: oct 28 2010 20:34:29.156 -0100: %CSSC-6-INFO_MSG: %[tid=2044][mac=1,6,00:1d:e0:9f:05:ef]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: EAP requested by client:  eapTls
  2127: portable-9b7161: oct 28 2010 20:34:29.156 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: EAP methods sent : sync=8
  2128: portable-9b7161: oct 28 2010 20:34:29.156 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Credential Request completed, response sent : sync=8
  2129: portable-9b7161: oct 28 2010 20:34:29.156 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Authentication state transition: AUTH_STATE_UNPROTECTED_IDENTITY_SENT_FOR_FULL_AUTHENTICATION -> AUTH_STATE_UNPROTECTED_IDENTITY_ACCEPTED
  2130: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: Credential callback, type=AC_CRED_SERVER_VERIFY, sync=9
  2131: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: Calling acCredDeferred
  2132: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Credential Request deferred : sync=9
  2133: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Server verification sent : sync=9
  2134: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Credential Request completed, response sent : sync=9
  2135: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: Credential callback, type=AC_CRED_USER_CERT, sync=10
  2136: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: Calling acCredDeferred
  2137: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Credential Request deferred : sync=10
  2138: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Impersonating user
  2139: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Loading client certificate private key...
  2140: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Calling acCertLoadPrivateKey()...
  2141: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: ...acCertLoadPrivateKey() returned
  2142: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-3-ERROR_MSG: %[tid=140]: Internal error 204, contact software manufacturer
  2143: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: acCertLoadPrivateKey() error -20 [c:\acebuild\bldrobot_cssc_5.1.1.21_view\monadnock\src\ace\certificate\certificateimpl.cpp:239]
  2144: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-3-ERROR_MSG: %[tid=140]: Internal error 4, contact software manufacturer
  2145: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: CssException for function 'acCertLoadPrivateKey' => -20{error} [certificateimpl.cpp:240]
  2146: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-3-ERROR_MSG: %[tid=140]: Internal error 7, contact software manufacturer
  2147: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Assertion 'CSS exception - should this be logged instead?' failed at [cssexception.cpp:114]
  2148: portable-9b7161: oct 28 2010 20:34:29.218 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Client certificate private key has not been loaded
  2149: portable-9b7161: oct 28 2010 20:34:29.218 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Deimpersonating user
  2150: portable-9b7161: oct 28 2010 20:34:29.218 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Client certificate 239f43fdcde8e190540fab2416253c5660c0d959 has been processed: ERR_INTERNAL_ERROR(7)
  2151: portable-9b7161: oct 28 2010 20:34:29.218 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Certificate 239f43fdcde8e190540fab2416253c5660c0d959 is unusable
  2152: portable-9b7161: oct 28 2010 20:34:29.218 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Credential Request completed, no response sent : sync=10
  2153: portable-9b7161: oct 28 2010 20:34:30.078 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Checking for new configuration
  2154: portable-9b7161: oct 28 2010 20:34:32.078 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Checking for new configuration
  2155: portable-9b7161: oct 28 2010 20:34:34.078 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Checking for new configuration
  It seems that It found a valid certificate, starts the Authentication proccess and when it must request the ACS challenge it fails when loading the private key and crash the supplicant 
  Do you think the same??
  Thanks.
  Best Regards.

• Cisco ISE for 802.1x (EAP-TLS)

  I work for a banking organization and security is an area that needs to be improved continuously. I am planning on implementing Cisco ISE for 802.1x together with a Microsoft PKI for certificate issuing and signing.
  I am currently trying to implement this in our test environment and I have managed to do a few basic bootstrapping tasks. I need someone to push me into the right direction as to how I can achieve what i am seeking.
  I will use Cisco 2900 series switches on the access layer and a few HP switches as well which supports 802.1x.
  I want to configure the ISE to process authentication requests using 802.1x EAP-TLS (Certificate Based). All the workstations on the domain needs to authenticate itself using the certificates issued to it by the Certificate Issuing Authority.
  I have already managed to get the PKI working and have rolled out the certificates on all the workstations on the test environment. I can't seem to configure the Authentication portion on the ISE.
  I request if someone can guide me or direct me to materials that can help achieve the above requirements. The guides available on the Cisco website are  overwhelming and I can't seem to figure out how I am supposed to configure the authentication portion.
  My email: [email protected]
  Cheers,
  Krishil Reddy

  Hello Mubashir,
  Many timers can be modified as  needed in a deployment. Unless you are experiencing a specific problem  where adjusting the timer may correct unwanted behavior, it is  recommended to leave all timers at their default values except for the  802.1X transmit timer (tx-period).
  The tx-period timer defaults to a value of 30 seconds.  Leaving this value at 30 seconds provides a default wait of 90 seconds  (3 x tx-period) before a switchport will begin the next method of  authentication, and begin the MAB process for non-authenticating  devices.
  Based on numerous deployments, the best-practice  recommendation is to set the tx-period value to 10 seconds to provide  the optimal time for MAB devices. Setting the value below 10 seconds may  result in the port moving to MAC authentication bypass too quickly.
  Configure the tx-period timer.
  C3750X(config-if-range)#dot1x timeout tx-period 10

• 5508 - iPad getting disconnected from WLAN Using EAP-TLS

  We are seeing an issue with an ipad connecting to a WLAN configured for EAP-TLS using ISE 1.2, getting disconnected.  The ipad will hop top another SSID.  It will connect back to the other ssid when selected.  Any ideas? I have a debug client for when this happened.
  *apfMsConnTask_0: Apr 08 14:03:57.508: Association request from the P2P Client Process P2P Ie and Upadte CB
  *apfMsConnTask_7: Apr 08 14:04:57.855: Association request from the P2P Client Process P2P Ie and Upadte CB
  *apfMsConnTask_5: Apr 08 14:05:17.345: 04:54:53:7b:9e:7a Association received from mobile on BSSID 54:78:1a:2f:84:56
  *apfMsConnTask_5: Apr 08 14:05:17.345: 04:54:53:7b:9e:7a Global 200 Clients are allowed to AP radio
  *apfMsConnTask_5: Apr 08 14:05:17.345: 04:54:53:7b:9e:7a Max Client Trap Threshold: 0  cur: 4
  *apfMsConnTask_5: Apr 08 14:05:17.345: 04:54:53:7b:9e:7a Rf profile 600 Clients are allowed to AP wlan
  *apfMsConnTask_5: Apr 08 14:05:17.346: 04:54:53:7b:9e:7a 172.30.230.213 RUN (20) Skipping TMP rule add
  *apfMsConnTask_5: Apr 08 14:05:17.346: 04:54:53:7b:9e:7a apfMsRunStateDec
  *apfMsConnTask_5: Apr 08 14:05:17.346: 04:54:53:7b:9e:7a 172.30.230.213 RUN (20) Change state to DHCP_REQD (7) last state RUN (20)
  *apfMsConnTask_5: Apr 08 14:05:17.346: 04:54:53:7b:9e:7a 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Complete to Mobility-Incomplete
  *apfMsConnTask_5: Apr 08 14:05:17.346: 04:54:53:7b:9e:7a 0.0.0.0 DHCP_REQD (7) Reached ERROR: from line 6355
  *apfMsConnTask_5: Apr 08 14:05:17.346: 04:54:53:7b:9e:7a pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
  *apfMsConnTask_5: Apr 08 14:05:17.346: 04:54:53:7b:9e:7a 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [54:78:1a:2f:84:50]
  *apfMsConnTask_5: Apr 08 14:05:17.346: 04:54:53:7b:9e:7a Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 730
  *apfMsConnTask_5: Apr 08 14:05:17.346: 04:54:53:7b:9e:7a Re-applying interface policy for client 
  *apfMsConnTask_5: Apr 08 14:05:17.346: 04:54:53:7b:9e:7a 0.0.0.0 DHCP_REQD (7) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
  *apfMsConnTask_5: Apr 08 14:05:17.346: 04:54:53:7b:9e:7a 0.0.0.0 DHCP_REQD (7) Changing IPv6 ACL 'none' (ACL ID 

  Use profiles for the wifi settings on the iPad
  A reset of network settings will clear the network history, but the profile will add it back in automatically
  http://images.apple.com/ipad/business/docs/iOS_Deployment_Technical_Reference_EN_Feb14.pdf
  Great Cisco doc for BP and troubleshooting of Apple devices:
  Enterprise Best Practices for Apple Mobile Devices on Cisco ...
  Make sure the app uses URIPersistWifi call 
  https://developer.apple.com/library/ios/documentation/iphone/conceptual/iphoneosprogrammingguide/PerformanceTuning/PerformanceTuning.html

• Does anyone use Framwork POs for WBS and Asset management.

  We have had issues before with trying to use Framework POs for Assets.  I wanted to know, does anyone out there use the Framework PO for the creation of Assets with charges going to WBS elements?  Do you track service charges as well as material charges that are purchsed for Assets?

  For PO, WBS, Asset frame work below is the sample
  Create WBS which manage AUC
  Example you will create a clinic,
  Create Project - [Project Clinic]
  Create WBS under the Project Clinic - [Clinic Expense]
  Create AUC under WBS Clinic Expense - [Clinic under Construction]
  Let say you purchase Paint for the clinic - create a PO and use account assignment WBS [Clinic Expense] (e.g. 1000 USD)
  Let say you purchase Wood for the clinic - create a PO and use account assignment WBS [Clinic Expense] (e.g. 2000 USD)
  During month end you can settle the amount to AUC (tcocde CJ88 - Settlement type - Automatic)
  All charges to WBS will go to AUC
  Once construction of clinic is finished and is ready to use, you need to settle all the amount from WBS to AUC (through settlement)
  Then create Fixed Asset [Clinic Building]
  Then settele the AUC [Clinic under Construction] charges to Fixed Asset [Clinic Building] through CJ88 settlement type - Final settlement
  Thanks!
  Jhero

• Black Berry Messenger, using & finding other users, Does anyone use the B Berry Messenger ?

  Does anyone else USE or have the Black Berry Messenger on their 8330 CURVE model B Berry ? If so, r u social enuf to wanna meet other B Berry users ONLINE and How do I find other Black Berry Messenger users to communicate / chat with directly ? My BlackBerry e-mail address is :[removed personal information] thank U in advance. I have had my phone only about one week or so and am definitely in the "LEARNING CURVE" about it ! Thanks again !      Sincerely                                                                                                                                                    Charles in Norfolk,Va. USA 
  Message Edited by dany_s on 01-26-2009 01:09 PM
  From the Black Berry of Charles W. Merritt
  Solved!
  Go to Solution.

  cwm1955 wrote:
  Dear Mr. XANDREX                                                                                                                                             I have already read alot of the "HELP" documentation on my device. NONE of it covers ANY of my three (3) issues here! My issues are ADVANCED and the HELP documentation is meant for a VERY 101 BASICS beginner. I am really looking for help here, your response did NOT help me ! While I thank U for your valuable time in responding, NO THANK U since U did NOT help me ! I WANT SOMEONE THAT REALLY HAS KNOWLEDGE OF MY ISSUES and how to REALLY HELP ME !People if U cannot REALLY POSITIVELY ASSIST me with REAL ANSWERS to my REAL ISSUES , please DO NOT WASTE MY VALUABLE TIME AND YOURS AS WELL! THANK U ALL IN ADVANCE !                                                                         Sincerely                                                                                                                                                     CHARLES 
  Wait, Sir Charles.
  1. The two of us have offered you very valuable adivce, which you indicate in both cases you wish to ignore.
  2. You have NOT mentioned any issues in your first post here other than you wish to be social, and now in your second post that you don't know how to add contact and wish me to email you directions. I don't give personal service, as a volunteer I answer questions right here in the threads.You'll just have to suffer through asking questions right here. It's a great forum where thousands of users have gotten help. And often, quite speadily as well.
  3. Your last post is quite rude to a user who has spent lots of time helping users out around here, and quite honestly your words are uncalled for. Your ALL CAPS typing is considered yelling on internet forums such as this. No one likes to be yelled at. My mother taught me about gathering flys with honey rather than vinegar. You might try some honey yourself.
  4. Adding BBMessenger contacts. Open BBMessenger > Menu > Add Contacts. Enter either the PIN of the other user you desire to add, or their email address. IF THEY are already on your BB Address Book, you can enter their name there. Follow the prompts you are given.
  Message Edited by JSanders on 01-26-2009 08:30 AM
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Does anyone use a Celluar Travel Router for wifi connecton?

  Hi!
  I did some further research into this and you can have access to cell phone networks to create a wifi connection for the iPod Touch.
  Does this really do the trick with having constant wifi when you're traveling or on the go?
  Any advice would be great!
  Thank You!

  Yes, you do need to have a cell account and cell data plan for this to work.
  I want to know if anyone uses this feature to create their instant wifi Hotspots?
  Thanks!