H-REAP and AAA-override
Hi,
I need a solution for that scenario:
- one SSID
- AP is HREAP-capable
- Authentication via EAP-TLS with radius server
Depending on the radius-feetback (aaa-override) the client should work in a HREAP-VLAN or over the WLC.
I only found a fix configuration for
SSID <--> HREAP-VLAN.
Thanks
I don't think such a scenario is possible. The radius server can be used to dictate which WLAN the Wireless user will use but cannot dictate whether the user will use HREAP mode or the normal mode. That configuration needs to be done on the controller on a per SSID basis.
Similar Messages
-
Hi!
The current desing of network needed the follow:
All branch must have single corporate SSID. Users in branch must be split by functionality in different vlans.
Corporate SSID must be switched local.
Does is flex connect with AAA override have ability to mapped one SSID to multiple vlans?
I can't get confirmation of this from documentation. All examples explain how to map single ssid
to single_vlan
Thanks for answers!Yes, you can use AAA Override to assign the VLAN in FlexConnect Mode. Below is a link to the Configuration guide.
http://www.cisco.com/en/US/docs/wireless/controller/7.3/configuration/guide/b_wlc-cg_chapter_01110.html#d174972e3765a1635
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Mobility Anchor and AAA Overide VLAN Assignment
Hello,
I read some document 2 years ago that dynamic VLAN assignment was not possible with Anchored WLANs. Please I would like to know if this is now possible. The network setup would be as follows:
1. Foreign and Anchor WLC (5508) with single SSID for both guest and internal users
2. Cisco ISE 1.2 performing AAA override with VLAN tag based on AD group. Guest will go to VLAN for guest after web authentication.
Please a speedy response would be helpful.Hi grabonlee,
We have been running an anchor with VLAN override for out Guest services. Works well. VLAN needs to be defined on both the anchor and foreign. We are running 7.6.120 code. -
WLC and AAA - one SSID and more VLANs
hi,
i have an ACS 4.1, AP1242, WLC4404 and Catalyst 3750, and an Win2003 DHCP Server
Switch Interface Config:
interface Vlan10
ip address 10.70.170.1 255.255.255.0
ip helper-address 192.168.12.10
interface Vlan20
ip address 10.70.171.1 255.255.255.0
ip helper-address 192.168.12.10
at the WLC i have configured one SSID with
- Allow AAA Override
- Layer2 Sec: [WPA1,TKIP+WPA2,AES]
- ACS 4.1 AAA
- Key Management: 802.1x
one SSID mapped to the management interface. and 2 VLANS with different interfaces:
VLAN-ID1: 10
Interface-1:
IP Address 10.70.170.2
Netmask 255.255.255.0
Gateway 10.70.170.1
DHCP: 192.168.12.10
VLAN-ID2: 20
Interface-2:
IP Address 10.70.171.2
Netmask 255.255.255.0
Gateway 10.70.171.1
DHCP: 192.168.12.10
at the acs i have 2 users and two groups. Group1-User1 and Group2-User2 with the aaa attributes to change the vlan on login.
[006] Service-Type: Authenticate only
[064] Tunnel-Type: VLAN
[065] Tunnel-Medium-Type: 802
[081] Tunnel-Private-Group-ID: <VLAN-ID-1> or <VLAN-ID-2>
my problem is, that the user will authenticate successfully, and also the Vlan and Interface assignment is correct,
but the ip-address that the user will get is always the IP-Range from Interface2 (VLAN20). So when the USER2 authenticates, he get the VLAN2,
and the right interface and the right IP Adress and the communication is right.
but the USER1 gets the interface1 and VLAN10, but the IP from Interface2 (VLAN20).
what can it be?
thxFYI - If you're using ACS v4.1, you can also achieve this using the Airespace Attributes, by specifying the WLC interface name in the appropriate section.
-
AAA Override on Anchored WLANs
Hi,
Is it possible to create an anchored WLAN using 802.1x and use AAA override to dynamically change the VLAN clients are put in on the anchor WLC?
I am assuming not but can't hurt to ask!
Thanks,No:) the reason is that the foreign WLC does the encryption/decryption, so it would have to be done there without anchor. You wouldn't be able to change the vlan id from an anchor WLC.
Sent from Cisco Technical Support iPhone App -
AAA Override - QOS above what's set on WLAN
Hey guys, I think I already know the answer but thought I'd run this by the community. I'm working on configuring a PEAP secured WLAN that will be shared by our Data and VoIP wireless. Right now the WLAN's QOS is set at Silver and I'm using AAA Override to set the Cisco 7925s on our voip interface and set the QOS level to Platinum. The problem is that I'm getting tons of the following errors:
VoIP Call Failure: '44:2b:03:xx:xx:xx' client, detected by 'xxxxxxx' AP on radio type '802.11a'. Reason: 'Call failed: TSPEC QOS Policy does not match'.
If I change this WLAN's QOS to Platinum the error goes away. My thought is that I may have to configure the default QOS to Platinum and override all other devices to Silver - I'd rather not do this as more devices are affected by that change. If anyone knows or has run into something that I might be missing I'd be happy to listen to any suggestions.
Thanks all!Well whatever you set the WLAN QoS level, that is the highest allowed on the WLAN. You can't mark WMM higher but you can limit it. So set your QoS level as Platinum and make sure you drop the QoS value on non voice clients to bronze.
Sent from Cisco Technical Support iPhone App -
Hi everyone,
I'm struggling with a problem here. I cannot compile my app when I name a NSFetchedResultsController "fetchedResultController" and I override the setter selector.
How do you explain that? Is it a bug?
I'm using xCode Version 5.0.2 (5A3005) on OS X 10.9 (13A603).
Here is a sample of code showing the problem:
TestViewController.h
#import <UIKit/UIKit.h>
@interface TestViewController : UIViewController
@end
TestViewController.m
#import "TestViewController.h"
@interface TestViewController ()<NSFetchedResultsControllerDelegate>
@property (strong, nonatomic) NSFetchedResultsController *fetchedResultsController;
@end
@implementation TestViewController
-(void)setFetchedResultsController:(NSFetchedResultsController *)fetchedResultsController
if(_fetchedResultsController) _fetchedResultsController.delegate = nil;
_fetchedResultsController = fetchedResultsController;
- (NSFetchedResultsController *)fetchedResultsController
if (!_fetchedResultsController) // if no filter, no request
static NSString *SomeCacheName = @"SomeCache";
NSFetchRequest *request = [[NSFetchRequest alloc] init];
[request setRelationshipKeyPathsForPrefetching:@[@"tags",@"tags.tagged_players"]];
[NSFetchedResultsController deleteCacheWithName:SomeCacheName];
_fetchedResultsController = [[NSFetchedResultsController alloc] initWithFetchRequest:request managedObjectContext:[NSManagedObjectContext defaultContext] sectionNameKeyPath:nil cacheName:SomeCacheName];
NSError *error;
ZAssert([_fetchedResultsController performFetch:&error], @"Event list fetch error. %@. %@", error, error.userInfo);
_fetchedResultsController.delegate = self;
return _fetchedResultsController;
@endYou have custom accessor methods so need to explicitly declare the instance variable _fetchedResultsController. Read this note under You Can Implement Custom Accessor Methods in Programming with Objective-C.
https://developer.apple.com/library/ios/documentation/Cocoa/Conceptual/Programmi ngWithObjectiveC/EncapsulatingData/EncapsulatingData.html
Note: The compiler will automatically synthesize an instance variable in all situations where it’s also synthesizing at least one accessor method. If you implement both a getter and a setter for a readwrite property, or a getter for a readonlyproperty, the compiler will assume that you are taking control over the property implementation and won’t synthesize an instance variable automatically. -
I have a question regarding design and protocol. I have a network consisting of four buildings all connected through a combination of fiber and MPLS. These building need wireless. I would like to implement a solution using one 4402 WLC with LAPs in the buildings. My question regards the REAP and H-REAP protocols. Each building will have servers that the wireless users will need to access. I do not want all the traffic coming over the WAN only to return the way it came. It seems like implementing the LAPs with H-REAP is the solution to my problem. I want to ask the community if this seems correct and also ask anyone to add any other information that may be helpful as I may be missing something.
My concern is unnecessary traffic on the WAN. I want the ease of managing one controller without wasting bandwidth on my WAN. Is there a way to have traffic that is destined for a server that may be local to the LAP not use the WAN? What if the wireless users are on a seperate VLAN/subnet than the servers in the same building?
Please ask any questions if possible. I hope I was clear enough.
Thank you.Yes... H-REAP is your answer. With H-REAP as you know, you can traffic egress out of the AP's interface directly into the local LAN just as an autonomous AP would. Only centrally switched SSID's will need to be tunneled back to the WLC, but it is up to you on what you want locally and what you want tunneled back. Traffic will stay local since the wireless device will have a gatway local and routing will not send traffic out the WAN if it is destined for another local subnet.
-
3rd party Certificate and AAA Authentication
I am using a cisco asa5520 and i have set up remote access vpn with an AnyConnect connection profile.
In the connection profile i have set up that users should authenticate using both certificate and AAA.
Due to a high security requirement, the user certificate is issued from a 3rd party.
This is working fine and the user now need a valid certificate and a username/password to authenticate successfully.
I added the CA certificate as a associated trustpoint on the ASA box to get the certificate verification working.
Problem:
If Jane and Joe both have a valid certificate AND a valid username/password, Jane could authenticate using a combo of Joes certificate, and Janes username/password. Both are valid (isolated), but i only want jane to be able to authenticate with her username/password and her personal certificate.
I got an idea that i could put the Serial Number of the users certificate on the user object in AD (on the users department field or something like that) and check if this value match during authentication.
So, to sum things up, i want to compare the Serial Number (SER) field of the users certificate with a field on the user object in AD during authentication. As far as i can see the user would need a valid certificate and a valid username/password to authenticate. The user would also be authenticated only if the serial field match the value on the user object in AD.
I am happy for any help that could point me in the right direction on how to accomplish this.
Best regards,
KennethI actually got a better idea, and i think this will work great!
One of the guys at work pointed out that the sAMAAccountName is still used in many areas even though it is called pre-windows 2000.
After some trying and failing i got the idea that should try to change the "Naming Attribute(s)" on the defined AAA (ldap) server under "AAA server groups".
So i change the Naming attribute to "department", and put in the certificate serial number. I changed the connection profile and specified that it should use the "SER" value from the certificate as username. After that i tried to log in, and voila:
[123] LDAP Search:
Base DN = [dc=Testlab,dc=local]
Filter = [department=xxxx-xxxx-xxxxxxxxx]
Scope = [SUBTREE]
[123] User DN = [CN=Peter Pan,OU=Wonderland,DC=testlab,DC=local]
The ldap debug is clear, the ldap query during authentication is now searching for the user using the department field, and looking for the value of the serial number from my certificate.
I wasnt quite happy about using the "department" field and i took a look at the user object looking for a more suitable attribute. To my surprise the user has got a "serialNumber" attribute, and it can hold multiple values. I changed the "Naming Attribute(s)" from "department" to "serialNumber" and added the serial number from the certificat to the "serialNumber" attribute on the user object:
[138] LDAP Search:
Base DN = [dc=Testlab,dc=local]
Filter = [serialNumber=xxxx-xxxx-xxxxxxxxx]
Scope = [SUBTREE]
[138] User DN = [CN=Peter Pan,OU=Wonderland,DC=testlab,DC=local]
Worked like a charm!
I will settle for this solution, i cant see any issues regarding security, and it will be a breeze to admin. I will make a tool now so i can search for users in AD and update/view this attribute on the user objects.
Thank you for the input Marcin -
Can anyone recommend a good document for Cisco IDS and AAA
I need some basic tutorial for Cisco IDS and AAA. can anyone recommend any document for it?
thanksThe Cisco IDS/IPS senors do not perform any AAA functions. You can not validate a user/password externally.
-
VPN Client and AAA services on a Cisco ISR Router
Hi, my name is Jim, and I was just promoted as a trainer for the company I work for. Part of my new challenge is understanding how the configuration files in both my Terminal Services/VPN Router and Core Router work, so for many of you, these questions are going to seem very fundamental, but please help, I am an instructor in training. I hold a CCNA, CCNA-Wireless, and a CCSI cert, but I have little working experience in building and maintaining a lab....hence the need for this inquiry.
So to my questions. In our lab environment, we have a router that acts as our terminal services router and VPN router. Each laptop that connects to the lab has the Cisco VPN client loaded onto it, as well as my laptop that I teach from. My questions are these:
1. What parts of the AAA output of the running configuration tell me how to configure the VPN clients on my laptops?
2. I am using crypto key generate RSA at 1024 bits on the VPN/TS router, so does that tell me how to configure some part of the client?
3. In our lab, we are going to use a direct connection to an AP to get connected to the network, and how will the absence of an Internet connection affect the settings on the VPN client, or will they?
4. Are there helpful articles I can read that will answer some or all of these questions?
Thanks in advance,
JimHi Jim,
congratulations
Assuming a basic setup, your router will have something like this:
crypto isakmp client configuration group MyGroup
key cisco123
So on the client, you configure it to use MyGroup as the group name, and cisco123 as the (group) password.
I'm not sure I understand your question #3 and what you mean by "AP" (Access Point? So WiFi?). In any case you don't need Internet access per se, as long as you have network (IP) connectivity between the host running the vpnclient and the VPN router.
Does this help?
Herbert -
WLC 5508: 802.1 AAA override; Authenication success no dynamic vlan assignment
WLC 5508: software version 7.0.98.0
Windows 7 Client
Radius Server: Fedora Core 13 / Freeradius with LDAP storage backend
I have followed the guide at http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml with respective to building the LDAP and free radius server. 802.1x authorization and authenication correctly work. The session keys are returned from the radius server and the wlc send the appropriate information for the client to generate the WEP key.
However, the WLC does not override the VLAN assignment, even though I was to believe I set everything up correctly. From the packet capture, you can see that verfication of client is authorized to use the WLAN returns the needed attributes:
AVP: l=4 t=Tunnel-Private-Group-Id(81): 10
AVP: l=6 t=Tunnel-Medium-Type(65): IEEE-802(6)
AVP: l=6 t=Tunnel-Type(64): VLAN(13)
I attached a packet capture and wlc config, any guidance toward the attributes that may be missing or not set correctly in the config would be most appreciated.Yes good catch, so I had one setting left off in freeradius that allowed the inner reply attributes back to the outer tunneled accept. I wrote up a medium high level config for any future viewers of this thread:
The following was tested and verified on a fedora 13 installation. This is a minimal setup; not meant for a "live" network (security issues with cleartext passwords, ldap not indexed properly for performance)
Install Packages
1. Install needed packages.
yum install openldap*
yum install freeradius*
2. Set the services to automatically start of system startup
chkconfig --level 2345 slapd on
chkconfig --level 2345 radiusd on
Configure and start LDAP
1. Copy the needed ladp schemas for radius. Your path may vary a bit
cp /usr/share/doc/freeradius*/examples/openldap.schema /etc/openldap/schema/radius.schema
2. Create a admin password for slapd. Record this password for later use when configuring the slapd.conf file
slappasswd
3. Add the ldap user and group; if it doesn't exisit. Depending on the install rpm, it may have been created
useradd ldap
groupadd ldap
4. Create the directory and assign permissions for the database files
mkdir /var/lib/ldap
chmod 700 /var/lib/ldap
chown ldap:ldap /var/lib/ldap
5. Edit the slapd.conf file.
cd /etc/openldap
vi slapd.conf
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#Default needed schemas
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
#Radius include
include /etc/openldap/schema/radius.schema
#Samba include
#include /etc/openldap/schema/samba.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# ldbm and/or bdb database definitions
#Use the berkely database
database bdb
#dn suffix, domain components read in order
suffix "dc=cisco,dc=com"
checkpoint 1024 15
#root container node defined
rootdn "cn=Manager,dc=cisco,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
rootpw
{SSHA}
cVV/4zKquR4IraFEU7NTG/PIESw8l4JI
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools. (chown ldap:ldap)
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index uid,memberUid eq,pres,sub
# enable monitoring
database monitor
# allow onlu rootdn to read the monitor
access to *
by dn.exact="cn=Manager,dc=cisco,dc=com" read
by * none
6. Remove the slapd.d directory
cd /etc/openldap
rm -rf slapd.d
7. Hopefully if everything is correct, should be able to start up slapd with no problem
service slapd start
8. Create the initial database in a text file called /tmp/initial.ldif
dn: dc=cisco,dc=com
objectClass: dcobject
objectClass: organization
o: cisco
dc: cisco
dn: ou=people,dc=cisco,dc=com
objectClass: organizationalunit
ou: people
description: people
dn: uid=jonatstr,ou=people,dc=cisco,dc=com
objectClass: top
objectClass: radiusprofile
objectClass: inetOrgPerson
cn: jonatstr
sn: jonatstr
uid: jonatstr
description: user Jonathan Strickland
radiusTunnelType: VLAN
radiusTunnelMediumType: 802
radiusTunnelPrivateGroupId: 10
userPassword: ggsg
9. Add the file to the database
ldapadd -h localhost -W -D "cn=Manager, dc=cisco,dc=com" -f /tmp/initial.ldif
10. Issue a basic query to the ldap db, makes sure that we can request and receive results back
ldapsearch -h localhost -W -D cn=Manager,dc=cisco,dc=com -b dc=cisco,dc=com -s sub "objectClass=*"
Configure and Start FreeRadius
1. Configure ldap.attrmap, if needed. This step is only needed if we need to map and pass attributes back to the authenicator (dynamic vlan assignments as an example). Below is an example for dynamic vlan addresses
cd /etc/raddb
vi ldap.attrmap
For dynamic vlan assignments, verify the follow lines exist:
replyItem Tunnel-Type radiusTunnelType
replyItem Tunnel-Medium-Type radiusTunnelMediumType
replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId
Since we are planning to use the userpassword, we will let the mschap module perform the NT translations for us. Add the follow line to check ldap object for userpassword and store as Cleartext-Password:
checkItem Cleartext-Password userPassword
2. Configure eap.conf. The following sections attributes below should be verified. You may change other attributes as needed, they are just not covered in this document.
eap
{ default_eap_type = peap ..... }
tls {
#I will not go into details here as this is beyond scope of setting up freeradisu. The defaults will work, as freeradius comes with generated self signed certificates.
peap {
default_eap_type = mschapv2
#you will have to set this to allowed the inner tls tunnel attributes into the final accept message
use_tunneled_reply = yes
3. Change the authenication and authorization modules and order.
cd /etc/raddb/sites-enabled
vi default
For the authorize section, uncomment the ldap module.
For the authenicate section, uncomment the ldap module
vi inner-tunnel
Very importants, for the authorize section, ensure the ldap module is first, before mschap. Thus authorize will look like:
authorize
{ ldap mschap ...... }
4. Configure ldap module
cd /etc/raddb/modules
ldap
{ server=localhost identify = "cn=Manager,dc=cisco,dc=com" password=admin basedn="dc=cisco,dc=com" base_filter = "(objectclass=radiusprofile)" access_attr="uid" ............ }
5. Start up radius in debug mode on another console
radiusd -X
6. radtest localhost 12 testing123
You should get a Access-Accept back
7. Now to perform an EAP-PEAP test. This will require a wpa_supplicant test libarary called eapol_test
First install openssl support libraries, required to compile
yum install openssl*
yum install gcc
wget http://hostap.epitest.fi/releases/wpa_supplicant-0.6.10.tar.gz
tar xvf wpa_supplicant-0.6.10.tar.gz
cd wpa_supplicant-0.6.10/wpa_supplicant
vi defconfig
Uncomment CONFIG_EAPOL_TEST = y and save/exit
cp defconfig .config
make eapol_test
cp eapol_test /usr/local/bin
chmod 755 /usr/local/bin/eapol_test
8. Create a test config file named eapol_test.conf.peap
network=
{ eap=PEAP eapol_flags=0 key_mgmt=IEEE8021X identity="jonatstr" password="ggsg" \#If you want to verify the Server certificate the below would be needed \#ca_cert="/root/ca.pem" phase2="auth=MSCAHPV2" }
9. Run the test
eapol_test -c ~/eapol_test.conf.peap -a 127.0.0.1 -p 1812 -s testing123 -
Is it possible to config H-REAP/REAP and CAPWAP in Autonomous mode with a WLC?
I'm going to deploying all new AP as Remote-Edge AP and they will be shipped straight to site. With a pool of WLCs deployed in central DC locations. I would like to get local staff to deploy a basic CLI discovery script for the APs. However, i thought LAPs don't have CLI???
I'm thinking I must use a Lightweight AP with the WLC to use Remote-Edge AP functionality - However, I'm not sure... the configuration example at the bottom doesn't state whether it an Autonomous AP or a Lightweight one.
http://www.cisco.com/en/US/products/ps6087/products_tech_note09186a0080736123.shtml
H-REAP Controller Discovery using CLI commands
H REAPs will most commonly discover upstream controllers via DHCP option 43 or DNS resolution. Without either of these methods available, it may be desirable to provide detailed instructions to administrators at remote sites so that each H REAP may be configured with the IP address of the controllers to which they should connect. Optionally, H REAP IP addressing may be set manually as well (if DHCP is either not available or not desired).
This example details how an H REAP's IP address, hostname, and controller IP address may be set through the console port of the access point.
AP_CLI#capwap ap hostname ap1130ap1130#capwap ap ip address 10.10.10.51 255.255.255.0ap1130#capwap ap ip default-gateway 10.10.10.1ap1130#capwap ap controller ip address 172.17.2.172
Could anyone help?
Cheers
Adrian.Hi Adrian,
Further down in the doc you linked;
H-REAP Controller Discovery using CLI commands
H REAPs will most commonly discover upstream controllers via DHCP option 43 or DNS resolution. Without either of these methods available, it may be desirable to provide detailed instructions to administrators at remote sites so that each H REAP may be configured with the IP address of the controllers to which they should connect. Optionally, H REAP IP addressing may be set manually as well (if DHCP is either not available or not desired).
This example details how an H REAP's IP address, hostname, and controller IP address may be set through the console port of the access point.
AP_CLI#capwap ap hostname ap1130
ap1130#capwap ap ip address 10.10.10.51 255.255.255.0
ap1130#capwap ap ip default-gateway 10.10.10.1
ap1130#capwap ap controller ip address 172.17.2.172
Note: Access points must run the LWAPP-enabled IOS® Recovery Image Cisco IOS Software Release 12.3(11)JX1 or later, in order to support these CLI commands out of the box. Access points with the SKU prefix of LAP (for example, AIR-LAP-1131AG-A-K9), shipped on or after June 13, 2006 run Cisco IOS Software Release 12.3(11)JX1 or later. These commands are available to any access point that ships from the manufacturer running this code level, has the code upgraded manually to this level, or is upgraded automatically by connecting to a controller running version 6.0 or later.
These configuration commands are only accepted when the access point is in Standalone mode.
Cheers!
Rob -
How do I safely and correctly override equals in a generic element class?
(I posted this in the collection forum, but it was suggested I should take it here instead.)
I've written an OrderedPair element class, (OrderedPair<K,V>), so I can have a set of ordered pairs.
To get the container to treat OrderedPairs as values instead of objects, I had to override OrderedPair<K,V>.equals(Object) (as hashCode too).
So I've written the equals(Object) below in the naive way and I'm now getting warnings about an unsafe cast at line (a) and an unsafe assignemtn at line (b).
I do understand why this is a problem, but I'm not sure what the best solution is.
How does one ask about instanceof for the otherObject, and how does one cast an Object to an OrderedPair<K,V> in a safe way?
public boolean equals (Object otherObject) {
if (otherObject == null || ! (otherObject instanceof OrderedPair<K,V>)) { //line (a)
return false;
} else {
OrderedPair<K,V> otherPair = (OrderedPair<K,V>) otherObject; // line (b)
return this.key.equals(otherPair.key) && this.value.equals(otherPair.value);
}or, more to the point, how does one write a version of equals(Object) for a generic class?
It seems that this overriding of equal will have to be done for many generic element types, so there must be some approach that is safe, yes?
It was pointed out to me that AbstractMap does something similar<warning: thread hijack>
public class OrderedPair<A,B> {
final A a;
final B b;
A first() {
return a;
B second() {
return b;
another question about generic code is this:
is it possible that , most of the time, a generic code may looks like this
(please note that this is not a criticism of the above code which is perfectly ok to me):
public class OrderedPair<A,B> {
public final A a;
public final B b; // no accessor such as getA(), getB()
my point : unless you want specific behaviour linked to value consultation
the actual type of members a and b is not hidden: encapsulation seldom makes sense.
it is known to the user of the parametrized type, it is not subject to maintenance change
so it is public ..... (if it is final)
any remark? -
H-REAP and Client Load-Balancing
I'm told by Cisco that H-REAP does not support client load-balancing.
We have a situation where we want to deploy LWAPPs using H-REAP into a conference room where training would take place.
Any suggestions on how to overcome the inevitable slowness these people are going to experience from being unevenly associated with the APs?
We can't re-write the application so we are looking for a wireless solution.
Anyone hear about how other organizations have dealt with this type of situation?
I'll be glad to supply more details if I am not being clear in my description of the problem.
Thanks in advance. All responses will be rated.
PaulThis is the functionality which is missing in H-REAP: Client and Network Load Balancing
"Radio Resource Management (RRM) load-balances new clients across grouped lightweight access points reporting to each controller. This function is particularly important when many clients converge in one spot (such as a conference room or auditorium) because RRM can automatically force some subscribers to associate with nearby access points, allowing higher throughput for all clients. The controller provides a centralized view of client loads on all access points. This information can be used to influence where new clients attach to the network or to direct existing clients to new access points to improve wireless LAN performance. The result is an even distribution of capacity across an entire wireless network.
Note: Client load balancing works only for a single controller. It is not operate in a multi-controller environment."
I suppose if we limit the number of users that can associate with a particular AP then we will achieve some client load-balancing. Though a hard limit on the number of end-users will also lead to situations where some end users will not be allowed any access.
Maybe you are looking for
-
How to use .mov files for video in Flash...
Hello- I am trying to use .mov files for my Flash videos. I know it uses .mp4/flv/f4v, but I really need to use .movs. I know this works... but how? Suggestions?
-
I am receiving the following error messages when I attempt to access a form that invokes the Client_host and Client_text_io commands: Downloading http:/uranus:7778/forms90/webutil/webutil.jar to JAR cache Downloading http:/uranus:7778/forms90/webutil
-
When i switched my tv on i got a message saying that there is no digital tv signal found. It had another message undeneath which gave me 5 minutes before the tv switched off. I couldn't move from this screen which means I cannot access settings to tr
-
Histogram using CL_GUI_CHART_ENGINE
Hi, I am trying to build a histogram using CL_GUI_CHART_ENGINE as a better looking chart than the standard histogram chart in QGP1(2) transactions. First of all even if I use the same class as QGP1(2), the columns are showing up at different loca
-
Unexpected exception:need help
hi everyone, i want to make a one way communication between applet and servlet.morever trying to send an array of string along the path stated and for that accomplishment i got stuck around the following code at client and server side. when i run the