Redundancy management IP and Redundancy port IP unreachable issue

Hi, all
I got one interesting issue with wireless 5508 controller. we have ordered two WLCs, one is air5508-12-k9, Anther one is air5508-HA-k9.
Now, we are going to form HA mode and HA box will become standby mode. One issue we are seeing now. after configuring redundancy management IP and Redundancy port IP to both WLCs. primary WLC are working well that we can ping it's all of IPs successfully, however standby WLC are not working well. even it can't ping itself. management IP has no problem.
Problem is only for redundancy management IP and redundancy Port IP. One interesting thing is our switch can't learn redundancy port's MAC address even it's connecting and interface shows UP. Primary has no this issue.
Has anyone have the same issue before or appreciate any suggestions and inputs.
WLC 1
(Cisco Controller) >show redundancy sum
            Redundancy Mode = SSO ENABLED
                Local State = ACTIVE
                 Peer State = UNKNOWN - Communication Down
                       Unit = Primary
                    Unit ID = 7C:0E:CE:64:43:80
           Redundancy State = Non Redundant
               Mobility MAC = 7C:0E:CE:64:43:80
Redundancy Management IP Address................. 25.16.228.252
Peer Redundancy Management IP Address............ 25.16.228.253
Redundancy Port IP Address....................... 169.254.228.252
Peer Redundancy Port IP Address.................. 169.254.228.253
WLC 2 HA
(Cisco Controller) >show redundancy sum
Redundancy Mode = SSO DISABLED
     Local State = ACTIVE
      Peer State = N/A
            Unit = Primary
         Unit ID = 7C:0E:CE:4A:23:40
Redundancy State = N/A
    Mobility MAC = 7C:0E:CE:4A:23:40
Redundancy Management IP Address................. 25.16.228.253
Peer Redundancy Management IP Address............ 25.16.228.252
Redundancy Port IP Address....................... 169.254.228.253
Peer Redundancy Port IP Address.................. 169.254.228.252
Thank you so much indeed.

thank you very much that makes sense, so I will need to change service port address ( maybe a class A or C ) or disconnect that port from the network ...
thank you again very much your help is really appreciated

Similar Messages

  • Question about RPS2300 and 'redundancy" config on IOS router

    We have a 2951 router connected to an RPS2300 remote power supply.  On the router there are two commands applied in global config mode, "redundancy inter-device" and "redundancy".  The engineer who set up the router originally states that these commands are necessary for the RPS2300 to work properly with the 2951, but the documentation for the "redundancy inter-device" and "redundancy" commands do not seem to be related to the RPS at all.  Can anyone tell me if either of these commands are required for RPS, or if there is any other config that must be added to the 2951 for the RPS2300 to function properly?
    An excerpt from the 2951 config:
    vtp mode transparent
    username <detail removed>
    username <detail removed>
    redundancy inter-device
    redundancy
    controller T1 0/0/0
    As you can see, there is no additional configuration under either of the "redundancy" commands.
    Thanks
    -Mat

    To clarify, the 2951 router has an RPS-ADPTR-2921-51 module installed which connects to the RPS2300 unit.
    -Mat

  • Dot1x with port security and redundant radius servers

    I have a strange issue with my dot1x port authentication.  I have two radius servers configured in my switch for redundancy, and on my switchport I have a Cisco IP phone and a PC.  Testing redundnacy with the radius servers, when I have both servers active and running, the port authentication works fine for both phone and pc.  When I fail the radius servers in the configuration, by disconnecting the NIC on it, the switch goes to the surviving radius server and authenticates, (I can see it in the running log) both the phone and PC get an access-accept, but only the phone works on the network and the port light stays amber showing it's blocking for the pc.  Strange, since it showed an accept on the radius server.
    This only seems to happen when the first one on the list is failed.  When the second one is failed, it obviously won't need to try it, so there's not an issue.  Any ideas?
    Here's the setup and configs:
    freeradius 2.1.12-4
    cisco 3560
    Switch Ports Model              SW Version            SW Image                
    *    1 52    WS-C3560G-48PS     12.2(53)SE2           C3560-IPBASEK9-M 
    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    interface GigabitEthernet0/1
    switchport access vlan 100
    switchport mode access
    switchport voice vlan 110
    authentication event no-response action authorize vlan 901
    authentication host-mode multi-domain
    authentication port-control auto
    authentication periodic
    authentication violation protect
    mab
    dot1x pae authenticator
    dot1x timeout quiet-period 10
    dot1x timeout tx-period 1
    no mdix auto
    spanning-tree portfast
    radius-server host 10.90.1.88 auth-port 1645 acct-port 1646 key 7 xxx
    radius-server host 10.90.1.85 auth-port 1645 acct-port 1646 key 7 xxx
    Here's an authentication string from the radius server:
    (there are two mac address.  The first one 00.13 is the PC and the second 30.37 is the phone)
    rad_recv: Access-Request packet from host 10.90.100.7 port 1645, id=204, length=160
    User-Name = "001372b639a6"
    User-Password = "001372b639a6"
    Service-Type = Call-Check
    Framed-MTU = 1500
    Called-Station-Id = "9C-AF-CA-23-D9-01"
    Calling-Station-Id = "00-13-72-B6-39-A6"
    Message-Authenticator = 0xfeef777a8033c24934306b3cce78c8f1
    NAS-Port-Type = Ethernet
    NAS-Port = 50001
    NAS-Port-Id = "GigabitEthernet0/1"
    NAS-IP-Address = 10.90.100.7
    Wed Sep 18 10:48:06 2013 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:06 2013 : Info: +- entering group authorize {...}
    Wed Sep 18 10:48:06 2013 : Info: ++[preprocess] returns ok
    Wed Sep 18 10:48:06 2013 : Info: ++[chap] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[mschap] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[digest] returns noop
    Wed Sep 18 10:48:06 2013 : Info: [suffix] No '@' in User-Name = "001372b639a6", looking up realm NULL
    Wed Sep 18 10:48:06 2013 : Info: [suffix] No such realm "NULL"
    Wed Sep 18 10:48:06 2013 : Info: ++[suffix] returns noop
    Wed Sep 18 10:48:06 2013 : Info: [eap] No EAP-Message, not doing EAP
    Wed Sep 18 10:48:06 2013 : Info: ++[eap] returns noop
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: %{User-Name} -> 001372b639a6
    Wed Sep 18 10:48:06 2013 : Info: [sql] sql_set_user escaped user --> '001372b639a6'
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 3
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Info: [sql] User found in radcheck table
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '001372b639a6'           ORDER BY priority
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query:  SELECT groupname           FROM radusergroup           WHERE username = '001372b639a6'           ORDER BY priority
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql (sql): Released sql socket id: 3
    Wed Sep 18 10:48:06 2013 : Info: ++[sql] returns ok
    Wed Sep 18 10:48:06 2013 : Info: ++[expiration] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[logintime] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[pap] returns updated
    Wed Sep 18 10:48:06 2013 : Info: Found Auth-Type = PAP
    Wed Sep 18 10:48:06 2013 : Info: # Executing group from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:06 2013 : Info: +- entering group PAP {...}
    Wed Sep 18 10:48:06 2013 : Info: [pap] login attempt with password "001372b639a6"
    Wed Sep 18 10:48:06 2013 : Info: [pap] Using clear text password "001372b639a6"
    Wed Sep 18 10:48:06 2013 : Info: [pap] User authenticated successfully
    Wed Sep 18 10:48:06 2013 : Info: ++[pap] returns ok
    Wed Sep 18 10:48:06 2013 : Info: # Executing section post-auth from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:06 2013 : Info: +- entering group post-auth {...}
    Wed Sep 18 10:48:06 2013 : Info: ++[exec] returns noop
    Sending Access-Accept of id 204 to 10.90.100.7 port 1645
    Wed Sep 18 10:48:06 2013 : Info: Finished request 0.
    Wed Sep 18 10:48:06 2013 : Debug: Going to the next request
    Wed Sep 18 10:48:06 2013 : Debug: Waking up in 4.9 seconds.
    Wed Sep 18 10:48:11 2013 : Info: Cleaning up request 0 ID 204 with timestamp +77
    Wed Sep 18 10:48:11 2013 : Info: Ready to process requests.
    rad_recv: Access-Request packet from host 10.90.100.7 port 1645, id=205, length=160
    User-Name = "3037a616cd49"
    User-Password = "3037a616cd49"
    Service-Type = Call-Check
    Framed-MTU = 1500
    Called-Station-Id = "9C-AF-CA-23-D9-01"
    Calling-Station-Id = "30-37-A6-16-CD-49"
    Message-Authenticator = 0xc9173e759dd759b9d414d192783e8a8e
    NAS-Port-Type = Ethernet
    NAS-Port = 50001
    NAS-Port-Id = "GigabitEthernet0/1"
    NAS-IP-Address = 10.90.100.7
    Wed Sep 18 10:48:13 2013 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:13 2013 : Info: +- entering group authorize {...}
    Wed Sep 18 10:48:13 2013 : Info: ++[preprocess] returns ok
    Wed Sep 18 10:48:13 2013 : Info: ++[chap] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[mschap] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[digest] returns noop
    Wed Sep 18 10:48:13 2013 : Info: [suffix] No '@' in User-Name = "3037a616cd49", looking up realm NULL
    Wed Sep 18 10:48:13 2013 : Info: [suffix] No such realm "NULL"
    Wed Sep 18 10:48:13 2013 : Info: ++[suffix] returns noop
    Wed Sep 18 10:48:13 2013 : Info: [eap] No EAP-Message, not doing EAP
    Wed Sep 18 10:48:13 2013 : Info: ++[eap] returns noop
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: %{User-Name} -> 3037a616cd49
    Wed Sep 18 10:48:13 2013 : Info: [sql] sql_set_user escaped user --> '3037a616cd49'
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 2
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Info: [sql] User found in radcheck table
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '3037a616cd49'           ORDER BY priority
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query:  SELECT groupname           FROM radusergroup           WHERE username = '3037a616cd49'           ORDER BY priority
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql (sql): Released sql socket id: 2
    Wed Sep 18 10:48:13 2013 : Info: ++[sql] returns ok
    Wed Sep 18 10:48:13 2013 : Info: ++[expiration] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[logintime] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[pap] returns updated
    Wed Sep 18 10:48:13 2013 : Info: Found Auth-Type = PAP
    Wed Sep 18 10:48:13 2013 : Info: # Executing group from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:13 2013 : Info: +- entering group PAP {...}
    Wed Sep 18 10:48:13 2013 : Info: [pap] login attempt with password "3037a616cd49"
    Wed Sep 18 10:48:13 2013 : Info: [pap] Using clear text password "3037a616cd49"
    Wed Sep 18 10:48:13 2013 : Info: [pap] User authenticated successfully
    Wed Sep 18 10:48:13 2013 : Info: ++[pap] returns ok
    Wed Sep 18 10:48:13 2013 : Info: # Executing section post-auth from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:13 2013 : Info: +- entering group post-auth {...}
    Wed Sep 18 10:48:13 2013 : Info: ++[exec] returns noop
    Sending Access-Accept of id 205 to 10.90.100.7 port 1645
    Cisco-AVPair = "device-traffic-class=voice"
    Wed Sep 18 10:48:13 2013 : Info: Finished request 1.
    Wed Sep 18 10:48:13 2013 : Debug: Going to the next request
    Wed Sep 18 10:48:13 2013 : Debug: Waking up in 4.9 seconds.
    Wed Sep 18 10:48:18 2013 : Info: Cleaning up request 1 ID 205 with timestamp +84
    Wed Sep 18 10:48:18 2013 : Info: Ready to process requests.
    Thanks!

    802.1X support    requires an authentication server that is configured for Remote    Authentication Dial-In User Service (RADIUS). 802.1X authentication does  not   work unless the network access switch can route packets to the  configured   RADIUS server.
    Please check the  below links which can be helpful in configurations:
    Link-1
    http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configuration/guide/dot1x.html

  • 2 ISP load balancing and redundancy

    Hello!!
    Our small company has about 40 branches spreaded within city. Branches are connected by optic wire supplied by our ISP. So in ISP our branches are located in one VLAN. From every branch we created VPN tunnel to our server room in central office. Central office is like a cetner point. If optic wire fails to central office, there would no VPN tunnels and no network to all branches. Moreover, all the traffice goes through central office.
    Now we decided to pave one more optic line to our central office. And that will increase bandwidth and redundancy.
    Private network topology: There are no default gateways and ip-addresses. For examle, at first branch I will plug computer directly into media converter and at the second branch plug another computer to the media converter. After that this two computers became in one network. And can assign any ip addresses to them.
    What I have: our firewall do enough work, don't want to overload it. But we have some free ports in our new cisco 3750. The question is how to do load balancing and redundanccy? Can it do load balancing according to traffic? And how load balance incoming traffic? For example, connection was established from branche's router, how this router will choose through which line make connection? By the way, at all branches we use noisy cisco
    3700 series routers.

    Sorry for upping 1 year old threat.
    We talked to our Network Provider. They said "these two cables are coming from two different places, so there is no way to use etherchannel. You must use active-standby solution."
    Relying on STP we just put two cables into 3750 stack. But with default STP settings, connection was very unstable, many packet losses and disconnections. So we found easy solution with "flex links", making one interface backup of the other. And only now I recognized that this is not a failover solution. Because, if network beyond media converter will down, link from media converter to switch would still up.
    What could I do to make our L2 WAN redundant? Are there any additional STP settings.

  • Monitoring 3750x and 3560x Redundant Power Supply and Fans

    I need help for monitoring the redundant power supply of my switches (3750x and 3560x)
    I have configured my snmp on my switches and is able to monitor interfaces, temperature and etc.
    The problem is when I am monitoring the redundant power supply and fans.
    I am using two Cisco C3KX-PWR-350WAC Modular Power Supply per switch.
    The OID I use to monitor the PSU are the following:
    Power Supply 1
    .1.3.6.1.4.1.9.9.13.1.5.1.3 Instance: 1003
    Power Supply 2
    .1.3.6.1.4.1.9.9.13.1.5.1.3 Instance: 1004
    When I do an SNMP walk, the value is showing (1) which means normal.
    When I simulate a power outage on power supply 1 or 2 by unplugging the power source, the value doesn't change and is still (1).
    Values: normal(1), warning(2), critical(3), shutdown(4), notPresent(5)
    As for the Fans:
    When I remove the fan module, I am able to get a notification that the fans are down, but when I plug back the fan module it is now using a different instance.
    Below is my config for SNMP:
    snmp-server community XXXXXXXXXXXXXX RO
    snmp-server location XXXXXX
    snmp-server contact XXXXXX
    snmp-server chassis-id Cisco3560X
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps transceiver all
    snmp-server enable traps tty
    snmp-server enable traps license
    snmp-server enable traps cpu threshold
    snmp-server enable traps syslog
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps port-security
    snmp-server enable traps envmon fan shutdown supply temperature status
    snmp-server enable traps errdisable
    snmp-server enable traps vlan-membership
    snmp-server host X.X.X.X version 2c XXXXXXXXXXXXXX
    Note: This problem is the same for all of my 3560X switches and 3750X switches. I am not sure if I am monitoring the wrong OID. 
    Thanks in advance

    Hi ,
    You are running an old IOS code , definitely you are hitting a BUG .
    there is no workaround or I would say unfirtunetely you will not be able to get the correct power supply status via SNMP.
    you need to use command line for this.
    I mean "show env all "
    **** if you want to know the Excat BUG that your code is hitting ,please contact TAC.
    Thanks-
    Afroz
    **Ratings Encourages Contributors ****

  • Purpose of Retention Policy Recovery Window and Redundancy

    Hi,
    Good Evening,
    I have some queries regarding the RMAN Retention Policy Recovery Window and Redundancy.
    1. Any condition is there to set the Retention Policy Recovery Window and Redundancy and control_file_record_keep_time?What is the relationship between these 3 parameters?
    2. Explain the scenario if i set the control_file_record_keep_time=4 Redundancy=3 and Recovery Window=7?
    3. If i set the Redundancy=3 and Recovery Window=7 means my backup place only have 3 copies of backup based on the redundancy then what is the purpose of Recovery Window=7 please give some example.
    4. If i change the values for Recovery Window=3 and Redundancy=7 what will happened, how many days backup will be available in my FRA location?Explain with one scenario?
    Thanks in advance.
    Vijay.

    Hi,
    Take a look of the above doc contents:
    Configuring the Backup Retention Policy
    As explained in "Backup Retention Policies", the backup retention policy specifies which backups must be retained to meet your data recovery requirements. This policy can be based on a recovery window or redundancy. Use the CONFIGURE RETENTION POLICY command to specify the retention policy.
    so  you have option to choose either  recovery windows or redundancy based you can set the configuration like
    read in the Doc What it said for both:
    Recovery Window-Based Retention Policy ==>RMAN does not consider any full or level 0 incremental backup as obsolete if it falls within the recovery window.  Additionally, RMAN retains all archived logs and level 1 incremental backups that are needed to recover to a random point within the window.
    Redundancy-Based Retention Policy==>The REDUNDANCY parameter of the CONFIGURE RETENTION POLICY command specifies how many full or level 0 backups of each datafile and control file that RMAN should keep. If the number of full or level 0 backups for a specific datafile or control file exceeds the REDUNDANCY setting, then RMAN considers the extra backups as obsolete. The default retention policy is REDUNDANCY 1.
    RMAN> show RETENTION POLICY;
    using target database control file instead of recovery catalog
    RMAN configuration parameters for database with db_unique_name DDTEST are:
    CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;
    RMAN> CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
    old RMAN configuration parameters:
    CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;
    new RMAN configuration parameters:
    CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
    new RMAN configuration parameters are successfully stored
    RMAN> show RETENTION POLICY;
    RMAN configuration parameters for database with db_unique_name DDTEST are:
    CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
    RMAN> CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;
    old RMAN configuration parameters:
    CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
    new RMAN configuration parameters:
    CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;
    new RMAN configuration parameters are successfully stored
    RMAN> show RETENTION POLICY;
    RMAN configuration parameters for database with db_unique_name DDTEST are:
    CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;
    CONTROL_FILE_RECORD_KEEP_TIME:This parameter applies only to records in the control file that are circularly reusable (such as archive log records and various backup records) ref Doc:CONTROL_FILE_RECORD_KEEP_TIME
    1. Any condition is there to set the Retention Policy Recovery Window and Redundancy and control_file_record_keep_time?What is the relationship between these 3 parameters?
    2. Explain the scenario if i set the control_file_record_keep_time=4 Redundancy=3 and Recovery Window=7?
    3. If i set the Redundancy=3 and Recovery Window=7 means my backup place only have 3 copies of backup based on the redundancy then what is the purpose of Recovery Window=7 please give some example.
    4. If i change the values for Recovery Window=3 and Redundancy=7 what will happened, how many days backup will be available in my FRA location?Explain with one scenario?
    so i believe you can get the Answer from Your Question from Above details.
    HTH

  • Firefox users cannot presently exercise choice, to opt-in or out of "data collected for improving services." As a result, Firefox is constantly dialing home, sometimes four times a day or more up to 48 times a day. There is some over-stepping and redunda

    I understand the charter on this is to "check-in" once every time the program is turned on, and then once every 6 hours after that, or, once every 24 hours presumably. But the phone-home-effect is over-stepping these basic parameters. If a user turns their browser off and then on, Firefox is still obligated to "check-in" even if it just checked in 3 minutes prior. If the coding is not pre-designed to overstep, or act excessively in a redundant focus, the instance of once every six hours or once every 24 hours, is still overmuch if a user has been doing this (non-voluntarily-participating) for 9 months or longer.
    == This happened ==
    Every time Firefox opened
    == This started when Firefox took up the initiative of "improving service. to end users" or similar idea, making the web safer for novice users, etcetera.

    Opening question was truncated. Should read: "Firefox users cannot presently exercise choice, to opt-in or out of "data collected for improving services." As a result, Firefox is constantly dialing home, sometimes four times a day or more up to 48 times a day. There is some over-stepping and redundancy here. It would seem the practice of "improving service" has been accomplished with as much information as Mozilla has gathered in the last 6-18 months about its users habits. '''Isnt it about time to give users the option to opt out of that now that most the heavy liftiing has been accomplished?'''"

  • Active/Standby Failover with pair of 5510s and redundant L2 links

    Hi
    I just got two ASA5510-SEC-BUN-K9 and I'm wondering is it possible to implement an Active/Standby Failover configuration (Routed mode) with two ASA5510 and redundant pair of switches from both inside and outside interfaces? In other words, I would like to have two L2 links from each ASA (in pair od ASAa) to each L2 switch (in pair of redundant L2 Switches). The configuration I would like to achive is just like one in Cisco Security Appliance Command Line Configuration Guide, page B-23, figure B-8, with only difference that I wouldn't go with multiple security contexts (I want Active/Standby failover).
    Thanks in advance
    Zoran Milenkovic

    Hello Zoran,
    Absolutely. You can have 2 ASAs configured in Active/Standby mode. For reference, here is a link which has a network connectivity diagram based on PIX, however, connectivity would still be same with ASAs-
    http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/failover.html#wp1053462
    The difference is that on ASA, you can only have LAN-Based failover, hence you'll need to use one additional interface on both ASAs for failover-link. You can connect these two failover-link interfaces directly using a cross cable.
    Apart from this, please refer to following link on how to go with configuration of Lan-based Active/Standby failover-
    http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/failover.html#wp1064158
    Also make sure that both ASAs have required hardware/software/license based on following link-
    http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/failover.html#wp1047269
    Hope this helps.
    Regards,
    Vibhor.

  • I cant uninstall my itunes off my computer, i have followed instructions and i still have errors, including error 2330 and redundance cyclic. the only software i have left is itunes.exe and file es.lproj which is located in the ituneshelpresources folder

    I cant uninstall my itunes off my computer, i have followed instructions and i still have errors, including error 2330 and redundance cyclic. the only software i have left is itunes.exe and file es.lproj which is located in the ituneshelpresources folder. i recently installed a second hard drive and that let me uninstall everything. I just want to get itunes off my computer and reinstall itunes, i have deleted everything i can and i ran "chkdsk" this did nothing. I would have just updated the oild itunes to the newest version but it didnt ley me do that. installing/ uninstalling or deleting just lets me get half way and shows me these errors. Please help, thank you.
    JPHowarth

    the only software i have left is itunes.exe and file es.lproj which is located in the ituneshelpresources folder.
    If the chkdsk isn't fixing the damage, and those are the only iTunes that can't be deleted, try renaming the "iTunes" folder that they are contained in (in your Program files) to iTunesOLD.
    Now try another install. Does it go through without the 2330 this time?

  • – Enable high availability and redundancy for Cisco WAAS

    How this is available
    – Enable high availability and redundancy for Cisco WAAS appliances in data centers.
    Thank you.

    Hi,
    You can serially cluster two WAE devices with the Cisco WAE Inline  Network Adapter installed to provide higher availability in the data  center if a device fails. If the current optimizing device fails, the  inline group shuts down, or the device becomes the overloaded, the  second WAE device in the cluster provides the optimization services.  Deploying WAE devices in a serial inline cluster for scaling or load  balancing is not supported.
    More deatils here: Clustering Inline WAEs
    Hope this helps.
    Regards.
    PS: Please mark this as Answered, if this answers your question.

  • AP groups and redundancy

    Is it possible for APs to failover between controllers when AP groups are in use? I have seen separate documentation on AP groups and AP failover but nothing that says how to implement both at the same time.
    I have tried to work it out but when I created the group on the back up controller I am not able to add the AP to the group as it is not asociated to it.
    Has anyone else come across this or have any ideas?
    We are currently using 4400 controllers running 5.2.

    Are your controllers in the same mobility group? (Controller|General|Default Mobility Name)
    You can also check under Controller|Mobility Management|Mobility Groups to see if other controllers are set up to exchange Mobility Management info.
    If you are in the same Mobility Management group then when failover to another member/controller in that group occurs and the AP Group name is the same on both controllers the APs should automatically join that AP Group name on the controller they failed over to.
    Our implementation (still in the early stages) includes 8 WiSMs Controllers that are in the same Mobility Management group and will fail across campuses if we lose a WiSM module or chassis.
    We will be using smaller controllers (4402's) at remote sites with their own Mobility Name. That is to prevent constantly exchanging client info with other controllers over wan links. If/when those failover to the main campus they will wind up being in the AP Group default-group on the WiSM environment.

  • Need help with ASA 5512 and SQL port between DMZ and inside

    Hello everyone,
    Inside is on gigabitEthernet0/1 ip 192.9.200.254
    I have a dmz on gigabitEthernet2 ip 192.168.100.254
    I need to pass port 443 from outside to dmz ip 192.168.100.80 and open port 1433 from 192.168.100.80 to the inside network. 
    I believe this will work for port 443:
    object network dmz
    subnet 192.168.100.0 255.255.255.0
    object network webserver
    host 192.168.100.80
    object network webserver
    nat (dmz,outside) static interface service tcp 443 443
    access-list Outside_access_in extended permit tcp any object webserver eq 443
    access-group Outside_access_in in interface Outside
    However...How would I open only port 1433 from dmz to inside?
    At the bottom of this message is my config if it helps.
    Thanks,
    John Clausen
    Config:
    : Saved
    ASA Version 9.1(2) 
    hostname ciscoasa-gcs
    domain-name router.local
    enable password f4yhsdf.4sadf977 encrypted
    passwd f4yhsdf.4sadf977 encrypted
    names
    ip local pool vpnpool 192.168.201.10-192.168.201.50
    interface GigabitEthernet0/0
     nameif outside
     security-level 0
     ip address 123.222.222.212 255.255.255.224 
    interface GigabitEthernet0/1
     nameif inside
     security-level 100
     ip address 192.9.200.254 255.255.255.0 
    interface GigabitEthernet0/2
     nameif dmz
     security-level 100
     ip address 192.168.100.254 255.255.255.0 
    interface GigabitEthernet0/3
     shutdown
     no nameif
     no security-level
     no ip address
    interface GigabitEthernet0/4
     shutdown
     no nameif
     no security-level
     no ip address
    interface GigabitEthernet0/5
     shutdown
     no nameif
     no security-level
     no ip address
    interface Management0/0
     management-only
     nameif management
     security-level 100
     ip address 192.168.1.1 255.255.255.0 
    ftp mode passive
    dns server-group DefaultDNS
     domain-name router.local
    object network inside-subnet
     subnet 192.9.200.0 255.255.255.0
    object network netmotion
     host 192.9.200.6
    object network inside-network
     subnet 192.9.200.0 255.255.255.0
    object network vpnpool
     subnet 192.168.201.0 255.255.255.192
    object network NETWORK_OBJ_192.168.201.0_26
     subnet 192.168.201.0 255.255.255.192
    object network NETWORK_OBJ_192.9.200.0_24
     subnet 192.9.200.0 255.255.255.0
    access-list outside_access_in extended permit icmp any4 any4 log disable 
    access-list Outside_access_in extended permit udp any object netmotion eq 5020 
    access-list split standard permit 192.9.200.0 255.255.255.0 
    access-list VPNT_splitTunnelAcl standard permit 192.9.200.0 255.255.255.0 
    pager lines 24
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu management 1500
    mtu dmz 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,outside) source static inside-network inside-network destination static vpnpool vpnpool
    nat (inside,outside) source static NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24 destination static NETWORK_OBJ_192.168.201.0_26 NETWORK_OBJ_192.168.201.0_26 no-proxy-arp route-lookup
    object network netmotion
     nat (inside,outside) static interface service udp 5020 5020 
    nat (inside,outside) after-auto source dynamic any interface
    access-group Outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 123.222.222.1 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 192.168.1.0 255.255.255.0 management
    http 192.9.200.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac 
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto ca trustpool policy
    crypto ikev1 enable outside
    crypto ikev1 policy 10
     authentication crack
     encryption aes-256
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 20
     authentication rsa-sig
     encryption aes-256
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 30
     authentication pre-share
     encryption aes-256
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 40
     authentication crack
     encryption aes-192
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 50
     authentication rsa-sig
     encryption aes-192
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 60
     authentication pre-share
     encryption aes-192
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 70
     authentication crack
     encryption aes
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 80
     authentication rsa-sig
     encryption aes
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 90
     authentication pre-share
     encryption aes
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 100
     authentication crack
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 110
     authentication rsa-sig
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 120
     authentication pre-share
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 130
     authentication crack
     encryption des
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 140
     authentication rsa-sig
     encryption des
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 150
     authentication pre-share
     encryption des
     hash sha
     group 2
     lifetime 86400
    telnet 192.9.200.0 255.255.255.0 inside
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    dhcpd address 192.168.1.2-192.168.1.254 management
    dhcpd enable management
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ssl encryption aes128-sha1 3des-sha1
    webvpn
     enable outside
     anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 2 regex "Windows NT"
     anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3 regex "Intel Mac OS X"
     anyconnect enable
     tunnel-group-list enable
    group-policy SSLVPN internal
    group-policy SSLVPN attributes
     dns-server value 192.9.200.13
     vpn-tunnel-protocol ssl-client 
     split-tunnel-policy tunnelspecified
     split-tunnel-network-list value split
     default-domain value router.local
    group-policy VPNT internal
    group-policy VPNT attributes
     dns-server value 192.9.200.13
     vpn-tunnel-protocol ikev1 l2tp-ipsec 
     split-tunnel-policy tunnelspecified
    split-tunnel-network-list value VPNT_splitTunnelAcl
     default-domain value router.local
    username grimesvpn password 7.wersfhyt encrypted
    username grimesvpn attributes
     service-type remote-access
    tunnel-group SSLVPN type remote-access
    tunnel-group SSLVPN general-attributes
     address-pool vpnpool
     default-group-policy SSLVPN
    tunnel-group SSLVPN webvpn-attributes
     group-alias SSLVPN enable
    tunnel-group VPNT type remote-access
    tunnel-group VPNT general-attributes
     address-pool vpnpool
     default-group-policy VPNT
    tunnel-group VPNT ipsec-attributes
     ikev1 pre-shared-key *****
    class-map inspection_default
     match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
     parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map 
      inspect ftp 
      inspect h323 h225 
      inspect h323 ras 
      inspect rsh 
      inspect rtsp 
      inspect esmtp 
      inspect sqlnet 
      inspect skinny  
      inspect sunrpc 
      inspect xdmcp 
      inspect sip  
      inspect netbios 
      inspect tftp 
      inspect ip-options 
      inspect icmp 
    service-policy global_policy global
    prompt hostname context 
    no call-home reporting anonymous
    Cryptochecksum:36271b5a1b9382621e14c3aa635e2fbb
    : end

    Hi Vibor. Apologies if my comment was misunderstood.  What I meant to say was that the security level of the dmz interface should probably be less than 100. 
    And therefore traffic could be controlled between DMZ and inside networks. 
    As per thr security level on the DMZ interface. ....... that command is correct. :-)

  • TS3048 Bluetooth and USB ports aren't working can't connect mouse or keyboard.

    Bluetooth and USB ports aren't working, so am unable to use Imac past turning it on. There's no way to connect mouse or keyboard, it started right after a software update for Maverick (OS X bash Update 1.0 – OS X Mavericks), bluetooth symbol not showing in the task bar at all.    

    Hi SBrwn,
    Thanks for visiting Apple Support Communities.
    The symptom you're describing can be frustrating to troubleshoot as our options are limited. I do suggest resetting the System Management Controller (SMC) if you have not already. This step can help you regain use of USB and Bluetooth.
    Follow these steps to reset the SMC on your iMac:
    Resetting the SMC for Mac Pro, Intel-based iMac, Intel-based Mac mini, or Intel-based Xserve
    Shut down the computer. [by holding down the power button]
    Unplug the computer's power cord.
    Wait fifteen seconds.
    Attach the computer's power cord.
    Wait five seconds, then press the power button to turn on the computer.
    You can find these steps and more information at this link:
    Intel-based Macs: Resetting the System Management Controller (SMC)
    All the best,
    Jeremy

  • I am unable to access my iCloud e mail account and am still able to access AOL account though. It says something about an IMAP pathway and a port number how do I find this?

    I am unable to access my iCloud e mail account and am still able to access AOL account though. It says something about an IMAP pathway and a port number how do I find this?

    If the old ID is yours, and if your current ID was created by editing the details of this old ID (rather than being an entirely new ID), go to https://appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID.  Click edit next to the primary email account, change it back to your old email address and save the change.  Then edit the name of the account to change it back to your old email address.  You can now use your current password to turn off Find My iDevice, even though it prompts you for the password for your old account ID. Then save any photo stream photos that you wish to keep to your camera roll.  When finished go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back to https://appleid.apple.com and change your primary email address and iCloud ID name back to the way it was.  Now you can go to Settings>iCloud and sign in with your current iCloud ID and password.

  • How to use 45W MagSafe 2 Power Adapter with cable management MagSafe 2 power port macbook air 2013

    How to use 45W MagSafe 2 Power Adapter with cable management MagSafe 2 power port macbook air 2013 there's two plugs do I use both for the safety to work or I just one ? Thanks sorry new macbook air 2013 was given to my daughter fir her 18th bday 2 days ago by my brother

    No, the one is just an extension cord,          just use the 45W charger with its attached thin cord and connect the magnetic magsafe to to the connector on the back left of the macbook Air for use and charging it

Maybe you are looking for

  • Can you move photos from one album to another on IPAD3

    can you move photos from one album to another on an IPAD 3

  • Text Variable With Replacement Path : supported in Webi 4.0 or Not.??

    Hello to All WebI Gurus, We are on BO 4.0 We are building WebI report on top of Bex query using the BICS connection from IDT. Our BW query is having some Text Variable with processing type "Replacement Path". Also its having fiscal year period in fil

  • Master detail form Error in mru internal routine: ORA-20001

    Hi, i created a master-detail form with apex standrad wizard. Master e datail are on the same page. All works fine. My detail form contain some fields of my detail table. Now i added a link on detail form for call a form with all fields of my detail

  • Images in my remote file don't seem to be linking

    Hi, I am having problems with my images. They all work and show up fine in my local view, but when I put them onto remote server they are not showing, so something is not linking somewhere. I have tried deleting the files in remote & putting them in

  • Place a button on an image

    Hello, I have a problem with web dynpro. I want to include several links in an image. Is there any possibility I can define a "link-area", which acts as link, when I press it? If that doesn't work, is there a solution to position a button (or more) o