Slow roaming for WGB-client (mobile) on AP/WLC!

Similar Messages

• CCKM vs Mobility Groups - Roaming for Voice Clients

  Hi there,
  I am looking at deploying wireless at our site for voice, I have a couple of questions regarding Roaming between APs and best way to acheive fast roaming for latency senstive voice and other applications.
  According to Cisco SRND for Voice over Wireless (
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/vowlan/41dg/vowlan_ch5.html), it is recommended:
  "Fast roaming algorithms include Cisco Centralized Key Management (CCKM)  and Proactive Key Caching (PKC). CCKM and PKC allow a WLAN client to  roam to a new AP and re-establish a new session key—known as the  Pairwise Transient Key (PTK)—between the client and AP without requiring  a full IEEE 802.1X/EAP reauthentication to a AAA/RADIUS server."
  But let's say I used WPA/PSK for my WLAN and just rely on mobility information in the controller to perform the handover, would this still be best practice.
  I have actually tested both and they work quite well, neither drops a call or experiences any degragation in voice quality. I suppose I am asking for a real world perspective and if I should adhere to the SRND on this one?
  Many thanks

  Hi Tony,
  Great question BTW.
  CCKM/OKC/PKC only comes into play when EAP is used. During the EAP process the PMK is seeded from the MSK. From the PMK, it is seeding the PTK. With no advance romaing in use as a client roams from AP to AP you would have to redo that process all over.
  When you use PSK.. Your MSK is your PMK and there is no need to go back to the radius server for a new PMK. So your client and ap exchange this info.. no need for a radius server ..
  Does this make sense?

• Looking for a client appointment app

  I'm looking for an application for a friend who is a personal trainer. And if such an application doesn't exist, I'm considering writing one (I'm a software engineer)
  The application would maintain a database of clients, and a schedule of appointments with them.
  For each client, the following data needs to be maintained: contact information, current statistics (weight, body fat percentage, strength) as well as a history of statistics. Clients pay for a package of sessions in advance, and the app would keep track of how many prepaid sessions remain, updating that number with each scheduled appointment and each payment. Every client has recurring appointments, several per week, but rescheduling is common, and needs to be easy. And the app should be able to print out a year report for taxes.
  I was thinking that it should interface with Address Book for contact information, and Calendar for appointments.
  The main app should run on Snow Leopard, but mobile access through an iOS 4 sister app would be great. (Although if it works with Address Book and Calendar, their synchronization through MobileMe might be sufficient)
  Is there any such thing? There must be other trainers, and other professionals with similar needs.
  -Ron.

  Hi Ron,
  was there a template for bento that met all of the requirements that you detailed?  My wife is a personal trainer and we've been looking for similar functionality in an app.  Currently she's using the calendar app and contact book, but as you say, rescheduling is frequent and tracking remaining sessions would be very helpful.  Let me know,
  Paul

• Cisco Jabber for Windows Client SDK

  Is there an SDK for Cisco Jabber for Windows client? I could only find the Web SDK. Are there no other SDKs that would let me control features of the Jabber Windows Client?

  And in order to avoid TAPI limitation, they say they have started using Jabber which controls all phone functionalities through an Application User connected to the Call Manager.
  Assuming they are referring to the normal Jabber for Windows/Mac/iOS/Android applications then this is wrong. Jabber - the client, not the IM&P servers which are part of the CUCM cluster (if you're familiar with Lync consider CUCM+IM&P servers a Front End Pool) - do not use an Application User at all. When a user starts Jabber, assuming SAML SSO is off, they supply an email address. This is used to find the servers via DNS SRV records, or the Mobile and Remote Access Expressway (roughly analogous to a Lync Edge pool) to tunnel through the firewall. After the email address they are prompted for their End User username and password. This is then used to access several APIs on the server, namely the User Data Service to discover what the user has. This would include what the user has configured/available to them. After this is done the Jabber client does one of three things with respect to phone functionality:
  If the user has no phone devices provisioned for them - physical or software - it becomes an IM&P client only.
  If the user has a software phone phone provisioned, it registers as that using SIP. In this way Jabber is the actual phone. This is called a CSF device for Jabber Windows/OS X.
  If the user has a desk phone assigned to their End User account AND administrative policy is to default to desk phone control, it registers to CTI Manager on the CUCM server to control the user's physical phone.
  A user can toggle between option two and three, if appropriately provisioned, but cannot have both simultaneously. In other words, Jabber is either controlling a physical phone over CTI or is a phone itself using SIP. The difference is where the audio/video media is sent from/to.
  All of this happens using that human's End User credentials.
  Now, if you wanted to have a server control the user's phone - either a physical one or Jabber - you would use the TSP as an interface to CTI Manager on the CUCM server and receive real-time events (e.g. the user went off-hook, the phone is ringing with this caller ID, etc.) and issue commands to that phone (e.g. make a call to X). This is done using an Application User account because the server would need to do this for multiple users simultaneously. If you also use the Super Provider concept, the CUCM administrator doesn't have to take the extra step of associating every phone to your Application User manually. Instead, you can simply issue CTI subscriptions to see any/all device activity you want.
  This is all assuming you wanted to do the integration server-side to avoid having to update the Cisco TSP application on every user PC (which also limits your WPF application to machines capable of running the TSP) every time the CUCM administrator patches the servers. If you don't care about that, then you can do this all client-side on the user's PC, and have them supply their End User credentials.
  Of course, you could also reconsider the Jabber SDK and just embed the make/receive call functionality directly into your application instead.

• Protocol Router for Rich Client Front Controller

  Hello,
  I would like to support multiple client types in my J2EE application - Web Client and Rich Client (Swing Application).
  Java BluePrints (Designing Enterprise Applications
  with the J2EETM Platform, Second Edition) suggests using a Protocol Router for centralized control in case of supporting multiple client types with multiple controllers - http://java.sun.com/blueprints/guidelines/designing_enterprise_applications_2e/web-tier/web-tier5.html.
  I have several doubts with this approach and will appreciate very much any help with clarifying the following:
  1) How does a Rich Client communicate to Protocol Router? Using HTTP? That means then that each request/response has to be wrapped in HTTP Request/Response object. It may impact the performance and make the communication between Rich Client and back-end slower.
  2) If rich client communicates with Protocol Router through HTTP, what is the difference between Fron Controller for Web Client and for Rich Client?
  3) The J2EE Tutorial on the other hand, shows direct connection from Application (Rich) Client to EJB layer - http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Ebank.html.
  It will be greatly appreciated to know how would you address the above doubts.
  Best Regards.

  1) How does a Rich Client communicate to Protocol
  Router? Using HTTP? Yes, HTTP . You are right about performance issues. That protocol router seems to me like like overengineering. Anyway, I think a WEB service could be better choice. It's a standart way how to wrap remote requests in HTTP.
  2) If rich client communicates with Protocol Router
  through HTTP, what is the difference between Fron
  Controller for Web Client and for Rich Client?I think the difference is in types of requests. WEB client would request
  WEB pages, SWING client doesnt need WEB pages. It would request contents
  of list boxes and things like that.
  I would suggest you to use EJB's with session facade pattern. Provide WEB service style access to your app. Many app. servers provide feature to expose SLSB as WEB services. Thus you will support almost any types of clients (.NET, Perl, whatever). You can also use WEB service to connect from you'r SWING client. If later you are not satisfied with performance, you can switch to RMI. If you use BusinessDelegate pattern then you will need to change BusinessDelegate only, just one class.
  I have written an example EJB based app. which can be accessed by SWING client using RMI or SOAP, WEB client, .NET client and CORBA.
  You can get it from:
  http://www.datapro.lv/~mariso/ejb.html
  feel free to ask questions, if you have any
  Maris Orbidans

• DB2E for AWT client

  Hi experts,
  i am trying to assign DB2E 8.2.4 on MOBILE AWT client(SP 18 ), but when i click on START button of MI Client Installer of DB2E it shows me some error as follows :-
  installation failed: version check for appliaction 'MOBILEENGINE_JSP' failed;'null' (installed version) greater equal '2514' returned false(used prefix match)..
  I think that DB2E for AWT client is different,is it so ?? and if yes please let me know where can i get the one specific for AWT client.
  Also is it so that JQuery not supported exception occurs when DB2E is not installed on client?? 
  Thanks in advance,
  regards,
  rajesh

  Hi,
  can you not install the DB2e manually for a test to see if your landscape works as such?
  Steps are described in the DB2e install file - have a look into the XML.
  And by the way - for a test instead of having no solution for a few days - there is the number mentioned in the setup file you would need at least to install that DB2e - I would simply change that number as long as I have no better solution.
  Hope this helps.
  Regards,
  Oliver

• WGB-clients problem AP1200

  Hey,
  Yesterday i've encounterd a problem with a wireless network on the site. It's a network with 1 AP1200 (8JA2 firmware) and 2 1200 (8JA2 firmware) configured as WGB. For security settings we've used WPA PSK, AES CCMP and ACL.
  The network was running fine for 2 weeks, and yesterday the WGB's couldn't associate with the AP. When I tried to associate with my laptop (pcmcia cisco350) I could associate but I couldn't authenticate. I've replaced the AP with another 1200 with the same Firmware and settings.
  Everything could now associate but the WGB-clients were not known by the AP, so there was no communication between the WGB-clients and the servers. ARP caching was enabled.
  After I turned all the encryption and security off, and rebooted the wgb's and the AP, the WGB-clients appeared in the association table of my ap and the communication was back.
  Has anyone encountered this sort of problems?? With this version firmware, 8JA2??
  Greetings
  Steven Gijsbers

  Try to clear arp on the AP during the problem
  Try this link
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00800a86d7.shtml

• Subsite security trimming in the Office365 for Android client

  I just installed the Android Office365 client and noticed that subsite links are not security trimmed. Is this by design or can I influence this by settings in Sharepoint Online? If I click a subsite link I don't have permissions to I get the error "Can't
  complete task. Office Mobile encountered a problem."
  Just noticed this behaviour only applies if you're member at a site, then you'll see the links to all subsites in the Android client, even those you don't have permissions to. In the web interface those links are trimmed. If you only have visitor rights
  at the suprasite you only see the subsite links you have permissions for in the Android client.

  Hi,
  According to your post, my understanding is that you failed to click a subsite link in the Office365 for Android client.
  I rececomend to set a user as administrator and then sign in the site using the account to check whether it works.
  This forum is supproted for SharePoint On-Primse. Regarding SharePoint Online, for quick and accurate answers to your questions, it is recommended that you initial a new thread in Office 365 forum.
  Office 365 forum
  http://community.office365.com/en-us/forums/default.aspx
  Thanks,
  Linda Li                
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Linda Li
  TechNet Community Support

• ISE Profiling options for VPN clients

  I'm trying to mull over what profiling options are available for VPN users.  I have an environment using ASA VPN in conjunction with ISE IPN to allow full posturing for VPN clients prior to allowing network access.  The use case here is we want to allow BYOD-type devices in for VPN (using software clients), but want to allow them to be exempted from ISE posturing requirements.  I don't see an easy way to distinguish these device types that cannot use the NAC agent from the O/Ses that can.  Since the mac address isn't sent to the headend, I can't use any of the traditional DHCP-based profiling criteria.  So the net effect is these devices are stuck in the "unknown" posture state and have very limited access.  Any way around this catch-22?  Incidentally DHCP profiling is on and working fine for the wireless users on the network, but doesn't help me here since I only know the machines by their mac address.

  Chris I ran into the same issue. Netflow doesn't work and use packet captures to see if anything was worth while. The only option I see is filing a enhancement request to see if the asa can send the device platform over ot ise via radius (much like the device sensor feature on ios).
  I also tried to use a span session and the catch with is that the asa doesn't assign the calling station id attribute to the tunnel ip, but the public ip the user is connecting from. So ise doesn't apply the user agent attributes to the current session.
  I was able to find a way around this by modifying the messaging via root patch to have the users click a link instead of retrying their request when they hit the cpp portal as a mobile device.
  Sent from Cisco Technical Support Android App

• Can't turn off data roaming for my Samsung mini

  I am traveling in Germany and when I arrived I was able to select no data roaming for my trip, but now it has reactivated and I can't turn it off. Any ideas?

      I sure hope that this is not impacting your trip while in Germany! There is the option to turn of Mobile Data altogether: Settings>More Settings>Mobile Networks>Mobile Data (OFF) if the phone will not allow you to "Deny data roaming access". Once you have landed in the United States, you will want to turn Mobile Data ON. Keep us updated!
  SandyS_VZW
  Follow us on Twitter @Vzwsupport

• WLC OID (snmp) for authenticated clients

  I know the OID for associated users 1.3.6.1.4.1.14179.2.1.1.1.38.
  But is there one for Authenticated clients? I am looking for the numbers similar to the one I can get from the report tools in WCS.
  I think the number of authenticated clients is a better number than using the associated client count when talking about guest WLAN's.
  Best regards,
  Steffen Lindemann

  Hi,
  yes there is. I have created a table with solarwinds for this but they represent or provide information in diffrent way.
  The table consist of
  >WLAN Profile
  1.3.6.1.4.1.9.9.599.1.3.1.1.3
  This object specifies the WLAN Profile name
  this 802.11 wireless client is connected to.
  >Client Status
  1.3.6.1.4.1.9.9.599.1.3.1.1.2
  The object that represents the current status of the client.
  >MobileStationUserName
  1.3.6.1.4.1.14179.2.1.4.1.3
  User Name , if any , of the Mobile Station. This would
  be non empty in case of Web Authentication and IPSec.
  >Client Protocol
  1.3.6.1.4.1.9.9.599.1.3.1.1.6
  The 802.11 protocol type of the client.
  'dot11a' - The client is using 802.11a standard
  to connect to the access point (AP)
  >MobileStationIpAddress
  1.3.6.1.4.1.14179.2.1.4.1.2
  Ip address
  Well the Clinet status would be represted in num value:
  Client status:
  4 = associated
  6 = Probing
  8 = Disconnected
  Protocol:
  1 = 802.11a
  2 = 802.11b
  3 = 802.11g
  Hope this helps

• QoS for wireless clients

  hi
  We would like to give more priority for laptops vs mobile phones/tablets in our corporate SSID. Today all of them connect to same SSID.
  What would be the recommended way to carry this out?
  1. We mark packets coming from laptops using a COS value
  2. This COS /DSCP value need to be trusted on our switches
  3. Controller assigns dedicated bandwidth to the laptops
  4. All other devices get lesser bandwidth                  
  the general idea is to make a distinction in terms of bandwidth available to clients .. Currently we plan to install 2600 AP's in our environment to cater to about 2000 equipment .. we have a tight budget in terms of number of antennas we can buy. So we plan to install around 32 antennas for supporting 2000 equipment and hence the need for prioritisation

  Well you can mark the packets on the laptops to a higher COS level, that would work since the WLC will not mark a packet higher than what the 802.1p tag.  The thing is what your trying to accomplish is a way to just give laptops more bandwidth that any other device, using one ssid.  The issue I see is that all devices have to be able to use the encryption and authentication method for that one ssid.  Also you can still oversubscribe an access point and even traffic for the laptops could affect each other.  As long as the non-laptops don't also mark their traffic up, I think you would be able to set the traffic in the appropriate queues.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• [help] - Flash animation for i-mode mobile

  Hi! ^^
  I'm getting a trouble while creating a game for i-mode
  mobiles (DoCoMo)
  It works fine in Flash8 mobile simulator. But when I tested
  it in i-mode Simulator II, I got a (big) trouble:
  The animations perform not very slowly but when I hold down a
  key to move the character in the game, every animations are nearly
  stopped! only the character can move, and when it moves, all
  animations inside it are stopped too :(
  Everythings can only move again when I release the key :)
  Can anyone tell me how to solve this problem?
  ah, moreover, even when I hold down a key but let the
  flashplayer do nothing (i don't make the character move anymore and
  let all the movieclips work it own), the animations still slow
  down. It seem that the CPU spend too much time/power to process
  these keyevents :(
  Thanks ^o^

  yeah sure, it works fine :) That's also the way I solved my
  problem. Thanks again ^^
  But I think this could be very complex in some kind of games.
  For example: a game that has a moving background (controled by AS,
  not just a simple animation), and while the background is moving,
  we need to make the characters move by pressing some keys.
  In this case, when the key is pressed, I need to make all the
  objects move: background, characters,... So a piece of code must be
  placed in the keyevent handler's functions to control the moving of
  the backgorund. But it only be excuted when keypressed. So to make
  the background moves all the time, another copy of that code must
  be placed somewhere else.
  -> There's some duplicated codes (do exactly the same
  work) excuted at the same time and they may cause some problem...
  It's just how I solved my problem +_+
  Maybe you have a greater idea ^^
  Thanks for reading! (my English is not good, heh)

• Looking for NNTP client for iPhone

  looking for NNTP client for iPhone!!!
  thanks and please help. when I use Windows Mobile I can use NNTP client.

  Hey all.
  I'm actually the developer of that app--and as Irish John points out it was originally an app for the jailbroken devices.
  However, I'm currently in the process of writing it for 2.*, and hope to have it out in the coming weeks. It will be free, or very close to it.
  If you're interested in being informed of when this happens, feel free to star this issue: http://code.google.com/p/inewsgroup/issues/detail?id=56 .
  If you have any questions/comments/thoughts/feature requests, feel free to email me at [email protected] .
  Take care .

• 1262 WGB Client Limitation

  Hi all,
  I have a 1262 that will be setup as a WGB and wirelessly connect to a Cisco MESH AP.  A switch and clients will hang off of the 1262 WGB.  How many clients can a 1262 WGB support?
  Thanks

  The limit is for clients that appear on the root AP table as WGB clients. Those should get ip addresses from same WLAN pool (dhcp or static). The clients behind a router are not counted with the limitation because they don't appear as WGB clients in the root AP table. But note that the WGB connection will be a bottle nick for those clients.
  HTH
  Amjad
  Sent from Cisco Technical Support iPad App