Local Policies and FlexConnect

Hello,
My customer has a traditional guest access desgin with foreign and anchor WLC without an ISE.
It works fine.
Now he plans to install a new WLC5508 for remote offices.
All APs in these remote offices will be in FlexConnect mode connected to the central WLC which is also an foreign WLC.
The guest traffic is central switched and corporate SSIDs will be local switched.
Now our problem is, is it possible to limit the guest bandwidth on each remote office with different values?
Example:
Office 1: Guest Bandwidth should be 1000k
Office 2: Guest Bandwidth should be 2000k
and so on....
All APs in remote office 1 will be in FlexConnect Group 1 and the APs in remote office 2 in FlexConnect 2.
Further I will create AP Groups for each remote office and add the belonging APs to this AP Group.
Then I will create "local policies" and map the decided policy in AP group to the Guest SSID.
So my question is; is this supported and does it work?
I've read the config guide for 8.0 and didn't find anything about FlexConnect and local policies, I mean there are no Restrictions for Local Policy Classification
Or is there another option available?
thanks
Martin

Thanks for your help Scott. I'm not in full agreement with all you say, but you have helped me figure it out.
You said the article was related only to 802.1x, but the article states that "802.1X is used in the example, but other mechanisms are equally applicable.".
The article you linked regarding FlexConnect groups also states that central switching is only valid in "connected mode", i.e., when the WAN is up.
However, I have found the following, which kind of explains the purpose of a central switched FlexConnect deployment
http://www.cisco.com/en/US/products/ps11635/products_tech_note09186a0080b7f141.shtml#central
Thanks again.

Similar Messages

  • Found an iPad mini in a parking lot; would love to return it to the owner. Called the local police and they said there is very little that they could do. Suggestions?

    Found and iPad mini in a parking lot; would love to return it to the owner. I called the local police; they said there was very little they could do. suggestions?

    Leave it turned on, and (if possible) connected to the Internet. The owner may try to find it using Find my iPad.
    Also, make a note of the serial number off the back, then advertise it as found, and make sure anyone claiming it can tell you the correct serial number.

  • Same SSID both on Local and FlexConnect sites

    Hi guys,
    I need to deploy identical SSID name and Security mechanism (802.1x with PEAP) on both on Local-mode and FlexConnect APs.
    First question would be: if I enable FlexConnect Local Switching on an "in production" SSID used on Local-mode APs would this generate any issues?
    Based on the answer receive what are your recommendations to accommodate this request: deploy identical SSID name and Security mechanism (802.1x with PEAP) on both on Local-mode and FlexConnect APs.

    When creating a WLAN with the same SSID,
    follow these guidelines and requirements:
    You must create a unique profile name for each WLAN.
    When multiple WLANs with the same SSID get assigned to the same AP radio, you must have a
    unique Layer 2 security policy so that clients can safely select between them.
    WLANs with the same SSID must have unique Layer 2 security policies so that clients can make a
    WLAN selection based on information advertised in
    beacon and probe responses. The available Layer 2
    security policies are as follows:
    None (open WLAN)
    Static WEP or 802.1X
    Note
    Because static WEP and 802.1X are both advertised by the same bit in beacon and probe
    responses, they cannot be differ
    entiated by clients. Therefore,
    they cannot both be used by
    multiple WLANs with the same SSID.
    CKIP
    WPA/WPA2
    Note
    Although WPA and WPA2 cannot be used by mul
    tiple WLANs with the same SSID, you can
    configure two WLANs with the same SSID with WPA/TKIP with PSK and WPA (Wi-Fi
    Protected Access) /TKIP (Temporal Key Integrity Protocol) with 802.1X, respectively, or
    with WPA/TKIP with 802.1X or WPA/AES with 802.1X, respectively.

  • Macbook Pro stolen abroad, registered by the police and by Apple

    My Macbook Pro was stolen in Germany, after which I registered by the local police and then by Apple services a few days later for the Diebstahl, so that they can inform me, once the device is sent to get repaired. Problem is, I did receive an email from Apple enquiring me of the repairing situation and I did wrote back, stating that the device was stolen, yet I haven't received any reply. I checked in my Apple Support yesterday, and there's a record of the whole repairing procedure. I called my Service for help but they told me that I should contact the german Apple, because I've lost the device in Germany... Is there any way to contact them by writing to them instead of calling, for it costs...I'd be grateful if any one could provide me with a link.

    Sorry, this is just a users' forum. We are not able to assist you with the issue. You will need to contact Apple as you have been.

  • Flexconnect - Local Switching and DHCP Server Location

    Hello Friends, It is again a conceptual question.
    In Flex-connect Local Switching mode if the Client has to be get the IP address using DHCP, the DHCP server has to be local to the remote site and not centralized location. Though i know, Local switching means that the client traffic is bridged to the local network directly by the AP on the locally connected switch and does not pass through the controller, what does it mean to DHCP server location.
    For example, If I have 2 different WLANs (VLAN 2 and VLAN 3) configured Local Switching and its corresponding VLAN SVIs are configured in the Local L3 Switch and if the DHCP server is centrally located with the scopes for VLAN 2 and VLAN 3, will it have troubles?
    I see in my infrastructure we are working in that way [Local switching with centralized server]
    Thanks in advance
    SAIRAM

    It would be good to have DHCP server at local site.

  • Hi...My IPod touch was recently stolen. I have an Itunes account..can I retreive the serial number of my IPod Touch from my Itunes account? If, so...how may I do this. If I have the serial number, the local police can check the serial numbers at pawn shop

    Hi...My Ipod Touch was recently stolen. In order to help the local police deptartment I need to supply a seria number for the Ipod. Of course, I did not wrtie down the serial number, but I have used he device on my Itunes account. My question: Is there a way to retreive the serial nuber of my Ipod touch from my Itunes account? Thanks you all....

    Yes. See bold below
    - If you previously turned on FIndMyiPod on the iPod in Settings>iCloud and wifi is on and connected go to iCloud: Find My iPhone, sign in and go to FIndMyiPhone. If the iPod has been restored it will never show up.
    - You can also wipe/erase the iPod and have the iPod play a sound via iCloud.
    - If not shown, then you will have to use the old fashioned way, like if you lost a wallet or purse.
    - Change the passwords for all accounts used on the iPod and report to police
    - There is no way to prevent someone from restoring the iPod (it erases it) using it unless you had iOS 7 on the device. With iOS 7, one has to enter the Apple ID and password to restore the device.
    - Apple will do nothing without a court order                                                        
    Reporting a lost or stolen Apple product                                               
    - iOS: How to find the serial number, IMEI, MEID, CDN, and ICCID number

  • Security Policies and System Time

    I'm trying to remove the right for all users\power users to change the
    system time. I've hiden the timedate.cpl but they could still change the
    date and time from the system try. So I removed the right for
    users\powerusers in Computer configuration\windows settings\security
    settings\local policies\user rights assignment\change the system time in our
    default users policy and enabled the security settings for that policy. When
    I look at the local policy after I reboot with gpedit the rights to change
    the system have been removed, however they still can change the data and
    time. If I remove the rigth manually it works until I reboot. I tried the
    workaround in TID10096722, but that did not help. Am I missing something? I
    am running ZfD 4.0.1 IR5, Windows 2000 SP4, NWClient 4.91 SP1.
    Thanks Jason

    Jhalbgew,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
    - Check all of the other support tools and options available at
    http://support.novell.com.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://support.novell.com/forums)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://support.novell.com/forums/faq_general.html
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

  • Event ID 1085 on DC - Failed to Apply the Group Policy Local Users and Groups Settings

    I have a domain with 2 DCs.  The primary DC is running Server 2012 and is raising Event ID 1085 every 10 minutes and 20 seconds.
    Windows failed to apply the Group Policy Local Users and Groups settings. Group Policy Local Users and Groups settings might have its own log file. Please click on the "More information" link.
    System
    - Provider
    [ Name] Microsoft-Windows-GroupPolicy
    [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
    EventID 1085
    Version 0
    Level 3
    Task 0
    Opcode 1
    Keywords 0x8000000000000000
    - TimeCreated
    [ SystemTime] 2014-10-20T20:09:03.706992400Z
    EventRecordID 130087
    - Correlation
    [ ActivityID] {FDDFB8C5-9ECF-41B9-B2B4-3AD0B345A37A}
    - Execution
    [ ProcessID] 1000
    [ ThreadID] 3280
    Channel System
    Computer SERVER.DOMAIN.NAME
    - Security
    [ UserID] S-1-5-18
    - EventData
    SupportInfo1 1
    SupportInfo2 4404
    ProcessingMode 0
    ProcessingTimeInMilliseconds 10343
    ErrorCode 183
    ErrorDescription Cannot create a file when that file already exists.
    DCName \\SERVER.DOMAIN.name
    ExtensionName Group Policy Local Users and Groups
    ExtensionId {17D89FEC-5C44-4972-B12D-241CAEF74509}
    Everything I look up for Event ID 1085 seems to be about a different cause.
    Any ideas?

    I enabled tracing on a domain gpo and I still get the error when running gpupdate /force .
    I'm also still getting Event 1085.  Here's the trace file.  I've anonymized the site/domain and the GUIDs.
    2014-10-21 11:16:54.003 [pid=0x3e8,tid=0xcd0] Entering ProcessGroupPolicyExLocUsAndGroups()
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{GUID-1}
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] BackgroundPriorityLevel ( 0 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] DisableRSoP ( 0 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] LogLevel ( 2 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Background priority set to 0 (Idle).
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ----- Parameters
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] CSE GUID : {GUID-1}
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Flags : ( X ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Token (computer or user SID): S-1-5-18
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Abort Flag : Yes (0x313be090)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] HKey Root : Yes (0x80000002)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Deleted GPO List : No
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Changed GPO List : Yes
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Asynchronous Processing : Yes
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Status Callback : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] WMI namespace : Yes (0x32273740)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] RSoP Status : Yes (0x320cc7f4)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Planning Mode Site : (none)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Computer Target : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] User Target : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Calculated list relevance. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ----- Changed - 0
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Version : 19267878 (0x01260126)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-2},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-2}\Machine
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Policy
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-2}
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkDomain - The GPO is linked to a domain.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Prev GPO : No
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Next GPO : Yes
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-4}{GUID-5}{GUID-6}{GUID-7}{GUID-8}][{GUID-9}{GUID-10}][{GUID-11}{GUID-5}{GUID-6}]
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam2 : 0x3146f978
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Link : LDAP://DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-2}\Machine\Preferences\Groups\Groups.xml
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ----- Changed - 1
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Version : 1245203 (0x00130013)
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-12},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-12}\Machine
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Controllers Policy
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-12}
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkDomain - The GPO is linked to a domain.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Prev GPO : Yes
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Next GPO : No
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-9}{GUID-10}]
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam2 : 0x324e8198
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Link : LDAP://OU=Domain Controllers,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-12}\Machine\Preferences\Groups\Groups.xml
    2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Completed get next GPO. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] WQL : SELECT * FROM RSOP_PolmkrSetting WHERE polmkrBaseCseGuid = "{GUID-1}"
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Purged 2 old RSoP entries.
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Logging 2 new RSoP entries.
    2014-10-21 11:16:54.159 [pid=0x3e8,tid=0xcd0] RSoP Entry 0
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] RSoP Entry 1
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] Completed get GPO list. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] IsRsopPlanningMode() [SUCCEEDED(S_FALSE)]
    2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed settings update (csePostProcess). [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
    2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed CSE post-processing. [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
    2014-10-21 11:17:04.267 [pid=0x3e8,tid=0xcd0] Leaving ProcessGroupPolicyExLocUsAndGroups() returned 0x000000b7

  • Local GP and ZCM delivered GP Interaction

    Using our current imaging process we include a number of Group Policies on the base image. However, we continue to have instances where some Group Policies do not get applied. In some cases the GP in question is configured in both the local GP and the ZCM delivered GP. This wreaks havoc on some of our web based apps that need specific policies. I did some more looking and found this in the documentation:
    If you apply Local Group policies on a managed device that has ZENworks Group policies
    already applied, some of the settings might not work correctly.
    Does this mean that we shouldn't configure local GPO at all and just rely totally on ZCM? This is a concern because it seems as if when there is ANY problem enforcing the ZCM delivered GP it will roll the device back to the policy in the Original Cache that it creates after the agent is installed. If we don't have any local GPs configured won't this cause the device to go back to an unconfigured state?

    It's best to use one or the other.
    On 10/30/2012 12:56 PM, jhurley wrote:
    >
    > Using our current imaging process we include a number of Group Policies
    > on the base image. However, we continue to have instances where some
    > Group Policies do not get applied. In some cases the GP in question is
    > configured in both the local GP and the ZCM delivered GP. This wreaks
    > havoc on some of our web based apps that need specific policies. I did
    > some more looking and found this in the documentation:
    >
    > IF YOU APPLY LOCAL GROUP POLICIES ON A MANAGED DEVICE THAT HAS ZENWORKS
    > GROUP POLICIES
    > ALREADY APPLIED, SOME OF THE SETTINGS MIGHT NOT WORK CORRECTLY.
    >
    > Does this mean that we shouldn't configure local GPO at all and just
    > rely totally on ZCM? This is a concern because it seems as if when
    > there is ANY problem enforcing the ZCM delivered GP it will roll the
    > device back to the policy in the Original Cache that it creates after
    > the agent is installed. If we don't have any local GPs configured won't
    > this cause the device to go back to an unconfigured state?
    >
    >
    Craig Wilson - MCNE, MCSE, CCNA
    Novell Knowledge Partner
    Novell does not officially monitor these forums.
    Suggestions/Opinions/Statements made by me are solely my own.
    These thoughts may not be shared by either Novell or any rational human.

  • Same wlan both locally switched and centrally switched

    Scenario:
    1 virtual wireless controller
    50 access points, some of them some local to the controller (same site), other on remote sites, all in flexconnect mode.
    Is there a way for a wlan to be locally switched for a group of ap's, essentialy those local to the controller, and centrally switched for other groups of ap's, in fact those placed on remote sites?
    I've tried configuring flexconnect groups, and ap groups, but no luck, I've found no way to override the globally configured flag "flexconnec local switching".
    I've also tried to create two identical wlans, one locally switched and the second globally switched, but the wlc refuses to activate the second one since it has the same ssid of the first one.
    Regards,
    Massimo. 

    Since you have vWLC all AP needs to be in FlexConnect mode (If you got a normal WLC you can keep HQ AP in local mode & Remote AP in Flex mode to achieve this)
    I think in your case you have to either choose "Central Switching" or "local switching" for your APs.
    Regards
    Rasika
    **** Pls rate all useful responses ****

  • Import/Export Non-Administrators Local Policies

    Hey All - 
    I'm fully aware how to export/import Local Policies via the new Local Policy Tool with Security Compliance Manager. or with secedit, but I'm curious about importing/exporting the local policies for Non-Administrators.. Is it possible? I want to be able to
    modify it systematically (script, what have you), but I'm not really sure how to go about it.
    Thanks - 
    Chris

    Hi,
    If you want to create script to import/export group policy, I suggest you contact Script Center.
    http://social.technet.microsoft.com/Forums/en/category/scripting
    Group Policy Management Console Scripting Samples (Windows)
    http://msdn.microsoft.com/en-us/library/windows/desktop/aa814151(v=vs.85).aspx
    Niki
    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback
    here.
    Niki Han
    TechNet Community Support

  • I have Lost my iphone particularly it is stolen other than local police station does apples service center or premium reseller can do my help??I mean does Apple service center helps us?? Please answer this ASAP

    My iPhone is stolen I need Help in answer the following question other than Local police station does Apple Service center or premium reseller does our Help
    Please answer it ASAP

    No, they will not help. You need to have Find My iPhone activated on the phone prior to the loss/theft and then you can track the device at www.icloud.com. If you did not activate Find My iPhone, then there is no way to track the device. If the device did not have a passcode on it, immediately change the passwords of all accounts you have on the phone; mail, banks, credit cards, etc.

  • How to configure HA between local controller and remote controller in DC

    Good day,
    If I have two Cisco 5508 Controllers, running Software version 7.4, how would my failover happen when the AP's run in local mode, and the local controller fail, and you configured your remote controller as your secondary controller.  Question is, will the APs automatically convert to FlexConnect mode when they failover to the remote controller in the DC?  I know you cannot configure HA as the controllers have to be connected with ethernet copper cable on the redundancy port, giving you a distance limitation of 100m.
    Thank you in advance
    Adrian

    Hello ,
    As per your query i can suggest you the following solution-
    In wireless network deployments that run controller versions earlier than 5.0, when a controller goes down, it takes a long time for all the APs and the associated clients to move to a backup controller and for wireless service to resume.
    The features discussed in the document are implemented on the controller CLI in WLC software release 5.0 in order to decrease the time that it takes for access points and their associated clients to move to a backup controller and for wireless service to resume after a controller goes down:
    In order to reduce the controller failure detection time, you can configure the heartbeat interval between the controller and access point with a smaller timeout value.
    In addition to the option to configure primary, secondary, and tertiary controllers for a specific access point, you can now also configure primary and secondary backup controllers for a specific controller. If the local controller of the access point fails, it chooses an available controller from the backup controller list in this order:
    •o primary
    •o secondary
    •o tertiary
    •o primary backup
    •o secondary backup
    The access point maintains a list of backup controllers and periodically sends primary discovery requests to each entry on the list. You can now configure a primary discovery request timer in order to specify the amount of time that a controller has to respond to the discovery request of the access point before the access point assumes that the controller cannot be joined and waits for a discovery response from the next controller in the list.
    Hope this will help you.

  • MDNS and FlexConnect

    Hello,
    I know that it is not possible to enable mDNS snooping and FlexConnect local switching on a WLAN at the same time. Is there anyway around this if you have FlexConnect AP's and want to alos have mDNS on your (non-flexconnect) local AP's?? Do I have to create a separate WLAN just for my FlexConnect AP's??
    Thanks!

    one mDNS profile per WLAN
    http://www.cisco.com/c/en/us/td/docs/wireless/technology/bonjour/7-5/Bonjour_Gateway_Phase-2_WLC_software_release_7-5.html
    Cheers

  • Local policies in WLC 7.5.x code

    Hi Experts,
    We have created a local policy to block andriod devices in our network. Wheras our windows 7 and 8 clients are also matching the profile under android and it is getting blocked.
    Is WLC not doing the profiling properly or any bugs?

    First off, v7.5 is deferred and you should move up to v7.6.130.0.  I have no issues profiling devices on v7.6.130.0 and or v8.0.x, but wouldn't go with v8.0.x as of right now.  I have used local policies to place Windows 7 & 8 on a certain vlan and place devices like Android, iPhone, etc on a bogus vlan for a given WLAN.  Profiling isn't as feature rich as what you will get in ISE, but use it if it can work for you now.  With new devices coming our, profiling might not work so well unless you upgrade the WLC code and upload newer list for the manufacture oui or uploading the profiling_policies.xml from ISE,which you only can get from someone who deos have ISE up and can export the list.
    Scott

Maybe you are looking for

  • Concurrent Program Open in XML format Instead of PDF in R12

    Hi , I register 1 concurrent program and set its output in "XML" also attach this CP with XML template , when i run CP it show warning but output show in XML format instead of PDF format which is define in XML Template . Below text is log file of CP

  • Can't save reader documents

    Hi, I'm new here. I just bought five pdf 's from a website. I downloaded all of them, they are all separate. They are all at the bottom of my screen because I can not save them.  I am trying to save them to my documents, or anywhere, and I don't see

  • How do I get my iPad to play Netflix on my tv

    I have a Netflix account and have successfully downloaded movies to the ipad2. How do I get the movie to play on my Tv?

  • User defined G/L Account cannot view in Balance Sheet

    Hi, i have created one User defined G/L Account in Assets and also assign opening balance to it. But at a time during balance sheet view, user defined G/L Account cannot see.. How can i see this User Defined G/L Account in balance sheet.... Plz...Vie

  • XML Query works on one database and not working on others with errLPX-00241

    I have one query as below SELECT EXTRACTVALUE (VALUE (xml_node), '/inspectionActivityArtifact/ns2:landfillTypes/ns2:type[position()=1]', 'xmlns:ns2="http://dwm.sw.xmlNamespace/InspectionActivity"' ) AS TEST FROM artifacts a,TABLE (XMLSEQUENCE ((XMLTY