Flexconnect, branch and central site have same VLAN's

Similar Messages

• Flexconnect localauth and centralized auth on same SSID

  Hi,
      We try to setup remote APs in FlexConnect mode and wants it set for local auth, while the main site (where the WLC resides) uses central authentication.
  The SSID has is the same at both site so is the L2 security policy.
  thanks,
  Alex

  Central vs Local authentication is a "per WLAN" configuration, so a single WLAN cannot have APs doing both central and local "authentication".  You can keep the auth Central, and if you're FlexConnect groups are configured properly, your "remote" APs can always "failover/fallback" to using LocalAuth in the event of connectivity loss to the WLC (APs transition to standalone), but you can't explicitly force one or the other on the same WLAN.

• Does iPhone 5 and iPhone 4s have same sim card??

  Does iPhone 5 and iPhone 4s have same sim card??

  A nice photo showing a SIM, micro SIM and nano SIM, top to bottom:

• Achieving Autofailover between Branches and HQ site using OSPF

  Hi there,
  I have a number of Branches and ATMs which connect to the HQ via GRE tunnels through L2MPLS of the service provdiers network.
  Recently I commisioned a DR site that I would like all the branches and ATMs to point to incase of disaster.
  Most importantly I am supposed to achieve an auto-failover solution between Branches and ATMs towards HQ, @ATM and branch has duo links from different providers for resiliency.
  The standard I am supposed to use is OSPF between branches and HQ, where we have GRE tunnels running in between, is there anyone who can assist me on how to achieve auto-failover solution between the Branches and HQ using OSPF on the existing GRE tunnels.
  Sample configuration would really help
  Thanks.

  What you are asking for here is a full blown network design. It is more than just a few configuration commands.
  We can point you in the right direction but we cannot do the entire thing for you.
  We would need to know things like is there a direct link between HQ and DR, how many branches, is OSPF already in use, if so what areas do you have, are you proposing to use the same IPs at the DR site  etc etc.
  But before all that have you thought about how the applications would work ?
  Presumably you have applications that run on servers at HQ. How do you sync this information to the DR site servers ?
  So a couple of scenarios -
  1) the link at HQ fails and all sites automatically switch to DR. Then 10 minutes later the link comes back up so all sites switch back to HQ.
  How are you going to make sure that any data written to servers in DR is now replicated to the HQ servers in real time.
  2) a branch primary link fails. It switches to DR but all the other branches are still going to HQ.
  Again how you are going to ensure the data remains consistent between the HQ and DR servers as you now have two active sites.
  Routing protocols are very good at automatically providing failover but they don't understand the applications.
  The hard part with DR is not the network, although that in itself can be challenging, but how the applications are going to work.
  So if you only want to invoke DR if there is a major outage at your HQ sites which could last for days for example then using a dynamic routing protocol could create more problems than it would solve.
  You may not have applications that need to be kept in sync so it may not be an issue for you.
  But even then what you are asking for is not trivial, DR never is.
  Perhaps you can clarify exactly how it is meant to work otherwise we cannot really point you in the right direction.
  Jon

• CSS - src and dst in the same vlan

  Hi guys,
  I need LB something like this in routed mode:
  first data flow:
  [client]->[vip1-c(css)]->[www1/www2]
  and second (backend) flow is:
  [www1/www2]->[vip2-c(css)]->[www3/www4]
  vip1,2-c = VIP address on client side
  www1,2,3,4 = all servers are in the same VLAN
  problematic is second data flow (www1/2 -> vip2 -> www3/4(because www3/4 are in the same VLAN as www1/2).
  I have two solution for this:
  1. migrate www1/2 and www3/4 to the independent VLANs (this can be design problem in existing topology)
  2. communication from www1/2 with destination to www3/4 translate to IP address located on the CSS using group, but I'm not sure if it's possible, or how it's possible to configure on the CSS.
  group gr1
  add service www1
  add service www2
  add destination service www3
  add destination service www4
  vip address ip-from-client-side(for example vip2-c)
  active
  it's possible to use this configuration?
  martin

  The group is a good solution.
  However, the way it was configured is incorrect.
  You either specify the source or destination.
  So, if you want to nat all traffic from www1 and www2 you leave the 'add server www1' commands and remove the 'add destination service www3'.
  Or you can nat all traffic going to www3 and www4. In this case, you remove the 'add service www1' and keep the others.
  Another way of doing this would be to remove all 'add ..' commands and use an acl to specify when to use the group using the option 'sourcegroup gr1' inside the acl.
  Gilles.

• [ACE] Real servers and VIP in the same VLAN

  Hello.
  I´m facing an issue because the real servers and the VIP address are in the same VLAN, when a request comes from an external client to the VIP (crossing an ASA firewall) , the ACK gets back using the IP of one of the real servers instead of the VIP so this traffic is blocked by our WAN firewall probably due the inspection rules.
  My question is if there is some way make the VIP the address who ACK´s that requests? Creating a new VLAN would be complicated because there are other services already running on those real servers.
  Thanks a lot,
  Miquel

  Hi Miquel,
  Please do source nat on ACE so that return traffic gets sent to ACE and not FW. Pasting an example for you.
       ==========================================================================
       One-Armed Load Balancing with VIP, Servers, & NAT Pool on the Same Subnet
       ==========================================================================
  login timeout 0
  access-list ANYONE line 10 extended permit ip any any
  rserver host SERVER_01
    ip address 192.168.1.11
    inservice
  rserver host SERVER_02
    ip address 192.168.1.12
    inservice
  rserver host SERVER_03
    ip address 192.168.1.13
    inservice
  serverfarm host REAL_SERVERS
    rserver SERVER_01
      inservice
    rserver SERVER_02
      inservice
    rserver SERVER_03
      inservice
  class-map match-all VIP-30
    2 match virtual-address 192.168.1.30 tcp eq www
  class-map type management match-any REMOTE_ACCESS
    description remote-access-traffic-match
    2 match protocol telnet any
    3 match protocol ssh any
    4 match protocol icmp any
  policy-map type management first-match REMOTE_MGT
    class REMOTE_ACCESS
      permit
  policy-map type loadbalance first-match SLB_LOGIC
    class class-default
      serverfarm REAL_SERVERS
  policy-map multi-match CLIENT_VIPS
    class VIP-30
      loadbalance vip inservice
      loadbalance policy SLB_LOGIC
      loadbalance vip icmp-reply active
      nat dynamic 1 vlan 451
  interface vlan 451
    description Servers vlan
    ip address 192.168.1.2 255.255.255.0
    access-group input ANYONE
    service-policy input CLIENT_VIPS
    nat-pool 1 192.168.1.10 192.168.1.10 netmask 255.255.255.0 pat
    no shutdown
  ip route 0.0.0.0 0.0.0.0 192.168.1.1
  Let me know if you have any question.
  Regards,
  Kanwal

• ICal and mobile me have same events but on different dates and times

  I am using iCal and have a mobileme account.
  When I publish the calendars their publish sites are fine.
  But when I go to my mobileme calendar, the events are there, but at different times and a day early.
  I have tried changing my (GMT time) but it stays as Pacific Time (US & Canada)
  The 'all day' events are correct, but the events throughout the day are incorrect.
  All the events on my iphone match the calendar on my home phone so I am really confused.
  Any idea what I can do to fix this?

  Thx Bernard,
  You are very helpful
  When you went through the steps, were any of the settings different to those that I suggested?
  ......Yes, Time zone was uncheck in iCal and MM
  I don't think you mentioned importing previously. Where are the events originally created?
  .....I have a large spreadsheet of college athletic games that we keep in Excel and I import to iCal, they are ALWAYS one hour off after imported to iCal. Long before iPhone and MM too!
  I don't see that MobileMe is especially different to dotmac - except that you now have explicit control over the time zone of the calendar (whereas it used to be set to the one from which you originally published).
  ...Honestly the TZ Support is a HUGE pain and causes Much more trouble for all than anything it is suppose to help with..., been that way ever since iCal came out...
  One hour time differences often crop-up on a phone and are usually to do with daylight savings issues, but you don't mention a phone in your set-up so I am assuming this is not the case.
  ...again this one hour problem, has been an issue for me long before the iPhone and MM...
  I have to say that I don't have issues with my calendars and I have these synced across different systems and devices, so for me it really is a non-issue. (I should also say that I travel frequently and don't have problems with events in multiple time zones either.)
  ...glad it works for you, but it appears this is an issue for many. I used Now Up-To-Date for 10+ years and NEVER had trouble with import/export/sync...
  One thing I neglected to ask you is whether you do need to have time zone support - i.e. do you travel with any of the macs to which you sync or do you get invitations that originate in different time zones?
  ...I have no need for TZ Support even if I were and astronaut
  It would also be enormously helpful if you would provide data on what version of OS X and iCal you are using.
  ....I am on 10.5.5 and iCal 3.0.5
  Thx Much

• IMac and Macbook pro have same Picture content both are being uploaded to iCloud

  Hi
  My iMac and Macbook pro have the same Pictures now that i got the new Photo app all the information is being uploaded to iCloud and i am getting duplicate pictures
  is there anyway to merge the pictures and only upload one of them?

  HI, then try this and before you do this hold down the command keyboard button and then click the pictures that are duplicated and delete them. then try this -
  Photos application for Mac Instructions that might help!
  On your iPad,iPhone keep the iCloud on in settings for Photos.
  if you have not opened the New Photos application yet to have it transfer your photos from iPhoto let it Transfer the Pictures.
  once you have all the pictures from iPhoto to Photos then in Photos go to Preferences
  there is general and iCloud tab and go to the iCloud and only uncheck the iCloud button that will make it so it doesn't sync with your iPhone and iPad for Photos.
  Then in Photos go up to View and press show sidebar because with that view you can move your pictures easier to albums snd delete or move any pictures or make new albums
  when you are all done with moving around your pictures or whatever go back to Preferences and turn on iCloud and make sure you have the optimize Mac Storage and then you are done! I hope this makes sense and works for you! here are the 2 pictures I'm talking about in settings

• WCS and WLC, On the same VLAN ?

  Whats best practice ? Is it better to have the WCS on the same vlan as the controller(s)
  Johann Folkestad

  Given the fact that it is snmp traffic, the WCS to WLC snmp read/writes should be confined to a subnet(s) that are secured by ACLs/firewalls/rfc1918 address space, yada yada....
  One way to do it is to place the WCS behind a firewall on the same or reachable subnet as the WLC service or management ports. I prefer using the service port on the WLC for the WCS snmp traffic, this way I can prune that vlan off the switch trunk ports that the WLC connect to as well as put it in a subnet that is away from prying eyes. I have had it working just fine since 3.0.2x all the way up to the latest rev this way.
  the controller will touch an additional vlan for each dynamic interface you create for wlans
  You can also dual home the WCS server, but the default option on WCS install/upgrade is to bind to one interface (it will detect & prompt in regards to multiple interfaces - at least on the Linux version).
  Also don't forget to lock down https access to WCS web frontend as well

• Two commercial pages (inside Amazon and United) sites have displays disrupted in 8.0.1.

  Two pages that must display correctly for transactions do not: the Amazon accounts page (https://www.amazon.com/gp/css/homepage.html?ie=UTF8&ref_=topnav_ya) and a United Airlines page (in the URL box attached to this question). Displays are all static. Safari 5.1.1 displays properly. Pre-version-8 Firefox displayed these correctly. Have Style as "Basic" and cleared cache per FAQ info. Using Mac OS X 10.6.8 on an iMac.

  Can you attach a screenshot?
  *http://en.wikipedia.org/wiki/Screenshot
  Use a compressed image type like PNG or JPG to save the screenshot and make sure that you do not exceed the maximum file size (1 MB).
  Reload web page(s) and bypass the cache.
  *Press and hold Shift and left-click the Reload button.
  *Press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
  *Press "Cmd + Shift + R" (MAC)
  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Firefox > Preferences > Advanced > Network > Offline Storage (Cache): "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Firefox > Preferences > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.com/kb/Safe+Mode

• User and owner password have same access permissions

  Hi,
  I'm trying to implement standard encryption (128 bit RC4 for now), and as far as I can tell it works.
  The one thing that worries me is that, even when I use the owner password, I have restrictions. I get access to the document with (and only with) the user and owner passwords, but in both cases I can't print if I disable it. In PDF 32000-1:2008, pag. 59 it says: "opening the document with the correct owner password should allow full (owner) access to the document".  Both Acrobat Reaqder 7.0 and Foxit do this, and I've tested other encrypted documents that show the same behaviour.
  What can I do to enable printing as owner, but not as user?
  Regards,
  Wiebe.

  Hi Aandi,
  Thanks for the help but I am able to change the title, authors name etc from the Postscript file so that prompted me to think that we may well be able to set passwords using the same. Any other source via which I can set password like ghostscript or some other open source , third party tool ?
  Thanks for the help Dude ...

• EWS Managed API: Email sender name incorrect if loading properties of multiple emails and several emails have same email address (but different names)

  Hi,
  I have an issue using the Exchange Web Services Managed API. I'm essentially implementing an 'inbox', and am essentially using two calls:
  folder.FindItems(filter, view) with the view set up with the 'idonly' property.
  The returns a 'FindItemResults<>' object containing a set of items.
  And then calling service.LoadPropertiesForItems(items, props), where the props contains all 'first class properties', which includes the sender details.
  Now, the inbox contains several emails from the same email address but with different displaynames.
  E.g. There may be one email from "Bob <[email protected]>" and another email from "Alice <[email protected]>" and another email from "Charlie <[email protected]>" etc.
  The issue is that in the information that EWS returns from the call to LoadPropertiesForItems, every email ends up with the same sender name (from the first one in the list)!
  i.e. When I enumerate through the returned items, the item.Sender.Name will always be"Bob" for every email where Sender.Address is [email protected] 
  I have debugged this with a http sniffer just to ensure that it really is the EWS coming back with this information rather than anything in the managed layer.
  Is this a known issue? How can I work around this (without querying every single email for the sender name individually, as that would be too slow)?
  Thanks

  Hi Venkat,
  Thanks for the reply.
  The scenario is that the client receives emails from a (3rd-party) automated system. The email address from this automated system is always "noreply@<blah.com>", while the display name is used to differentiate the actual sender.
  I suspect that this kind of system will likely become more widely used, and so for us will increase in priority (obviously its a priority for our client already)!
  Just for the record, if this is a known issue do you have a bug number or equivalent for it? (I tried to search but couldn't locate it).

• Compare two strings and verify they have same alphabets

  If i have two strings....s and t. I want to return whether s contains every letter in t. For example, "abcd" contains all the letters in "bbdc", since every letter in the second string appears in teh first.
  thanx

  If i have two strings....s and t. I want to return
  whether s contains every letter in t. For example,
  "abcd" contains all the letters in "bbdc", since every
  letter in the second string appears in teh first.This will do the job in s.length()*t.length() steps.
  //  Indicates whether s contains every letter in t.
  boolean allCharsContainedIn(String s, String t) {
      int len = t.length();
      for (int i = 0; i < len; i++) {
          if (s.indexOf(t.charAt(i) == -1)
              return false;
      return true;
  }S&oslash;ren

• I know the password is correct, as other devices and this site have accepted the password.  I would like help in uninstalling a few of the devices where the program is no longer needed.

  I would like to use Adobe Digital Editions on a new Nook Tablet.  I believe I have gone over the limit of devices and this may be why my password is being rejected on the new device.  I would like to uninstall the program from devices where it is no longer needed.
  Obviously my password is correct, as I am logged on here. 

  On the wireless networks that your Mac has had trouble connecting to, do you know which Wireless Security type (WEP, WPA, or WPA2) is being used?
  If it is WEP, one of the problems is that the actual standard relies on a 10 character HEX key for 40bit WEP and a 26 character HEX key for 128bit WEP.   In order to make things easier, vendors use certain algorithms to convert simple alphanumeric passwords (or passphrases) into HEX keys, thus enabling the use of simple easy to remember WEP password rather than lengthy HEX keys. The problem is that different vendors use different algorithms to generate the HEX key and therefore a ASCII password on an AEBS will be hashed differently on a non-Apple client and vice versa.   You may find the following Apple Support article helpful.

• TS4147 Me and my wife have same ICloud account she made back up for her iPhone and I lost my contacts how to restore  my contacts?

  How to restore my contacts

  Sorry no backup - no pictures.
  Yes phone will automatically backup to icloud when on wifi and phone is charge, but your phone storage was full so it stop backing up.
  Back up and restore your iPhone, iPad, or iPod touch using iCloud or iTunes - Apple Support
  iCloud: iCloud storage and backup overview
  When your phone was connected to your computer, you should've seen an autoplay which would've allowed you to import your pics to your computer as you would a digital camera Import photos and videos from your iPhone, iPad, or iPod touch to your Mac or Windows PC - Apple Support