OEAP602 - Support for APs behind NAT

   Support for APs behind NAT
In the 7.2.103.0 release, you can deploy up to 3 OfficeExtend access points (OEAPs) behind a NAT device. You can deploy up to 50 FlexConnect access points (with or without Data DTLS) behind a NAT device.
            Source: http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_2.html
I'm confused, does it mean I can't have more than 3 OEAP602s deployed in the same remote site (let say, a Hotel) with the same Public IP back to my OEAP-WLC ?

I know on 7.0 MR1 only supports 1. I learned that the hard way doing a meeting at a hotel for our staff.
One thing we did was hook up a switch to port 4 and did HREAP with 2 other aps.. Not ideal but I like to test limits ..
Sent from Cisco Technical Support iPhone App

Similar Messages

  • L2TP VPN for servers behind NAT

    I have two 2012 R2 servers, both behind NAT, which I'm trying to connect via VPN. I have no problem connecting them via PPTP, but when connecting them via L2TP (with shared key for testing), the dialing server never connects to other server.
    I assume that the problem is that they're both behind NAT.  In Windows Server 2008, you were able to set a registry value to get the L2TP connections to work under NAT, see
    http://support.microsoft.com/kb/926179 by setting the environment variable AssumeUDPEncapsulationContextOnSendRule.
    I tried using this with the two servers, but it didn't seem to help.  Is there some other way to get the L2TP connection for the two 2012 R2 servers working behind NAT?

    Hi,
    Thanks for your pointer and sorry for replying so late.
    I am sorry to say that I haven’t found any documents to ensure whether NAT-T is supported in Windows server 2012 R2 or not. In addition,
    VPN servers that are located behind NAT is not recommended. When a server is behind a network address translator, and the server uses NAT-T, unintended behavior might occur because
    of the way NAT translate network traffic.
    Best regards,
    Susie

  • Official Support for Multisite Behind SA520 Firewalls?

    I'm at the beginning of a new multisite implementation with two sites. There are existing SA520 firewalls at each site. I have a UC540 and a UC560 with latest software packs and CCA 3.2(2).
    I'd like to know if multisite is currently (April, 2013) officially supported by Cisco when the UC devices are behind SA520 firewalls and whether this is configurable using CCA 3.2(2).
    I've done multisite in the past in an unsupported configuration via CLI and I'm hoping to go "by the book" as much as possible on this one. I can drop the SA520 firewalls if needed.  I have a lot of support procedures built around the SA520 so I have some incentive to keep them in place but not at the expense of running an unsupported configuration.
    Any help would be much appreciated.

    Hello Jeffrey,
    The way this will be configured depends upon the topology you go with.  If you leave the SA520's in place, the VPN connection would be between the SA520's, and the UC500's would not be involved, and this would not be configured using CCA.  This is supported, but just not thought the UC500's or CCA.
    If you make the UC500's the edge devices, or put them in a DMZ with public IP addresses, then the multisite configuration in CCA can be used, and also is supported.
    So, I guess it just depends on which way you want to go.  But both topologies are supported by Cisco, but CCA will only be used (For the VPN configuration) if the UC500's are configured with Public IP addresses.
    Thank you,
    Darren

  • NAT Support for Finesse

    Hi,
    I have a customer who wants VPN less access to Finesse server for agents from remote locations and for home agents.. we are thinking of using NAT here.
    Summary of the Architecture: 2 DCs (UCCE Side A and Side B), centralized call termination, VGs in DCs, VXML gateways also in DCs. 9 agent locations connected via MPLS links to DCs, 1 outsourced agent location with 100 agents ( planning to go for mobile agents for outsourced agents)
    It is mentioned in the below link that Finesse supports basic NAT between Finesse server and Finesse clients
    http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/finesse/finesse_1051/release/notes/CFIN_BK_R34A18D2_00_release-notes-for-cisco-finesse-1051/CFIN_BK_R34A18D2_00_release-notes-for-cisco-finesse_chapter_00.html#CFIN_RF_N6A0AC5F_00
    I don't have much understanding of security concepts.. so looking for some help here.
    1. Does NAT (one to mapping) between Finesse server and Finesse client means, each of the Finesse clients will also need one unique public ip mapped to each of the agent PCs?
    2. What are the benefits and drawbacks of using Nating approach instead of using VPN access to Finesse servers?
    3. Since it is mentioned that one to many mapping between Finesse servers and Finesse clinets is not supported, need to understand with an example of one to many scenario in contact enter world.
    Thanks
    Nirmal

    Hi, we have a similar setup for one of my clients and NAT works for us, for both inshouse and outsource sites which connects to us via the Public.
    1. Does NAT (one to mapping) between Finesse server and Finesse client means, each of the Finesse clients will also need one unique public ip mapped to each of the agent PCs?
    Ans. Why Public IPs? How is that one outsourced company connecting into the DCs network?
    2. What are the benefits and drawbacks of using Nating approach instead of using VPN access to Finesse servers?
    Ans. We tested both, and I think VPN works better as when they VPN they are technicaly a part of the network and then can access Finesse locally,
    3. Since it is mentioned that one to many mapping between Finesse servers and Finesse clinets is not supported, need to understand with an example of one to many scenario in contact enter world.
    Ans. One to many is when for eg 10 PCs behinds NAT but they talk to Finesse server as only 1 IP and teh NAT table manages the sessions to these 10 Finesse client PCs. One to One is when every PC gets a NATed IP to talk to outside workd / Finesse.
    Kartik

  • DMVPN behind NAT

    Hi,
    I'm having a little trouble getting a DMVPN up using a host that is behind a NAT device. It looks as though with my version of IOS i need to use IPSec tunnel mode, but the NHRP registeration on the hub shows the Real address of the spoke and not the NAT'd address. Because of this the spoke can't be seen by any others.
    Any idea's where i may be going wrong here?
    Thanks in advance for your help!
    Andy

    DMVPN is supported behind NAT. This is usually seen on routers. Upgrade the router software to12.3(11)T6 or greater to fix this issue.

  • I have been a customer with Verizon, since 1996. Recently, my husband has been added onto my account. We have both been experience drop calls. My husband contact Tech support for over 2 weeks. We were pretty upset to be paying a lot of money for a service

    I have been a customer with Verizon, since 1996. Recently, my husband has been added onto my account. We have both been experience drop calls. My husband contact Tech support for over 2 weeks. We were pretty upset to be paying a lot of money for a service that didn't work. Verizon advised us that would upgrade both of our phones (to see if that solved the problem). Ok...this is where Verizon has forgotten customer service rules. He order 2 phone...one for himself, one for me. 1st the wrong address on the package..Fedex couldn't deliver...2nd...missing condo number Fedex couldn't deliver again...(2nd call to Verizon)...3rd package was finally deliver with 1 phone...missing my phone. Contacted verizon rep...reorder my phone again..but sorry we cannot give the same price as quoted on 21April...even though...its our mistake...Ok...Ok..what a surprise..but we can do this...after 65 minutes...found a price that was a little bit more...fine...just order the phone....I reordered phone on 28April...on the April 29...no email..so I can Verizon for the 4times in a few days..sorry your order was delay due to our Fraud dept. OK...talked to fraud dept...ok..account is good..will release phone and ship. OK...Next day, no email with deliver confimation. Contact Verizon 5 times now...sorry..your order was cancelled...YES...cancelled again...2nd time now...but we can reorder...OK...sorry but we cannot honor that price that was quoted..really...agent messed up...again...but we can do this for you....I don't understand...your mistake...ALL the times...
    Strange ...how my order gets cancelled twice by Verizon's mistake....yet you cannot honor prices that your agents quoted!!!
    I didn't reorder the phone....I cannot in good faith same with a company that does not stand behind their own mistakes...and worse...they make the poor customer pay for it...
    I will not be renewing my contact...its time to Cricket Wirless...which my sister-in-law loves for half the cost....

    I hope that you aren't complaining about dropped calls INSIDE your condo because no amount of switching or upgrading devices will solve that.
    VZW will not guarantee service inside of any structure. There are just too many factors. If the problem is inside then you might want to look at one of the following:
    1.) Network Extender (may cause issues for others in a condo or apartment style setting)
    2.) A Google Voice Number (Free with a Gmail email address), downloading Google Hangouts Dialer and forwarding your calls to the GVN so that you can make and receive calls over Wi-Fi.

  • Lack of support for FIM database mirroring

    The official line is that database mirroring is not a supported architecture for the FIM deployment. I am not proposing using this, however I'd like to understand 1) What the issues really would be with a mirrored database deployment, 2) Will support
    ever be added for this, and will it come in the form of SQL AlwaysOn?
    Really appreciate help and input.
    Rgds,
    David

    Database mirroring comes has two modes regarding transactions: synchronous or asynchronous.
    Synchronous requires that the data be committed in both places before releasing the transaction. This has a big performance impact on the FIM Service database and to a lesser extent on the FIM Sync Database.
    Asynchronous means that data isn't committed in both places at the same time, the mirror can fall behind and then in failover you could be behind. In order to have automatic failover with Mirroring you have to be able to modify the connection string to include
    the failover partner or the client has to support getting that data at first logon. While you can modify the FIM database connection strings, it is not understood if FIM is using database clients that support mirroring. I believe it is. Even with asynchronous
    you still have performance hit for copying every transaction to the mirror.
    SQL Always On combines the best of mirroring and clustering to allow you to group databases together into an availability set, and then automatic failover the whole group to another server. It should be noted that Always On makes use of a similar underlying
    mechanisms as mirroring to copy the data -- this is evident when you read that Always on also has an asynchronous and synchronous mode. You will most likely run into the same performance quandary.
    Will the product group add support for it? My guess is that it depends on if they find a good way to address the performance issues.
    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

  • Support for Categorisation of Tasks on Playbook with BB Bridge - please?

    The BlackBerry and Windows Phone are "task-savvy" as shipped. The iPhone and most Droids are not - you have to get a 3rd party task manager app for them. So the BB should have a natural appeal to those who want built-in task manager with minimal fuss and RnD. Add to this that the BB task manager plays nicely with its counterparts in Outlook/Exchange and Notes. This provides a natural appeal for those who want a built-in task manager that syncs readily with their corporate stuff.
    Many personal organising systems rely on the use of categories for tasks. GTD is one of them, and very popular it is too, both with consumer users and corporates of all sizes. BB provides nice support for task categorisation, and so BB is a nice workshorse for corporate types who want to do GTD or something else that needs task categorisation. I guess RIM wants these people to be wanting PlayBooks too, no?
    Why, then, oh why, oh why, does the Playbook, when bridged to a BB, have nothing to do with the categorisation of tasks? You can't group or filter existing tasks by category and when entering a new task, you can't give that task a category. When looking at an existing task, you can't see which category(s) it belongs to.
    Standing in front of the oppostion's goal, ball at feet, with their goalie standing by the corner flag and .... whoops .. . over the bar it went.
    Please:
    1. Expose the category field on the "new task" and "existing task" forms, with the BB's master category list as a pick list behind it.
    2. Give us a little drop-down on the Task folder so that we can pick a category to filter on. (I'm thinking of one like the one top left in Bridge email where you can pick which folder's contents you want to view)
    There was a time when BB handsets had task folders that didn't support categories at all. That was many years ago. The requirement for task categorisation has not gone away, and is not confined to the handsets.
    And breathe....

    Given the dearth of replies to your post, you may have come to to conclusion that you're alone in your thinking but you're not, well at least not completely.
    http://supportforums.blackberry.com/t5/BlackBerry-PlayBook/Support-for-Categorisation-of-Tasks-on-Pl...

  • Support for HTML and CSS properties

    My biggest frustration with Acrobat Pro 9 is that it dropped support for certain HTML and/or CSS properties that were available in Acrobat Pro 8. In particular, the page-break-before attribute no longer works, nor does colspan. When I convert an HTML table with some colspans into a PDF, the table looks okay to the naked eye, but the structure behind the table (PDF tags) is incorrect.
    I can live without the page breaks, but I need colspan. I need to do this for hundreds of tables, so opening the Acrobat Table Editor and fixing the colspan by hand is not an option. A scripting/programming solution is required. Has anyone found a workaround? Does Acrobat X fix this problem?

    hello
    not trying to hijack the thread but needed some clarification
    your very short tutorial
    http://alt-web.blogspot.com/2012/11/primer-for-using-jquery-plug-ins.h tml
    was really informative. Just have a couple quick questions:
    you state:
    "the core code library which you ref in your <head> tags,"
    the below code just has to be declared ONCE at the beging in your head section, correct?
    <!-- jQuery latest core library from CDN-->
    <script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js">
    </script>
    then any number of jquery plugin scripts can be placed in ANY order in your head section following the above code, correct?
    "the function code inside <script> tags to invoke the plug-in."
    so then in the body, does the functions code have to come RIGHT AFTER the place it is being used?
    example
    <body>
    <div class="slideshow1"
    </div>
    <!--Plug-In Function Code1-->   
    <script type="text/javascript">
    </script>
    <div class="slideshow2"
    </div>
    <!--Plug-In Function Code2-->   
    <script type="text/javascript">
    </script>
    </body>
    or can you take all the function codes and paste them in the end outside of the respective divs that are using the code?
    ie does the position of the code matter?\
    thanks guys
    Nancy O. wrote:
    Try jQuery Fancybox
    http://fancybox.net/
    If you're new to using jQuery plugins, see this primer:
    http://alt-web.blogspot.com/2012/11/primer-for-using-jquery-plug-ins.h tml
    Nancy O.

  • Airport Utility 6.0.0 breaks support for my Airport Express

    Computer updated to Airport Utility 6.0 but that breaks support for my Airport Express.  When I try to access the Airport Express it tells me I have to download Airport Utility 5.6 - but I can't find that anywhere on the Apple sites to download! 

    My catch-all list of Airport 6.0 & Firmware 7.6.1 problems:
    ~~~~~~~~~~~~~~
    I've compiled a catch-all list of problems and changes with Airport Utility version 6.0 and FW 7.6.1. Some of the items may be relevant to this thread.
    THE PROBLEMS WITH AIRPORT UTILITY 6 AND FIRMWARE 7.6.1:
    Introduction: If you find AirPort Utility v6.0 too limiting or strange, you can ALSO install AirPort Utility v5.6, released alongside v6.0, to maintain all your previous capabilities. It works fine with both Airport g and n devices.
    PLEASE NOTE: According to Apple you must FIRST install Airport Utility v6.0 in order to access and install Firmware upgrade 7.6.1. Do that first. THEN install Airport Utility v5.6 and use it instead if you prefer. HOWEVER: Another user has informed me that they were able to use Airport Utility v5.6 to install Firmware v7.6.1 without any problems! This would mean anyone can avoid Airport Utility 6.0 entirely if they chose.
    ~~~~~~~~~~~~~~~~~~~
    1) According to Apple's documentation, Airport Utility version 6.0 is ONLY for Mac OS X 10.7 Lion. It is NOT for 10.6 Snow Leopard. If you accidentally installed v6, you'll have to dig around in Apple - Support - Downloads for the previous relevant version for your devices and OS version. Here is the relevant page:
    http://support.apple.com/kb/DL1483
    2) The HELP for Airport Utility has been updated. When you first access it you may well be looking at the old Help. It is supposed to update itself spontaneously over the Internet. It took a couple minutes in my case. Be sure you are looking at the NEW Help before you start using it. One way to tell is that the list of help topics essentially doubles from what there used to be. Also, the very first topic in the NEW Help should read:
    "Set up an AirPort device > Set up a new AirPort Base Station or Time Capsule"
    3) The HELP has some WRONG information. Here we go:
    3a) There is NO "Enable Guest Network" setting. You CANNOT create a guest network or name it or give it any settings. Why this is still listed in Help, I have no idea. Why the setting is gone: This is most likely because the technology behind guest networks, WPS, has been thoroughly CRACKED in the wild. Google "WPS cracked" for lots of documentation of the situation. It won't be resolved soon.
    3b) I can't find any 'Setup Assistant". Everything is now manual. This is not to say that there isn't a setup assistant that appears when you FIRST set up your Airport device. I don't know.
    4) After installing Airport Utility v6.0, there is no indication of the accompanying firmware update until you decide to run the new version. Even then, you have to click on the big icon of your Airport device and notice an 'Update' button about halfway down the popup window. You then have to assume that this button is telling you to update your firmware.
    5) After you update your Airport device's firmware, you may well discover an ERROR subwindow popping up inside Airport Utility that says:
    "An error occurred while updating the firmware. -6721"
    Don't panic! All you need to do is go into your Wi-Fi settings, either in your menubar or the Network preferences, and turn OFF Wi-Fi, then turn ON Wi-Fi again. This is part of a long standing bug in Lion's Wi-Fi with which I bet you are already familiar, certainly up through Lion version 10.7.2.
    6) Miscellaneous changes in Airport Utility 6:
    6a) The keyboard command to manually change your Airport devices settings is GONE. You have to click the little 'Edit' button after clicking on the big icon for your device.
    6b) There is no longer any summary window for your Airport device. You have to instead click on the big "Internet" icon for related data, then click on the big icon for your Airport device for local settings data.
    6c) There is no longer any HELP advising users to EXPORT their settings. (The Help only talks about Import of settings). BE SURE TO EXPORT YOUR NEW SETTINGS! I did this immediately after both updates.
    6d) MAC address filtering for Airport devices is GONE.
    6e) All references to IPV6 anywhere are GONE. I have to assume the IPV6 settings are now entirely working and entirely automatic. Let's hope so.
    6f) Signal and Noise data and graphs are GONE. Use Apple's Wi-Fi Diagnostics app instead. Apple have hidden it here in Lion:
    /System/Library/CoreServices/W-Fi Diagnostics
    6g) In order to access the menu items in Airport Utility, you have to first click on the big icon for your Airport device.
    --> No doubt there are other changes, oddities or bugs related to these changes. But this is what I came up with during a cursory strafing of the software.

  • [SOLVED]ModemManager 0.7 breaks support for Ericsson F3607gw WWAN card

    Hello,
    apparently the ModemManager v 0.7.990 currently in the repos no longer supports my WWAN card, a Dell 5540 Mobile Broadband (which is just a rebranded Ericsson F3607gw).
    ModemManager 0.6, which is the version used in Fedora 18, works just fine with the card and connections can be made.
    My device, as listed by lsusb:
    Bus 008 Device 004: ID 413c:8184 Dell Computer Corp. F3607gw v2 Mobile Broadband Module
    The output of the log with MM 0.7:
    Apr 25 00:43:18 brb-laptop ModemManager[1823]: <info> ModemManager (version 0.7.990) starting...
    Apr 25 00:43:18 brb-laptop systemd[1]: Started Modem Manager.
    Apr 25 00:43:18 brb-laptop sudo[1820]: pam_unix(sudo:session): session closed for user root
    Apr 25 00:43:20 brb-laptop ModemManager[1823]: <warn> Couldn't find support for device at '/sys/devices/pci0000:00/0000:00:19.0': not supported by any plugin
    Apr 25 00:43:20 brb-laptop ModemManager[1823]: <warn> Couldn't find support for device at '/sys/devices/pci0000:00/0000:00:1c.1/0000:0c:00.0': not suppo...ny plugin
    Apr 25 00:43:22 brb-laptop ModemManager[1823]: <info> Creating modem with plugin 'Generic' and '4' ports
    Apr 25 00:43:22 brb-laptop ModemManager[1823]: <info> Modem for device at '/sys/devices/pci0000:00/0000:00:1d.7/usb2/2-6' successfully created
    Apr 25 00:43:23 brb-laptop ModemManager[1823]: <warn> couldn't load Operator name: 'Could not parse the CRSM response'
    Apr 25 00:43:23 brb-laptop ModemManager[1823]: <info> Modem: state changed (unknown -> disabled)
    Any connection attempt with NM fails with the log entry "cannot find valid data port".
    When downgrading to MM 0.6, the output is:
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'MotoC'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Gobi'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Huawei'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Option High-Speed'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Option'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Sierra'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Novatel'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Nokia'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'ZTE'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Ericsson MBM'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Longcheer'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'AnyData'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'SimTech'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'X22X'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Linktop'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Samsung'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Wavecom'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Cinterion'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Iridium'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Loaded plugin 'Generic'
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> Successfully loaded 20 plugins
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (ttyACM0) opening serial port...
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (ttyACM1) opening serial port...
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (ttyACM2) opening serial port...
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (Ericsson MBM): GSM modem /sys/devices/pci0000:00/0000:00:1d.7/usb2/2-6 claimed port wwp0s29f7u6i6
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (ttyACM0) closing serial port...
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (ttyACM0) serial port closed
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (Ericsson MBM): GSM modem /sys/devices/pci0000:00/0000:00:1d.7/usb2/2-6 claimed port ttyACM0
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (ttyACM1) closing serial port...
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (ttyACM1) serial port closed
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (Ericsson MBM): GSM modem /sys/devices/pci0000:00/0000:00:1d.7/usb2/2-6 claimed port ttyACM1
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (ttyACM2) closing serial port...
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (ttyACM2) serial port closed
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (Ericsson MBM): GSM modem /sys/devices/pci0000:00/0000:00:1d.7/usb2/2-6 claimed port ttyACM2
    Apr 25 00:40:52 brb-laptop modem-manager[1522]: <info> (ttyACM0) opening serial port...
    Apr 25 00:40:53 brb-laptop NetworkManager[219]: <info> (wwp0s29f7u6i6): new GSM/UMTS device (driver: 'cdc_ether' ifindex: 2)
    Apr 25 00:40:53 brb-laptop NetworkManager[219]: <info> (wwp0s29f7u6i6): exported as /org/freedesktop/NetworkManager/Devices/4
    Apr 25 00:40:53 brb-laptop NetworkManager[219]: <info> (wwp0s29f7u6i6): now managed
    Apr 25 00:40:53 brb-laptop NetworkManager[219]: <info> (wwp0s29f7u6i6): device state change: unmanaged -> unavailable (reason 'managed') [10 20 2]
    Apr 25 00:40:53 brb-laptop NetworkManager[219]: <info> (wwp0s29f7u6i6): bringing up device.
    Apr 25 00:40:53 brb-laptop NetworkManager[219]: <info> (wwp0s29f7u6i6): deactivating device (reason 'managed') [2]
    Apr 25 00:40:53 brb-laptop NetworkManager[219]: <info> (wwp0s29f7u6i6): device state change: unavailable -> disconnected (reason 'none') [20 30 0]
    Apr 25 00:40:53 brb-laptop kernel: IPv6: ADDRCONF(NETDEV_UP): wwp0s29f7u6i6: link is not ready
    Apr 25 00:40:53 brb-laptop modem-manager[1522]: <info> (ttyACM0) closing serial port...
    Apr 25 00:40:53 brb-laptop modem-manager[1522]: <info> (ttyACM0) serial port closed
    However, I cannot downgrade to MM 0.6 as Gnome 3.8 and NetworkManager require >=0.7.
    Has anyone encountered this problem before and has a fix/solution? Or should I file a bug in the Arch tracker? I got Bluetooth PANs to work with a patched bluez from this board, as the upstream version is behind the one used by fedora (4.101-1 vs. 4.101-4). WWAN is the only thing that doesn't work with my new Arch setup.
    Thanks in advance, any help would be much appreciated.
    Last edited by grinko (2013-04-29 21:10:07)

    I did, you linked to it already
    I slightly modified modemmanager-git in the AUR and added some dependencies, the git version now works for me.

  • Proxy support for third party applications

    Hi all.
    I have seen many posts by users saying that some applications cannot access the internet, while connected to a network with proxy authentication.
    Ultimately, the problem lies in iOS not supporting system-wide proxy settings. We are therefore stuck with applications where the developer has not included their own proxy authentication methods. This is really pathetic in my opinion, seeing as the iPad, although primarily focused on a media and leisure based market, is actually used by a lot of people in the enterprise world.
    There has not been any official announcement by Apple about this issue on other threads, or any announcement as to when support for this will be added. As a university student, I am forced to bring both my MacBook and iPad to campus, simply because I cannot access certain online services, such as DropBox, from my iPad. It actually makes me question what the point in getting the device was in the first place, as my primary intended usage is to eliminate the need for my MacBook to come with me to university.
    I would like Apple to please give any response on this, especially seeing as these devices are bought by many people with the intention of using it on many different networks on the move. Please, don't get me wrong - with the applications that work, and the usage I have with my iPad as is, I really enjoy the device, and it is great in many aspects, but simple functions such as internet access for applications under proxy authentication should be a given feature.
    With that all said, I have not had a chance to update to 4.3.1 yet, and I am not aware if it has been fixed yet or not - the change log says nothing about it though. Has anyone found a solution to this yet? Are some of you also experiencing it?
    MrP.
    EDIT: I notice that in the change log of 4.3.1, it says: "Resolves an issue authenticating with some enterprise web services". Can anyone confirm if this has fixed the issue?
    Message was edited by: Padie

    Yes same here, Ipad and Iphone 4S all iOS 5.1.1 behind a proxy....Safari works but pretty much none of my other Apps. proxy acceptance will be a critical blow in the war for the Enterprise market. I need access to Apps I now rely on and they simply do not work.
    With MS Surface only weeks away once people start using this with 100% success through a proxy, ( not to mention real Office that works with macros and all formatting..Oh and stylus friendly too!) a lot of apple devices may start to gather dust.
    Common Apple, lets move on from Toys and get serious about work too. I am guessing there are a lot of us out there trying to make ipads work at work...help us out!

  • WLS support for SC_NOT_MOFIDIED (304) status code

    Hi all,
    We are using WLS 7.0 and noticed that it does not support the conditional retrieval
    of URL for static content (ie html pages and gif files etc). This is true at least
    for web application deployed with either a war file or "exploded" directory structure.
    For those of you who not familiar with this status code, it basically enables
    browser to send IF-MODIFIED-SINCE header with a http request. The server is supposed
    to check if a new version exisits and if not, returns status code 304. This would
    speed up things for an application with large number of static images, css or
    html files. We are quite surprised that a leading product like WLS would omit
    somthing so basic. So we are not sure if there is a place to turn it on or off?
    If there is simply no support for this feature, can someone provide some explaination
    as to the rationale behind it? We have some idea, but would rather hear it directly
    from BEA. Thanks.

    No, we have consolidated on the Apache XML/XSL stuff. You are free to use
    whatever other parser you would like however. The Sun XML pkg should work
    fine.
    Thanks,
    Michael
    Michael Girdley
    BEA Systems Inc
    "Boris Tabenkin" <[email protected]> wrote in message
    news:[email protected]..
    Are you still including the sun XML package, and if so which version?
    "Toby Allsopp" <[email protected]> wrote in message
    news:[email protected]..
    Hi, Craig.
    Craig Macha wrote:
    Our company typically does NOT use Open Source products. We can't
    risk
    not having support.
    I think you're a little confused about what "Open Source" means. Itdoesn't mean "unsupported." If you want support then you need to pay forit,
    just like any software. One of the advantages of open source software is
    that you aren't tied to a single vendor for your support - anyone with the
    appropriate skills can take the source code and
    provide support, as BEA have chosen to do in this case.
    Regards,
    Toby Allsopp.

  • DMVPN Hub and Spoke behind NAT device

    Hi All,
    I have seen many documents stating about DMVPN Hub behind NAT or DMVPN Spoke behind NAT.
    But My case i involve in both situation.
    1) HUB have a Load Balancer (2 WAN Link) ISP A & B
    2) Spoke have Load Balancer (2 WAN Link) ISP A & B
    Now the requirement is Spoke ISP A Tunnel to HUB ISP A.  Spoke ISP B tunnel to HUB ISP B
    So total of two DMVPN tunnel from spoke to hub, and i will use EIGRP and PBR to select path.
    As I know at HUB site, LB must do Static NAT for HUB router IP, so spoke will point to it as tunnel destination address. At spoke LB, i will do policy route to reach HUB ISP A IP via Spoke ISP A link, HUB ISP B IP via Spoke ISP B link.
    HUB and Spoke have to create 2 tunnel with two different network ID but using same source interface.
    The Tunnel destination IP at spoke router is not directly belongs to HUB router. Its hold by HUB LB , and forwarded to HUB router by Static NAT.
    Any problem will face with this setup? Any guide?
    Sample config at HUB.
    interface Tunnel0
    bandwidth 1000
    ip address 172.16.1.1 255.255.255.0
    ip mtu 1440
    ip nhrp authentication cisco123
    ip nhrp map multicast dynamic
    ip nhrp network-id 1
    ip nhrp holdtime 600
    delay 1000
    tunnel source FastEthernet0/0
    tunnel mode gre multipoint
    tunnel key 0
    tunnel protection ipsec profile cisco
    interface Tunnel1
    bandwidth 1000
    ip address 172.17.1.1 255.255.255.0
    ip mtu 1440
    ip nhrp authentication cisco123
    ip nhrp map multicast dynamic
    ip nhrp network-id 2
    ip nhrp holdtime 600
    delay 1000
    tunnel source FastEthernet0/0
    tunnel mode gre multipoint
    tunnel key 1
    tunnel protection ipsec profile cisco
    Spoke Config
    interface Tunnel0
    bandwidth 1000
    ip address 172.16.1.2 255.255.255.0
    ip mtu 1440
    ip nhrp authentication cisco123
    ip nhrp map 172.16.1.1 199.1.1.1
    ip nhrp network-id 1
    ip nhrp holdtime 300
    ip nhrp nhs 172.16.1.1
    delay 1000
    tunnel source FastEthernet0/0
    tunnel destination 199.1.1.1
    tunnel key 0
    tunnel protection ipsec profile cisco
    interface Tunnel1
    bandwidth 1000
    ip address 172.17.1.2 255.255.255.0
    ip mtu 1440
    ip nhrp authentication cisco123
    ip nhrp map 172.17.1.1 200.1.1.1
    ip nhrp network-id 2
    ip nhrp holdtime 300
    ip nhrp nhs 172.17.1.1
    delay 1500
    tunnel source FastEthernet0/0
    tunnel destination 200.1.1.1
    tunnel key 1
    tunnel protection ipsec profile cisco

    Hi Marcin,
    thanks for your reply. The NAT was set up in a way it was/is just to simulate the spoke to be behind NAT device.
    About AH and ESP, you are correct there... this was actually my issue. I should have used pure ESP. At the end, TAC actually assisted me with this. Before I called TAC, i did notice the following. ISAKMP traffic was NATed to 3.3.3.3, as expected. Anything after that, did not work and it has to with NAT and AH. Traffic was no longer NATed so the hub, saw the traffic come from 2.2.2.2 rather than 3.3.3.3, you can also see that in the error message you have pointed out. I also saw it in my packet captures. That caught my eye and i started troubleshooting it. I did not understand that AH can't be NATed, Below  is TAC's explanation. All is good now. Thanks
    .  Essentially, it comes down to the fact that AH will encapsulate the entire IP packet (hence why it is the outermost header) with the exception of a few mutable fields, including the DSCP/ToS, ECN, flags, fragment offset, TTL, and the header checksum.  Since the source/destination IP addresses & port numbers are actually protected by the AH integrity checking, this means that a device performing a NAT operation on the packet will alter these IP header fields and effectively cause the hub router to drop the packet due to AH failure.
    Conversely, ESP traffic is able to properly traverse NAT because it doesn't include the IP header addresses & ports in its integrity check.  In addition, ESP doesn't need to be the outermost header of the packet in order to work, which is why devices will attach an outer UDP/4500 header on the traffic going over NAT."

  • STICK_CACHE_SIZE_EXCEEDED: Sticky cache can't be supported for 9th AP

    Hi,
    it's possible to somehow increase the sticky cache? 9 APs is not enough.
    STICK_CACHE_SIZE_EXCEEDED: Sticky cache can't be supported for 9th AP.Client MAC 44:2b:03:55:f4:c0.
    Thanks
    K.

    The controller appears to be configured with sticky key caching (SKC).
    You can verify if a WLAN is configured for SKC with: show wlan wlan_id
    With sticky key caching, the client receives and stores a different PMKID for every AP it associates with. The APs also maintain a database of the PMKID issued to the client.
    In SKC, the client stores each Pairwise Master Key ID (PMKID) against a Pairwise Master Key Security Association (PMKSA). When a client finds an AP for which it has the PMKSA, it sends the PMKID in the association request to the AP. If the PMKSA is alive in the AP, the AP provides support for fast roaming. In SKC, full authentication is done on each new AP to which the client associates and the client must keep the PMKSA associated with all APs. For SKC, PMKSA is a per AP cache that the client stores and PMKSA is pre-calculated based on the BSSID of the new AP.
    With sticky key caching the end device after completing full 802.1x authentication caches the PMKID for that AP. When it roams to the next AP say AP2 it has to complete re-authentication again. It caches the PMKID for this as well. Now when it roams back to the first AP it gives the PMKID in the re-association request. The controller uses this and realizes that the client is authenticated and just goes ahead with the four way handshake. So the client HAS TO authenticate to each new AP that it goes to.
    Now this works fine in a small setup due to a limitation on the controller. The controller can cache upto 8 PMKID'S for each client. So the client can roam to 8 AP's again and again without requiring 802.1x authentication. However if it goes to a ninth AP this will required re-authentication (even if the client has previously roamed to this AP) as the controller will not have the necessary PMKID.

Maybe you are looking for