Connecting to a wlc across subnets

Similar Messages

• LAP 1240 won't join WLC across subnets

  I am having a problem getting LAPs that are in other subnets to join our WLC. If I take the LAP and place it on the same VLAN/subnet as the WLC, it joins as expected. If I move it to another subnet, I get the following:
  *Mar 1 00:00:13.065: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(13d)JA, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2008 by Cisco Systems, Inc.
  Compiled Fri 08-Feb-08 17:24 by prod_rel_team
  *Mar 1 00:00:13.119: %SSH-5-ENABLED: SSH 2.0 has been enabled
  *Mar 1 00:00:13.519: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Mar 1 00:00:14.519: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Mar 1 00:00:14.536: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar 1 00:00:14.545: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 24 seconds
  *Mar 1 00:00:15.536: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar 1 00:00:28.133: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
  *Mar 1 00:00:28.171: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar 1 00:00:28.177: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar 1 00:00:28.192: SSC Load Current Size crypto_mykey 120, offset 9389, Saved Size soap_cert_crypto_mykey 124
  *Mar 1 00:00:28.390: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar 1 00:00:28.892: Logging LWAPP message to 255.255.255.255.
  %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
  %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
  %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 192.168.115.75, mask 255.255.255.192, hostname AP0013.c3a7.bf97
  Translating "CISCO-LWAPP-CONTROLLER.mydomain.here"...domain server (X.X.X.X) [OK]
  %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.mydomain.here
  %LWAPP-3-CLIENTEVENTLOG: Controller address Y.Y.Y.Y obtained through DNS
  %LWAPP-5-CHANGED: LWAPP changed state to JOIN
  %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
  %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  %LWAPP-3-CLIENTERRORLOG: Join Timer: did not recieve join response (controller - 2169-WLC4402-1)
  %LWAPP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain
  %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.
  %LWAPP-5-CHANGED: LWAPP changed state to DOWN
  I have checked the WLC for any messages that look like crypto or other problems, but I don't see anything that stands out. Any suggestions or pointers would be greatfully accepted.

  %LWAPP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain
  Can you provide more information such as:
  1. How many APs can the WLC4402 support and how many are currently joined?
  2. What is your WLC's firmware?
  3. Is there a possibility of a duplicate IP address in your network?
  Troubleshoot a Lightweight Access Point Not Joining a Wireless LAN Controller
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml

• DHCP Error with WLC 2504 and Aironet 2600 setup across subnets

  Hey guys
  I have just setup a new WLC 2504 controller to manage a WiFi service that will span 6 geographic locations.  The local networks at each location are on different subnets (all 192.168.x.x) and are linked up via IPSEC VPN links, and there is Active Directory spanning the sites, with DNS and DHCP servers running at each location.
  I tested the WLC at our main office with a single AP, and it worked fine.  The AP set itself up, and wireless devices connect with no probs. Great!  Yesterday I headed out to one of our remote sites, and connected an AP to their network - and that seemed to work fine too.  Within a few minutes I was able to see the WiFi network I'd setup, and my smartphone connected to it straight away (as I'd rpeviously connected at the main office), so I was pretty happy that all was working well.
  This morning however I've had notification that wifi performance at the remote site isn't great.  I've got someone to check their ip address, and I've found that their IP address and default gateway match the LAN at the main office where the WLC is based - NOT the LAN where the wireless client is.  Obvioulsy this is not ideal!
  So I guess my question is, what have I done wrong?  (I guess I HAVE done something wrong!?).  And how can I get wireless clients at remote sites to pick up an IP from the DHCP server at THEIR site?
  Any help would be greatly appreciated! 
  Thanks!           

  Hello Tim,
  What mode your APs are in? Local mode? or FlexConnect mode?
  If local mode, then all the traffic will be tunnelled to the WLC and they'll be same as if you are connecting from the WLC location.
  If you use FlexConnect APs (which is recommended for remote sites) you can configure FlexConnect groups on the WLC and add each location in a specific group. In that group you can decide what VLAN the users should be in.
  Check this link for FlexConnect group configuration
  http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1230080
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Connect mac client to mac printer share across subnets

  I need to share printers from a Mac.  I need to connect
  Mac clients on different subnets to the Mac shared printers.  I installed
  a Mac mini, connected to printers via HP JetDirect Socket (port 9100), and
  shared them.  I was able to print from the Mac mini, and connect Mac
  clients on the same subnet to the shared printers with Bonjour and print.
  I moved the Mac mini to its intended location on another subnet.  I
  immediately learned that Bonjour does not publish services across
  subnets.  I could not find documentation on how to connect to a Mac shared
  printer across subnets, but I did find some third party documentation (only some incomplete
  documentation from Apple) on how to implement DNS-SD Service Discovery.  I
  enabled DNS-SD and was able to publish the printer shares across subnets, but I
  was still unable to connect to the printer shares from a Mac client.  I
  found some third party documentation (none from Apple) on how to manually connect to a Mac
  printer share by specifying the IP address of the server, specifying the CUPS
  default IPP protocol, and the print queue name.  I was unable to connect
  to the shared printers.  I receive ping replies from my Mac mini, and port
  scan reveals that port 631 for IPP, CUPS default, is open.  Printer
  sharing is configured so everyone can print. I am able to connect to the Mac
  mini with VNC Screen Sharing.  I don’t see how this can be a network
  issue.
  Macs don’t seem to like to connect to our Windows
  shared printers because of our PaperCut software, and connecting Mac clients to
  Windows printer shares and authentication is beyond the average user,
  exacerbated by Macs not behaving the same as Windows when bound to an Active
  Directory domain.
  I called Apple support, they escalated to Apple Enterprise
  support.  Apple Enterprise support said they couldn’t help me beyond a
  single network with no subnets, but Apple Engineering might be able to solve
  the problem for $695.
  Why do I need to pay $695 to learn how to connect Mac
  clients to Mac shared printers, something that should be easy and intuitive and
  have documentation readily available?  Windows printer sharing is easy and
  intuitive and documentation is readily available, and services are published
  across subnets without have to implement DNS-SD.

  Thank you for your reply.  I followed the instructions in the sybaspot.com site and in some of the included references to set up DNS-SD.  DNS-SD worked, but I couldn't connect the Mac client to the Mac shared printers.
  I also found http://www.papercut.com/products/ng/manual/ch-mac-printing-10-8-9.html#ch-mac-pr inting-10-8-9-sharing-printers.
  I expanded my search and found this: http://support.apple.com/kb/PH13940, last modified May 8, 2014.  I started work on my project February 2014.  Apple Support could have told me about this document.
  PH13940 says: "The computers must be on the same local network as your Mac".  Apple must not consider multiple subnets one network.
  PH13940 says: "Printer sharing is for printers attached directly to your Mac. You don’t need to share network printers, because they are already shared on the network."
  Apple must define "network printers" as any printer with a network interface.  Microsoft defines network printers as printers shared by another computer.  TCP/IP ports are local ports on a Windows computer, so TCP/IP connected printers are local printers that can be shared.  Multiple users on a Mac all see the same connected printers.  Multiple users on Windows all see the same local printers, but network printer connections can be different for each user.
  Apple must not see any value in accounting for printing and assigning the cost to the user or department.  We need to account for printing and cannot have any users bypassing the system by printing directly to printers.  I have created Access Control lists on the printers to limit connections to the specific IP addresses of our print servers.
  The documents about setting up DNS-SD and IPP connections must have assumed USB connected printers on a Mac.  The odd thing is that I was able to share a network printer from the Mac mini when the client Mac was on the same subnet.  Is PH13940 wrong?
  I am Microsoft Certified Systems Engineer 1999 and Apple Certified Technical Coordinator 2013.

• Backup WLC across a WAN

  Currently we have 20 remote sites, each with 2-5 AP's each. They all connect back to our Main Data Site in the US and register on a single WLC5508.
  We do not have a backup WLC, but are looking to purchase one.
  What I would like to know is, are there any problems with the secondary WLC being installed in our Main Data Site in Europe?
  These two main sites are connected via a 10M MPLS WAN.
  So all the remote sites could still connect to the WLC in the US, but in the event of a WLC failure in the US, they would need to fail over to the site in Europe.
  Are there any issues with having WLC's seperated across a WAN?                 

  Normally Flexconnect is leveraged for remote office locations like you described. However, you can drive all the traffic back.
  Based on your design, do you have layer 2 between the locations? If they are different when aps move from controller 1 to controller 2 with a different subnet clients can have issues.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Solution to use Airprint across subnets wired/wireless

  A lot of companies are trying to figure out how to setup airprint to print
  in the workplace, wired+wireless across subnets.
  We finally figured it out with some DNS magic and a CUPS server.
  I have documented the solution at a live document hosted at
  http://sites.google.com/site/iwastepaper/
  Hopefully it helps a few folks.
  <Edited by Host>

  You will want to make sure your APs can route from where ever you install them to the WLC managment address.
  How APs find the controller can happen a few different ways:
  1) DNS A record
  2) Layer 2 broadcast (which you seen already)
  3) IP Route Forward
  4) DHCP Option 43
  5) Manual Prime the AP
  Most folks lead with option 43.
  http://www.my80211.com/cisco-wlc-labs/2009/7/4/cisco-dhcp-option-43-configuration-nugget.html
  if you check the config guide you will explain the other processes.

• NetBoot across subnets with a bootpd relay

  Hello Apple Community!
  I've got 4 subnets at my school, each with various Macs around campus.  I have a Mavericks server on each subnet currently, each with their own NetBoot images.  It's a pain to keep everything updated.  I can get a single client Mac (pre-2011) to boot across subnets using the bless command, but that's not really a viable solution for us to run a bless command on each client every single time we want to netboot.  So far, the solution has been just to have dedicated netboot servers on each subnet, but I know there has to be a better way.
  This article (OS X Server: How to use NetBoot across subnets - Apple Support) describes three different methods for netbooting across subnets, but two of them are not really viable for us.  Those involve reconfiguring the network to allow BootP data to pass across subnets or configuring one server with multiple network connections, one for each subnet.  However, option #2 describes configuring a bootpd relay.  Based on my reading, this sounds like exactly what I need.  However, I can't find any good documentation to walk me through setting it up.
  I've thoroughly read the bootpd man page, which has had me editing the /etc/bootpd.plist on multiple servers.  This hasn't gotten me very far.  My clients still don't see the remote NetBoot server.  It seems like the relay is supposed to redirect broadcasts from the remote Netboot server, through a local NetBoot server to the client.  But I have no idea how to make this work.
  Could someone please give me more guidance on what I'm supposed to be doing here?  I'd like to host a single NetBoot server and have any client on any subnet be able to option-boot to see the NetBoot startup options (I have multiple NetBoot images, from Apple Service Toolkit to DeployStudio and Mavericks/Yosemite installers in between).  Even if I could get it to just netboot to one default source (AST), I could deal with that.  I'm also happy to host multiple NetBoot servers, but with all my NetBoot images in one location.  I'm stumped in this multiple subnet environment and I need help.  Please help.

  Thanks again for your feedback.  I had forgotten I left the "tftp://" on the IP address.  Though, I've tried that multiple ways, starting with IP only.  Also, per the bootpd man page (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man8/bootpd.8.html), <allow/> and <deny/> are lists for MAC address allowances and when nothing is defined everything goes through.  These are there by default, though I will remove them and see what happens.  Also, according to the man page, bootp_enabled enables on all connections when a boolean is set rather than an array.  Though I will still change this also and see what happens.  The array that comes after the netboot_disabled key is auto-generated by NetInstall when you turn the service on in Server.app.
  Essentially, that plist comes from a fresh activation of NetInstall.  I deleted the previous .plist, rebooted the server and when I turned on NetInstall, that's what was created, plus my bootp modifications.
  All that said, you said that you assumed I started the relay with the 'debug & logging' options enabled.  I haven't started the relay in any active sense.  So far, I've just been modifying this .plist, and rebooting a bunch of times, but that's where I seem to get lost.  Is there a way to actively "start" the relay?  I'd love to look at these 'debug & logging' options.  As for the 'Startup Disk' prefs on the client Mac, they do not show any significant change.  Basically, they just don't see the remote server as a startup option.  I have not gleaned any pertinent info from console, though I'm not sure I know what I'm looking for.
  On a side note, I had a wild hair to try something different.  I set my local subnet's server to look at a NetBootSP0 folder that was actually a symlink to a NetBootSP0 folder that was mounted as a file share from the remote NetBoot server.  This really looked like it might work.  When you boot the client, it saw the startup volumes from the remote server.  However, upon boot, it doesn't seem to make the connection and winds up booting back to the internal hard drive.  It was worth a try...

• Jumpstart across subnets

  Hello
  I am having trouble configuring my jet toolkit to boot across subnets.
  It works fine in the same subnet but when it goes across subnets it seems to lose the default router for the client.
  {0} ok boot net:dhcp - install
  Resetting...
  POST Sequence 01 CPU Check
  POST Sequence 02 Banner
  LSB#00 (XSB#00-0): POST 2.12.0 (2009/09/09 15:17)
  POST Sequence 03 Fatal Check
  POST Sequence 04 CPU Register
  POST Sequence 05 STICK
  POST Sequence 06 MMU
  POST Sequence 07 Memory Initialize
  POST Sequence 08 Memory
  POST Sequence 09 Raw UE In Cache
  POST Sequence 0A Floating Point Unit
  POST Sequence 0B SC
  POST Sequence 0C Cacheable Instruction
  POST Sequence 0D Softint
  POST Sequence 0E CPU Cross Call
  POST Sequence 0F CMU-CH
  POST Sequence 10 PCI-CH
  POST Sequence 11 Master Device
  POST Sequence 12 DSCP
  POST Sequence 13 SC Check Before STICK Diag
  POST Sequence 14 STICK Stop
  POST Sequence 15 STICK Start
  POST Sequence 16 Error CPU Check
  POST Sequence 17 System Configuration
  POST Sequence 18 System Status Check
  POST Sequence 19 System Status Check After Sync
  POST Sequence 1A OpenBoot Start...
  POST Sequence Complete.
  Sun SPARC Enterprise M4000 Server, using Domain console
  Copyright 2009 Sun Microsystems, Inc. All rights reserved.
  Copyright 2009 Sun Microsystems, Inc. and Fujitsu Limited. All rights reserved.
  OpenBoot 4.24.12, 32768 MB memory installed, Serial #91113890.
  Ethernet address 0:21:28:6e:49:a2, Host ID: 856e49a2.
  Rebooting with command: boot net:dhcp - install
  Boot device: /pci@0,600000/pci@0/pci@8/pci@0/network@2:dhcp File and args: - install
  1000 Mbps full duplex Link up
  Timed out waiting for BOOTP/DHCP reply
  Timed out waiting for BOOTP/DHCP reply
  Timed out waiting for BOOTP/DHCP reply
  Timed out waiting for TFTP reply
  Timed out waiting for TFTP reply
  Timed out waiting for TFTP reply
  Timed out waiting for TFTP reply
  I have entered the router info in the defaultrouters file
  kenapps08g:global# cat defaultrouters
  # You can use this file to allow templates to be auto-populated with additional
  # default router settings, especially useful for managing large numbers o
  # server templates.
  # Format:
  # <subnet> <mask> <default router>
  # Example:
  # 192.168.1.0 255.255.255.0 192.168.1.254
  10.0.1.0 255.255.255.0 10.0.1.1
  10.0.2.0 255.255.255.0 10.0.2.1
  10.0.3.0 255.255.255.0 10.0.3.1
  </opt/SUNWjet/etc>
  kenapps08g:global# more dhcp.conf
  # This file is used to control some of the options for the DHCP boot
  # environment
  # DHCPDIR: The replies sent out by DHCP are limited in length; we use
  # this directory to create symlinks to the actual Solaris
  # media dirs; the intention is to keep paths short!
  # N.B. If you change this, please make sure the new area is
  # properly shared in /etc/dfs/dfstab
  DHCPDIR="/dhcp"
  # DEBUG_DHCP keep temporary files around after client_allocate_pdhcp.SunOS
  # has run. Non-null invokes debug
  DEBUG_DHCP=""
  # REMOTE_DHCP define the hostname of the Sun server running Sun's DHCP daemon
  REMOTE_DHCP="kenapps08g"
  # REMOTE_DHCP_METHOD define what method to use to propogate. ssh is currently
  # supported and requires you set up a trust relationship
  # between this server and it.
  REMOTE_DHCP_METHOD="ssh"
  # DHCP_FORMAT Which dhcp server type is supported. SUN is currently supported,
  # however, ISC is still in development. If REMOTE_DHCP is set,
  # you must set DHCP_FORMAT to SUN. Valid entries are "SUN"
  # and "NOOP". NOOP can be used if you are manually setting
  # up your own DHCP server with the required parameters.
  DHCP_FORMAT="SUN"
  kenapps08g:global# more dhcp_servers
  # You can use this file to define the DHCP servers responsible
  # for different subnets.
  # This is only required if you have multiple DHCP servers.
  # If a match is found, the settings in this file will be used,
  # otherwise the DHCP server defined in dhcp.conf will be used.
  # Format:
  # <client network> <client mask> <dhcp-server-name> <dhcp-server-tyep> <method>#
  # <dhcp-server-name> overrides the REMOTE_DHCP setting
  # <dhcp-server-type> overrides the DHCP_FORMAT setting
  # <method> overrides the REMOTE_DHCP_METHOD setting
  # Example:
  # 192.168.1.0 255.255.255.0 dhcpserver1 SUN ssh
  10.0.1.210 255.255.255.0 kenapps08g SUN ssh
  10.245.64.10 255.255.255.0 lisjump01g SUN ssh
  kenapps08g:global# more jumpstart.conf
  # This config file defines the jumpstart specific variables.
  # Version: $Revision: 1.8 $
  # Last Updated; $Date: 2009/04/15 12:41:29 $
  # Location of the additional media for patches and packages:
  # These paths should be URI form e.g. nfs://<serverip>/<path> or <path>
  # Currently only PKG_DIR and PATCH_DIR can be on a remote NFS server.
  # If they are just <path>, the appropriate address of the JumpStart server
  # will be added.
  # N.B. if the media location is on a different server, please ensure it is
  # routable from the client !
  # You can specify an alternative location for where the client can
  # NFS mount the /opt/SUNWjet directory. Simply provide the IP address
  # of the server or the IP address and path on the remote server
  # in the JS_CFG_SVR variable. However, this MUST be mounted
  # on the JET server in /opt/SUNWjet as well, and be rw by root.
  # e.g. JS_CFG_SVR="nas_server1" or
  # JS_CFG_SVR="nas_server1:/unixshare/SUNWjet"
  # When using an NFS server for images, even though the JET server
  # MUST have the boot media locally, it is possible to have the client
  # net boot from the remote NFS server. By default, clients will boot from
  # the JET server. To override this, set JS_CLIENT_BOOT to "remote".
  JS_Default_Root_PW=M4JVhMPO9CaQw
  JS_BUILD_DIR=/var/opt/sun/jet
  JS_PKG_DIR=/vendor/jumpstart/pkgs
  JS_PATCH_DIR=/vendor/jumpstart/patches
  JS_CFG_SVR=
  JS_SOLARIS_DIR=/vendor/jumpstart
  #JS_DHCP_VENDOR="SUNW.Ultra-5_10 SUNW.Ultra-30"
  JS_DHCP_VENDOR="SUNW.Sun-Fire-T1000 SUNW.Sun-Fire-V240 SUNW.SPARC-Enterprise"
  #JS_CLIENT_MANAGEMENT="bootp"
  JS_CLIENT_BOOT="local"
  kenapps08g:global# more server_interfaces
  # You can use this file to help JET determine the correct IP address to
  # use when it is configured on multi-homed hosts. It is also used to
  # define which servers on different subnets whcih can be used in conjnction
  # with dhcp.
  # As we don't know which side of the server clients will connect through,
  # you can set things up here - especially useful if this server is not
  # a router either.
  # Format:
  # <client network> <client mask> <our preferred ip address>
  # Example:
  # 192.168.1.0 255.255.255.0 10.0.0.1
  10.245.64.0 255.255.255.0 10.0.1.210
  10.0.3.0 255.255.255.0 10.0.1.210
  It has to be a defaultrouter setting somewhere because I can ping the server during jumpstart only from its own subnet.
  during the dhcp part it looks like the traffic is coming thru and it gets its offer then during the tftp part no traffic comes across anymore
  I am stuck on this one.
  thanks

  this file is in place with the interfaces
  kenapps08g:global# cat defaultrouters
  # You can use this file to allow templates to be auto-populated with additional
  # default router settings, especially useful for managing large numbers o
  # server templates.
  # Format:
  # <subnet> <mask> <default router>
  # Example:
  # 192.168.1.0 255.255.255.0 192.168.1.254
  10.0.1.0 255.255.255.0 10.0.1.1
  10.0.3.0 255.255.255.0 10.0.3.1
  183.1.2.0 255.255.255.0 183.1.2.209
  </opt/SUNWjet/etc>
  kenapps08g:global# cat server_interfaces
  # You can use this file to help JET determine the correct IP address to
  # use when it is configured on multi-homed hosts. It is also used to
  # define which servers on different subnets whcih can be used in conjnction
  # with dhcp.
  # As we don't know which side of the server clients will connect through,
  # you can set things up here - especially useful if this server is not
  # a router either.
  # Format:
  # <client network> <client mask> <our preferred ip address>
  # Example:
  # 192.168.1.0 255.255.255.0 10.0.0.1
  10.0.1.0 255.255.255.0 10.0.1.210
  10.0.3.0 255.255.255.0 10.0.1.210
  183.1.2.0 255.255.255.0 10.0.1.210

• Not able to use Apple tv across subnet

  Hi Guys,
  I have made a test setup which contain an cisco 2600 router, apple tv and Macbook pro with 10.9.2 OSX. Its pretty simple setup. One interface(Fa0/0) of the cisco router is connected to apple TV via ethernet cable in an network 10.0.1.0/24 and another interface (Fa0/1) is connected to Macbook pro in  network 10.0.2.0/24 via ethernet cable. Apple TV network ip is 10.0.1.2 whereas macook ip is 10.0.2.2. I am able to succesfully ping from macbook to apple tv, but not able to discover apple tv at all on my macbook. I tried every method, allowed udp port 5353 on router for bonjour discovery , but still no luck. Can any gentleman help me on this?

  Yes, we can mirror it across subnet. Thats what I am trying to figure out. People had done this eariler.

• CUPS printer sharing across subnets?

  I am trying to set up my local network printer so that everyone in the house can print from it. However I have two subnets in the house and I don't see how to connect to the Linux server through a Windows 7 client.
  My network is like so:
  Upstairs: [Modem] <=eth0=> [Router 1]  Subnet of 192.168.0.*
  [Router 1]  <=wlan0 client mode=> Downstairs: [Router 2 with dd-wrt firmware] Subnet of 192.168.1.*
  [Router 2] <=eth0=> CUPS server/PC with USB printer attached IP address of 192.168.1.1XX
  This works: [Router 2] <=ath0.1 virtual wireless ESSID=> Windows 7 Laptop
  This doesn't: [Router 1] <=wlan0=> Windows 7 Laptop
  I tried
  sudo cupsctl --share-printers --remote-any && sudo systemctl restart cups
  on the host PC, but the W7 clients can't connect across subnets. Is there anyway to set it up so it can? They can easily connect to the ath0.1 network and then print, but it's inconvenient for them. The Windows users spend most of the time upstairs, and not downstairs, so they are usually connected to the wlan0 network.
  I have the option of putting [Router 2] into client bridged mode so it shares the same subnet of [Router 1], however I can't seem to set it up properly and I run into problems. It is important to have the ath0.1 network downstairs, and I am unsure that client (bridged) mode will allow for the virtual interface.
  I do not have Samba installed but I am considering trying that, but a simpler solution would be appreciated.
  *Edited for further clarification & error fixing.
  Last edited by felixculpa (2012-12-27 20:03:51)

  DiverDoc wrote:
  if I can share a printer between an XP system and a Win 7 system?
  Before I enter all the system data, I just wondered if someone already knew the answer to this one. I was successsfully sharing a non network printer plugged into an XP machine via USB and printing to it via Network Magic from my Vista machine, but since I upgraded Vista to Win 7, I cannot. Everytime I try to install the remote printer or access it in any way from my Win 7 machine, I get the Windows message: " Windows cannot connect to the printer". This also occurs form within the Network Magic Map if I try to Complete Printer Setup. It shows up on my Win 7 machine when I want to ADD a Printer, but I cannot install it. It shows as Shared on the XP machine.
  Thanks for any assistance!
  S.
  Hi S.,
  You need to use Network and Sharing Center and open up your computer. You need to use the Public Profile and turn on Network Discovery. Not sitting in front of Windows 7 at the moment.
  Otherwise, you need a Wireless Printer or All-In One Machine or a Printer that plugs into the Router using an Ethernet Port.
  thecreator - Running Network Magic version -5.5..9195.0-Pure0 on Windows XP Home Edition SP 3
  Running Network Magic version -5.5.9195.0-Pure0 on Wireless Computer with McAfee Personal Firewall Build 11.5.131 Wireless Computer has D-Link DWA-552 connecting to D-Link DIR-655 A3 Router.

• Multiple routers and subnets - can't access across subnets

  Hey all, I'm having an issue with multiple routers and subnets on my FIOS connection. Here's how everything is setup:
  Primary router:
  ActionTec MI424WR Rev D (from Verizon)
  WAN IP: From ISP
  WAN NETMASK: From ISP
  LAN IP: 192.168.1.1LAN NETMASK: 255.255.255.0
  Secondary router (WAN connected to ActionTec LAN):
  Belkin N750 gigabit w/ 802.11n
  WAN IP: 192.168.1.2
  WAN NETMASK: 255.255.255.0
  LAN IP: 192.168.2.1
  LAN NETMASK: 255.255.255.0
  With this setup, I have the secondary router's WAN port connected to a LAN port on the primary router. Each are broadcasting an SSID and each are running DHCP to assign address to their respective subnets. Everything was well and good, except that I could reach 192.168.1.* systems from 192.168.2.*, but not vice versa -- anything connected to the Primary router was blind to systems connected to Secondary. Also, I could not ping anything on .2 from .1.
  So, I added the following static route to the primary router:
  DESTINATION: 192.168.2.0
  NETMASK: 255.255.255.0
  GATEWAY: 192.168.1.2
  Once this was added to the router, I could ping everything, so that was good. However, even though .1 can now ping .2, I can't access certain things such as the web interface of my NAS (192.168.2.2). I can ping it, but accessing it in the browser from .1 doesn't work; however, accessing from .2 does work.
  I think the ActionTec router might be blocking it, but that's just a guess. The firewall on this thing has me thoroughly confused. Currently, I have 192.168.1.2 in the DMZ on the ActionTec, but that didn't make a difference. I've also completely disabled the firewall on the secondary Belkin router, but still nothing.
  Any help from the pros here? Much appreciated!
  Solved!
  Go to Solution.

  Ok, I figured it out and everything is now working. The issue appears to be that the ActionTec router doesn't recognize traffic from Subnet 1 to Subnet 2 as internal traffic -- it treats it as external traffic and closes it off. To fix this, it required some Advanced Firewall Filters that were far from unituitive and took a lot of testing to get it just right. If anyone runs into a similar situation in the future, here's a rundown of what I did to make it all work:
  Primary Router:
  ActionTec, MI424WR Rev D
  WAN IP/NETMASK:Assigned by ISP
  LAN IP/NETMASK:192.168.1.1 / 255.255.255.0
  Secondary Router:
  Belkin N750 Gigabit w/ 802.11n
  WAN IP/NETMASK:192.168.1.2 / 255.255.255.0
  LAN IP/NETMASK:192.168.2.1 / 255.255.255.0
  Plug Secondary router's WAN port into a LAN port on the Primary router.
  Setup Secondary router to have static LAN address (192.168.1.2)
  At this point, you should have 2 separate subnets: Subnet 1 (192.168.1.*) and Subnet 2 (192.168.2.*).
  Systems on both subnets should be able to reach the internet. Also, Subnet 2 should be able to ping and reach systems on Subnet 1; however, systems on Subnet 1 should not be able to ping or reach systems on Subnet 2. For this, we need to create a static route so Subnet 1 can reach Subnet 2.
  Create and apply the following static route in the Primary router:  (Advanced > Routing)
  RULE NAME:Network (Home/Office)
  DESTINATION:192.168.2.0(your secondary subnet)
  GATEWAY:192.168.1.2(secondary router's WAN IP)
  NETMASK:255.255.255.0
  METRIC:1
  The router now has a route between Subnet 1 (192.168.1.*) and Subnet 2 (192.168.2.*). You should be able to ping systems on Subnet 1 from 2, and ping systems on Subnet 2 from 1. You should not be able to access any systems, though -- the firewall is still blocking all but ping traffic from Subnet 1 to Subnet 2. We need to create some firewall rules to allow this communication.
  Make sure Primary firewall is set to at least typical/medium (Firewall Settings > General).
  We need to create some network objects to make it easier to manage the rules we'll create. Go to Advanced > Network Objects and do the following:
  1.Click Add. You are now on Edit Network Object screen. 
  2.Set Description to 'Subnet 1'.
  3.In Items section below, click Add.
  4.Set Network Object Type to 'IP Subnet'.
  5.Set Subnet IP Address to 192.168.1.0.
  6.Set Subnet Mask to 255.255.255.0.
  7.Click Apply. You are now back on Edit Network Object screen.
  8.Click Apply. You are now back on Network Objects Screen.
  9.Repeat the above steps again, but this time creating a second network object called 'Subnet 2':
  Nameubnet 2
  IP Subnet:192.168.2.0
  Subnet Mask:255.255.255.0
  Now we create the firewall rules. Go to Firewall Settings > Advanced Filtering.
  In the Inbound/Input rules section, click the Add link next to Network (Home/Office) Rules.
  Create the following Advanced Filter:
  SOURCE ADDRESSelect 'Subnet 1'
  DEST. ADDRESSelect 'Subnet 2'
  PROTOCOL:'Any'
  OPERATION:'Accept Packet'
  OCCUR:'Always'
  Click Apply. You will now be back on the Advanced Filtering page.
  In the Outbound rules section, click the Add link next to Network (Home/Office) Rules.
  Create the following Advanced Filter:
  SOURCE ADDRESSelect 'Subnet 1'
  DEST. ADDRESSelect 'Subnet 2'
  PROTOCOL:'Any'
  OPERATION:'Accept Packet'
  OCCUR:'Always'
  Click Apply. You will now be back on the Advanced Filtering page.
  Click Apply.
  You're all done. You should now have internet access on both subnets, be able to ping across subnets and also be able to access services across subnets (local webservers, SSH, telnet, mail, etc). You will not be able to see network file shares across subnets in Windows, however, as this requires a WINS server (which is well outside the scope of this post). For instance, I have a Western Digital NAS on the 192.168.2.0 subnet that I can access as \\Mybooklive\ from within Subnet 2; on Subnet 1, however, I have to access it by its IP \\192.168.2.10\. 

• Two WLC same subnet VLAN flapping

  Hi folks,
  We have two WLC-4404 in same subnet & both connected to a switch, same wlan ssid are configured & same interfaces with same vlans on both.
  WLC1- connected to po1 & WLC2- connected to a trunk port on switch, now there is flapping among vlans. Any idea ?

  What does the switch say that is connected to the WLC. Do a show logging...

• Can not get Netboot working across subnets

  On the same subnet all my images work correctly, but once I try to netboot form a different subnet it doesn't work anymore.  I am correctly using the bless command, and I have tried both specifying the server (to get the default image) and specifying the booter file (to get the specific image).  If I just use the --server option the log shows BSDP inform and BSDP ACK[LIST] but nothing after that... there is no select.  Again, on the same subnet it will use select and work normally.  If I use the --booter option then sometimes I can get the netboot to start but I get an error (for example, AST says there was a network error and NetInstalls do not start).
  I do know that this used to work, and in the process of changing computers and upgrading to Lion server it stopped working.  Any ideas?

  Depending on your network configuration it maybe that the simplest option is to multi-home your NetBoot server so it is visible on each subnet. Multiple servers is of course another option.
  However have a look at the information on the following links and see if any of it helps.
  http://macadmincorner.com/3-ways-to-netboot-across-subnets/
  http://afp548.com/forums/topic/netboot-across-subnets-intel/

• How to Fetch MAC-Adresses across Subnets

  Hi All,
  for some reason we have a number of Machines out there where we would like to install a Package via ARD instead of Casper. We have a list of Hostnames from this Machines. Now, the first idea was to ping them and to get the MAC-Adress out of the ARP Cache via arp -a. All together could be used as an Import-File for Remote-Desktop.
  But ARP does not work across Subnets.
  Now i was wondering - how does for example ARD read the MAC-Adress from a Machine if i do a scan to a specific Network-Range. Could i use this process to fetch the MAC-Addresses? Or could there be another way.
  bye
  joe

  Hi
  You could try installing ARD on a client within that range? Poll workstations within that range for relevant information. Save it to the Desktop of that ARD workstation. Transfer it to a memory stick etc. Or if you know the IP address of that workstation you may be able to add it using the network address option from another workstation that's in a different subnet.
  Tony

• I-Series chipsets netbooting across subnets

  Hello all,
  Is anyone having issues attaching to tftp served netinstall images across subnet's with i-series hardware? Here's the situation, the netinstall.dmg was created form a factory build core i7 macbook pro mid 2012. Imaging on the same subnet as the server works fine for all hardware type. Older hardware, for example core2duo or xenon's, can image  iacrros subnet's and on the servers subnet without issue. The problem only appears to occur when imaging an i-series device across subnet's. Anyone have any ideas? Could really use some help here.
  Thanks

  Hi Steve,
  While in most sites I have them in the same subnet there is a site where they are in 2 subnets. I was hoping to be able to make the roam seamless. If you have to disable and enable the wireless or perform an ipconfig /renew it takes away from the seamlessness :-).
  Any suggestions would be welcome. However, I can understand what Scott is saying also as that is how it currently works.
  The environment consists of all Anonymous AP various Aironent 1200 series, i.e. 100, 1250, etc.