High CAPWAP traffic when locally switched

Similar Messages

• Locally switched Guest WLAN with Web Authentication

  I have a remote location that has its own internet pipe.  I have set up a new guest SSID and set to switch locally and changed the AP mode to Flex connect. When I connect to the new SSID, I get an IP address from the local LAN, but the Web redirection page will not load. Is this because the local LAN does not have a route to the WLC virtual interace of 1.1.1.1? Is there a way to tunnel just the web authentication portion of traffic and locally switch everything else?

  You are close in your understanding.
  If you want to use the web portal services on the WLC then you need to bring that traffic back to the WLC.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• HREAP local switching works perfectly BUT central switching fails when WLC is down. Doesnt fallback to local switching.

  Hi All,
  I am currently using as 4402 with 6.0.196 image. The APs that i am using is the 1130.
  I have configure HREAP for Local switching, it works very well. I am even able to do 802.1x
  Authentication after registering with ACS. Currently I am usng only 1 SSID. That SSID is mapped
  to vlan 10 and my AP is on native Vlan 1.All the proper trunks and routing has been enabled.
  The issue i have is that when I am trying to create a central switched WLAN that fallbacks to local
  switching once the controller is down. The only diffrerence I made was to remove the "tick"/checkbox option
  for "local Switching" on the WLAN page.
  It is able to work if the controller is up, I am even able to get the IP network where the controller resides. However when
  i tested by disconnecting the controller, The client is unable to authenticate or send traffic anymore. I've tried using WPA-PSK
  and also WPA-PEAP-MSChapv2. Both fails miserably.
  Does this mean that I need to create 2 WLANs? One for Local Switching and the other for Central Switching on the HREAP mode
  APs.Cant i do it with just a single WLAN?
  Thank you.
  Warmest regards,
  Azzafir Ariff Patel.

  For h-reap, if your doing centrally switch due to using EAP for authentication and the ap looses connectivity to the WLC, then those users should be able to stay associated, but new users will not authenticate.  WPA/WPA2-psk local switching should work even if the ap looses connectivity to the WLC since the h-reap ap will do the authentication.  Here is a link you probobly already seen:
  http://www.cisco.mn/en/US/products/ps6087/products_tech_note09186a0080736123.shtml#topic2

• Mozc stops working when I switch locales

  Hello,
  I have mozc and ibus installed on my system.
  When I have LANG="en_US.UTF-8" in my /etc/locale.conf, mozc works fine.
  However, when I set LANG="ja_JP.UTF-8", mozc stops working. Ibus starts fine, and I am able to type in Roman characters, but I am unable to type any Japanese characters, and I cannot do any conversions.
  I've generated 4 locales: en_US.UTF-8, en_US.ISO-8859-1, ja_JP.EUC-JP, and ja_JP.UTF-8 using the locale-gen command.
  I'm not using a login manager, and my .xinitrc contains the following:
  xmodmap ~/.Xmodmap
  xrdb -merge ~/.Xresources
  ibus-daemon -xrd
  exec gnome-session
  My .xprofile contains:
  export XMODIFIERS="@im=ibus"
  export GTK_IM_MODULE="ibus"
  export QT_IM_MODULE="ibus"
  I'm not really sure what the issue is. The problem persists across multiple WMs (awesome, gnome3, and xfce4). Thanks in advance, and if more information is needed just ask.

  Thank you very much for your help. As you say I mean when I switch off the screen or when it goes to sleep. I realize though that it has to do with the app I'm using, SVTplay, rather than the devices since it turns out to work with Netflix. Sorry for your trouble unless you can help out with the app.

• When i take a call or dial a call in the high density traffic area or noicy area i can't hear properly so at that time i put my phone in the loud speaker mode.

  when i take a call or dial a call in the high density traffic area or noicy area i can't hear properly so at that time i put my phone in the loud speaker mode.

  I have had this happen to me on 3GS, 4 and 4s.   Usually the solution is one of the following:
  1-  If  your volume indicator says  headphones even though they are not plugged in, then:
  Stick your headphones into the headphone jack and then remove quickly.
  2. If that does not work Power your phone off. Then when restarting Reset the phone by pressing the home button and the power button at the same time until the apple logo appears.
  3. Make sure you have not chosen to send audio to an Airplay device such as Apple Tv.
  Hope one of these works for you

• ITunes 10.6 has High CPU Usage when switched to Mini Player

  iTunes has high CPU usage when switched to mini player. The CPU usage goes to 80-100% when the next song is played in Mini Player. iTunes then stays at high CPU usage.
  Upon exiting mini player the CPU usage will drop back to the normal 0-5% levels.
  This only happens when playing from the main music library; which my library is at 7089 items, 42.04 GB.
  When playing from a smaller playlist such as a smart playlist with about 15 songs in it for example, the CPU usage stays low/normal.

  Do you have any better luck with that if you update to iTunes 10.6.1.7?
  From the notes for the release:
  iTunes 10.6.1 provides a number of improvements, including:
  • Fixes several issues that may cause iTunes to unexpectedly quit while playing videos, changing artwork size in Grid view and syncing photos to devices.
  • Addresses an issue where some iTunes interface elements are incorrectly described by VoiceOver and WindowEyes.
  • Fixes a problem where iTunes may become unresponsive while syncing iPod nano or iPod shuffle.
  • Resolves an ordering problem while browsing TV episodes in your iTunes library on Apple TV.
  http://www.apple.com/itunes/download/

• MDNS cannot be configured when FlexConnect Local Switching is enabled

  I am running Cisco Prime Infrastructu tore 1.3 and I am trying to push a template to allow flexconect local switching on a wlan.  However, when I attempt this, I get the message "mDNS cannot be configured when FlexConnect Local Switching is enabled" and I cannot save the template or apply it to controllers.  My controllers are WISM 2s running 7.0.235.3.

  Make sure you uncheck the mDNS option on the advanced tab of the WLAN template. You cannot use mDNS in conjunction with Flexconnect locally switched WLANs.
  Sent from Cisco Technical Support iPhone App

• Local Switching on o-LAP when working on Bridge root mode

  Dears,
  Need your support in this solution please,
  i have 2 LWAPs one working bridge root and the second working bridge mesh, i want to create two SSID on of them work local and the second work centralized. what is the configuration for that. or clarify if this solution supported or not.
  Also I need to let O-LAP make local switching on bridge root mode.
  wait your feedback urgently ASAP.
  Thanks

  Stephen Rodriguez wrote:If you are going to share the WLAN(which is pretty standard), then you need to select the interface that you want the clients passing traffic to.
  You mean the interface that the local clients will be passing traffic to, right???

• Confused: Central Switching/Local Switching

  Was wondering if someone could explain local/central switching a little further, when it comes to HREAP/FlexConnect modes for CAPWAP AP's. 
  So in our environment, we're running 7.5.102.0 code on all of our WLC's.  We have a central WLC in two of our regions(US and Europe).  Each region provides internet services for the remote sites connected to it.  So a site in Chicago comes back to our central office over an MPLS for their internet services; just as a site in italy comes back to our central office in the UK for their internet service over MPLS.  These remote sites have AP's that are in FlexConnect mode back to the central WLC's. 
  My question......I understand that an AP in central switching mode tunnels the traffic back to the central controller, whereas local switching does not.  However, what does that mean?  If the WAN link goes down, how does local switching help?  The internet is still down, since that's how the internet is advertised back from the central location.  Does that just mean that local server can be accessed, over wireles, since we are in local switching mode?  Same question for authentciation;  Our AD servers are located at the central sites, with no AD servers at the remote sites.  In local authentication mode, how would an AP register a user, if the MPLS link is down?  Does it download some sort of cached directory for authentication? 
  Thanks for your help!

  Yes, in local switching mode, wireless client traffic locally switched at the branch (you have to defined their SVI on branch switch) and they can access any branch resources whiel WAN link is down. If internet servie is provided by your central office, then they won't get internet services while your WAN link is down.
  If you configured local authentication, yes WLC will pass credential (if WLC has user credential like WAP2-PSK or WEP) to AP where it can use for local authentication. If you are using dot1x with RADIUS & AD, then you should have redundancy  of these services in order to Branch AP to use these in a situation controller is unavailable.
  Following design guide should help you to understand this
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/ch7_HREA.html#wp1103070
  Here is some of my notes related to different modes of operation of H-REAP/FlexConnect, that should help you as well
  http://mrncciew.com/2013/03/10/h-reap-modes-of-operation/
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Flex connect with a per user ACL with APs locally switched

  Hi all,
  Does flex connect allow a per user ACL to be downloaded to the session with local switched, central authentication? We are using ISE for the central policy engine and have setup dACL for wired but am about to embark on WLAN. The controller is a 5508 and the. APs are 3700's.
  Second question- if the flex connect APs don't do any form of per user ACL, the other option is to have the units in regular mode where they are both centrally switched and centrally authenticated which I understand to support a per user ACL. Our WAN links are between 10mbps - 30mbps and the most latency would be around 40ms. Will this cause issues at all with the size WAN links and latency?
  Thanks
  Sent from Cisco Technical Support iPad App

  Well you are running v7.6 so FlexConnect per user radius ACL's are supported per this doc since v7.5.
  http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-product-00.html#anc9
  As far as WAN latency, 200ms is good, but it depends in your WAN utilization now and how many AP's you plan on installing and the increase in wireless traffic across your WAN. There is a minimum requirement, but it's up to you in the end to make sure you have enough bandwidth or else you will need to QoS the capwap traffic to ensure the APs don't bounce from connected to stand alone.
  Sent from Cisco Technical Support iPhone App

• HREAP - Local switching

  Hi All,
  I have a working WLC with several HREAP AP's all Woking as they should, my question is what happens to dhcp requests when an AP is configured for HREAP local switching with no VLan support enabled ( connected to an access port not a trunk)? The local VLan has a dhcp helper address configured for an external DHCP server When a wireless client connects does all the traffic get dropped directly onto the local VLAN (in my case VLAN 10) or does any traffic transverse through the controller? I ask this because on the advanced setting page of the WLAN I have ticked DHCP REQ, how does the controller determine if the wireless client has a valid IP if the DHCP request is being supplied by the local VLAN.
  I was under the impression that the control and data planes are separated?
  Thanks in advance for any replies.
  Sent from Cisco Technical Support iPhone App

  You are correct, it gets dumpped on your vlan 10. As for your very specific question, thats a great question and I dont know that I have the anwser. Perhaps someone else like Steve, Leo or Scott can reply if they tested it.
  Im going to take a stab in the dark and say perhaps the ap makes sure it sees a dhcp req packet come in before it allows the client to get into the run state.
  OR, its doesnt work.
  OR, if that check box is marked, perhaps the ap relays some type of response back to the WCL ...
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

• Centrally Switched and Flex Local Switched WLAN - same SSID

  Hi All
  I am currently working on a WLAN migration from lightweight to autonomous and would like advice on whether the following scenario is possible.
  We've deployed an 8500HA pair at the customer's central HQ with the plan that SSIDs at the central HQ will centrally switch with SSIDs at branch sites locally switching.  AP and Flex groups have been configured for the HQ and branch sites.  There is a legacy SSID at HQ that will need to break out locally so a flex group is required for HQ.
  My original plan was to do this with one WLAN Profile per SSID, configured to locally switch.  The HQ AP group will map WLAN to the relevant IP interface with the SSID omitted from the HQ Flex Group so that the SSID will centrally switch.  The branch AP groups will be configured with the SSIDs required for branch and Flex groups will be configured to break out the SSIDs  into the relevant local VLAN.
  My question is, is it possible for an SSID to be configured as locally switched for branches but also centrally switched for HQ, by configuring it in the HQ AP Group but omitting it from the HQ Flex group?
  Configured as above a client debug gives the below which seems to suggest that it isn't possible, unless I've configured something incorrectly...
  *apfMsConnTask_5: Oct 03 15:48:51.012: c0:18:85:48:c0:5d Central switch is FALSE
  My alternative option is to create a second WLAN profile for each SSID with the same SSID name but centrally switched and then apply that accordingly in the AP groups.
  If someone can verify the above I'd be very grateful.
  Many thanks in advance
  Mark

  Hi Mark
  My question is, is it possible for an SSID to be configured as locally switched for branches but also centrally switched for HQ, by configuring it in the HQ AP Group but omitting it from the HQ Flex group?
  When you configure an SSID for local switching, it is only applicable if AP in Flexconnnect mode. So as long as your HQ APs are in Local mode then all those users traffic will be central switch for the given SSID. At branch those AP are in Flex mode, they will locally switched.
  Pls do not forget to rate our responses if that is useful to you
  HTH
  Rasika

• Very high network traffic to printer

  I am seeing very high network traffic between my Mac (iMac, running Mavericks) and my printer, a Canon MP640, connected via Ethernet. This is when the printer is idle. According to Little Snitch, the traffic is on the order of about 50 kB/s! The network traffic comes from mDNSresponder, and is directed to canonmp640.local; it is using UDP port 5353, which seems to be the mDNS port (again, according to Little Snitch). The traffic of course goes away if the printer is off, but it needs to remain on because it is being used as a printer for other computers/devices around the house.
  Is this amount of network traffic for an idle printer normal? Anyone has any idea how to stop it from doing that? I even captured some of that traffic using Little Snitch, but nothing that provided any insight to me...
  Thanks in advance for any help or suggestion!

  mDNSresponder is the Bonjour agent. Perhaps your printer is connecting as a Bonjour printer. See Disable Bonjour by turning off mDNSResponder - OS X Daily and OS X: How to disable Bonjour service advertising without .... I would also do a little Google search on "mdnsresponder." Also, you may want to contact Canon tech support.

• Traffic when doing adaptive streaming = Explosion!

  Hello
  So we launched a adaptive streaming player, using Mp4 (H.264) and the Adobe Classes they recommend for Flash 10 adaptive streaming.
  But now we are evaluating the project, and what we in horror discovered are the traffic used! Its almost 3 times higher than we expected!
  It seems that while the player is straming the 1328 kb/sec video, it also (in some mysterious way ) uses more traffic than the 1328 kb/sec.The other bitrates are 528 kb/sec and 828 kb/sec, which it switches too depending on the users bandwidth.
  There are probably a logic explanation to this. My guess is that the player simply buffers all 3 bitrates all the time to do a smooth transiton between the bitrates. But if this is true it means that we would have 3 times as much trafic since all 3 bitrates are actually in some pseudo way being streamed at the same time.
  So am I right ? And what options are there. I guess we could remove the smooth transition, and have the player pause and rebuff when it switches the bitrate, but this would a "ugly" solution im my oppionion.
  Any help out there ?

  No, in fact I abandoned it. Then I tried it again today, (hoping the various iTunes updates would help) it was better ... But after 15 minutes the audio dropped out again. However, my concerns about the apple tv2 were unfounded.

• Local Switching, mDNS Snooping and Chromecast

  Hello everyone,
  we have a Cisco WiFi setup at our company constisting of one WLC (2504) and 5 access points, 4 of which are in the main office and one at a remote location (connected via an IPsec tunnel). The remote AP is configured to FlexConnect mode, and we have set up a staff WLAN using 802.1X auth and local switching. So far, everything works perfect.
  However, we now want to support Chromecast devices in our wireless network. I have setup a new WLAN with WPA2-PSK authentication for those devices, added the "Googlecast" entries to the mDNS profile and activated mDNS Snooping on this WLAN. This appears to be working as well, at least I can see the corresponding entries in the mDNS -> Domain Names tab (Chromecast switched from multicast/SSDP to mDNS recently).
  However, clients in the staff WLAN are not able to see the devices. My guess is that I would need to also activate mDNS snooping on the staff WLAN, but of course this is not possible because of local switching being enabled.
  I tried to create two different AP groups, one for the local APs and another for the remote one. Then I duplicated the staff WLAN, with the idea of deploying one copy on the local AP group with local switching disabled and mDNS snooping enabled and the other copy on the remote AP group, enabling local switching and disabling mDNS snooping. My idea was that this would allow the employees at the local office to use the Chromecast devices, but unfortunately it's not possible to configure two WLANs with the same SSID and L2 security, even if they're not on the same AP / AP group.
  Another solution would just be to create a separate WLAN for the remote AP, but that would require to push another profile and inevitably result in confused employees when they first visit the remote branch.
  Is there any way to make our Chromecasts work while still using the same WLAN for both locations? Any pointers are greatly appreciated.

  I'm not 100%sure about the details and why that works this way. But u can create two SSID as long as u use an ID higher than 16. So start at 17 and it works, maybe that has something to do with the default group they will not belong to..
  comming back to your 2504...I see no way to use an ID above 16 because that's the max it supports.
  So, please have a look at that Guide for Chromcast, as I run through i see that it hase maybe nothing to do with mDNS..
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-6/chromecastDG76/ChromecastDG76.html
  Br,
  Sebastian
  pls. rate if helpful