Multiple WLC and AP secondary config

Similar Messages

• Multiple routers and subnets - can't access across subnets

  Hey all, I'm having an issue with multiple routers and subnets on my FIOS connection. Here's how everything is setup:
  Primary router:
  ActionTec MI424WR Rev D (from Verizon)
  WAN IP: From ISP
  WAN NETMASK: From ISP
  LAN IP: 192.168.1.1LAN NETMASK: 255.255.255.0
  Secondary router (WAN connected to ActionTec LAN):
  Belkin N750 gigabit w/ 802.11n
  WAN IP: 192.168.1.2
  WAN NETMASK: 255.255.255.0
  LAN IP: 192.168.2.1
  LAN NETMASK: 255.255.255.0
  With this setup, I have the secondary router's WAN port connected to a LAN port on the primary router. Each are broadcasting an SSID and each are running DHCP to assign address to their respective subnets. Everything was well and good, except that I could reach 192.168.1.* systems from 192.168.2.*, but not vice versa -- anything connected to the Primary router was blind to systems connected to Secondary. Also, I could not ping anything on .2 from .1.
  So, I added the following static route to the primary router:
  DESTINATION: 192.168.2.0
  NETMASK: 255.255.255.0
  GATEWAY: 192.168.1.2
  Once this was added to the router, I could ping everything, so that was good. However, even though .1 can now ping .2, I can't access certain things such as the web interface of my NAS (192.168.2.2). I can ping it, but accessing it in the browser from .1 doesn't work; however, accessing from .2 does work.
  I think the ActionTec router might be blocking it, but that's just a guess. The firewall on this thing has me thoroughly confused. Currently, I have 192.168.1.2 in the DMZ on the ActionTec, but that didn't make a difference. I've also completely disabled the firewall on the secondary Belkin router, but still nothing.
  Any help from the pros here? Much appreciated!
  Solved!
  Go to Solution.

  Ok, I figured it out and everything is now working. The issue appears to be that the ActionTec router doesn't recognize traffic from Subnet 1 to Subnet 2 as internal traffic -- it treats it as external traffic and closes it off. To fix this, it required some Advanced Firewall Filters that were far from unituitive and took a lot of testing to get it just right. If anyone runs into a similar situation in the future, here's a rundown of what I did to make it all work:
  Primary Router:
  ActionTec, MI424WR Rev D
  WAN IP/NETMASK:Assigned by ISP
  LAN IP/NETMASK:192.168.1.1 / 255.255.255.0
  Secondary Router:
  Belkin N750 Gigabit w/ 802.11n
  WAN IP/NETMASK:192.168.1.2 / 255.255.255.0
  LAN IP/NETMASK:192.168.2.1 / 255.255.255.0
  Plug Secondary router's WAN port into a LAN port on the Primary router.
  Setup Secondary router to have static LAN address (192.168.1.2)
  At this point, you should have 2 separate subnets: Subnet 1 (192.168.1.*) and Subnet 2 (192.168.2.*).
  Systems on both subnets should be able to reach the internet. Also, Subnet 2 should be able to ping and reach systems on Subnet 1; however, systems on Subnet 1 should not be able to ping or reach systems on Subnet 2. For this, we need to create a static route so Subnet 1 can reach Subnet 2.
  Create and apply the following static route in the Primary router:  (Advanced > Routing)
  RULE NAME:Network (Home/Office)
  DESTINATION:192.168.2.0(your secondary subnet)
  GATEWAY:192.168.1.2(secondary router's WAN IP)
  NETMASK:255.255.255.0
  METRIC:1
  The router now has a route between Subnet 1 (192.168.1.*) and Subnet 2 (192.168.2.*). You should be able to ping systems on Subnet 1 from 2, and ping systems on Subnet 2 from 1. You should not be able to access any systems, though -- the firewall is still blocking all but ping traffic from Subnet 1 to Subnet 2. We need to create some firewall rules to allow this communication.
  Make sure Primary firewall is set to at least typical/medium (Firewall Settings > General).
  We need to create some network objects to make it easier to manage the rules we'll create. Go to Advanced > Network Objects and do the following:
  1.Click Add. You are now on Edit Network Object screen. 
  2.Set Description to 'Subnet 1'.
  3.In Items section below, click Add.
  4.Set Network Object Type to 'IP Subnet'.
  5.Set Subnet IP Address to 192.168.1.0.
  6.Set Subnet Mask to 255.255.255.0.
  7.Click Apply. You are now back on Edit Network Object screen.
  8.Click Apply. You are now back on Network Objects Screen.
  9.Repeat the above steps again, but this time creating a second network object called 'Subnet 2':
  Nameubnet 2
  IP Subnet:192.168.2.0
  Subnet Mask:255.255.255.0
  Now we create the firewall rules. Go to Firewall Settings > Advanced Filtering.
  In the Inbound/Input rules section, click the Add link next to Network (Home/Office) Rules.
  Create the following Advanced Filter:
  SOURCE ADDRESSelect 'Subnet 1'
  DEST. ADDRESSelect 'Subnet 2'
  PROTOCOL:'Any'
  OPERATION:'Accept Packet'
  OCCUR:'Always'
  Click Apply. You will now be back on the Advanced Filtering page.
  In the Outbound rules section, click the Add link next to Network (Home/Office) Rules.
  Create the following Advanced Filter:
  SOURCE ADDRESSelect 'Subnet 1'
  DEST. ADDRESSelect 'Subnet 2'
  PROTOCOL:'Any'
  OPERATION:'Accept Packet'
  OCCUR:'Always'
  Click Apply. You will now be back on the Advanced Filtering page.
  Click Apply.
  You're all done. You should now have internet access on both subnets, be able to ping across subnets and also be able to access services across subnets (local webservers, SSH, telnet, mail, etc). You will not be able to see network file shares across subnets in Windows, however, as this requires a WINS server (which is well outside the scope of this post). For instance, I have a Western Digital NAS on the 192.168.2.0 subnet that I can access as \\Mybooklive\ from within Subnet 2; on Subnet 1, however, I have to access it by its IP \\192.168.2.10\. 

• Multiple instances and Apache 2.2

  I went thru the below livedoc to create multiple instances
  and then associate them with apache config..
  http://tinyurl.com/yzjpsl
  But the instances are all started but I have two problems.
  1. I cant find the CF administrator for all the sites
  2. I can go to each instance administrator page but not the
  main one and also apache does not resolve the VHosts.
  Thus if I type in the full domain for one of the instance
  sites then I get the page not found..
  SO assume my problem is with apache config since the instance
  sites are started and I can access them on the LAN.
  This is my changes I made to the config of apache..
  # JRun Settings
  LoadModule jrun_module
  "C:/JRun4/lib/wsconfig/1/mod_jrun22.so"
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Apialloc false
  JRunConfig Ssl false
  JRunConfig Ignoresuffixmap false
  #JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/1/jrunserver.store"
  #JRunConfig Bootstrap 127.0.0.1:51020
  #JRunConfig Errorurl <optionally redirect to this URL on
  errors>
  #JRunConfig ProxyRetryInterval 600
  #JRunConfig ConnectTimeout 15
  #JRunConfig RecvTimeout 300
  #JRunConfig SendTimeout 15
  AddHandler jrun-handler .jsp .jws .cfm .cfml .cfc .cfr
  .cfswf
  </IfModule>
  # Use name-based virtual hosting.
  NameVirtualHost *:80
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/nathess"
  ServerName www.nathess.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/1/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51000
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/mgel"
  ServerName www.mariannegel.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/MGel/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51002
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/destinationcdg"
  ServerName www.destinationcdg.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/DestinationCDG/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51003
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/mls"
  ServerName www.multilingit.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/MLS/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51004
  </IfModule>
  </VirtualHost>

  I went thru the below livedoc to create multiple instances
  and then associate them with apache config..
  http://tinyurl.com/yzjpsl
  But the instances are all started but I have two problems.
  1. I cant find the CF administrator for all the sites
  2. I can go to each instance administrator page but not the
  main one and also apache does not resolve the VHosts.
  Thus if I type in the full domain for one of the instance
  sites then I get the page not found..
  SO assume my problem is with apache config since the instance
  sites are started and I can access them on the LAN.
  This is my changes I made to the config of apache..
  # JRun Settings
  LoadModule jrun_module
  "C:/JRun4/lib/wsconfig/1/mod_jrun22.so"
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Apialloc false
  JRunConfig Ssl false
  JRunConfig Ignoresuffixmap false
  #JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/1/jrunserver.store"
  #JRunConfig Bootstrap 127.0.0.1:51020
  #JRunConfig Errorurl <optionally redirect to this URL on
  errors>
  #JRunConfig ProxyRetryInterval 600
  #JRunConfig ConnectTimeout 15
  #JRunConfig RecvTimeout 300
  #JRunConfig SendTimeout 15
  AddHandler jrun-handler .jsp .jws .cfm .cfml .cfc .cfr
  .cfswf
  </IfModule>
  # Use name-based virtual hosting.
  NameVirtualHost *:80
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/nathess"
  ServerName www.nathess.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/1/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51000
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/mgel"
  ServerName www.mariannegel.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/MGel/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51002
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/destinationcdg"
  ServerName www.destinationcdg.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/DestinationCDG/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51003
  </IfModule>
  </VirtualHost>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot "E:/Apache2/htdocs/mls"
  ServerName www.multilingit.com
  <IfModule mod_jrun22.c>
  JRunConfig Verbose false
  JRunConfig Serverstore
  "C:/JRun4/lib/wsconfig/MLS/jrunserver.store"
  JRunConfig Bootstrap 127.0.0.1:51004
  </IfModule>
  </VirtualHost>

• Multiple SSIDS and disappearing

  We have Cisco 3602i access points for the most part, all of which advertise multiple SSIDs.
  Very occasionally we see an SSID completely disappear from view, even though others remain solid (I can't say it's all devices as the majority of people who raise the issue have apple devices, but there are the odd one or two who use Windows laptops).
  Also, the RSSI seems to fluctuate wildly.
  I should add that we have disabled up to 11mbps data rates on the controller and we're running 7.6.100.0 currently, but plan to upgrade to 7.6.110.0 tonight.
  I guess my question is how can an SSID just drop off the client view if others on the same AP are fine? 
  How does the AP deal with multiple SSIDs and does it prioritise?
  I have to add that I've never had this issue and I'm just using a company standard HP laptop with an Intel chipset.

  Hello,
  See my comments:
  Also, the RSSI seems to fluctuate wildly.
  A: This is often how a device hears the frames. Sometimes in high interference you can epxect this to jump around. I normally like to see if all the devices are doing this or just a select few. Sometimes poor clients jump around more than others. 
  I should add that we have disabled up to 11mbps data rates on the controller and we're running 7.6.100.0 currently, but plan to upgrade to 7.6.110.0 tonight.
  A: I dont think turning off lower rates are bad unless your WiFi cant support the design. Good call get on the latest. 
  I guess my question is how can an SSID just drop off the client view if others on the same AP are fine? 
  A: Again, its a client missing frames like beacons. 
  How does the AP deal with multiple SSIDs and does it prioritise?
  A: This SSIDs are virtualized. I blogged how this is done:
  http://www.my80211.com/home/2011/5/2/wlc-how-cisco-virtualizes-the-base-radio-mac-address-on-the.html
  I have to add that I've never had this issue and I'm just using a company standard HP laptop with an Intel chipset.
  A: Again I think if you search you might see this is more around specific devices. I would do a packet capture and see what is going on. Recently had to troubleshoot an Android only to find out it was just bad wifi client. Always sending NULL frames and scanning and not passing traffic 

• Multiple In and Out Points?

  Hi guys and gals!
  Are multiple in and out points possible within one sequence/timeline on FCP6?
  I'm looking to export a large number of individual segments using Compressor (so I can walk away and let it do its job overnight). Is it possible to set different in/out points on one timeline, and then apply the File>Export>Using Compressor settings?
  If anyone has any ideas please advise!
  Regards

  Hey no worries, will give that a try.
  Funny, I've been using Final Cut since version 2 and after all these years I've started to need through jobs the use of batching and exporting. I'm suprised you cannot select secondary/multiple in/out points though, that could be of great benefit. But sub-clips will hopefully work!
  Will let you know, thank you
  Regards!

• Multiple WLC LobbyAdmins

  Hello,
  My understanding is that I can authorise multiple Lobby Admins on a WLC 4404 using RADIUS. I was wondering is if is possible to create Lobby Admin groups so that a specific Lobby Admin can only grant guest wireless access to specific Mobility Groups?
  I support wireless in multiple facilities and handing off guest access admin duties to department secretaries is ideal, but I only want guests to have wireless access only from the area/building in which they will be visiting.
  Is this possible using a single WiSM (70+ WAPs) or do I need to deploy multiple WLCs?
  Thank you in advance for your help.

  "I only want guests to have wireless access only from the area/building in which they will be visiting."
  I can think of two ways of doing this ...
  1. Create AP Groups. This method allows you to broadcast a specific SSID in a specific area.
  2. Each Lobby Administrator can only see the account created. Lobby Admin 1 can't/won't be able to see accounts created by Lobby Admin 2, for instance.
  Hope this helps.
  3. Lobby Admins must be strict. Do not allow them to create 31-days account (no time limit).

• WLC and LDAP

  Hi to all,
  i want to use local-eap+LDAP (microsoft AD) and i'm experiencing some issue.
  First of all i'm not able to bind WLC and LDAP...if a perform a debug aaa ldap enable i get this output:
  Any idea about how to solve this issue?
  Regards
  Ale

  It sounds like .... invalid credentials ? :-)
  Please post your LDAP config on WLC.
  Is your admin username with which you're binding within the search context that you defined ? this is very important

• WLC and IPv6

  Hi All,
  has anybody experiences with WLC and IPv6? I have activated the Check Box for IPv6 Support, but it does not work. Regards, Michael

  Hi ,
  Have you configued uplink router/sw to support ipv6 ; the sample config would look like this
  ipv6 unicast-routing
  interface FastEthernet0/0.6
  encapsulation dot1Q 56
  ip address 10.50.56.1 255.255.255.0
  ip access-group GNS2 in
  ip access-group GNS2 out
  ip helper-address 10.50.1.21
  ip pim sparse-dense-mode
  ip multicast ttl-threshold 1
  no snmp trap link-status
  ipv6 address 2006::/64 eui-64
  ipv6 address autoconfig
  ipv6 enable
  let me if this works for you or not
  regards
  Seema

• Workgroup Bridge and local Wifi Config

  Hi all, hoping you can help me with this, just need an other brain as mine is empty as I've been staring at this for too long!!!
  What I'm trying to config is to have a standalone local WLAN (Built into a VAN) running on the 2.4ghz and then also have a workgroup bridge on the 5ghz to the corporate lan.
  Setup is this:
  2960<-->1142(autonomous)   <--Workgroup bridge on 5Ghz-->  1131(Lightweight)<3560>--<5508WLC> (hope that makes sense!!)
  So  far I have the bridge working, the 1142 connects to a ssid on the 1131  using psk. I can see the 1142 as an assosiated client on the wlc and I  can ping the the lan from the 1142 so I'm happy the bridge is working.
  Clients  connected to the 2.4ghz ssid on the 1142 can only ping through as far  as the AP(1142) I can't seem to get the traffic to pass across the  bridge, is there something I need to do to link the 2.4 to the 5ghz  bridge link?
  Any help always appreciated, cheers.

  dmantill - Thanks for your link. I have read through and checked my config but my plan is to have a number of clients, all dhcp assigned, connecting to the do0 int for local wlan breakout.
  I'm not sure that the passive config will help me there.
  Steven - I have enabled the wgb on the do1 int and I am connecting clients on the do0 int for local wlan breakout. Enabling the WGB has not disabled the other radio on my setup.
  I was running 7.0.98.0 but have today upgraded to 7.0.98.218 on my WLC but that has not helped.
  From what I can tell it looks like my problem just lies with routing traffic across the 2 radios. My local clients can ping as far as the WGB and if I CLI into the WGB AP I can ping the corporate lan on the otherside of the bridge and can also ping from the lan to the WGB. I just cannot seem to get the 2 ssid's to route between each other.
  Here's my WGB config, hope this brings some more ideas!!
  Cheers,
  Jason.
  Current configuration : 1555 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname XXX
  logging rate-limit console 9
  enable secret 5 $1$ujWI$HMYMAjMfJV2J2WaGa1/JJ0
  no aaa new-model
  dot11 syslog
  dot11 ssid XXX       
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 7 105A0C0A11001D1908
  dot11 ssid XXX       
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 7 080F15480C090D1221
  username Cisco password 7 02250D480809
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  ssid XXX
  antenna gain 0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  ssid XXX
  antenna gain 0
  station-role workgroup-bridge
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  no keepalive
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address dhcp
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  bridge 1 aging-time 216000
  line con 0
  line vty 0 4
  login local
  end

• Send mail to multiple recepients and multiple groups from workflow

  Hi,
  I have a requirement where during the process flow, I have to send mail notifications to multiple people at each step. Have done the outlook config and working fine. Also mail steps are working fine for one recepient. But I have to send relevant mail content to multiple people and to multiple groups like HR, IT security etc. What would be the best approach for this req?
  Please help.
  Thanks,
  Raj.

  Hello,
  If I understand you correctly, you have two options:
  Option 1 (if you must send to an external e-mail address):
  1- identify all recipients in a previous step and retrieve their e-mail addresses from the system
  2- collect all e-mail addresses in an internal table you define in the workflow template container (you can use table type BCSY_SMTPA)
  3- in the e-mail step, choose Recipient type as U (E-mail Address)
  4- in the e-mail address field, click F4 and you will see the e-mail address internal table you defined in step 2 above; use that variable
  Option 2 (if you can send to SAP inbox):
  1- identify all recipients in a previous step and retrieve the agent types and IDs (structure SWHACTOR)
  2- collect all agents into an internal table (you can use table type TSWHACTOR)
  3- in the e-mail step, choose Recipient type as G (Organizational Object)
  4- in the drop-down box, keep the value as "Expression"
  5- use F4 help to insert the internal table defined in step 2 as the expression value
  Hope this helps you.

• Difference in client tables between WLC and AP controller d0

  Hello gang,
  Anyone know whether its normal to have an APs' d0/d1 controller output show clients that don't appear on the WLC's "sh client <AP>" output?
  Here's an example - 10 clients visible from a "sh client " on the controller, but 15 clients visible on AP4s "sh controller d0" debug.
  Granted the User Idle Timeout has been bumped up to 7200 seconds, but shouldn't the AP's d0/1 client table get updated if/when a client roams to another AP nonetheless? Wouldn't this otherwise cause confusion? Is the Split-MAC Split-brained?
  Thanks for your input,
  --Bruce Johnson
  (mcores2wlc1) >show client ap 802.11b mell9s1ap4
  MAC Address AP Id Status WLAN Id Authenticated
  00:40:9d:31:b0:79 130 Associated 6 Yes
  00:40:9d:34:1f:04 130 Associated 6 Yes
  00:40:9d:33:ee:04 130 Associated 6 Yes
  00:40:9d:2b:d1:6a 130 Associated 6 Yes
  00:40:9d:31:23:a3 130 Associated 6 Yes
  00:40:9d:33:e9:28 130 Associated 6 Yes
  00:40:9d:31:27:a5 130 Associated 6 Yes
  00:40:9d:33:eb:4b 130 Associated 6 Yes
  00:40:9d:31:22:1d 130 Associated 6 Yes
  00:40:9d:33:ee:cb 130 Associated 6 Yes
  (mcores2wlc1) >debug ap command "sh cont d0" mell9s1ap4
  (mcores2wlc1) >Thu Feb 26 18:54:10 2009: mell9s1ap4:
  Thu Feb 26 18:54:10 2009: mell9s1ap4: ---Clients AID VLAN Status Age Tx Mode Enc Key Rate
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d33.eaec 198 6 0000 0800000FF 7195/7200 0-0 10111 200 0-10 10000000 016
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d30.efd1 197 6 0000 0800000FF 7195/7200 0-0 10111 200 0-10 10000000 016
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d31.bc74 195 6 0000 2800001FF 7165/7200 0-0 10111 200 0-10 10000000 016
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d31.27a5 193 6 0000 0800000FF 7195/7200 0-0 10111 200 0-10 10000000 016
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d33.eecb 192 6 0000 2800000FF 7195/7200 0-0 10111 200 0-10 10000000 016
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d31.221d 190 6 0000 0800000FF 7194/7200 0-0 10111 200 0-10 10000000 016
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d33.eb4b 186 6 0000 0800000FF 7194/7200 0-0 10111 200 0-10 10000000 016
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0016.6faf.9d64 185 3 0000 0C00000FF 7186/7200 0-0 0191 200 0-10 10FC0000 06C
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d33.e928 177 6 0000 2800001FF 5818/7200 0-0 10111 200 0-10 10000000 016
  =>Thu Feb 26 18:54:10 2009: mell9s1ap4: 0016.6faf.9db8 176 3 0000 0C00000FF 7140/7200 0-0 0191 200 0-10 10FC0000 06C
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d31.23a3 174 6 0000 2800000FF 7195/7200 0-0 10111 200 0-10 10000000 016
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d2b.d16a 165 6 0000 1800000FF 7194/7200 0-0 10111 200 0-10 10000000 016
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d33.ee04 163 6 0000 0800000FF 7194/7200 0-0 10111 200 0-10 10000000 016
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d34.1f04 151 6 0000 1800000FF 7195/7200 0-0 10111 200 0-10 10000000 016
  Thu Feb 26 18:54:10 2009: mell9s1ap4: 0040.9d31.b079 147 6 0000 2800000FF 7194/7200 0-0 10111 200 0-10 10000000 016

  hi Leo,
    I tested this out, but i guess its not working as i thought it would work. I configured the backup primary controller IP and name in the global configuration of the Wireless tab of the WLC and left the AP high availability blank with no settings. I joined the AP to the WLC and show capwap client ha output on the AP shows the backup primary controller name. but if i shut down the primary controller, the AP does not join the back, it just tries to get WLC ip by renewing DHCP forever and stuck in that...   below are the outputs.. any idea why its like this ? I thot if there is no HA configured at the AP level, the global config on the controller level should take effect ?
  LWAP3-1042#sh cap cli ha
  fastHeartbeatTmr(sec)   7 (enabled)
  primaryDiscoverTmr(sec) 30
  primaryBackupWlcIp      0xA0A700A
  primaryBackupWlcName    WLC2-4402-50
  secondaryBackupWlcIp    0x0
  secondaryBackupWlcName  
  DHCP renew try count    0
  Fwd traffic stats get   0
  Fast Heartbeat sent     0
  Discovery attempt      0
  Backup WLC array:
  LWAP3-1042#
  *Apr 30 20:36:21.324: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
  Not in Bound state.
  *Apr 30 20:36:31.829: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.10.114.49, mask 255.255.255.0, hostname LWAP3-1042
  *Apr 30 20:37:17.832: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
  Not in Bound state.
  *Apr 30 20:37:28.337: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.10.114.50, mask 255.255.255.0, hostname LWAP3-1042
  *Apr 30 20:38:14.338: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
  Not in Bound state.
  *Apr 30 20:38:24.842: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.10.114.51, mask 255.255.255.0, hostname LWAP3-1042
  regards
  Joe

• 5760 WLC and 5760 HA WLC question

  Hi everyone,
  I assume this information must exist... I just cannot locate it. Customer purchasing two 5760 WLCs:
  1     AIR-CT5760-500-K9
  1     AIR-CT5760-HA-K9
  I am looking for info on how to configure these 2 WLCs to work together.  How do you inform the production WLC that a HA WLC is available to sync with? Do WLCs have to be L-2 adjacent, or will HA operate at L-3?  How does this HA setup work? etc.
  Any help would be really appreciated.

  Hi,
  Any news regarding this issue?
  We've have the same scenario:
  1     AIR-CT5760-500-K9
  1     AIR-CT5760-HA-K9
  Both running
  IOS XE 03.03.01SE
  I've activated Global AP Failover Priority in both WLC and from a total of 47 APs, i've configured 8 with Priority Critical, 7 APs with Priority High and  3 APs with Priority Medium.
  We've issued an reload to the primary WLC and it took 7 minutes for the APs recover from the Secondary to the Primary
  13:14 - reload issued on the primary WLC
  13:15 - service granted by the secondary WLC (required an shut/no shut to the "Network Status" of the radio interfaces)
  13:22 - service recovered to the primary WLC
  Edit - Forgot to mention that the priority values mentioned above didn't show much improvement in the AP recovery time...

• How do we split our iCloud accounts but keep one iTunes account so we can share purchased content for our multiple iPhones and iPads?

  How do we split our iCloud accounts but keep one iTunes account so we can share purchased content for our multiple iPhones and iPads?

  You can migrate a copy of the data to a new account, then delete the other person's data from each account.  To do this, on the phone that will be changing accounts, if you have any photos in photo stream that you want to keep on the phone, save these to your camera roll by opening the photo stream album in the thumbnail view, tapping Edit, then tap all the photos you want to save, tap Share and tap Save to Camera Roll. If you have any synced notes that you want to keep on the phone, email these to yourself so you can create new notes in the new account.
  Once this is done, go to Settings>iCloud, scroll to the bottom and tap Delete Account.  (This will only delete the account from this phone, not from iCloud.  The phone that will be keeping the account will not be effected by this.)  When prompted about what to do with the iCloud data, be sure to select Keep On My iPhone.  Next, set up a new iCloud account using a different Apple ID (if you don't have one, tap Get a Free Apple ID at the bottom).  Then turn iCloud data syncing for contacts, etc. back to On, and when prompted about merging with iCloud, choose Merge.  This will upload the data to the new account.  You will create a new icloud email address with you turn Mail to On.
  Finally, to un-merge the data you will then have to go to icloud.com on your computer and sign into each iCloud account separately and manually delete the data you don't want (such as deleting your wife's data from your account, and vice versa).

• SSL VPN Full and Split Tunnel Config Question

  I am Beta testing SSLVPN on an IOS router. The question I have is this:
  Is it possiable to have slit and full tunnel configs. It seems that once you create your context and default profile that is all you have either split or full. The books say you can use Radius and assign different profiles but, I would like to give the users a choice (like in the VPN3000 .pcf) of either split or full depending on where they are working from.

  The below is an example using the ASA - but the principle remains the same:-
  http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080975e83.shtml
  HTH>

• My touch screen isn't working and stopped working after I went running with it. I have restarted it multiple times and restored it on my MacBook. It will still not let me slide it to even look at the phone. Please help ASAP.

  I took my iPhone running today and when I returned I was not able to slide it open or type in my pass code. All buttons are still responding. I have tried restarting it multiple times and even restored it, but the touch screen will not respond to anything. I also cleaned the screen off with a damp cloth. Please help! I WAS able to slide it open in the middle of restoring it but not able to click on any apps. Help! My life is on my iPhone and I am a nurse on call!

  Try restore as new using computer iTunes.