Design Tradeoffs with Remote WLC vs HREAP

Similar Messages

• How to failover APs from local to remote controller (Local/Hreap mode) query

  Hi,
  I have a situation where my office has a local WLC and 15 3500 series APs connected to it on local mode.
  For redundancy we have a WLC in the Datacenter somewhere, accessible via MPLS cloud.
  I would like the APs to be in local mode when they are managed by the local WLC, but, when the local WLC fails... and the APs shift over to the remote WLC, their mode should change to Flex Connect... so that I can have local switching, also it helps as the users will get IP from the local addresses pool.
  Can this be achieved?
  I am running 7.2.110 code on the 5508s.

  Ah, I imagined.
  For teh sake of arguement - suppose there are users on wireless net with DHCP mac bound IPs. Some of these users might have  some special previleges via FWs and such. Now, if local  WLC fails and  they start getting IP from a remote controller's network  (non-HREAP). This would be an issue.
  However, it can be easily  solved if the APs are always in Flex mode. If they are attached to the  local WLC - no problem. If they go and attach to remote WLC - no  problem!

• How to configure Time Capsule etc as a local network server with remote access server and for backups

  I'm trying to set up new 3TB Time Capsule as a wireless network server (with remote access) and for backups for use in a small office (of two Macs). We have a late 2011 Intel MBP and a brand new MBA both running 10.8.3. We have two external 1TB hard drives that until now have been attached the MBP for storage and backing up that computer, which up until now was the only machine in use. The MBA is for a new employee and we need to share and work on the same files, both here in the office and ideally remotely too via Back to my Mac. The MBP needs constant access. The MBA only occasional. The TC has 7.6.3 firmware and we've set it up using AirPort Utility 6.2. It is currently attached to the MBP via ethernet and it has internet access via a Sagemcom router attached to TC's WAN port.
  We've managed to set up a wireless network and both have wireless internet access through the TC
  But there are so many issues I don't know where to begin - so I'll start with a description of what we're trying to achieve:
  I planned to use the TC as the main server drive and place all the key folders and files there so that both of us can access them wirelessly and remotely. The MBP would back up to the TC and to one or two of the external hard drives - one being attached to the Mac via USB and the other being attached to the TC's USB port. We would back up the important data on the TC using SuperDuper and copy it to both external USB drives.
  So , first of all, is that a sensible configuration? Should the 'server' be the one of the external hard drives attached to the TC USB port, backed up regularly to the TC using SuperDuper?

  But when you say 'So using USB drive does make sense if you want to use it as a file store', do you mean a USB drive plugged into the TC? I hope that I can attach an external drive to the TC so we can all access and read/write the content wirelessly via the TC network or remotely.
  Yes, USB.. as it prevents the sparsebundle mixing with data files. I guess it does depend on how much data you are talking about.. you can use the TC internal disk if you are careful and setup the sparsebundle with fixed sizes once you create them..
  And to be clear, I wasn't planning on backing up remotely via BTMM - only to access the shared folders on the TC data drive or USB external drive attached to it. I'm assuming that's ok?
  Yes, that is fine. Sorry I got the impression you were going to do backup over internet.
  What is the alternative? Having a Mac Mini that's always on? Do I need OS X Server etc.?
  A mini would be great.. you don't need server edition.. but I would see how the TC goes.. since you have it and it is much lower power consumption device. It is just that its design is not really for file storage.
  One big problem I have is to do with the sharing permissions. For everything on the TC or attached external drive attached to it, it says I have only custom access and every time I try to change permissions it says I don't have the permission to do that. And if I try to change the owner it says my user name is not valid.
  How is the security setup on the TC?
  The security is a bit tricky.. I must admit since I run windows computer in the network, that I simply turn on the guest account to read and write access. For a business setup that might not be adequate  but it allows me full access to all the files.
  If you setup the TC with user accounts then you are in trouble. That makes it very difficult to access, especially if one person already has the file open you may find a second user cannot login. I am not sure as I have avoided the security. IMHO it is meaningless.. since anyone with physical access to the TC can press the reset for one second and has full access.. and can add or change passwords.

• Is it possible to config H-REAP/REAP and CAPWAP in Autonomous mode with a WLC?

  I'm going to deploying all new AP as Remote-Edge AP and they will be shipped straight to site.  With a pool of WLCs deployed in central DC locations.  I would like to get local staff to deploy a basic CLI discovery script for the APs.  However, i thought LAPs don't have CLI???
  I'm thinking I must use a Lightweight AP with the WLC to use Remote-Edge AP functionality - However, I'm not sure... the configuration example at the bottom doesn't state whether it an Autonomous AP or a Lightweight one.  
  http://www.cisco.com/en/US/products/ps6087/products_tech_note09186a0080736123.shtml
  H-REAP Controller Discovery using CLI commands
  H REAPs will most commonly discover upstream controllers via DHCP option 43 or DNS resolution. Without either of these methods available, it may be desirable to provide detailed instructions to administrators at remote sites so that each H REAP may be configured with the IP address of the controllers to which they should connect. Optionally, H REAP IP addressing may be set manually as well (if DHCP is either not available or not desired).
  This example details how an H REAP's IP address, hostname, and controller IP address may be set through the console port of the access point.
  AP_CLI#capwap ap hostname ap1130ap1130#capwap ap ip address 10.10.10.51 255.255.255.0ap1130#capwap ap ip default-gateway 10.10.10.1ap1130#capwap ap controller ip address 172.17.2.172
  Could anyone help?
  Cheers
  Adrian.

  Hi Adrian,
  Further down in the doc you linked;
  H-REAP Controller Discovery using CLI commands
  H REAPs will most commonly discover upstream controllers via DHCP       option 43 or DNS resolution. Without either of these methods available, it may       be desirable to provide detailed instructions to administrators at remote sites       so that each H REAP may be configured with the IP address of the controllers to       which they should connect. Optionally, H REAP IP addressing may be set manually       as well (if DHCP is either not available or not desired).
  This example details how an H REAP's IP address, hostname, and       controller IP address may be set through the console port of the access       point.
  AP_CLI#capwap ap hostname ap1130
  ap1130#capwap ap ip address 10.10.10.51 255.255.255.0
  ap1130#capwap ap ip default-gateway 10.10.10.1
  ap1130#capwap ap controller ip address 172.17.2.172
  Note: Access points must run the LWAPP-enabled IOS® Recovery Image Cisco           IOS Software Release 12.3(11)JX1 or later, in order to support these CLI           commands out of the box. Access points with the SKU prefix of LAP (for example,           AIR-LAP-1131AG-A-K9), shipped on or after June 13, 2006 run Cisco IOS Software           Release 12.3(11)JX1 or later. These commands are available to any access point           that ships from the manufacturer running this code level, has the code upgraded           manually to this level, or is upgraded automatically by connecting to a           controller running version 6.0 or later.
  These configuration commands are only accepted when the access point is       in Standalone mode.
  Cheers!
  Rob

• MBAM 2.5 - How does it deal with remote devices?

  Hello,
  My organization is currently looking to migrate towards using MBAM from McAfee's Endpoint Encryption product. Our environment may be a little different from a lot of other companies though.
  I've watched a few installation guides (including the newest from TechEd this year) and still have a couple of questions for deployment for our organization.
  The computers that will be encrypted, they will be set up internally on our network and then shipped out of our network perimeter. This means that communication needs to take place over the internet. Does the MBAM server support open web communication with
  remote devices over the web (assuming over port 443 or designated port)? 
  Secondly, if we need to restrict access to a computer remotely (as in disable a user) does MBAM automatically take care of this for us, or will we need a open facing domain controller that can be hit from the web as well?

  Hello,
  My organization is currently looking to migrate towards using MBAM from McAfee's Endpoint Encryption product. Our environment may be a little different from a lot of other companies though.
  I've watched a few installation guides (including the newest from TechEd this year) and still have a couple of questions for deployment for our organization.
  The computers that will be encrypted, they will be set up internally on our network and then shipped out of our network perimeter. This means that communication needs to take place over the internet. Does the MBAM server support open web communication with
  remote devices over the web (assuming over port 443 or designated port)? 
  Secondly, if we need to restrict access to a computer remotely (as in disable a user) does MBAM automatically take care of this for us, or will we need a open facing domain controller that can be hit from the web as well?
  First, MBAM clients requires access to the MBAM service to update compliance status as well as store new recovery keys (if one is used). Other than that it is fine to use the PC outside of the corp network without access.
  Secondly, MBAM doesn't help you to disable a user on a local machine. It doesn't manage users at all. Perhaps I missunderstand you.
  Tim Nilimaa | Blog: http://infoworks.tv | Twitter: @timnilimaa

• Restrictions ACL for Wireless AP to WLC in HREAP Desgin Setup

                     Hello, Everyone  I have Wireless HREAP setup in which the Wireless LAN Controllers (WLC) are located across the WAN in DataCenter while the Wireless Access Points (AP) are located within the branches, so setup is fine but as security requirement mandates that the APs VLAN in the branch should be restricted from accessing any thing except neccessary communication to WLC across the WAN so on the interface VLAN assigned for the APs in the branch i Applied an inbound ACL as below and it works fine but after some times my be days i found that the Access points are not present in the WLC GUI and it will appear only if i removed the ACL...............So question here what else is missing in my ACL which is neccessary for AP communication to WLC?
  Extended IP access list HO_AP_Restrictions
      10 permit udp any host (WLC 1 IP) eq 12222
      20 permit udp any host (WLC 1 IP) eq 12223 (58563 matches)
      30 permit udp any host (WLC 1 IP) eq 5247
      40 permit udp any host (WLC 1 IP) eq 5246 (58563 matches)
      50 permit udp any host (WLC 2 IP)  eq 12222
      60 permit udp any host (WLC 2 IP)  eq 12223 (22270 matches)
      70 permit udp any host (WLC 2 IP)  eq 5247
      80 permit udp any host (WLC 2 IP)  eq 5246 log (22270 matches)
      90 permit udp any host (ap-manager 1 IP)  eq 12222
      100 permit udp any host (ap-manager WLC 1 IP)  eq 12223
      110 permit udp any host (ap-manager WLC 1 IP)  eq 5247 (440902 matches)
      120 permit udp any host (ap-manager WLC 1 IP)  eq 5246 (1950854 matches)
      130 permit udp any host (ap-manager WLC 2 IP)  eq 12222
      140 permit udp any host (ap-manager WLC 2 IP)  eq 12223
      150 permit udp any host (ap-managerWLC  2 IP)  eq 5247 (360037 matches)
      160 permit udp any host (ap-manager WLC 2 IP)  eq 5246 (1484968 matches)

  Thanks Amjad Abdullah and sorry for late reply i was on sick leave
  Actually the issue was due to the ACL, which was blocking the DHCP (how stupidly I overlooked that)
  I have did the same command as you instructed and it reveal that AP has timed out, so I have enabled debugging on ACL to see what kindly of communication is going on and I found many communication which I was keep allowing it based try and error till I found this log that Some APs IP address are trying to communicate to the default VLAN gateway IP address on port 67 which is DHCP then I realized this is the issue.....
  In brief....the APs are assigned to a dynamic VLAN (DHCP-enabled) so when I apply the old ACL, the APs already has obtained an IP addresses and they work fine with WLC, but when the DHCP lease timer expires, the APs try to send DHCP renew to the default gateway in which no ACE inside the ACL is matching so that request being denied and therefore doesn't get an IP address so it loses communication with the WLC....
  So I added the following ACE at the end of the above ACL
  permit udp host 0.0.0.0 any eq bootps
  NowI will always remember.......Security comes with cost

• When u buy Philips DC291 Docking Clock Radio with Remote can u use a ipad 4 on it

  When u buy Philips DC291 Docking Clock Radio with Remote can u use a ipad 4 on it

  No, it has the wrong connecting pin. It was designed for  iPad 1.

• Will the iPod touch come with Earpods with Remote and Mic?

  Will the iPod touch come with Earpods with Remote and Mic? Will they be the Sam that come with the iPhone?

  No, it does not come with Remote and Mic, but it will come with the new design. (dosen't say on tech specs)

• Problems with Remote App on iOS 4?

  I have a new iPhone 4 and tried to use the Remote App in Connection with Apple TV. While I'am able to pair the remote app with Apple TV, I cannot use it properly. It works for a while, then it get's disconnected with a message that maybe a Firewall might be activated in the Router.
  I have no problems with Remote App connected to my iTunes Library. I also tried it with a iPod Touch which is still on iOS 3.1.3, no problems to connect to the Apple TV from there as well.
  Are there any known problems with iOS 4 and Apple TV?

  Chenks wrote:
  maybe for you, but isn't for me.
  i have the remote app on my iphone4 and it's connected to 2 appletv's.
  i don't experience any dropping of connection etc.
  May I ask what wifi hardware you use? It might be an wifi issue, but one which is only related with the "Bonjour" protocol which seems to be used for the Remote App. I found this thread which is older (iOS 3) but describing exactly the same problems:
  http://discussions.apple.com/thread.jspa?threadID=2048555&start=0&tstart=0
  bear in mind that the iphone4 is now "n" wifi compatible (2.4Ghz), so could it be that the "n" part of your network is poor and thus why you only see the problem on the iphone4 ?
  At least it is not poor when using it from other devices or moving a lot of data in other Apps. It is all Apple Hardware (nothing older than 2 years), and maybe that's the problem. I never had network hardware which made so much trouble, as Apples Airport series. I wouldn't wonder if it is an incompatibility between a new wifi chip in the iPhone 4 and a older Revision of an Airport device. But I don't know how to check - is there a system.log on the iPhone which I can access somehow?

• IPad + Headphones with Remote

  I bought a pair of headphones with remote on amazon, apple original, new.
  I think they are the 3rd gen headphones.
  I can't get the remote to work, I don't know if it incompatible but the apple site doesn't specify as far as I can find.
  Any help or info is appreciated.
  Thanks

  rephrasing, and reposting

• 3rd Gen Headphones with Remote + iPad

  I bought a pair of the apple headphones with remote online. I think they are the 3rd gen version.
  I can't get the remote to work with my iPad
  Anyone know if these are incompatible for some reason?

  Since other users are having a problem I would say there is either a problem with the iOS or that the headphones are not fully compatible with the iOS. I now of nothing you can really do.

• Design issue with the multiprovider

  Design issue with the multiprovider :
  I have the following problem when using my multiprovider.
  The data flow is like this. I have the info-objects IobjectA, IobjectB, IobjectCin my Cube.(Source for this data is s-systemA)
  And from another s-system I am also loading the masterdata for IobjectA
  Now I have created the multiprovider based on the cube and IobjectA.
  However, surprisingly join in not workign in multiprovider correctly.
  Scenario :
  Record from the Cube.
  IObjectA= 1AAA
  IObjectB = 2BBB
  IObjectC = 3CCC
  Records from IobjectA =1AAA.
  I expect the record should be like this :
  IObjectA : IObjectB: IObjectC
  1AAA       :2BBB       :3CCC
  However, I am getting the record like this:
  IObjectA : IObjectB: IObjectC
  1AAA       :2BBB       :3CCC
  1AAA         : #             :#
  In the Identification section I have selected both the entries for IobjectA still I am getting this error.
  My BW Version is 3.0B and the SP is 31.
  Thanks in advance for your suggestion.

  May be I was not clear enough in my first explanation, Let me try again to explain my scenario:
  My Expectation from Multi Provider is :
  IObjectA
  1AAA
  (From InfoObject)
  Union
  IObjectA     IObjectB     IObjectC
  1AAA     2BBB     3CCC
  (From Cube)
  The record in the multiprovider should be :
  IObjectA     IObjectB     IObjectC
  1AAA     2BBB     3CCC
  Because, this is what the Union says .. and the Definition of the multiprovider also says the same thing :
  http://help.sap.com/saphelp_bw30b/helpdata/EN/ad/6b023b6069d22ee10000000a11402f/frameset.htm
  Do you still think this is how the behaviour of the multiprovider.. if that is the case what would be the purpose of having an infoobject in the multiprovider.
  Thank you very much in advance for your responses.
  Best Regards.,
  Praveen.

• VM with remote access VPN without split tunneling

  Hello experts,
  I have customers who require to use VM in their laptop. These users also require to VPN to Corporate network  to do their job. However when they do remote VPN to corporate Network (ASA VPN concentrator) from their VM host machine, they loose their access to their VM guest machines. This problem was not happening when they used cisco VPN client which has gone end of life and support as of end of July 31, 2012. In Cisco VPN client (IKEV1) if we set the protocol to udp they had no problem to keep their connectivity to VM machines while connected to corporate with remote access VPN. However this feature does not work in new Cisco VPN client which is called AnyConnect. ( NOTE: I am using IPSEC IKEV2. NO SSL at this time).
  My Question to Experts:
  1. Was the ability to maintain connection to VM guest machines, while connected to VPN without enabling split tunneling a security flaw in the old cisco VPN client?
  2. Is there a way to maintain connectivy to VM machines installed in a computer and still connect to remote access VPN concentrator through host machine? (My question is about AnyConnect client only using IPSEC IKEV2 and I do not want to enable split tunneling)
  Thanks for your help,
  Razi                

  Did you figure this out?

• I have 3dparty software wirelessly with a cryptographic authentication system without my consent (seems to be new technology developed by stanford) obtaining ownership of my iPhone 4s software and controlling it with remote device to jail break. Now what?

  I have 3rd party software wirelessly injected and used on my iphone with a cryptographic authentication system without my consent (seems to be new technology developed by stanford and apple security is not updated for this technology) obtaining ownership of my iPhone 4s software and controlling it with remote device to jail breaking my phone, adding and removing software, changing settings all from a remotely controled device from different location (I have a Mac address I'd of this device to know for sure). Almost undetectable. When I look at the legal section of my phone it shows a list of all the unauthorized 3rd party software "as is" copyright encrypted on the phone.  This is the most basic way to legally steal software of any kind.  Because of this legalality 3rd party ownership have total control of certain software correlated with hardware use including visualization technology, etc.  most people luckily will never have this happen to them so it's unlikely many readers have not a clue of what I'm saying currently.  Either way, without needing to obtain specific warranty of any kind "as is" copyright control makes system restores not a solution because the source code is not directly encrypted on the actual hardware device only a copy right notice must appear on the specific device 3rd party software validation making it extremely difficult for me to take control of the situation. Apple claims their iOS technology prevents this type copyright obstruction from being possible, however, according to my phone a new form of technology was used developed by Tom wu of Stanford university called the STANFORD SRP AUTHENTICATION TECHNOLOGY which uses Some form of cryptographic authentication system and uses quote "secure remote password" which seems to suceed in hacking iOS apple technology apple claims is not possible to jailbreak an unstolen phone or without the owners consent As well as loading the device with 3rd party copyright Notices to make all of this legalized. My phone shows atleast 30 pages worth of legalized 3rd party copyright permissions! Yesterday my apple care provider labeled me a jailbreaker and refused to look at my legal documented proof which completely blew my mind because it voides my apple care contract I spent 100 on. This employee did not take all factors into consideration and made quick assumptions as well as verbally speaking to me as I'm an automatic criminal. I left the store yesterday with no payed insurance help on a problem I had no control over and couldn't prevent, leaving with voided contracts. This is an apple users worst nightmare and I have spent days researching all of this like i am some kind of lawyer only to be able to use my phone the way it should and spent alot of money on.  I can legally backup any claim I have just wrote above currently and have a large source of data collected to prove apple is wrong in voiding insurance support on this issue. The problem lies in apple avoiding and not wanting to believe their software can legally be obtained ot "hacked". Yet still labeled a jailbreaker basically.. What should I do????? Been to local apple store 3 times and rebooted my phone as well sprint service restore 4 times and spoke with reps twiice on the phone. Spoke with my phone provider who said apple has full control over these matters so they can't help me.  My case is according to apple "still open"...Anyone else heard of this or of Stanford's office of technology licensing? Maybe I need to buy a blackberry again or just use a landline so I can stop being my own lawyer and focus on other productive areas in life instead of this horrible mess. I shouldn't have to prove to apple I not a jailbreaker they should have to prove I'm one before voiding support I desperately need!!

  Mullaly75 wrote:
  I assume u guys don't understand what open source software is
  Yes, I think most of us do understand what open source software is. It sounds as if you don't. Here's some information:
  Open-source software (OSS) is computer software that is available in source code form: the source code and certain other rights normally reserved forcopyright holders are provided under an open-source license that permits users to study, change, improve and at times also to distribute the software.
  Open source software is very often developed in a public, collaborative manner. Open-source software is the most prominent example of open-sourcedevelopment and often compared to (technically defined) user-generated content or (legally defined) open content movements.
  from http://en.wikipedia.org/wiki/Open_source_software
  Yes, Tom Wu of Stanford wrote a paper on something called Secure Remote Access Protocol. It's a form of Asymetric Key Exchange and has nothing to do with hacking anything. It's actually intended to protect data.

• Error while making connection with remote oracle database

  Dear,
  I am trying to make connection with oracle database but when i run java file it's raise an error "classnotfoundexception oracle.jdbc.driver.oracledriver"
  DriverManager.getConnection(
    "jdbc:oracle:thin:@erp:1521:ORCL", "apps",
    "apps");
  Pls any body have idea.
  Thanks.

  Thanks for support.
  Below is error which i am getting while making connection with remote database.
  C:\Program Files\Java\jdk1.7.0_05\bin>java OracleJDBC
  -------- Oracle JDBC Connection Testing ------
  Where is your Oracle JDBC Driver?
  java.lang.ClassNotFoundException: oracle.jdbc.driver.OracleDriver
          at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
          at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
          at java.security.AccessController.doPrivileged(Native Method)
          at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
          at java.lang.ClassLoader.loadClass(ClassLoader.java:423)
          at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
          at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
          at java.lang.Class.forName0(Native Method)
          at java.lang.Class.forName(Class.java:186)
          at OracleJDBC.main(OracleJDBC.java:13)
  Advice.