Roaming wirelessly between Sites

Similar Messages

• Intercontroller Roaming between sites - Anchors

  I am planning the design of a multi-site wireless network.
  The ideal solution will allow user A who is based at Site A to use the wireless in Site A and then be able to go to Site B and retain their IP address.
  I know this feature is possible with intercontroller roaming but with some caveats.
  This would only work if User A does not have to re-authenticate.
  If a few days passed and then user A turns up at Site B they would authenticate to Site B and get an IP from Site B
  What I want to achieve is to be able to anchor a user to their home controller, so whenever they went to Site B,C,D they would always use the IP of Site A and tunnel their traffic back.
  Is this possible?
  Thanks
  Roger

  The feature I nearly want is  Dynamic Anchoring for Clients with Static IP Addresses
  Reading around this if you assign a static IP to a wireless client for their home site if they try to connect to Site B where that subnet is not supported the controller can tunnel the traffic back to the controller that does support that subnet.
  My issue with this is when the client takes his laptop home they will not be able to connect to their home wireless
  I need a way to make this solution work but with a dynamic address for the client?

• Routing issues roaming wireless clients?

  Hello,
  I have a site with wireless roaming printers that have static ip addresses and can roam throughout the building. Several times an hour the print server (in another building / subnet) cannot ping the printer therefore cannot send its print job. Whats odd is that they can ping the printer from the associated AP and can ping from a laptop associated to the same AP. Communication can go down from the server to the printer(s) for several minutes and then just reconnect. I see syn packets leaving the printer but not getting any syn/ack back. I also cannot ping the printer from a different subnet / my vpn connection. Is there any issues with roaming wireless clients and routing protocols / spanning tree that could cause a problem? I can only imagine with mac addresses moving from one AP to another that something could break. The AP's are 1210's with b radios running 12.3(2)JA2.
  Thanks in advance.

  Hi
  Thanks for ur reply the problem has been taken care of by configuring the smartports as others and getting the arp inspection disabled

• What is difference between Site template and web template

  What is difference between Site template and web template

  Both are almost same, are you referring to Site Definitions vs web template?, if so, refer to the following post
  http://blogs.msdn.com/b/vesku/archive/2011/07/22/site-definitions-vs-web-templates.aspx. 
  --Cheers

• Unable to pass traffic between sites

  I've read through dozens of posts and so far have had no luck getting any of the suggestions to work - combined with many of these posts being multiple years old...so I'm going to try posting something current and see if I get anywhere.
  Scenario:
  Site A - Cisco ASA 5510 running 8.4(4)1 with two interface connections to a Cisco ME 6500 (which I do not manage), one for internet and one for a MPLS connection.
  Site B – connecting to an unknown switch which is connected to the MPLS network.
  Site C – Cisco ASA 5505 running 7.2(3) with one connection to an unknown switch (which I do not manage) for internet access.
  Site A to Site B traffic flows between the two without issue.
  Site A to Site C is a site-to-site VPN connection. Traffic flows between the two without issue.
  The main issue I’m having is that Site B cannot talk to Site C and vice versa. Also my client VPN connections to Site A cannot get to Site B or Site C.
  My first question is; is this even possible? (I sure expected it to be). And if so, what the heck am I doing wrong???
  I’ve included a config from Site A which is where I’m guessing the problem is. Any insight is appreciated.

  "I'm not following what you mean by that."
  Your Site "A" and "B" connected through MPLS cloud and they are not connected through vpn-connection, right?  I assume that your site "B" cannot communicate to site "C", therefore you must permit site-B's subnet traffic transit between site "A" and site "C" i.e. Site-B should have access to "C", right ?
  "I may be misunderstanding, but isn't that what this is: "route MPLS 10.17.0.0 255.255.0.0 10.17.250.2 1"."
  Great 10.17.0.0/16 route meant for site "B", that is fine, you wouldn't need an additional one.
  "You completely lost me there :)"
  I presume that your Site "B" and "C" does not have direct MPLS connection, therefore Site "A" becomes a transit path for site "B" and "C".   You allow site-B's transit through the vpn-tunnel between site "A" and "C".  Your site "C" assumes that subnet belong to site "B" is directly connected at site "A" but in reality it connects via a MPLS cloud and one last thing is that a route needed at site-B to push site-C's traffic to Site "A", a static route would do that.
  As you would permit site-B's traffic to pass through vpn-tunnel site "A" and "C", in other words your "A" become a hub for traffic flowing between site "B" and "C".
  "Should the route be applied to the inside or the outside interface?"
  Outside.  Your tunnel terminated on the outside interface, right? If so then it must point to outside's default-gateway address.
  object network SiteB-network
   subnet 10.17.2.0 255.255.255.0
  this would allow you to access site-c subnet when you are remote-in to Site-A.
  nat (outside,outside) source static VPN-pool VPN-pool destination static SiteC-network SiteC-network
  this is to allow Site-B to access site-C subnet via the tunnel between site A and C.
  nat (MPLS,outside) source static SiteB-network SiteB-network destination static SiteC-network SiteC-network
  object network inside-network
   subnet 192.168.1.0 255.255.255.0
  nat (inside,outside) source static inside-network inside-network destination static SiteC-network SiteC-network
  access-list outside_cryptomap extended permit ip object inside-network object SiteC-network
  this is allow Site-B to access site-C subnet via the tunnel between site A and C.
  access-list outside_cryptomap extended permit ip object SiteB-network object SiteC-network 
  Thanks
  Rizwan Rafeek

• How can I allow send referrers in site (same domain) only but not between sites?

  I don't want other sites to know from which site I went there. (Sending referrer between sites.) However, some sites only function when referrer is sent on site (same domain).
  Is there a way to accomplish this? No sending referrers between sites but in sites: yes? If not Firefox, Chrome?
  Thanks.

  Hi , I think this addon is what you need [https://addons.mozilla.org/en-US/firefox/addon/refcontrol RefControl]
  About this Add-on:
  You create a list of sites, and the referrer that should be sent for each site. You can choose to send that referrer unconditionally or only for third-party requests. Additionally, you can specify the default behavior for any site not in the list.

• Wireless mesh site survey

  Hello all,
  I need to perform several wireless mesh site surveys. The challenge I have is that I generally use a 2600 autonomous ap for indoor site surveys. However I have not found an easy way to do an outdoor mesh site survey. Any suggestions or best practices from the group?
  Sent from Cisco Technical Support iPad App

  You use a 1552 with the survey image installed.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Trustsec Mac Encryption Between Sites

  Hi,
  See attached - might make question more clear
  we have a layer 2 connection between sites using a local provider for the link. On the remote side is a 3750-X and on the Main Campus side is a 2960. The link is connected via a VLAN. The VLAN interface exists on the Main Campus 5548, core switch
  From What I understand, Trustsec cannot be configured on a logical interface but, if we were to configure the logical interfaces as a physical interfaces could we encrypt traffic between the 5548 and the 3750-X?
  Even though it would also have to traverse through the 2960 as well?
  And traverse the Layer 2 WAN link?
  Any other suggestions for accomplishing this?
  Thank you, Pat

  No, it is not supported on the 2960 series.  Also, if you want to encrypt traffic between sites, a better solution is to use IPsec tunnel, but you need a firewall or a router in each location.
  It doesn't have to be anything expensive if you don't need a lot of bandwidth.
  I use these and they work really well.
  have a look:
  http://www.amazon.com/Juniper-SSG-5-SB-Security-Services-Gateway/dp/B000IZDN88
  HTH

• Firefox hangs between sites....slow load time....sometime up to 2 minutes

  6.0 is way too slow between sites.....some loads take up to 2 minutes to load. i have updated all plugins

  Install Adblock Plus and add these filters to the Filter Rules. <br /><br />
  <pre><nowiki>||stumbleupon.com$third-party
  ||digg.com$third-party
  ||twitter.com$third-party
  ||twimg.com^$domain=~twitter.com
  ||fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
  ||facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
  ||facebook.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
  ||fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
  ||addthis.com^
  ||gravatar.com^
  ||aolcdn.com^
  ||google-analytics.com^
  ||www.google.com/friendconnect^
  */friendconnect/friendconnect.js </nowiki></pre>
  AdblockPlus <br />
  https://addons.mozilla.org/firefox/1865/ <br />
  Also, read this: <br />
  http://adblockplus.org/en/getting_started

• My computer screen is skipping and switching erratically between sites. Sometimes it just switches to a grey dashboard screen.Has anyone had this problem?

  My computer screen is skipping and switching erratically between sites/functions. Sometimes it just switches to a grey dashboard screen.  Has anyone had this problem?

  Please tell us you iMac model and the Mac OSX version you run. iMacs have been in continuous production since 1998 in four broad families and hundreds of variants. Without knowing your specific Mac type, someone trying to help might give you advice inappropriate for your model.
  A good place to start to determine in which family yours resides is to do "About this Mac" from your Apple menu (left end of menubar) to get this window:
  Note I've indicated two entries with red arrows. Please tell us what your computer shows for "Version" under OSXn and for your processor.
  The forum you are in now, "iMac (PPC)" is for iMacs made between 1998 and 2006.

• DFSR replication stopped between sites after all servers updated (Event 1202)

  Hello,
  I'm afraid, i will greatly appreciate any help on this one.
  I'm working on it since 2 days without success (I read many thread without help).
  So the fact:
  I have 2 AD (2008 R2) on site 1 and 2 AD (2008 R2) on site 2.
  I have also 2 files servers (2008) on site 1 and 2 files servers (2008 R2) on site 2.
  The files servers run DFS system.
  DFS Namespace is host on all AD.
  DFS Replication and share are on all files servers.
  After update all my servers. I got a big problem.
  Communication between files servers and AD of site 2 isn't working properly now.
  By this fact, DFSR is not working anymore between site 1 (all seem fine on this site) and site 2.
  DFSR on site 2, pop this events all time:
  Event 1202 - Source DFSR
  The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused
  by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
  Additional Information:
  Error: 160 (One or more arguments are not correct.)
  Event 1055 - Source GroupPolicy
  The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
  a) Name Resolution failure on the current domain controller.
  b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
  >dfsrdiag dumpadcfg
  Operation Failed
  >dfsrdiag pollad
  Operation Failed
  On ADs site 2, dcdiag /e don't reveal any issue.
  I tried to install hotfix ref on this thread (without help) -> https://social.technet.microsoft.com/Forums/en-US/7d486eb5-6b03-471c-a4dc-65826e712fc3/dfsr-replication-event-id-1202-the-dfs-replication-service-failed-to-contact-domain-controller?forum=winserverfiles
  I don't have issue with DNS (nslookup work fine).
  Firewall are disable on all servers.
  My problem looks a bit like here (but he don't speak about 2008 R2 - old article) -> blogs.technet.com/b/askds/archive/2011/04/08/restrictions-for-unauthenticated-rpc-clients-the-group-policy-that-punches-your-domain-in-the-face.asp
  Any help will be greatly appreciate.
  Fabien

  Hi Fabien,
  Do you use the ping command to check basic network connectivity? Please refer to the article below to clear bad information in Active Directory-integrated DNS:
  How to clear bad information in Active Directory-integrated DNS
  http://support.microsoft.com/kb/305967
  You could also refer to the threads below to troubleshoot the issue:
  DFSR failed to contact domain controller
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/eae32fb9-3234-402a-be8b-2ab9555fd25d/dfsr-failed-to-contact-domain-controller?forum=winserverfiles
  GPO not replicating and GPO's during today not always applying
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/ff885ae8-497f-48c1-b30b-efea95016334/gpo-not-replicating-and-gpos-during-today-not-always-applying?forum=winserverGP
  Best Regards,
  Mandy 
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Solutions to overcome IP conflicts between sites

  The company I work for recently bought out another company.  Currently we haven't found the need to integrate them into our network but that some will come about in the near future.  The problem we have is that both our internal networks are utilizing 10.x.x.x space and are too large to re-IP our networks.  We have a VPN tunnel set up with them and are NATing them to selected resources at the moment but this is not a scalable solution moving forward.  I'm looking for ideas/solutions to overcome this problem.

  I think we would need more detail to understand how the engineer sees it working.
  As I say VxLAN would allow you to merge the same IP subnet in both sites into the same vlan so that vlan now extends between sites.
  Whether you want to do that is another matter.
  Again, as far as I understand it, VxLAN is generally used in virtualised environments in DCs and I haven't see any cases of using it to extend client vlans in the way I think your engineer is proposing.
  Doesn't mean it couldn't be done and I haven't used it so I wouldn't like to say one way or the other but I would have thought there would be new kit you would need eg. VxLAN gateways etc.
  But like I say, as far as I can see, even if it was possible what he is proposing is to extend your L2 vlans between the companies and I would think carefully about that.
  In addition I can't see how it would solve the problem of two devices using the same IP address as they couldn't exist in the same vlan.
  Sorry I can't be more specific but I have no direct experience with it. I would certainly want to see some sort of proposed design etc. from the engineer though and all the implications spelt out before you go down that road.
  Jon

• Voice over IP Roaming problems between 2 Wireless Lan Controllers.

  Hello,
  we have problems with Voice over IP roaming between 2 Wireless Lan Controllers, this problem is not always happening. I have attached the detailed configuration. We are using LWAPP 1242 & WLC 2106 Controllers.
  The phones they are using are Siemens Enterprise optiPoint WL2.
  Is there maybe something wrong with the configuration our can I try some different settings?
  Regards,
  Jordy Broekhuizen

  When a wireless client associates and authenticates to a WLC, it places an entry for that client in its client database. This entry includes the MAC and IP addresses of the client, security context and associations, quality of service (QoS) contexts, the WLAN, and the associated LAP. When a client roams to another LAP associated to the same WLC, it just updates the client database with the new LAP information so that the data can be forwarded appropriately to the client. When a client roams to a LAP associated with a different WLC, either in same or different subnets, it sends the information in the client database to the new WLC. This helps client to retain its IP address across roams and maintain uninterrupted TCP sessions. For more information on roaming in the WLC environment.
  For the further description following URL for the WLC may help you
  http://www.cisco.com/en/US/docs/wireless/controller/5.1/configuration/guide/c51ovrv.html

• Roaming wireless users... suggest devices

  Hi all,
  I want to design a wireless soho network with the following parameters.
  I need 3 Access Points, one of them have to be ADSL modem/router.
  The users want to roam between access points seamlessly.
  The wireless devices will be connected on wires.
  There are only a few users on the wireless (3-4).
  [AP]------[DSL Router with wireless]------[AP]
  What devides, products could you suggest?
  I think I need WDS service for the roaming users, could I do this without WDS?
  regards,
  Gabor

  with a PSK, the roam is fast enough that the users won't notice it.
  The concern with EAP, is if each AP has to do the full 802.1x handshake, the client will notice the roam.  So, you configure WDS so that only one AP is doing the full authenticaiton, and you just get a 4-way handshake with the clients.  The same idea works with the WLC, only the WLC does the authenticaiton.
  HTH,
  Steve

• I'm trying to share a new Canon printer wirelessly between my HP laptop and my iMac.  I've successfully printed from both computers, but, I get errors trying to print on one after I've printed on the other.  Any ideas on how to get them to both to print?

  I installed a new Canon printer several months ago that I was told by the salesman could be shared between my iMAC and HP laptop.  I have successfully used the printer wirelessly from both computers, however, it gets hung up switching between the two and I'm not sure what to do to get it to be consistent.  Any ideas?  

  You didn't state how it's connected to each computer, if it's connected through your router then it should work. If it doesn't then you need to contact Canon and ask for assistance.