Mulitple SSIDs and ACLs on Autonomous APs

Similar Messages

• Configuring ssid and vlans on autonomous access point ?

  here is an a demonstration of how to configure vlans and ssid on a auto-ap , what i dont understand is when i configure the ssid under (interface dot11radio0) and the vlan under that command , why do i need to configure sub-interfaces for the "fastethernet" and the "dot11radio0" if i already configured it under the "interface dot11radio0" , why do i need the "encapsulation dotq x" ? and what is bridge-group ?

  If you want to use multiple SSID with multiple vlan, then you have to configure subinterfaces on Radio interfaces (in both Radio 0 & Radio 1 if you want to use both 2.4GHz & 5GHz band) & Ethernet interfaces.
  AP simply bridge wireless traffic to wired interface using these sub-interfaces. To specify which radio sub-interface traffic to map to ethernet sub-interface, a Bridge-Group number (1-255) is used.
  Bridge-Group 1 always used for native vlan traffic & usually used for AP management.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Is it possible to do multiple ssids and encryptions on an autonomous AP without vlans?

  I got a customer who just has autonomous APs. They are upgrading from 1210s to 1262s. They are currently running a config that is wide open with no authentication or encryption and using a VPN tunnel on the wireless clients for security. They want to switch to using WPA2/PSK with the new APs. They have existing clients that have to continue to work during the upgrade to the new APs. They run 3 shifts so it is a 24 hr operation with no downtime. What I was thinking would be to configure the 1262 with multiple SSIDs, one with their existing settings and one with the new. Then I could swap the APs one at a time and it would only impact service for a short period of time while I was mounting the new AP. Then once all the new APs are installed I could transition the clients over to the new SSID and encryption then disable the old SSID once all the clients are switched over. I've done this before with a WLC but not with an autonomous APs. The only config examples I can find uses VLANs. This customer is not using VLANs. Is there anyway to use multiple SSIDs with different encryption on a single radio on an autonomous 1262 without VLANs?
  The site has about 30 APs and 100 clients. Yes I know a controller would be preferred for a site of this size but that is a question for sales and why they didn't see them a controller. I just get stuck with what they sell them.
  thanks

  Hi Don,
  Im afraid on the autonmous platform you can not map multiple WLANS to a single vlan.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• 2 SSIDs and VLANs on each AP

  I'm new to configuring IOS wireless APs, in particular, a couple of 1142Ns in autonomous mode and looking for examples/answers. These APs will be connected to the POE ports on an ASA 5505 firewall. I'm also configuring the 5505.
  The requirements are that each AP have an "internal" and "external" SSID and each AP will have two VLANS.
  The APs should allow roaming between them.
  The internal SSID will allow full access to internal corporate networks and the Internet and will use WPA2. It will use the corporate dhcp server or employ the IOS dhcp server to hand out addresses.
  The external SSID will only have access to the Internet and will use WEP. The ASA 5505 will provide dhcp services to these clients.
  The two PoE ports on the ASA 5505 will be trunked for both the inside and dmz VLANS.
  If anyone has examples of any of these requirements, comments, and/or similar config they are willing to share, please post them.
  In particular, I would like to see an examples of the roaming config, VLAN config, SSID config, and WPA2 and WEP config.
  Thanks in advance.

  Hi,
  Cisco terms are sometimes Complex!! In English this means.. "broadcasting the SSID or NOT" if you want your laptop to detect the SSID while searching for wireless then this is called BROADCAST if not then NON-BROADCAST.. the command is.. Guest-mode under SSID config.. that is..
  en
  conf t
  dot11 ssid
  guest-mode                           >>>>>>>>>>>> Broadcasting the ssid
  end
  en
  conf t
  dot11 ssid
  no guest-mode                      >>>>>>>>>>>> Not Broadcasting the ssid (HIDDEN) MANUALLY WE NEED TO  ENTER THE SSID ON THE LAPTOP.
  end
  Lemme know if this answered your question..
  Regards
  Surendra
  ===
  Please rate the posts which answered your quiestion or was helpfull

• WDS and Roaming with 1130AG APs

  Hi there,
  I was wondering if someone could provide me with some insight into a configuration scenario i'm facing:
  Our office is situated in an old building and as such , wireless range is an issue as the walls are very thick and we have a mixture of clients from Laptops to android devices to iPhones that require access.
  we have 2 goals (first 2 are more important)
  1. to be able to roam anywhere in the building and pickup the wireless (fast roaming isn't really that necessary as voice isn't utilised)
  2. to have only 1 SSID for corporate access - Corp VLAN
  3. to have an SSID for guests to access - Guest VLAN
  The VLANs aren't an issue, i have an 1130AG setup which already has 2 SSIDs which does what i need.
  My main concern is around roaming, and i've read a lot about WDS, but this needs an external radius server, i've seen the articles that describe how to set up an AP as WDS and then add Infrastructure APs
  I've also seen that you can simply configure each AP exactly the same, but with different channells.
  I have 4 1130AGs at my disposal.
  What would you guys suggest is my best solution?
  Any help would be gratefully received.

  To get the best roaming, you need to make sure you have enough coverage. That usually means a good site survey was performed to specify how many access points and the locations of the access point. Without this piece, there is no guarantee of roaming.
  As far as WDS, you can setup an autonomous ap as a WDS server that is either dedicated as a WDS or is a WDS server and also serves clients.
  Sent from Cisco Technical Support iPhone App

• Single access point with multiple ssids and single channel possible?

  Hi everybody.
  I have this silly question.
  Let say we have three vlans, vlan1,2,3  and they are mapped to wlans as follows:
  Vlan 1  ssid1
  Vlan 2 ssid2
  Vlan3 ssid 3
                    AP --------trunk------Switchted network.
  Our Ap  has mobile devices in three wlans, i.e ssid1ssid2 and ssid3
  Since AP uses half duplex mode,  mobile devices need positive ack from ap  before they can send data,  therefore once channel let say channel 3( assuming 802.11b is used) can be shared by all mobile devices in three wlans.  
  Is  my understanding correct?
  Thanks and have a great weekend.

  Hii ,
  Yes ,that is pretty much possible as suggested by other experts on board. Depending on your access point you will have 1 (2.4 GHz) or  both 2.4 & 5GHz radios.
  You can configure multiple SSIDs (up to 16 ) known as MBSSID mode in autonomous environment. In Controller based architecture you can configure up to 512 WLAN (SSID) and transmit any 16 of them per AP (using AP group feature). However , it is recommended to keep multiple SSID count below 8 as for each SSID separate beacon will be sent on air which consumes more air time.
  Hope this helps
  Thanks
  Vinay

• 802.1x auth fail through WLC but OK on autonomous APs

  Hello,
  I migrate 1310 APs from Autonomous to Lightweight. Migration is OK with Cisco Upgrade Tool, and AP are registered on my 2504 WLC.
  Previously, a 802.1x network was broadcasted by autonomous APs, supplicants were identified on a freeradius server with MSCHAPv2/PEAP method.
  I send you in attachement a AP config which is OK.
  But on the WLC, supplicants can't auth on Radius server.
  I configured a WLAN with WPA/TKIP/802.1x with my radius server in AAA tab.
  When clients try to authenticate, I get these messages where xxx is login:
  AAA Authentication Failure for UserName:821 User Type: WLAN USER
  AAA Authentication Failure for UserName:200 User Type: WLAN USER
  AAA Authentication Failure for UserName:209 User Type: WLAN USER
  Security info on client page is:
  Security Policy Completed
  No
  Policy Type
  WPA
  Encryption Cipher
  TKIP-MIC
  EAP Type
  PEAP
  SNMP NAC State
  Access
  Radius NAC State
  8021X_REQD
  What is strange, there are some clients which are OK in RUN State, and 50 other % which are not.
  In attachment there is a debug client "mac-address" on a device which cannot authenticate through WLC.
  Thank you,
  Clement

  Hi Amjad,
  I'm not using NAC.
  Clients makes a MSCHAPv2/PEAP auth on a FreeRadius server through the WLC.
  Because network is critical, I do a rollback so I passed the light APs into their autonomous original state.
  Now all clients can successfully auth on the network. I don't understand what happens when APs are in lightweight mode :/
  I have more information about the WLAN clients  :
  - Each client is an infrastructure which have a AXIS wireless modem in bridge mode, which is client of the WLAN. This modem have login/password for MSCHAPv2 auth.
  - Behind the AXIS, there is a switch on which 4 devices in static IP are connected.
  - If the AXIS is successfully authenticated on the WLAN, only one device of four is able to ping servers on the LAN. The others cannot, it seems to be a "token ring" like ?!
  The WLAN clients infrastructures are very proprietary, it's very difficult to debug.
  What I know, is all clients are OK on autonomous AP (auth 100% successfull, ping 100% successfull for 4 devices) and when the clients join a lightweight AP it is (auth 50% successfull, ping 100% successfull for 1 device, 0% successfull for 3 others devices)
  Tell me if you need specific debug logs.
  Clement

• Autonomous APs to LWAPP

  I have a project to upgrade the current Autonomous APs 1242 running on a customer site and they want them to be converted to LWAPP and moved over to controller.Is there a way to convert them? Note the APs are about 12-15ft high in the ceiling.

  Hi
  cisco upgrade tool is available on  cisco web site you can download it and then you need to create a text file which you want to convert them.format is given below
  This is simplest way to convert.
  Helping document
  http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html
  thanks
  Tahir

• SSID broadcasting just in few APs

  I have a NM WLC with four WLAN SSID and 8 APs, I want to broadcast the four SSID in 7 APs and just one SSID in one AP. Is ther a way to do that?
  Thanks.

  ....from previous page.
  Using the GUI to Create Access Point Groups
  Using the controller GUI, follow these steps to create an access point group.
  Step 1 Click WLANs > Advanced > AP Groups to open the AP Groups page
  Step 2 Click Add Group to create a new access point group. The Add New AP Group section appears at the top of the page.
  Step 3 In the AP Group Name field, enter the group's name.
  Step 4 In the Description field, enter the group's description.
  Step 5 Click Add. The newly created access point group appears in the list of access point groups on the AP Groups page.
  
  Note If you ever want to delete this group, hover your cursor over the blue drop-down arrow for the group and choose Remove. A message appears asking you to confirm your decision. If you proceed, any access points assigned to this access point group are moved to the default-group access point group.
  Step 6 To edit this new group, click the name of the group. The AP Groups > Edit (General) page appears
  Step 7 To change the description of this access point group, enter the new text in the AP Group Description field and click Apply.
  Step 8 Click the WLANs tab to open the AP Groups > Edit (WLANs) page. This page lists the WLANs that are currently assigned to this access point group.
  Step 9 Click Add New to assign a WLAN to this access point group. The Add New section appears at the top of the page
  Step 10 From the WLAN SSID drop-down box, choose the SSID of the WLAN.
  Step 11 From the Interface Name drop-down box, choose the interface to which you want to map the access point group. Choose the quarantine VLAN if you plan to enable network admission control (NAC) out-of-band support.
  Note The interface name in the default-group access point group matches the WLAN interface.
  Step 12 To enable NAC out-of-band support for this access point group, check the NAC State check box. To disable NAC out-of-band support, leave the check box unchecked, which is the default value. Refer to the "Configuring NAC Out-of-Band Integration" section for more information on NAC.
  Step 13 Click Add to add this WLAN to the access point group. This WLAN appears in the list of WLANs that are assigned to this access point group.
  Note If you ever want to remove this WLAN from the access point group, hover your cursor over the blue drop-down arrow for the WLAN and choose Remove.
  Step 14 Repeat Step 9 through Step 13 to add any additional WLANs to this access point group.
  Step 15 Click the APs tab to assign access points to this access point group. The AP Groups > Edit (APs) page lists the access points that are currently assigned to this group as well as any access points that are available to be added to the group. If an access point is not currently assigned to a group, its group name appears as "default-group"
  Step 16 To add an access point to this access point group, check the check box to the left of the access point name and click Add APs. The access point now appears in the list of access points currently in this access point group.
  Note To select all of the available access points at once, check the AP Name check box. All of the access points are then selected.
  Note If you ever want to remove an access point from the group, check the check box to the left of the access point name and click Remove APs. To select all of the access points at once, check the AP Name check box. All of the access points are then removed from this group.
  Step 17 Click Save Configuration to save your changes.
  http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1128591
  Hope this helps!
  Rob

• How to find SSID and Network Key to setup wireless printer to iMac?

  It is easy to find your "SSID" and "Network Key" once you understand what you are looking for. Here is what worked for me when I setup a new wirless printer today:
  1) SSID = Your Network Name
  Ex. Jason's Wi-Fi Network
  Ex. Harry's Lounge
  First way to find: on an iMac, go to the top bar on the right side and click on the "wireless symbol". You will see a list of all the wireless networks your computer is picking up. The one you are connected to (if you are able to surf the Internet) is the name you enter when asked for the SSID.
  NOVICE HINT: This is the equivalent to walking into a Starbucks and logging onto their wi-fi via their "network name," which has the word Starbucks in it. Some network names will have have locks next to them, meaning they are "secured by a password" and some will not, meaning anyone can access this "free" wi-fi. This doesn't matter either way, it just helps with making sure you have located the list. Of course, it is also possible, if you live in a remote area, that only your network name will show up.
  Second way to find: on an iMac, go to the apple symbol in the upper left corner of computer and make sure it says "finder" (if it doesn't, just click on your desktop and it will show up), then select:
  go > applications > utilities > Airport Utility > double-click on the image of the AirPort Extreme and the network name will be listed
  2) Network Key = Password used to access your Wi-Fi Network
  Ex. BMXGuy456!
  Ex. Millionare$!!!
  This is the password you created when you setup your wireless network, meaning it may not (and should not be for better security purposes) the same password as you use for your Apple ID, email etc.
  NOVICE HINT: So if for example a friend came to stay with you and wanted to connect to your "secured wifi" meaning there is a lock next to it, you would give them this password.
  EXTRA INFO:
  Why do I need this info anyway?
  Because just like anyone who wants to use your wifi when they come over, the printer needs to understand what to connect to, therefore it basically needs the network name to know "WHAT" to connect to, and the "PASSWORD" in order to access that network.

  After much stumbling around, I also discovered this answer. I picked up the 2270DW used, without disc or manual, so downloaded what I needed from the Brother site, but the Brother Mac OSX instructions feel as if they're written by a non-Mac user. I am on OSX 10.7.5, using an Airport wireless unit in Bridging mode (because I have to use a provider's router at the front end of my setup). But once I picked my Airport network name through the Brother Wireless Setup Utility and then typed my network name in the SSID box and my network password in the Network Key box ("es" --- I think the "network key - i.e. password" had to be confirmed a second time) after waiting for the utility to process the information, it worked like a charm.

• HT1414 I can not sync my iPhone after restoring it - my computer only gives me the restore (again and again and again) option.  I have no music and only a few aps now on my iPhone.  Any tips before I go to the genius bar?

  I can not sync my iPhone after restoring it - my computer only gives me the restore (again and again and again) option.  I have no music and only a few aps now on my iPhone.  Any tips before I go to the genius bar?

  If you restored as new, without using a backup, and still only get an option to restore, there is a hardware problem or the phone was previously hacked (jailbroken, downgraded iOS, unauthorized unlock).  Your only option is to take it to Apple or whoever provides iPhone service in your country.

• How do I tell the printer the new SSID and wireless key?

  Hi,
  I have a HP Laserjet Pro Color MFP M175nw and it works beautifully. However, today I replaced my wireless router and thus have a new SSID and key. I cannot figure out how to tell the printer the new router info - it must be very simple. Please help!!!

  Hi @wirelessfun, 
  I understand that you need the printer setup on the new router. I can help you with this.
  Restore the printer's network defaults first.
  Touch the Setup button. (wrench)
  Select Network Setup Menu.
  Then select Restore Defaults.
  Print out a configuration report to make sure the IP address is 0.0.0.0.
  Printing a Configuration Report.
  Select Method one under the operating system.
  Follow these steps to setup the wireless:
  On the printer touch the setup button, (wrench) then select network setup menu, select wireless menu, select wireless direct and turn it on.
  On the computer, in the bottom right corner click on the wireless icon and select the printer from the list to connect to. Then open Internet Explorer and type in the IP address (192.168.223.1) for the printer in the address bar.
  This will load the embedded web server for the printer.
  Select the networking tab, wireless on the left hand side.
  Fill out all your network information, select infrastructure, select your network name, put in password and type of encryption. Apply settings.
  Click on the wireless icon and connect back to your network name.
  Print out a configuration report to make sure the IP address is valid. (192... or 10....)
  Run the installation again or run the add printer wizard from the devices and printers.
  Test the printer.
  Let me know how this goes for you!
  Have a great day.
  Thank You.
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
  Gemini02
  I work on behalf of HP

• Errors found when using tar and ACL's

  Having difficulties with TAR and ACLs, and wondering if anyone had seen this before.
  Here's the scenario: create a few directories and a few files. Tar it up and extract the files. Now assign some ACL's to them (some default for directories), tar it up, and extract the files. Permissions should remain the same. Under most circumstances they are.
  Now repeat the procedure, but put a default directory ACL on the parent directory where the TAR is created. What happens is that the group permissions for anything un-tared gets trashed.
  Here's a script to test it out.
  Create a dummy user (I called mine foobar) -- required for setting ACL's. Run the script with the "-d" option at first. Things appear good. You can compare the permissions on the bottom for each file/directory.
  Run the script with the "-s" option setting default ACL's on the parent.
  #!/usr/bin/sh
  ROOTDIR=/export/home/christian/config
  TESTDIR=/export/home/christian
  USER_X="oam"
  # Run the script once with normal permissions (no ACL's) in the test directory (where tar is located)
  # --> ./test.sh -d
  # look at the result (ls -l) of .../sub1dir, .../sub1dir_acl, and /sub1dir_orig
  # They should be relatively the same:
  # --> rwxrwxrwx permissions on directories
  # --> rw-rw-rw- on files
  # Now run the script but set the parent directory of the script (where the TAR's are located) to have default ACL's
  # --> /opt/MMSsyscnf/sub2dir/test/test.sh -s
  # Now look at the result (ls -l) of .../sub1dir, .../sub1dir_acl, and /sub1dir_orig
  # They are COMPLETELY skewed. Both times we tried to untar the files, ACL's wound up
  # all over the place and permissions were not set correctly.
  # --> rwxrwxrwx permissions ONLY on original directory (not the product of an UNTAR)
  # --> rwxr--rwx permissions on directories created by untar
  # --> rw-rw-rw- on files ONLY on original directory (not the product of an UNTAR)
  # --> rw-r--rw- on files created by untar
  # ****** Why is group affected by this, but "other" is not?! It's gotta be a bug!
  # MAIN
  ACTION="NOPREP"
  while [ -n "$1" ]
  do
  if [ "ABC$1" = "ABC-d" ]; then
  #flag set to try and remove default directory ACL's
  setfacl -d u:$USER_X $TESTDIR
  setfacl -d d:u:$USER_X $TESTDIR
  setfacl -d d:u::,d:g::,d:m:,d:o: $TESTDIR
  elif [ "ABC$1" = "ABC-s" ]; then
  setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $TESTDIR
  setfacl -r -m d:u:$USER_X:rw- $TESTDIR
  setfacl -r -m u:$USER_X:r-x $TESTDIR
  fi
  shift;
  done
  # clean up previous run of the test
  rm -r $ROOTDIR
  # create files/directories
  mkdir $ROOTDIR
  mkdir $ROOTDIR/sub1dir
  mkdir $ROOTDIR/sub1dir/sub2dir
  mkdir $ROOTDIR/sub1dir/sub2dir/sub3dir
  #set permissions
  chmod 777 $ROOTDIR
  chmod 777 $ROOTDIR/sub1dir
  chmod 777 $ROOTDIR/sub1dir/sub2dir
  chmod 777 $ROOTDIR/sub1dir/sub2dir/sub3dir
  # create files
  echo "" > $ROOTDIR/sub1dir/sub2dir/file1.txt
  echo "" > $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
  chmod 666 $ROOTDIR/sub1dir/sub2dir/file1.txt
  chmod 666 $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
  # tar/zip the files:
  /usr/bin/tar -cvf $ROOTDIR/tarBeforeACLs.tar $ROOTDIR/sub1dir
  /usr/bin/gzip $ROOTDIR/tarBeforeACLs.tar
  # move the directory (so we keep the original as a template of what things should look like)
  mv $ROOTDIR/sub1dir $ROOTDIR/sub1dir_orig
  # untar/zip the files:
  /usr/bin/gunzip $ROOTDIR/tarBeforeACLs.tar
  /usr/bin/tar -xvf $ROOTDIR/tarBeforeACLs.tar
  ls -lR $ROOTDIR
  # Ok. These have been tested to be the exact same.
  echo "********************************************************************************"
  echo "********************************************************************************"
  echo "********************************************************************************"
  # Let's try using ACL's now
  # --> directories (owned by root) must be acessible to OAM user.
  # --> files (owned by root) must be read/writable by user OAM when created in the directories
  setfacl -r -m u:$USER_X:r-x $ROOTDIR/sub1dir
  setfacl -r -m u:$USER_X:r-x $ROOTDIR/sub1dir/sub2dir
  setfacl -r -m u:$USER_X:r-x $ROOTDIR/sub1dir/sub2dir/sub3dir
  setfacl -r -m u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir/file1.txt
  setfacl -r -m u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
  setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $ROOTDIR/sub1dir
  setfacl -r -m d:u:$USER_X:rw- $ROOTDIR/sub1dir
  setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $ROOTDIR/sub1dir/sub2dir
  setfacl -r -m d:u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir
  setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $ROOTDIR/sub1dir/sub2dir/sub3dir
  setfacl -r -m d:u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir/sub3dir
  # here are things as they stand
  ls -lR $ROOTDIR
  echo "********************************************************************************"
  echo "********************************************************************************"
  echo "********************************************************************************"
  # tar/zip the files:
  /usr/bin/tar -cvfp $ROOTDIR/tarAfterACLs.tar $ROOTDIR/sub1dir
  /usr/bin/gzip $ROOTDIR/tarAfterACLs.tar
  # move the directory (so we keep the directory that was applied ACL's)
  mv $ROOTDIR/sub1dir $ROOTDIR/sub1dir_acl
  # untar/zip the files:
  /usr/bin/gunzip $ROOTDIR/tarAfterACLs.tar
  /usr/bin/tar -xvfp $ROOTDIR/tarAfterACLs.tar
  # here are things after we've untared them
  ls -lR $ROOTDIR
  echo "********************************************************************************"
  echo "********************************************************************************"
  echo "********************************************************************************"
  getfacl $ROOTDIR/sub1dir_orig $ROOTDIR/sub1dir_acl $ROOTDIR/sub1dir
  echo "********************************************************************************"
  getfacl $ROOTDIR/sub1dir_orig/sub2dir $ROOTDIR/sub1dir_acl/sub2dir $ROOTDIR/sub1dir/sub2dir
  echo "********************************************************************************"
  getfacl $ROOTDIR/sub1dir_orig/sub2dir/sub3dir $ROOTDIR/sub1dir_acl/sub2dir/sub3dir $ROOTDIR/sub1dir/sub2dir/sub3dir
  echo "********************************************************************************"
  getfacl $ROOTDIR/sub1dir_orig/sub2dir/file1.txt $ROOTDIR/sub1dir_acl/sub2dir/file1.txt $ROOTDIR/sub1dir/sub2dir/file1.txt
  echo "********************************************************************************"
  getfacl $ROOTDIR/sub1dir_orig/sub2dir/sub3dir/file2.txt $ROOTDIR/sub1dir_acl/sub2dir/sub3dir/file2.txt $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
  echo "********************************************************************************"
  Any ideas?

  UFSDUMP has some limitations, including being on a file system that is read-only. Yes, I could force it on a read-write FS, but I normally stay away from big sticker labels found in man pages when I encounter them. :-(
  What I was originally after was a script that makes a backup of application configuration files before I modify them. Thus, I tar/zip the directory.
  These config files/directores have ACL's attached to them to allow various roles to access them (group permissions are not fine-grain enough). However, when I ran through a couple of tests, I came across a scenario that overwrote the original permissions. Tested it on Solaris 10 and Solaris 9, and both fail.
  So now (very late into the feature design) I'm VERY concerned about using ACL's on Solaris, and wonder what other side-effects there are that I'm not aware of. Can't seem to find a bug report on it, so I thought I'd ask around to see if it was just the behaviour of the TAR/ACL that I'm not quite getting, or if it really is a bug.
  /chris

• Role based security and ACLs

  Hello,
  I have a question regarding Roles and ACLs. I understand that I can use one or more security realms to host users, groups, and ACLs. (In fact I am implementing a custom realm for users and groups like RDBMSRealm, and wanted WLPropertyRealm to handle ACL/permission based duties.)
  Reading the "Writing a Web Application" it is apparent that ACLs are not supposed to be used for Servlets/JSP anymore, but rather to map roles to security principals via the deployment descriptor files for the web application.
  So:
  1. I assume that Weblogic will determine, once I have authenticated the user in my realm, whether or not the user is in a certain role, and therefore, whether or not they have access to a particular resource?
  2. What happened to the concept of permissions? Is it assumed that if the user is in the required role that they have permission to execute the servlet/JSP?
  3. Does it make sense to talk about ACLs anymore? A checkPermissions() method on an Acl object doesn't make sense now. Instead am I to use isUserInRole() ? (This doesn't seem the same to me - asking if User A has execute permission on this resource is different than asking if User A is in the CSR role.)
  Your response is appreciated.

  Hello,
  I have a question regarding Roles and ACLs. I understand that I can use one or more security realms to host users, groups, and ACLs. (In fact I am implementing a custom realm for users and groups like RDBMSRealm, and wanted WLPropertyRealm to handle ACL/permission based duties.)
  Reading the "Writing a Web Application" it is apparent that ACLs are not supposed to be used for Servlets/JSP anymore, but rather to map roles to security principals via the deployment descriptor files for the web application.
  So:
  1. I assume that Weblogic will determine, once I have authenticated the user in my realm, whether or not the user is in a certain role, and therefore, whether or not they have access to a particular resource?
  2. What happened to the concept of permissions? Is it assumed that if the user is in the required role that they have permission to execute the servlet/JSP?
  3. Does it make sense to talk about ACLs anymore? A checkPermissions() method on an Acl object doesn't make sense now. Instead am I to use isUserInRole() ? (This doesn't seem the same to me - asking if User A has execute permission on this resource is different than asking if User A is in the CSR role.)
  Your response is appreciated.

• Multiple SSIDS and disappearing

  We have Cisco 3602i access points for the most part, all of which advertise multiple SSIDs.
  Very occasionally we see an SSID completely disappear from view, even though others remain solid (I can't say it's all devices as the majority of people who raise the issue have apple devices, but there are the odd one or two who use Windows laptops).
  Also, the RSSI seems to fluctuate wildly.
  I should add that we have disabled up to 11mbps data rates on the controller and we're running 7.6.100.0 currently, but plan to upgrade to 7.6.110.0 tonight.
  I guess my question is how can an SSID just drop off the client view if others on the same AP are fine? 
  How does the AP deal with multiple SSIDs and does it prioritise?
  I have to add that I've never had this issue and I'm just using a company standard HP laptop with an Intel chipset.

  Hello,
  See my comments:
  Also, the RSSI seems to fluctuate wildly.
  A: This is often how a device hears the frames. Sometimes in high interference you can epxect this to jump around. I normally like to see if all the devices are doing this or just a select few. Sometimes poor clients jump around more than others. 
  I should add that we have disabled up to 11mbps data rates on the controller and we're running 7.6.100.0 currently, but plan to upgrade to 7.6.110.0 tonight.
  A: I dont think turning off lower rates are bad unless your WiFi cant support the design. Good call get on the latest. 
  I guess my question is how can an SSID just drop off the client view if others on the same AP are fine? 
  A: Again, its a client missing frames like beacons. 
  How does the AP deal with multiple SSIDs and does it prioritise?
  A: This SSIDs are virtualized. I blogged how this is done:
  http://www.my80211.com/home/2011/5/2/wlc-how-cisco-virtualizes-the-base-radio-mac-address-on-the.html
  I have to add that I've never had this issue and I'm just using a company standard HP laptop with an Intel chipset.
  A: Again I think if you search you might see this is more around specific devices. I would do a packet capture and see what is going on. Recently had to troubleshoot an Android only to find out it was just bad wifi client. Always sending NULL frames and scanning and not passing traffic