Dlsw and 802.1q

Similar Messages

• Cisco Systems vs "CSIRO" 802.11a and 802.11g infringed upon the '069 patent

  Hi,
  any news about Cisco Systems and the "CSIRO" 802.11a and 802.11g infringed upon the '069 patent ?
  http://www.buffalotech.com/products/wireless/
  Dear Customer
  As you may be aware, Commonwealth Scientific and Industrial Research Organisation ("CSIRO") sued Buffalo, Inc. and Buffalo Technology (USA), Inc. ("Buffalo"), for alleged infringement of United States Patent No. 5,487,069 ("the '069 patent"). Subsequently, CSIRO also asserted its patent against the entire wireless LAN industry, including, Microsoft, Intel, Accton, SMC and Netgear.
  In it's lawsuit against Buffalo, CSIRO claimed certain Buffalo wireless networking products compliant with IEEE standards 802.11a and 802.11g infringed upon the '069 patent. Buffalo believed at that time and continues to believe that there are no grounds for CSIRO's allegations of infringement. The United States district court, however, found Buffalo to infringe the '069 patent and enjoined the importation and sale of Buffalo's IEEE 802.11a and 802.11g compliant products.
  CSIRO's lawsuits are against the entire wireless LAN industry and could affect the supply of wireless LAN products by any manufacturer, not just Buffalo. The entire industry is resisting CSIRO's attempts to enjoin the sale of wireless LAN products. Recently, Microsoft, 3COM Corporation, SMC Networks, Accton Technology Corporation, Intel, Atheros Communications, Belkin International, Dell, Hewlett-Packard, Nortel Networks, Nvidia Corporation, Oracle Corporation, SAP AG, Yahoo, Nokia, and the Consumer Electronics Association filed briefs in support of Buffalo's position that injunctive relief is inappropriate in this case.
  During the period of time that the injunction is in effect (10/1/2007), Buffalo cannot offer for sale, sell, import, or use its IEEE 802.11a and 802.11g compliant products in the United States. A list of the products covered by the injunction is attached here . The injunction does not prohibit sales of pre-existing inventories of products by Buffalo's customers. In addition, Buffalo has secured CSIRO's agreement to permit the replacement of defective products under warranty. None of Buffalo's other products are currently affected by this injunction.
  While Buffalo believes that it will be successful in reversing the district court's decision and will obtain a stay of the injunction pending a decision on the merits, the Court of Appeals has not yet issued a decision. Should the Court of Appeals issue a decision staying the injunction, you will be promptly notified. After the stay is issued or a favorable decision on the merits is obtained, Buffalo will be able to resume the supply of IEEE 802.11a and 802.11g products
  Please rest assured that Buffalo continues to stand behind their products and will continue to support all of our loyal customers as it relates to product warranties, technical support and the like without interruption.

  I suspect after reading the patent and the litigation that you mentioned above, that the US District Court decision will be reversed as the patent appears to be very vague in its contsruction and verbage. Furthermore, the intent to hold the IEEE hostage on the ratification of 802.11n will not bode well in the court's eyes. If in fact the case is reversed, I believe that the members of CSIRO will be in danger of lost profits litigation from Buffalo. Stay tuned to this bat channel.

• What's the difference between using and 802.11a and 5GHz only?

  What's the difference between using "802.11n (802.11a compatible)" and "802.11n only (5GHz)" modes on the Airport Extreme?

  802.11a gives you 802.11g speeds but using 5GHz (54mbps
  802.11n gives you 144Mbps (600 peak) at 2.4GHz or 5GHz

• How can i deploy macbooks and 802.1x authentication using PEAP/MSChap version 2

  How can i deploy macbooks and 802.1x authentication for wireless connectivity using PEAP/MSChap version 2. The Cert is generated by a 2008 Windows CA authority. I am trying to get to join but the MAC doesnt seem to want to accecpt the cert. Can i not validate the cert and still have it join the 802.1x wireless netqwotk? The wireless netwotk is using a Cisco 5508 wireless controller and Cisco 1142 access points. All works fine with Windows devices.

  Hi Tarik,
  Thanks for your answers,
  I've attached my configured AuthZ rules and AuthZ profile for provisioning,
  I want the process to be the same for iPhone, Android and Windows.
  1) Connect to the SSID
  2) Login using your AD credentials PEAP-MS-CHAP-v2
  3) Redirect to device registration portal (So I can set a limit of 3 devices per employee)
  4) As soon as the client click "register" no more redirects and PERMIT-ALL
  I think that I don't need to rely on profiling because In terms of AuthZ policies it should be something like this:
  1) if WIRELESS802.1x and PEAP-MS-CHAPV2 and BYODREGISTRATION=!YES(Unknown or not reg) then "Redirect to device registration(that is NSP right?)"
  2) if WIRELESS802.1x and PEAP-MS-CHAPV2 then PERMIT-ALL(no redirection)
  3) everything else = DENY-ALL
  But the NSP looks for Client Provisioning policies, so if I don't configure any policy it should Allow Network Access(See attachment photo3.png) but as I said on the post it shows that cannot retrieve the MAC-Address so the client can't register his device and don't have access to the network. (To grant access I've configured provisioning policies, that way the clients can register their devices but they are redirected to google play or are forced to install the profile at iOS and this is what I don't want because it is not necessary)
  What screenshoot do you need after the registration? the Auth report?
  Thank you very much for your time!

• Port security and 802.1x (ISE)

  Hi everyone,
  I'm implemmenting ISE in a network with Port Security enabled.
  According the book Cisco ISE for BYOD and Secure Unified Access Port-security is not compatible with 802.1x.
  I want to know what is the affectation of to have Port-security and 802.1x enabled on the same SW Port.
  Someone?
  Thanks!

  Hi Neno,
  Thanks for the reply.. As we checked the port is going in error-disable with by phone mac address wherein phone is connected 24/7 and machine connects from phone.
  Please find below logs from switch - 
  Oct  1 09:21:11: %AUTHMGR-5-START: Starting 'dot1x' for client (e804.62eb.b435) on Interface Gi5/30 AuditSessionID AC1232470000E906E5392F07 ======Phone MAC
  Oct  1 09:21:12: %AUTHMGR-5-START: Starting 'dot1x' for client (0026.b9eb.28ec) on Interface Gi5/30 AuditSessionID AC1232470000E907E53931BF ======Laptop MAC
  Oct  1 09:21:12: %AUTHMGR-5-START: Starting 'dot1x' for client (0026.b9eb.28ec) on Interface Gi5/30 AuditSessionID AC1232470000E908E539329B
  Oct  1 09:21:12: %DOT1X-5-SUCCESS: Authentication successful for client (0026.b9eb.28ec) on Interface Gi5/30 AuditSessionID AC1232470000E908E539329B
  Oct  1 09:21:12: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (0026.b9eb.28ec) on Interface Gi5/30 AuditSessionID AC1232470000E908E539329B
  Oct  1 09:21:12: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC 0026.b9eb.28ec| AuditSessionID AC1232470000E908E539329B| AUTHTYPEDOT1X| EVENT APPLY
  Oct  1 09:21:12: %EPM-6-IPEVENT: IP 0.0.0.0| MAC 0026.b9eb.28ec| AuditSessionID AC1232470000E908E539329B| AUTHTYPE DOT1X| EVENT IP-WAIT
  Oct  1 09:21:13: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet5/30, new MAC address (e804.62eb.b435) is seen.AuditSessionID  Unassigned
  Oct  1 09:21:13: %PM-4-ERR_DISABLE: security-violation error detected on Gi5/30, putting Gi5/30 in err-disable state
  Oct  1 09:21:13: %AUTHMGR-5-START: Starting 'dot1x' for client (e804.62eb.b435) on Interface Gi5/30 AuditSessionID AC1232470000E909E53935F3
  Oct  1 09:21:13: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC 0026.b9eb.28ec| AuditSessionID AC1232470000E908E539329B| AUTHTYPEDOT1X| EVENT REMOVE
  Oct  1 09:21:13: %PM-4-ERR_DISABLE: STANDBY:security-violation error detected on Gi5/30, putting Gi5/30 in err-disable state
  Can you guide us how to fix this one
  Regards
  Pranav

• WPA2-Enterprise + EAP (PEAP) and 802.1x to authenticate to RADIUS server NPS

  I need to connect my iPhone and my iPad to the corporate wireless network using WPA2-Enterprise and 802.1x to authenticate against a RADIUS server with my corporate user. What is the procedure to configure the clients? Certificates is not necessary on the client. Radius server is a NPS of Microsoft and the WLC is a 5508 of Cisco.
  thanks !!!

  WPA and WPA2 are all actually interim protocols that are used until the standardization of IEEE 802.11i standard. Wi-fi appliance decided that ratification and standardization of 802.11i standards will take more time. So, they came up with WPA.
  Now, WPA2 is advanced version of WPA. WPA2 uses AES as encryption algorithm. Whereas, WPA use TKIP as encryption mode which in turn uses RC4 encryption algorithm.
  WPA and WPA2 are actually are of 2 types respectively.
  WPA/WPA2-PSK - This is mainly for small offices. This uses Pre-Shared Key for authentication.
  WPA/WPA2 -Enterprise - This uses a RADIUS Server for authentication. This is an extension to 802.1x authentication. But this uses stronger encryption scheme(WPA uses RC4 and WPA2 uses AES).
  Any authentication mechanism that involves a separation authentication server for authentication like ACS server is called 802.1x authentication.
  EAP stands for Extensible Authentication Protocol. It refers to the type or method of 802.1x Authentication by the RADIUS/Tacacs server. A RADIUS server can authenticate a wireless client with various EAP methods.
  LEAP is one type of EAP. It uses username and password for authenticating wireless clients. LEAP is cisco proprietory.
  There are also EAP types which uses other user credentials like Certificates, SIM etc for authentcation.
  The following document might clarify your doubts.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e8297.shtml

• DLSW and Tunnel Interfaces problem

  We have a pair of routers with tunnel interfaces and DLSW between them.
  Some times the tunnel interface goes down thus loosing service trough DLSW.
  Is there any problem reported between DLSW and this kind of tunel interfaces ?

  Hi,
  i assume you are using dlsw tcp peers.
  In general dlsw does not know over what infrastucture the connection really runs. Dlsw gives data to tcp and tcp is responsible for doing the actual transmission.
  I dont know of any problems with dlsw and tunnel interfaces in general.
  Some more information might help to understand the problem.
  What type of tunnel are you using? GRE?
  What version of ios are you running?
  Do you use additional encapsulation overhead like ipsec ect?
  Does tcp on this router use path mtu discovery?
  thanks...
  Matthias

• More explanations about MESH and 802.11n

                     Hello,
  I just begin WiFi installations and I have some existential questions.
  I have 5 Cisco 1552-E APs. One of them is wired to LAN and act as RAP, the 4 others are MAP.
  On each AP, I use 1, 6, 11 channels as 2,4GHz non-overlapping channels.
  As I have a 802.11n network, I use 5GHz band with non-overlapping channels too. Because I'm in Europe and outdoor, I want to use 100, 112, 124, 136 and 140 channels.
  But all the 5 APs have a MESH backhaul 5GHz link to connect to LAN.
  Please clarify my mind, because I don't understand how it is possible for 2 APs, to communicate between themselves on a different 5GHz channel ??
  Thank you,
  Clement

  There is a new model which has 3 antenna ports for the 5ghz and 3 antenna ports for the 2.4ghz. This allows you to use one of the Cisco mesh patch antennas for a longer backhaul shoot to the RAP or even a MAP. It's hard to say what you can do but that gives you more options.
  Cisco Aironet 1552E/1552EU External Antenna Access Points
  The Cisco Aironet 1552E/1552EU Outdoor Access Points are the standard models, dual-radio system with external antenna ports that are compliant with IEEE 802.11b/g/n standards (2.4 GHz) and 802.11a/n (5-GHz). The 1552E has three external antenna connections for dual-band omni or directional antennas. The 1552EU has six external antenna connections, three for 2.4 GHz and three for 5 GHz antennas, that support omni or directional antennas. They have Ethernet and fiber Small Form-Factor Pluggable (SFP) backhaul options, along with the option of a battery backup. These models also have a PoE-out port that can power a video surveillance camera or other devices. Highly flexible models, the Cisco Aironet 1552E/1552EU are well equipped for municipal and campus deployments, video surveillance applications, mining environments, and data offload.
  Sent from Cisco Technical Support iPhone App

• Can you disable 802.11g and 802.11a on an Airport Card?

  Does anyone know if there is a way to disable 802.11a and 802.11g functionality on a MacBook Airport card? I have a very old 802.11b access point and the airport card seems to be making it fail. I was hoping that by turning off 802.11g or potentially adjusting some other airport parameters I might be able to keep the AP from crashing. I'm hoping to keep the AP I have because it has an integrated print server which has been great. If there is no way to modify the settings on the airport card, I guess I'll need to upgrade my AP.
  Thanks.
  Macbook   Mac OS X (10.4.8)  

  Well, I should have used the advice I give to everyone else. Even though my wireless router is very old, there was a firmware upgrade for it. Even though the release notes for the firmware said nothing about it fixing a problem with a MacBook, I upgraded to the latest firmware. After a week or so of testing, it seems to have resolved the problem with the AP going dead when the MacBook was using it.

• After Aiport Extreme Update 2007 001 broke LEAP and 802.1x authentication

  Apple Updater installed the Airport update 2007 001. This has completely broken my LEAP and 802.1x network access. It never recognizes the "preferred" networks, and if I connect manually by entering in the password it doesn't transmit any packets.
  I tried to reverse the upgrade by following these instructions but then it wouldn't recognize my airport hardware: www.macfixit.com/article.php?story=20070126190822382
  I tried to file a bug report, but that apple bug reporter seems to be down (it says, "An Exception has Occurred (click triangle to view)" but no triangle exists).
  ***?

  I finally discovered what was going on. When doing either the 10.4.9 update or the Airport update, my /System/Library/Keychains/X509Anchors file was either corrupted or completely emptied. The file did remain with 0K size.
  I started noticing that all SSL connections from the computer were failing (Safari, iChat, whatever) that depended on the Mac OS X components to do the SSL validation. (Firefox continued to work fine, as it has its own SSL stack.) I then ran the Keychain file check in Keychain, which alerted me to the exact file problem.
  My wife also has a MacBook with the same version of Mac OS X, so I was able to copy her X509Anchors file to my computer and everything worked perfectly after that. SSL came back, iChat works, Safari works with SSL, and 802.1x works again.
  Hope that helps someone else...

• Is it possible to get an IPv6 and 802.11n capable router?

  I would like to upgrade my current wireless router to an one that supports IPv6 and 802.11n. I want to do 6in4 tunnels for IPv6 to Hurricane Electric for my tunnel service and I have computers that have 802.11n. Currently I have the Actiontec (Verizon) MI424-WR wireless router with 10/100 ports. Can I get this through Verizon? I know I can go buy a Wireless router that can provide this on the outside, but want to ensure that this doesn't mess up my tv services. I have the three services currently on FIOS. TV, Internet and phone. So the router controls the TV settop boxes also.

  Well Verzion them selve has no plans to switch customers over to ipv6 capable routers right away as its hard to get on Wireless N router from them as well unless you are on a buisness plan.Now If you Turn off your wireless from the Verizon side and hook up a router switch to a open port on the verizon router\modem there should be no problem as thats how i do mine.Also there are only certain routers and that support Wireless N and IPv6 access and I will post some info here as well about that.
  http://www.dlink.com/products/?pid=767  <<<  Heres The Dlink one im using as Dlink and Cisco (linksys) are the only companys that support Ipv6 fully on certain models.
  Heres another IPV6 Router >> http://www.dlink.com/products/?pid=737
  only two i know of but was told there are two more dlink models that support it but i contacted dlink and they told that the two links i have posted here are the only fully compatible IPV6 routers availible.
  Heres one of ciscos routers >> http://homestore.cisco.com/en-us/Routers/Linksys-E​4200-MaximumPerformance-Wirelessn-router_stcVVprod​...

• DLSw and IPSEC

  Can anybody tell me if you can have a DLSw+ peer and IPSEC tunnel on the same router? We want to utilize DLSw+ on a branch router and use IPSEC across the WAN back to the corporate office?
  Has anybody configured this before?
  Any lessons learned?
  Recomendations?
  Thanks!

  Hi David,
  Yes, multiple customers have deployed this, and it has been tested and measured in specific customer proof of concept labs. The only issue that I'm aware of is that the MTU size requirements are affected by encryption, so be sure to take that into account.
  http://www.cisco.com/en/US/tech/tk331/tk336/technologies_tech_note09186a00801d3a9d.shtml
  In terms of performance, everyone's traffic is somewhat different, so it's impossible to say for sure. From what I remember of the proof of concept tests, 2600 routers did DLSw+ and software encryption just fine at DS0 rates.
  Rgds, Dan

• Load balance between DLSw and CIP routers

  Take a look on this environment:
  - 4 routers receiving all DLSw peers and circuits
  - 4 routers with CIP boards connected to 2 mainframes
  All CIP routers are configured with same MAC address. All routers (DLSw and CIP) are connected on a Ethernet LAN switching, so this traffic are pure LLC2.
  How I can balance the traffic between DLSw and CIP routers ?
  Thank's in advance.

  I am not sure if I totally understand the topology. Let me rephrase it. Please correct me if I misunderstand the topology. In a data centre, there are 4 DLSw routers terminating DLSw peer connections from the remote sites. In the same data centre, there are 4 CIP routers which connects to 2 mainframes. CSNA is configured on all CIP router, which uses the same MAC. You configure transparent bridging on the DLSw routers, which connect to the same ethernet switches as the CIP routers. You configure SR/TLB on the CIP routers; so that all LLC2 circuits coming from the DLSw routers connect through the ethernet interfaces of the CIP routers.
  Do you want the LLC2 circuits from a DLSw router load balance across 4 CIP routers? As duplicate MAC address is not allowed, there is no way to connect all 4 DLSw routers and CIP 4 routers on the same VLAN.
  I can think of a couple of workarounds.
  1. Enable SNASw on the 4 DLSw routers. Create a VDLC port on all 4 DLSw routers. The MAC address of the VDLC interface is the same. The VDLC MAC address is pointed by the remote SNA stations. Each DLSw router uses one of the CIP routers as DLUS.
  2. If this is the case, create 4 VLANs on the ethernet switches. Connect a pair of DLSw router and CIP router to each VLAN.

• MSI\'s Bluetooth and 802.11b combo module

  From CSR's e-news service I know about MSI's Bluetooth and 802.11b combo module:
  "MSI's Bluetooth and 802.11b combo module using CSR's BlueCore Cambridge, UK - November 4, 2002 - CSR (Cambridge Silicon Radio) has announced
  that Taiwanese motherboard manufacturer Micro-Star International (MSI(TM)) has launched a wireless module combining both Bluetooth and Wireless LAN protocol
  802.11b. The module is being supplied with the company's mainboard 845PE Max2 and is available now in all major markets around the world".
  Where I can receive the detailed information concerning to this module?

  Quote
  Originally posted by wonkanoby
  http://www.msi.com.tw/program/products/per/per/pro_per_list.php?kind=7&CHIP=39&NAME=Bluetooth
  This address (http://www.msi.com.tw/program/products/p. *NAME=Bluetooth)
  describes two PC2PC BlueTooth the device (Bluetooth Transceiving Key (MS-6967) and
   Bluetooth Transceiving Module (MS-6968)).
  Me interests " wireless module combining both Bluetooth and Wireless LAN protocol
  802.11b ". That it is?

• New Mac Mini and 802.11n 5Ghz - Does it work?

  Does anyone know if this works? It states that it is 802.11a compatible which uses 5Ghz so I am guessing it does. I don't want to have to use a third party internal card like I do now with a separate external antenna. Thanks.

  I have a mac mini I purchased last week (late 2009). I run 5Ghz 802.11n only (there is a g access point in the house, but that's on another part of the LAN). I have an iMac and MacBookPro that connect to the 802.11n and the performance is great - almost half as fast as a direct USB connection - it simply flies.
  However, the mac mini is abysmal. It connects fine - everything works, but I get hardly 1Mbyte per second., despite having full signal strength. This is the info in System Profiler:
  en1:
  Card Type: AirPort Extreme (0x14E4, 0x90)
  Firmware Version: Broadcom BCM43xx 1.0 (5.10.91.19)
  Locale: ETSI
  Country Code: IE
  Supported PHY Modes: 802.11 a/b/g/n
  Supported Channels: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140
  Wake On Wireless: Supported
  Status: Connected
  Current Network Information:
  MyHomeNetwork:
  PHY Mode: 802.11n
  BSSID: 0:23:6c:be:92:08
  Channel: 44,1
  Network Type: Infrastructure
  Security: WPA2 Personal
  Signal / Noise: -52 dBm / -94 dBm
  Transmit Rate: 270
  MCS Index: 15
  If I can't fix this soon, I'm going to have to run a cable to it, which wasn't the idea in my living room!