Passive client Behind WGB(WAP121)
Hello,
Passive Client is getting disconnected after inactivity means if this client is idel for few minutes then it will loose the connection and we cant reach anymore to client.
Here is the topolgy:
Core-switch---------------Edge-Switch-------------AP~~~~~~~~~~~WAP121(WGB)--------------Machine(With static IP)
WLC
What I did to resolve this problem:
1. On WLC: "config macfilter add <mac address> wlanname xxx.xxx.xxx.xxx" (this individually for each machine MAC and IP)
2. I must put in the WGB where the machine are connected to: "bridge 1 address <mac address> forward giga 0"----> can’t do on WGB(Did not find any option to add this command )
3. Activated Multicast on Controller
4. Activated "Passive Client" on the BDE-SSID
5. Added ARP on Layer 3 device for this CLIENT:
is there any other solution ??
Any kind of help will be appreciated.
Regards
Hello,
Passive Client is getting disconnected after inactivity means if this client is idel for few minutes then it will loose the connection and we cant reach anymore to client.
Here is the topolgy:
Core-switch---------------Edge-Switch-------------AP~~~~~~~~~~~WAP121(WGB)--------------Machine(With static IP)
WLC
What I did to resolve this problem:
1. On WLC: "config macfilter add <mac address> wlanname xxx.xxx.xxx.xxx" (this individually for each machine MAC and IP)
2. I must put in the WGB where the machine are connected to: "bridge 1 address <mac address> forward giga 0"----> can’t do on WGB(Did not find any option to add this command )
3. Activated Multicast on Controller
4. Activated "Passive Client" on the BDE-SSID
5. Added ARP on Layer 3 device for this CLIENT:
is there any other solution ??
Any kind of help will be appreciated.
Regards
Similar Messages
-
Problems with Arrowpoint cookies for clients behind a Proxy
I have in a WebSite clients being load balanced using Arrowpoint cookies to a virtual Server. The CSS load balance between three Apache real servers.
I have some clients that are behind some kind of Proxy Cache and I have seen with a sniffer that the proxies causing the problem Re-use proxy to our server connections for different requests for multiple clients.
Then, as I understand the CSS make the forwarding decission based on the cookie of the first request for the first client behind the proxy after establishing the HTTP connection, but when there is a request from other client using this same connection (that must be forwarded to other real server) the request is forwarded to the original web server and fails because we need sticky connections.
I thought that this wasn't correct but I have read some documents that say that this is called a Proxy role as a "connection cache". Then my question is if there is any workaround for this problem.
ThanksI believe your problem is that the proxy open a few persistent connections with the CSS and loadbalance your client's request over them.
Once the CSS has associated a connection with a service, it does not look into the request anymore.
The solution is to disable persistence on the CSS with the command 'no persistent' and 'persistence reset'.
Find more info at :
http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093e06.shtml#crp
Gilles. -
I have been searching for a solution for this issue with all that google knows......
I have my client behind NAT with ip 192.168.27.1
And the server behind NAT with some ip (i am not really worried abt this)
Now I register a client object to server for notification. SImply a hash table in server stores all my client objects. On a expected change, I invoke a method in my client objects.
In this scenario I happened to observer that the client objects sent to server had the client ip (192.168.27.1) inside it and not the NAT ip through which they went out.
So when I went invoke the remote method nothing interestingly happens as the client cannot be located.
I tried creating custom sockets in client and binding it to NAT ip --> obvious bind exception for a ip that is not with client
Setting the NAT ip as java.rmi.hostname in client --> no effect, since still the server is trying to notify (192.16827.1)
Help me to root out this issue. I feel that there must be a solution for this, otherwise RMI it would not have been this much successful.Hi turing,
thanks for your reply
actually my question is
"maybe if you try using the "real" ip (www,whatismyip.com)
your program will work. "
how to do this in the scenario I explained.
Most of the discussions I saw in this forum are about server behind NAT and resolution approach for it. I can't find an answer for this even in the post you mentioned.
Simply,
When I register a client object in server, how will the server identify the client to notify, when the client is behind NAT.
Will the ip address that the remote object carries will also be NAT'ed. I don't see this happening. -
Multiple ichat clients behind firewall?
IS it possible to have multiple ichat clients behind a firewall? I've just bought a macbook pro and would like to purchase two more for ichat functionality. Two of these will be behind one firewall, the other across the country. I can't find any documentation other than how to configure a single ichat client.
Is it possible? It's ok if we have to purchase an xserve and run some kind of server our end - I just want it to work.
Message was edited by: paulgamiHi paulgami,
iChat will work behind a firewall or routing device.
With routing device the easiest method is UPnP which allows the Apps to open the ports and allows multiple computers to use the same ports.
A device that has Port Triggering can also allow multiple computers to use the same ports.
If you mean that you want the Bonjour side or even the Jabber side (in the iChat Server in OS X serve) to be in the same Network you will have to look to setting up VPNs (virtual Private Networks) to cover the distances you are talking about.
It may be just semantics but it helps if we know which bit of iChat you are talking about.
Tiger 10.4.x OS X Serve has an Jabber Server that can be used with the Jabber side of iChat (iChat 3.x)
Each computer already has the iChat Client.
There are also Public Jabber servers including Googletalk to use with the Jabber side of iChat.
The Main Buddy list obviously uses the AIM service and again this can be world wide.
iChat also has the Bonjour side. This can find any other Mac on the same network. It uses the user's Address Book to broadcast a Screen Name for the other iChat clients (separate buddy List)
Possibly start here
http://www.ralphjohnsuk.dsl.pipex.com/index.html
Just getting started ?
http://www.siriusaddict.com/ichat.html
Collaboration Services Forum in OS XServer
http://discussions.apple.com/forum.jspa?forumID=700
8:44 PM Monday; August 13, 2007 -
SSID with Passive Client Enabled Problem - WLC2106
Hello,
In my environment i have this topology :
WLC ~~~~~~|Another Vendor Client Radio doing Bridge|----Camera
| |----RAP-1552E~~~~~~~MAP-1552E~~~~~|Another Vendor Client Radio doing Bridge|------|Camera|
|----------Switch-----|
|---| Ethernet
|~~~| Wireless
The WLC is one 2106 WLC with version 7.0.240.0.
All clients are in the same broadcast domain, the camera/another vendor client and the RAP and MAPs, the another vendor is connecting in SSID LAB, when i connect some notebook in the SSID LAB i can't reach camera.
I tried to segmenting this networking putting the SSID-LAB2 broadcasted from RAP and MAP to another network and connecting my notebook in the SSID LAB2 and i have problems to access camera too. The routing is OK.
I put my notebook in the switch in the same broadcast domain or in another broadcast domain and i could access the camera without problem.
I'm having these problems only when i have the clients connected in wireless.
I enabled multicast in the controller and passive-client, because i wasn't reaching the camera without this configuration enabled, now i can access but i'm having these problems.
Thank You.I don't know what else you can do here. There are some wireless Ethernet bridges I have tested that work okay and others that just doesn't. Seems like the one that I use, a Buffalo Ethernet converter needs to be rebooted every so often. Others just don't work. Have you tried opening a TAC case?
Sent from Cisco Technical Support iPhone App -
FTP-client behind RRAS - unable to connect to external FTP servers
FTP-client behind RRAS - unable to connect to external FTP servers
A small network (10-20PCs) without any segmentation - one LAN with one Gateway.
1. If the Gateway is some small hardware device, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
2. If the Gateway is Win2003+RRAS+NAT or Win2003+ISA2005, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
3. But if the gateway is Win2008+RAS+NAT or Win2012+RRAS+NAT, the computers in the LAN are not able to connect to Internet FTP-servers
I made a few tests:
1. On Win2012+RRAS+NAT
TurnOff Windows Firewall for All profiles (Domain, Private, Public) - the problem disappears, it it possible to connect to external Internet FTP-servers.
2. On Win2012+RRAS+NAT
TurnOff Windows Firewall only for Domain profile - the problem disappears, it it possible to connect to Internet FTP-servers.
3. On Win2012+RRAS+NAT
TurnOn Windows Firewall for All profiles (Domain, Private, Public)
But I excluded the Internal NIC in this list
Windows Firewall / Properties / Domain Profile / Protected network connections
and the problem disappears again
My question is:
What new Firewall rule I have to make and where to place it (to be able to make FTP-connection from LAN to Internet FTP-servers)?
I made some attempts to allow port21, but any success.Thank you, but did you try this ?
Can you describe in detail "exclusion rule for FTP traffic" ?!
In my previous post, I want to say that if you use Win 2008/2012 RAS+NAT as a network gateway, than it is not possible to make FTP-connections to external FTP servers from the computers behind that gateway.
And the standard attempts to make "Allow"-rules for port 21 in the gateway firewall (Win 2008/2012), do not solve the problem.
No matter which FTP-client you can try to use.
To see this problem, just make few simple tests:
">telnet <ftp-server> 21"
with firewall on/off and inbound/outbound "Allow port 21 rule (All/Domain/Private/Public)"
In my country, the Government Tax Department uses FTP-protocol to collect monthly data from companies.
And it is too stupid scenario (to be a small company and to) upgrade from Win 2003 to a newer 2008/2012 and than to not be able to make all your jobs.
-------EDIT---------
The same problem (and its solution) is described here:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/0c68aed6-e22b-4cd4-86bd-f3c767e88349/advanced-firewall-blocking-through-ftp-traffic-rras
The magic command:
">netsh routing ip nat delete ftp"
solved the problem for me.
And here is the description of this command - "Disables the FTP proxy on the NAT server."
http://technet.microsoft.com/en-us/library/cc754535(v=ws.10).aspx#BKMK_106 -
Contivity vpn client behind router with easy server
Hi, I've seen this argument before, but without an effective solution.
I have a contivity client behind a 857 cisco router. This client needs to connect to a remote VPN server.
With NAT enable and easy VPN server disable all works fine.
When I enable easy VPN server on the 857 (I need to connect several dial-up cisco vpn client from outside to this office) the contivity client can't connect anymore to the remote vpn server and hang up with the famous "bannet text" error.
I think that because the external interface of the 857 is waiting for cisco vpn client to connect, it intercepts also the data from the remote contivity vpn server, not forwarding to the client inside the LAN.
If there is a way to "passthrough" the contivity connection data to the internal client it would be very nice.
Many thanks, Stefano.Hi, I found a possible solution. At this page
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080235197.shtml
this is the interesting part:
!--- Dynamic crypto map.
crypto dynamic-map dynmap 1
set transform-set foo
match address 199
access-list 199 permit ip 10.100.100.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 199 permit ip host 172.16.142.191 192.168.1.0 0.0.0.255
I try to put the contivity vpn client to another subnet (192.168.3.10) but the easy vpn server still intercepts its encrypted data.
Salutes. -
When the RMI client behind firewall tries to access the server the following error is thrown up:
java.rmi.ConnectIOException: Exception creating connection to: 10.130.12.128; ne
sted exception is:
java.net.NoRouteToHostException: Operation timed out: no further informa
tion
java.net.NoRouteToHostException: Operation timed out: no further information
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at RMIFaxServer_Stub.getResult(Unknown Source)
at FaxTest.main(FaxTest.java:51)your client is behind the firewall but the server you're trying to access has an address 10.x.x.x which says that it too is behind a firewall and not on the Internet, or is the server in a DMZ. It sounds more like a networking issue than a java problem at this point. If the server is on some side of a firewall, you may need a some sort of "permit established" config setting added to the firewall. Just a thought.
-
CSCuh46996 - Clients behind 3rd party WGB fail DHCP post upgrade from 7.0.116.0
Has software version 7.6(1.70) been made available to the public?
Downloads Home
Products
Wireless
Wireless LAN Controller
Standalone Controllers
Cisco 5500 Series Wireless Controllers
Cisco 5508 Wireless Controller
Wireless LAN Controller Software
only has release 7.4.110.0 ED availableThe following entry may indicate a failing harddrive, so doing backups and replacing the harddrive may be in order.
Disk Information:
TOSHIBA MK7559GSXF disk0 : (750,16 GB)
S.M.A.R.T. Status: Failing <-----------
A little bit about drive S.M.A.R.T. status:
"The most basic information that SMART provides is the SMART status. It provides only two values: "threshold not exceeded" and "threshold exceeded". Often these are represented as "drive OK" or "drive fail" respectively. A "threshold exceeded" value is intended to indicate that there is a relatively high probability that the drive will not be able to honor its specification in the future: that is, the drive is "about to fail". The predicted failure may be catastrophic or may be something as subtle as the inability to write to certain sectors, or perhaps slower performance than the manufacturer's declared minimum."
http://en.wikipedia.org/wiki/S.M.A.R.T. -
Can anyone confirm if the Lync client can be configured to route traffic via a proxy, or to use the proxy settings defined in IE?
I have the following scenario...
The environment is heavily locked down, and PC's only have access to the Internet via a defined IE proxy. Internal IM, presence and communication all work fine. We have configured federation with some remote organizations. IM and presence
works fine to these orgs, but when any A/V or application sharing is attempted, the media fails. I can see from traces this is when the client tries (and fails) to access the A/V edge of the remote federated parties edge server.
I've looked at the Lync settings, reg settings, group policy ADM and documentation, and cant find anything to a) confirm if this behavior is correct or b) any way to work around it.
There must be other Lync implementations in hardened environments like this. Opening up outbound ports is out of the question, so what other options do i have?
DaveJay, you missed the key word in my last post "internally". Functionally, everything about the edge server is working fine. Clients can login internally and externally. Media flows from internal to external clients is fine. All SIP/AV/WEBCON
DNS entries are fine in public DNS along with supporting SRV records. These interfaces are Nat'd and the AV address is correctly assigned.
My problem only occurs when an AV session is attempted with a federated partner...
When any AV or sharing is attempted, from the internal network, to the federated partner, i can see the Lync client attempting to make connections out to the remote federated partners AV edge (something which it will never be able to do as it's behind a
proxy with no direct Internet access). This is what I'm trying to address.
Should the SIP/AV/WEBCON address exist INTERNALLY
on the corporate DNS servers for internal clients to resolve? Is this what i have missed?
Is there anyway to instruct the Lync client to route traffic bound for the Internet via a proxy?
Surely there must be someone else with this scenario in a locked down environment? -
Tta_printer with linux client behind router
hi,
what do have i to do, to print to my Linux Client! The Client is behind a firewall!
if i print a job, the job hangs on the tarantella server!
Applikation Server: SuSE 9.3
Tarantella Server:SLES10
Client: openSuSE 10.2
Router also linux!! ;-)if your client is behind a firewall then you probably want to use firewall traversal. If your app server is behind a firewall then you need to open 515 (lpr) or 631 (CUPS). If you are using Windows printing, then you just need the RDP port open (3389).
-
Active/passive servers behind CSS
Hi,
I have 2 servers behind CSS, instead of doing load lancing , we need to work both servers as active/passive mode, mean if active server down then only second sever will serve.We can not move servers from behind css.
Please advice if this can be possible.
Regards,you will need to use the "sorry server" feature in CSS to acheive that
Sample Config
!********* SERVICE *****************
service serverA
ip address x.x.x.1
active
service serverB
ip address x.x.x.2
active
!********** OWNER ****************
owner SYED
content EXAMPLE
vip address 1.1.1.1
port 80
protocol tcp
add service serverA
primarySorryServer ServerB
active
HTH
Syed Iftekhar Ahmed -
Connecting to DirectAccess server from a client behind proxy with authentication
Hi,
All our DA clients are working fine except those that are working from a client company where a proxy with authentication is used.
Our DA server is running Windows server 2012 and clients are running Windows 7.
I have found similar posts, where it states it is a known issue and it is fixed by a new feature in Windows 2012, however i cannot find more info:
http://technet.microsoft.com/en-us/library/hh831416.aspx
IP-HTTPS runs in a system context rather than a user context. This context can cause connection issues. For example, if a DirectAccess
client computer is located in the network of a partner company that uses a proxy for Internet access, and WPAD auto detection is not used, the user must manually configure proxy settings in order to access the Internet. These settings are configured in Internet
Explorer on a per user basis, and cannot be retrieved in an intuitive way on behalf of IP-HTTPS. In addition, if the proxy requires authentication, the client provides credentials for Internet access, but IP-HTTPS will not provide the credentials required
to authenticate to DirectAccess. In Windows Server 2012, a new feature solves these issues. Specifically, the user can configure IP-HTTPS to work when behind a proxy that is not configured using WPAD and IP-HTTPS will request and provide the proxy credentials
needed to IP-HTTPS request authenticated, and relay it to the DirectAccess server.Hello,
As far as I know it's a feature of Windows 2012 URA with a Windows 8 client.
Unfortunatelly you will have trouble with proxy authentication with Windows 7 client I think
Regards,
Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) :
http://security.sakuranohana.fr/ -
I have a customer running Cisco VPN client 5,0xx on a network behind a Cisco ASA 5505 router set up as a VPN server. He can connect to the remote (external) network, but cannot browse the remote network. Are there any special settings needed on the ASA 5505 to allow vpn client traffic through?
Maybe you need to enable Nat-traversal on your VPN Headend device.
Crypto isakmp Nat-t
HTH
Saju -
Java chat client behind the proxy or fire wall
i am developing the chat application useing java.net.*.but i am not able to get connectivity behind the firewall or proxy on the java client.pls help me out
to guarantee easy to use, no problem chat applet then you will need to have the chat server running on port 80 and the client use http request/response system
first problem is that the applet will have to have been delivered from port 80 on the same ip# so you will either have to use Servlets or write your own web server with chat facilities
you will need to maitain persistent/ pseudo persistent http connections for the server to deliver messages to clients, you can assume that a connection will remain open for ~ 5 minutes after a request from the client
use HTTP/1.1 for reliable Connection: keep-alive and request/response pipelining
with all that in place your client method is...
register and send GET /chat <wait for upto 5 mins>
if there is client activity send POST/chat <wait for upto 5 mins>
if the above waits timeout send GET/chat <wait for upto 5mins>
server method...
accept GET/POST requests from client
if there is chat to deliver, reply to most recent request from client
if you recive another request before the previous one's reply is used, send a No Content reply to the previous request
Maybe you are looking for
-
If I changed my Apple ID password on my iphone then log into itunes on my phone with that new password, would it automatically sync to my laptop or would i need to put the new password into my laptop also? My laptop got stolen so I changed my passwor
-
Need help installing oracle 8.1.7 on RH 8.0
I'm a newbie to linux red hat 8.0 and I'm trying to install oracle 8.1.7 on red hat 8.0 I keep getting all these error message and half the instructions i read i cannot find thoughts files that need to be modified. Can someone please point me into th
-
Swap 15" iMac flat screen monitor for 17" one?
My mom has 2 older G4 iMacs, the one with the hemispherical base. One of them has a 15" monitor (that's the one that works); the other iMac has a 17" monitor, but the power supply on that one is dead. Can we swap out the 15" monitor for the 17" one?
-
The version 2008_1_620 of the Add-on ST-PI is too high for this upgrade
Hi Guru, I' am doing prepare : upgrade from R/3 entrerprise 47X100 to ECC6.0 SR3. PREPARE 02) Initialization failed yes the checks.log report the following error : SAPup> WARNING: The version 2008_1_620 of the Add-on
-
Is it possible to install a sound Blaster X-FI at the same time as a EMU 1820 M on the same
Hi i need to isntall the both sound card on the same PC in order to take advantage to the music play, game enhancement of the X-Fi and also take advantage of the EMU 820m for music creation.... my question is : is it posssible to install them at the