Snooping Issue

Similar Messages

• Ip dhcp snooping issue

     Hi all,
  I am having trouble getting the dhcp snooping to work on a stacked 3750 when a rogue DHCP server is plugged in to the network. I have configured dhcp snooping on one of our user switches with the following commands.
  ip dhcp snooping
  ip dhcp snooping vlan 11
  no ip dhcp snooping information option
  int range fa1/0/1 - 48
  ip dhcp snooping limit rate 100
  VLAN Name                             Status    Ports
  11   JKT_Net_DHCP_1 
  interface FastEthernet1/0/43
  description  DHCP Subnet 1
  switchport access vlan 11
  switchport mode access
  switchport port-security maximum 3
  switchport port-security aging time 1440
  switchport port-security violation restrict
  switchport port-security aging type inactivity
  no logging event link-status
  no snmp trap link-status
  spanning-tree portfast
  spanning-tree bpduguard enable
  ip dhcp snooping limit rate 100
  end
  The configuration works in ther fact that users are still getting their IP address info from the DHCP server and i can see all the dhcp snooping bindings on the switch. But I'm having issues where when a rogue dhcp device is plugged in to one of the user ports i.e fa1/0/43 on the user subnet, and do an ipconfig /release /renew on a machine on the same VLAN, i am still getting a DHCPOFFER from the rogue device and the machine ends up with the wrong IP address.
  Currrently the real DHCP server sits off a network behind the firewall, with a layer 3 link (running OSPF) between the user switch to the distribution switch. I have enabled the dhcp snooping on the link from the distribution switch to the real DHCP server (shown below).
  DHCP snooping trusted interface
  interface GigabitEthernet1/0/9
  description JKTADC01 - LAC 1
  switchport access vlan 21
  switchport mode access
  no snmp trap link-status
  ip dhcp snooping trust
  end
  I have also attached a network diagram of the network setup.
  I would like to stop the rogue server from being able to give out ip addresses.
  Can someone shed some light on this topic please?
  Kind regards,
  Philip

  Pawan,
  Based on the error messages it looks like you have a mis-configuration. Looks like
  one of the trunks/ports does not have DHCP trust configured on it. Can you
  track mac address 34dc.fde5.2c40 to what port it's connected to and verify
  that it has DHCP trust enabled?.
  Haihua

• 1.3.0.59 firmware issue

  I installed the 1.3.0.59 on a couple of SG300-28Ps.  On the Status and Statistics page, the PoE indicators no longer lit. Physically, on the front of the switch, they did still light.  I didn't yet reboot to factory defaults to see if that clears it, because I don't feel like entering the config again this early in the morning. But I am willing to test that, if needbe.
  When reverting the image back to 1.2.9.44 (tested) or possibly earlier, the ip default gateway must be re-entered (if it was configured). Even if ip-default gateway x.x.x.x shows up correctly on a 'show run', the switch will not obey it, and on the IPv4 settings page it will report the operational default gateway as blank. This came as a surprise becauset he switch suddenly wouldn't talk to the VPN anymore. Logging onto the switch locally, going to the IPv4 settings, ticking the radio button back on User Defined and typing it back in cleared that up. It appears this cropped up because the syntax for specifying the default gateway changed in 1.3.x but it's still odd that the config shows correctly in console but not in the gui.

  I see that Cisco have today released new firmware for the SG300 switches.
  http://software.cisco.com/download/release.html?mdfid=283019611&catid=268438038&softwareid=282463181&release=1.3.0.62&relind=AVAILABLE&rellifecycle=&reltype=latest
  http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/release_notes/R_1.3.0.62_RN_78-21240-01.pdf
  So soon after the last release, it’s obviously mainly a bugfix exercise.
  Hopefully it will address some of the issues above, and some of my own which include some strange multicast (IGMP snooping) issues which affected UPnP discovery, etc.  Also found that some other configurations got corrupted after upgrading to 1.3.0.59.
  Would be good to know if 1.3.0.62 fixes things not mentioned in the release notes
  Later edit:
  Well - I've tried 1.3.0.62 and despite the claim in the release notes that one of the defects fixed is:
  "After the firmware is upgraded from 1.2.9.44 to 1.3.0, the IP default gateway
  changes to default route. (CQ146158)"
  I am still finding in layer 2 mode that it is still stored as a route:
  "ip route 0.0.0.0 /0 10.2.3.7 metric 1"
  When you attempt to reload this config file, you get the error:
  "Status:
  Copy failed
  Error Message:
  Copy: Error in configuration download Line: 102 Command: ip route 0.0.0.0 /0 10.2.3.7 metric 1"
  Strangely, in layer 3 mode, it saves it as a default gateway setting:
  "ip default-gateway 10.2.3.7 "  which loads with no errors, despite the fact that the manual states that there is no "default gateway" in the layer 3 mode.
  This is the same behaviour as firmware 1.3.0.59. 
  Incidentally, I have been told that the performance of the SG300 switches is better if set to layer 3 mode, but only used as layer 2 (i.e. no routing or multiple IP addresses set.)  Anyone got any experience of this?
  Certianly it seems that with v1.3 firmware, the only way to avoid an error when reloading a config file is to set the switch to router mode.

• Qtcreator-1.3.0 PKGBUILD

  Just like the qt-doc 4.6. I've modified the PKGBUILD from abs tu build qtcreator-1.3.0.
  http://kkrzewniak.gsoftware.pl/download … LD.tar.bz2
  pkgname=qtcreator
  pkgver=1.3.0
  pkgrel=1
  _qtver=4.6.0
  pkgdesc="Lightweight, cross-platform integrated development environment"
  arch=('i686' 'x86_64')
  url="http://trolltech.com/developer/qt-creator"
  license=('LGPL')
  makedepends=()
  depends=('qt>=4.5')
  optdepends=('qt-doc: for the integrated Qt documentation'
  'gdb: for the debugger')
  options=(docs)
  source=("http://download.qtsoftware.com/qtcreator/qt-creator-${pkgver}-src.tar.gz"
  "http://get.qt.nokia.com/qt/source/qt-everywhere-opensource-src-${_qtver}.tar.gz"
  paths.patch
  qtcreator.desktop
  qtcreator)
  md5sums=('52abe3574b58db23dd875f64b125b841'
  '2a7b5126f2450d8525af355fc4c12ad6'
  '68663f1fa9fe5bb3825b28ac02a41eed'
  '2c3ffbd66845b37be9804f2966815a10'
  '53a02595008d842ca30c828640eb8f0c')
  build() {
  cd "${srcdir}/qt-everywhere-opensource-src-${_qtver}"
  touch ".qmake.cache"
  cd "${srcdir}/qt-creator-${pkgver}"
  patch -Np1 -i ${srcdir}/paths.patch
  export QTDIR="${srcdir}/qt-everywhere-opensource-src-${_qtver}"
  if [ -d ${srcdir}/build ]; then
  rm -rf ${srcdir}/build
  fi
  mkdir ${srcdir}/build
  cd ${srcdir}/build
  mkdir -p share/doc/qtcreator
  touch share/doc/qtcreator/qtcreator.qch
  qmake ${srcdir}/qt-creator-${pkgver}/qtcreator.pro -o Makefile || return 1
  make || return 1
  make INSTALL_ROOT="${pkgdir}/usr/" install || return 1
  install -Dm755 ${srcdir}/qtcreator ${pkgdir}/usr/bin/qtcreator
  install -Dm644 ${srcdir}/qtcreator.desktop ${pkgdir}/usr/share/applications/qtcreator.desktop
  install -Dm644 ${srcdir}/qt-creator-${pkgver}/LGPL_EXCEPTION.TXT ${pkgdir}/usr/share/licenses/qtcreator/LGPL_EXCEPTION.TXT

  I see that Cisco have today released new firmware for the SG300 switches.
  http://software.cisco.com/download/release.html?mdfid=283019611&catid=268438038&softwareid=282463181&release=1.3.0.62&relind=AVAILABLE&rellifecycle=&reltype=latest
  http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/release_notes/R_1.3.0.62_RN_78-21240-01.pdf
  So soon after the last release, it’s obviously mainly a bugfix exercise.
  Hopefully it will address some of the issues above, and some of my own which include some strange multicast (IGMP snooping) issues which affected UPnP discovery, etc.  Also found that some other configurations got corrupted after upgrading to 1.3.0.59.
  Would be good to know if 1.3.0.62 fixes things not mentioned in the release notes
  Later edit:
  Well - I've tried 1.3.0.62 and despite the claim in the release notes that one of the defects fixed is:
  "After the firmware is upgraded from 1.2.9.44 to 1.3.0, the IP default gateway
  changes to default route. (CQ146158)"
  I am still finding in layer 2 mode that it is still stored as a route:
  "ip route 0.0.0.0 /0 10.2.3.7 metric 1"
  When you attempt to reload this config file, you get the error:
  "Status:
  Copy failed
  Error Message:
  Copy: Error in configuration download Line: 102 Command: ip route 0.0.0.0 /0 10.2.3.7 metric 1"
  Strangely, in layer 3 mode, it saves it as a default gateway setting:
  "ip default-gateway 10.2.3.7 "  which loads with no errors, despite the fact that the manual states that there is no "default gateway" in the layer 3 mode.
  This is the same behaviour as firmware 1.3.0.59. 
  Incidentally, I have been told that the performance of the SG300 switches is better if set to layer 3 mode, but only used as layer 2 (i.e. no routing or multiple IP addresses set.)  Anyone got any experience of this?
  Certianly it seems that with v1.3 firmware, the only way to avoid an error when reloading a config file is to set the switch to router mode.

• Lync 2013 - Issue with Snooper and Centralized Logging files

  I ran the AlwaysOn trace on 3 pools last night till this morning.  When I run the search script and include the specific time I want I get a different time in the trace.  For example....I want to see the traces from 3-3:30AM.  This is what
  I ran :
  Search-CsClsLogging -Pools "X","Y","Z" -StartTime "12/27/2013 03:00:00 AM" -EndTime "12/27/2013 03:30:00 AM" -OutputFilePath \\file01\LyncShare\Traces\lync_trace122713.txt
  When I open snooper the timestamp on the trace is from 8-8:30AM.  I checked all the servers in the 3 pools and there are .hdr and .cache files from yesterday to this morning as seen here:
  The timestamps on the servers are correct.  
  Not sure what the issue is.  Suggestions?  Thanks.

  Hi,
  The issue may cause by the influence of the cache before.
  Please try to run the cmdlet: Sync-CsClsLogging and then run the search cmdlet again to test the issue. The cmdlet
  Sync-CsClsLogging will flush the cache used by searching before. Flushing the cache helps to ensure that there is a clean log and trace file capture buffer at the CLSController for the next search operation.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Connection issue on new infinity

  Hi, would appreciate if anyone can shed some light on the issue I'm having.
  I live a fair distance from the local village, so I can't get full infinity, but I do have infinity to a certain point, then copper cable for the rest of the distance.
  Well aware I'm not going to get amazing speeds, but I was estimated at getting between 11 and 18Mb (compared to my old 1.5Mb it's a huge upgrade).
  Got switched on yesterday, and was slightly disappointed when I tried my first download. I registered max speeds of around 6Mb, so did a bit of snooping around looking at my settings etc, tried a router reset and looked at the connection speed. Something I also noticed was my upload speed is even worse than when I was just on normal BB, used to be circa 0.3Mb upload, now 0.16.
  So I checked the connection status on the router, and it's showing a connection speed of 14.xxMb and upload was something daft like 0.18. So the upload speed marries up (even though it's rediculously slow) but the download speed doesn't make sense, considering I'm connected at 14Mb but I'm only getting download speeds of 6Mb (600kbps, whereas I surely should be seeing speeds of 1.4/5mbps)?
  Am I right to think something is amiss here? To be fair I really don't mind the speed at the moment, I can finally stream youtube at 720, whereas 360 was pushing it before
  There's a couple of thing's I'm going to try tonight, as I'm using a very old long run of cat4 to connect to the router at the moment. So I'll move the router close to the pc and try the cable that came with the hub. Also, haven't tried wireless speeds yet which would also show a problem with the wired connection.
  I would phone up BT but really don't want to talk to India again as you just go round and round in circles.
  Solved!
  Go to Solution.

  Cat4 cable consists of four unshielded twisted-pair (UTP) copper wires with a data rate of 16 Mbit/s and performance of up to 20 MHz.
  Can you post your helpdesk data from the HH5 please? These are in Troubleshooting/Helpdesk on the web interface at http://192.168.1.254 or http://bthomehub.home
  Please miss out any data you don't want to post
  If you found this post helpful, please click on the star on the left
  If not, I'll try again

• An issue with authentication and authorization on ISE 1.2

  Hi, I'm new to ISE.
  I have an issue with authentication and authorization.
  I have ISE 1.2 plus patch 6 installed on VMware.
  I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
  On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
  I created  authentication and authorization rules with Active Directory  as External Identity Source. Also I applied  authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for  authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
  I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
  I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
  What  should I do to resolve this issue?
  Switch configuration:
   testISE#sh runn
  Building configuration...
  Current configuration : 7103 bytes
  ! Last configuration change at 12:20:15Tue Apr 15 2014
  ! NVRAM config last updated at 10:35:02  Tue Apr 15 2014
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname testISE
  boot-start-marker
  boot-end-marker
  no logging console
  logging monitor informational
  enable secret 5 ************
  enable password ********
  username radius-test password 0 ********
  username admin privilege 15 secret 5 ******************
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization auth-proxy default group radius
  aaa accounting update periodic 5
  aaa accounting dot1x default start-stop group radius
  aaa server radius dynamic-author
   client 172.16.0.90 server-key ********
  aaa session-id common
  clock timezone 4 0
  system mtu routing 1500
  authentication mac-move permit
  ip dhcp snooping vlan 1,22
  ip dhcp snooping
  ip domain-name elauloks
  ip device tracking probe use-svi
  ip device tracking
  epm logging
  crypto pki trustpoint TP-self-signed-1888913408
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1888913408
   revocation-check none
   rsakeypair TP-self-signed-1888913408
  crypto pki certificate chain TP-self-signed-1888913408
  dot1x system-auth-control
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  ip ssh version 2
  interface FastEthernet0/5
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/6
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/7
  interface Vlan1
   ip address 172.16.0.204 255.255.240.0
   no ip route-cache
  ip default-gateway 172.16.0.1
  ip http server
  ip http secure-server
  ip access-list extended ACL-ALLOW
   deny   icmp any host 172.16.0.1
   permit ip any any
  ip radius source-interface Vlan1
  logging origin-id ip
  logging source-interface Vlan1
  logging host 172.16.0.90 transport udp port 20514
  snmp-server community public RO
  snmp-server community ciscoro RO
  snmp-server trap-source Vlan1
  snmp-server source-interface informs Vlan1
  snmp-server enable traps snmp linkdown linkup
  snmp-server enable traps mac-notification change move
  snmp-server host 172.16.0.90 ciscoro
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 6 support-multiple
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 5 tries 3
  radius-server vsa send accounting
  radius-server vsa send authentication
  radius server ISE-Alex
   address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
   automate-tester username radius-test idle-time 15
   key ******
  ntp server 172.16.0.1
  ntp server 172.16.0.5
  end

  Yes. Tried that (several times) didn't work.  5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts.  Kept getting error message that username and password invalid.  Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick.  Think there is an issue with imap.gmail.com and IOS 6.0.1.  I'm sure the 5 of us suddently experiencing this issue aren't the only ones.  Apple will figure it out.  Thanks.

• Issues with Hosted Exchange, UM and Lync 2013.

  Hello everyone!
  I am trying to deploy UM with Office 365 Hosted Exchange. We are using one Lync 2013 Standard Edition FE and have deployed one edge server. We have set up our firewall to host the Reverse Proxy.
  We do not use wildcard certs. External DNS resolves the _sipfederation and sip._tls SRV records to the external face of the edge server. The edge server functions as it should for remote users and mobility.
  I have tried to follow these instructions to the letter three times over to no avail.
  http://y0av.me/2014/01/07/lyncum365/
  Neither Snooper or Event Viewer show any particular issue, though when I try to dial out to voice mail I will get one to two rings and then 5 seconds of silence a fast busy, and finally "Call Unsuccessful".
  When checking the firewall logs I notice a seemingly random 10.x.x.x address being sent to the firewall by the external leg of the edge server. Wireshark captures it as STUN packets on port 3478 being sent to port 3478. These are being dropped by our firewall.
  I believe them to be RTP packets but I do not know if this is normal behavior. Has anyone any ideas?

  My mistake. Here is the snooper result.
  TL_INFO(TF_PROTOCOL) [edge\edge]0C4C.05E4::06/18/2014-15:43:34.153.0000000C (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265)) [3770767507]
  Trace-Correlation-Id: 3770767507
  Instance-Id: 2E5A
  Direction: incoming;source="external edge";destination="internal edge"
  Peer: exap.um.outlook.com:5061
  Message-Type: response
  Start-Line: SIP/2.0 488 Compression algorithm refused
  From: sip:sip.domain.net;tag=08FB9ED133BA396696FE6546EA6F3031
  To: sip:exap.um.outlook.com;tag=B8FFE4E9267ED6ECB78ADCC60126B53F
  Call-ID: 66602CE1F9980BFA94AD
  CSeq: 1 NEGOTIATE
  Via: SIP/2.0/TLS 10.11.11.23:50752;branch=z9hG4bK2132316E.5B3AF52DE2753A36;branched=FALSE;received=207.46.5.9;ms-received-port=50752;ms-received-cid=60172700
  Content-Length: 0
  Server: RTC/5.0
  TL_INFO(TF_NETWORK) [edge\edge]0C4C.05E4: :06/18/2014-15:43:34.153.0000000D (SIPStack,NegotiateLogic::SetCompressionType:NegotiateLogic.cpp(2701)) [559249495]( 00000079B1274FB8 ) Compression type is now CompOff
  TL_INFO(TF_NETWORK) [edge\edge]0C4C.05E4: :06/18/2014-15:43:34.153.0000000E (SIPStack,NegotiateLogic::ProcessCompressionResponse:NegotiateLogic.cpp(2217)) [559249495]( 00000079B1274FB8 ) Peer refused [488] our request for compression
  TL_INFO(TF_NETWORK) [edge\edge]0C4C.05E4: :06/18/2014-15:43:34.153.0000000F (SIPStack,NegotiateLogic::AdvanceOutboundNegotiation:NegotiateLogic.cpp(910)) [559249495]( 00000079B1274FB8 ) Outbound negotiation sequence is complete
  $$end_record
  And finally..
  TL_INFO(TF_PROTOCOL) [edge\edge0C4C.05E4::06/18/2014-15:43:49.379.0000002E (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265)) [962697980]
  Trace-Correlation-Id: 962697980
  Instance-Id: 2E61
  Direction: incoming;source="internal edge";destination="external edge"
  Peer: fe1.domain.net:61254
  Message-Type: request
  Start-Line: BYE sip:uminternal.um.prod.outlook.com:5066;transport=Tls;ms-fe=CO1PR02MB111.namprd02.prod.outlook.com SIP/2.0
  From: <sip:[email protected]>;tag=b736386270;epid=9bcee72318
  To: <sip:[email protected];opaque=app:voicemail>;tag=eced411395;epid=07C3F2A933
  Call-ID: 4266a095bdef8280d67c7e7df58446fc
  CSeq: 2 BYE
  Via: SIP/2.0/TLS 10.10.10.25:61254;branch=z9hG4bKC848F11A.A88BCA6858661A50;branched=FALSE
  Via: SIP/2.0/TLS 10.10.10.125:49156;ms-received-port=49156;ms-received-cid=401200
  Route: <sip:edge.domain.net:5061;transport=tls;opaque=state:Si;lr>
  Route: <sip:exap.um.outlook.com:5061;transport=tls;epid=07C3F2A933;lr;ms-key-info=AAEAARc45bIQE6UJAYvPAR8eV4QTvCH3EE2Kxtie7I2PMCSj-2aArKHP8dStYlJe-9jphIkz_mDEkCD_v8hY-mghQEHD6-F12E7E14YG-TJ2gEcQE0Bx2r_rDB3LrzRZzgQ0WVvxreLPWGI80elWF-xfbc_X3JE8mOR2OB9KQM8-e9WOjfq2kj6CnDGeL0yzgz4OB8zm-ao03Yo4gMZ-BpwaxC3BNuvvVDJo9wqrYftq_Z3MIVewWrqcDt5Td4vxCsMiXdwEqtEIRKVvQoqboleBJAyQl-C3qGgfEoSkUnApFuTSnQYRa4kbZ1iPaACpdKT-VTQGjc9HXfps48YJCsIXW0Ab_NSM2uvhUyw900men1ukXSmoZoWZbwqe5siuWVUcFoQl1h1Jcy4lCyZUfDZoqPzDioLqTk9iUmS8fa-PAJjsq72yGjVB_y1aJSxtHVsw7MiDqOGOPqT3dmF-sINkeyuokCy8UCf_cQHmEHwVzZLUJqaVccr3QNCLsBzhcWSypnC60ZZphOKuwl6RvUXWICPf0ubLTL2ppC3tWEgFdUUWOPVd84uGlMcqRLKGb1qrmpj8Nu6Lte7t5n2pMEBCfgAe79t4GO0C5KScdKT_XBM1iIBRXdNkPKHfSgC-wPQgRikdw7vRD-hOWlN5Lay7-zkQ4Ag6rauszFTAwbft99OieAOxKIsgYcxXxcG6;ms-route-sig=fiEMuzbN4_PyEz_I5gG3g8FtqNAonwgZCoRnOq-ByfYEtywTZp-Hk_eAAA>
  Max-Forwards: 69
  Content-Length: 0
  ms-client-diagnostics: 22; reason="Call failed to establish due to a media connectivity failure when both endpoints are internal";CallerMediaDebug="audio:ICEWarn=0x40003a0,LocalSite=10.10.10.125:6735,LocalMR=10.11.11.23:51430,RemoteSite=10.27.46.15:5286,RemoteMR=207.46.5.80:54106,PortRange=1025:65000,LocalMRTCPPort=51430,RemoteMRTCPPort=54106,LocalLocation=2,RemoteLocation=2,FederationType=0"
  $$end_record

• Can I use DHCP snooping and IOS DHCP server on the same switch stack

  Hello,
  I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
  There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
  For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
  Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
  I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
  Unfortunately I do not have access to a layer 3 switch to test this at the moment.
  Thanks

  Nope.  That's the issue.
  They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network.  At least that is what it looks like to me.  Anyone have another take on it?  Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition.

• I'm having major issues with battery life on my iphone 5 . When I'm on 3G my battery on lat 6 hours . But when I'm on edge network I get almost 8 hours usage and full day stand by . That's a. Major difference. But these phones were built for 3G and LTE .

  The battery only last 6hrs complete with basic normal usage . I tried all the suggestions and nothing was helping. I finally tried switching off the 3G to EDGE and what a major difference in battery life . My phones last more than a day . I got so far 8 hrs usages And 25 hours standby . But that's phones were created to handle lte and 3 g why is it killing the battery life ?? How can I resolve this issue ?

  Thanks for the replies. It took a while not hearing anything so thought I was alone. I have done many of the suggestions already. The key here is that it occurs on both phones with apps, and phones still packaged in a box.
  A Genius Bar supervisor also checked his Verizon data usage log and found the same 6 hour incremental use. Suprisingly, he did not express much intrigue over that. Maybe he did, but did not show it.
  I think the 6 hour incremental usage is the main issue here. I spoke with Verizon (again) and they confirmed that all they do is log exactly when the phone connected to the tower and used data. The time it records is when the usage started. I also found out that the time recorded is GMT.
  What is using data, unsolicited, every 6 hours?
  Why does it change?
  Why does it only happen on the iPhone 5 series and not the 4?
  Since no one from Apple seems to be chiming in on this, and I have not received the promised calls from Apple tech support that the Genius Bar staff said I was suppose to receive, it is starting to feel like something is being swept under the rug.
  I woke up the other day with another thought ... What application would use such large amounts of data? Well ... music, video, sound and pictures of course. Well ... what would someone set automatically that is of any use to them? hmmm ... video, pictures, sound. Is the iPhone 5 succeptible to snooping? Can an app be buried in the IOS that automatically turns on video and sound recording, and send it somewhere ... every 6 hours? Chilling. I noted that the smallest data usage is during the night when nothing is going on, then it peaks during the day. The Genius Bar tech and I looked at each other when I drew this sine wave graph on the log print outs during an appointment ...

• Having Issues with High CPU Usage with fluxbox & pekwm

  Greetings,
  I have searched for this issue and it seems that something similar has happened in the past with an old xorg, and it seems that someone is having a similar issue that they can point to kde as being the culrpit. However in my case, this is a fresh install and is not using any kde libs. Please allow me to explain the issue.
  The power supply on my main computer finally gave out, and being incredibly poor at the moment I can not yet replace it. So, I pull out an older computer that I had once set up for my kids, but took it away from them when they were abusing it. I always make backup dvds and such monthly so I didn't have to worry about any lose of data, however I desired to keep my larger hard drives from my main computer. After testing to ensure that the hard drives were fine, I did some minor surgery, and did a fresh install of arch linux onto my back up computer. Since I prefer pekwm, I installed pekwm as my wm of choice, and outfitted it quickly with mpd+sonata, firefox, pcmanfm, and tint2. Then I rebooted into my pekwm 'desktop'.
  It was running sluggish. Firefox was easily maxing the cpu up and beyond 100% and it felt ten times worse than any heavy DE I used in the past. I checked to make sure I had the right video driver installed. As this computer runs a 64MB nVidia GeForce2 MX with TV out video card, I searched nvidia's page and the arch wiki, noting that the driver needed is nvidia-96xx. Well I had already suspected that during install, and thus had installed such driver. I double checked my xorg.config and it has the right driver listed.
  So I checked out some lighter browsers. I tried both Midori and Iron (which is similar to Chrome but without google spyware or whatever). Well both run better than firefox, Midori being the lightest one, but Iron quickly being my favorite. Still, the problem remained. Moving windows caused cpu spikes, opening more than one tab, or more than one program caused cpu spikes and the computer to slow down and sputter, freezing at times.
  So I tried out another wm, fluxbos, which is another of my favorites. Seemed somewhat better but only fractionally, which I consider odd because pekwm has always seemed snappier than fluxbox to me in the past. Running lxtask (still mouse dependent, sorry lol), I was able to take note of the following...
  FLUXBOX
  lxtask 6% CPU usage average
  PCManFM 5% CPU Average
  Fluxbox 1% to 2% cpu usage
  gksu 3% cpu usage
  pidgin 3% to 7% cpu usage
  firefox up to 62% cpu usage
  midori up to 38% cpu usage
  iron up to 50% cpu usage
  mpd 11% cpu uage
  Xorg (with no window movement) 2% cpu usage
  Xorg (moving windows around) up to 80% cpu usage
  PEKWM
  lxtask 6% CPU
  pidgin 7% cpu
  tint2 1% cpu
  pekwm 1% to 5% cpu
  pcmanfm 7% cpu
  firefox up to 85% cpu
  python 1% cpu
  midori up to 38% cpu
  iron up to 25% cpu (odd...)
  Xorg (with no window movement) 1% cpu
  Xorg (when moving windows around) up to 80% cpu
  Both were using around 118 MB RAm and weren't yet touching swap. As I see it I am  thinking xorg  or video driver related, yet I already made sure that I had the correct video driver. Here's my Xorg.conf
  # nvidia-xconfig: X configuration file generated by nvidia-xconfig
  # nvidia-xconfig: version 1.0 (buildmeister@builder63) Thu Jun 25 18:57:07 PDT 2009
  Section "ServerLayout"
  Identifier "Layout0"
  Screen 0 "Screen0" 0 0
  InputDevice "Keyboard0" "CoreKeyboard"
  InputDevice "Mouse0" "CorePointer"
  EndSection
  Section "Files"
  EndSection
  Section "InputDevice"
  # generated from default
  Identifier "Mouse0"
  Driver "mouse"
  Option "Protocol" "auto"
  Option "Device" "/dev/psaux"
  Option "Emulate3Buttons" "no"
  Option "ZAxisMapping" "4 5"
  EndSection
  Section "InputDevice"
  # generated from default
  Identifier "Keyboard0"
  Driver "kbd"
  EndSection
  Section "Monitor"
  Identifier "Monitor0"
  VendorName "Unknown"
  ModelName "Unknown"
  HorizSync 30.0 - 110.0
  VertRefresh 50.0 - 150.0
  Option "DPMS"
  EndSection
  Section "Device"
  Identifier "Device0"
  Driver "nvidia"
  VendorName "NVIDIA Corporation"
  EndSection
  Section "Screen"
  Identifier "Screen0"
  Device "Device0"
  Monitor "Monitor0"
  DefaultDepth 24
  SubSection "Display"
  Depth 24
  Modes "1600x900" "1024x768" "800x600" "640x480"
  EndSubSection
  EndSection
  Here's some specs on this computer, including video cards and such...
  Computer
  Summary
  Computer
  Processor Intel(R) Pentium(R) 4 CPU 1.60GHz
  Memory 1034MB (239MB used)
  Operating System Arch Linux
  User Name mythus (Travis K. Randall)
  Date/Time Thu 08 Oct 2009 05:24:52 PM CDT
  Display
  Resolution 1600x900 pixels
  OpenGL Renderer GeForce2 MX/AGP/SSE2
  X11 Vendor The X.Org Foundation
  Multimedia
  Audio Adapter ICH - Intel 82801BA-ICH2
  Input Devices
  Macintosh mouse button emulation
  AT Translated Set 2 keyboard
  Power Button
  Power Button
  PC Speaker
  Logitech USB Optical Mouse
  Printers
  No printers found
  SCSI Disks
  ATA ST3160212A
  ATA IC35L090AVV207-0
  LITE-ON LTR-16102B
  TSSTcorp CD/DVDW TS-H552D
  Operating System
  Version
  Kernel Linux 2.6.30-ARCH (i686)
  Compiled #1 SMP PREEMPT Wed Sep 9 12:37:32 UTC 2009
  C Library GNU C Library version 2.10.1 (stable)
  Default C Compiler GNU C Compiler version 4.4.1 (GCC)
  Distribution Arch Linux
  Current Session
  Computer Name norova
  User Name mythus (Travis K. Randall)
  Home Directory /home/mythus
  Desktop Environment Unknown (Window Manager: Fluxbox)
  Misc
  Uptime 11 hours, 38 minutes
  Load Average 0.20, 0.38, 0.34
  Kernel Modules
  Loaded Modules
  ipv6 IPv6 protocol stack for Linux
  reiserfs ReiserFS journaled filesystem
  usbhid USB HID core driver
  hid
  arc4 ARC4 Cipher Algorithm
  ecb ECB block cipher algorithm
  snd_seq_dummy ALSA sequencer MIDI-through client
  rt2500pci Ralink RT2500 PCI & PCMCIA Wireless LAN driver.
  snd_seq_oss OSS-compatible sequencer module
  rt2x00pci rt2x00 pci library
  snd_seq_midi_event MIDI byte <-> sequencer event coder
  rt2x00lib rt2x00 library
  snd_seq Advanced Linux Sound Architecture sequencer.
  led_class LED Class Interface
  snd_seq_device ALSA sequencer device management
  input_polldev Generic implementation of a polled input device
  mac80211 IEEE 802.11 subsystem
  snd_intel8x0 Intel 82801AA,82901AB,i810,i820,i830,i840,i845,MX440; SiS 7012; Ali 5455
  uhci_hcd USB Universal Host Controller Interface driver
  snd_pcm_oss PCM OSS emulation for ALSA.
  fan ACPI Fan Driver
  cfg80211 wireless configuration support
  ppdev
  ehci_hcd USB 2.0 'Enhanced' Host Controller (EHCI) Driver
  snd_mixer_oss Mixer OSS emulation for ALSA.
  snd_ac97_codec Universal interface for Audio Codec '97
  nvidia
  lp
  eeprom_93cx6 EEPROM 93cx6 chip driver
  parport_pc PC-style parallel port driver
  ohci1394 Driver for PCI OHCI IEEE-1394 controllers
  parport
  psmouse PS/2 mouse driver
  ac97_bus
  ieee1394
  serio_raw Raw serio driver
  8139too RealTek RTL-8139 Fast Ethernet driver
  e100 Intel(R) PRO/100 Network Driver
  snd_pcm Midlevel PCM code for ALSA.
  pcspkr PC Speaker beeper driver
  battery ACPI Battery Driver
  8139cp RealTek RTL-8139C+ series 10/100 PCI Ethernet driver
  snd_timer ALSA timer interface
  i2c_core I2C-Bus main module
  iTCO_wdt Intel TCO WatchDog Timer Driver
  mii MII hardware support library
  evdev Input driver event char devices
  snd Advanced Linux Sound Architecture driver for soundcards.
  ac ACPI AC Adapter Driver
  iTCO_vendor_support Intel TCO Vendor Specific WatchDog Timer Driver Support
  usbcore
  soundcore Core sound module
  sg SCSI generic (sg) driver
  shpchp Standard Hot Plug PCI Controller Driver
  snd_page_alloc Memory allocator for ALSA system.
  processor ACPI Processor Driver
  thermal ACPI Thermal Zone Driver
  pci_hotplug PCI Hot Plug PCI Core
  intel_agp
  button ACPI Button Driver
  agpgart AGP GART driver
  rtc_cmos Driver for PC-style 'CMOS' RTCs
  rtc_core RTC class support
  rtc_lib
  ext4 Fourth Extended Filesystem
  mbcache Meta block cache (for extended attributes)
  jbd2
  crc16 CRC16 calculations
  sr_mod SCSI cdrom (sr) driver
  cdrom
  sd_mod SCSI disk (sd) driver
  ata_piix SCSI low-level driver for Intel PIIX/ICH ATA controllers
  ata_generic low-level driver for generic ATA
  pata_acpi SCSI low-level driver for ATA in ACPI mode
  libata Library module for ATA devices
  floppy
  scsi_mod SCSI core
  Display
  Display
  Display
  Resolution 1600x900 pixels
  Vendor The X.Org Foundation
  Version 1.6.3.901
  Monitors
  Monitor 0 1600x900 pixels
  Extensions
  BIG-REQUESTS
  Composite
  DAMAGE
  DOUBLE-BUFFER
  DPMS
  DRI2
  GLX
  Generic Event Extension
  MIT-SCREEN-SAVER
  MIT-SHM
  NV-CONTROL
  NV-GLX
  RANDR
  RECORD
  RENDER
  SECURITY
  SHAPE
  SYNC
  X-Resource
  XC-MISC
  XFIXES
  XFree86-DGA
  XFree86-VidModeExtension
  XINERAMA
  XInputExtension
  XKEYBOARD
  XTEST
  XVideo
  OpenGL
  Vendor NVIDIA Corporation
  Renderer GeForce2 MX/AGP/SSE2
  Version 1.5.8 NVIDIA 96.43.13
  Direct Rendering Yes
  Processor
  Processor
  Processor
  Name Intel(R) Pentium(R) 4 CPU 1.60GHz
  Family, model, stepping 15, 1, 2 (Pentium 4)
  Vendor Intel
  Configuration
  Cache Size 256kb
  Frequency 1594.77MHz
  BogoMIPS 3190.44
  Byte Order Little Endian
  Features
  FDIV Bug no
  HLT Bug no
  F00F Bug no
  Coma Bug no
  Has FPU yes
  Cache
  Cache information not available
  Capabilities
  fpu Floating Point Unit
  vme Virtual 86 Mode Extension
  de Debug Extensions - I/O breakpoints
  pse Page Size Extensions (4MB pages)
  tsc Time Stamp Counter and RDTSC instruction
  msr Model Specific Registers
  pae Physical Address Extensions
  mce Machine Check Architeture
  cx8 CMPXCHG8 instruction
  apic Advanced Programmable Interrupt Controller
  sep Fast System Call (SYSENTER/SYSEXIT)
  mtrr Memory Type Range Registers
  pge Page Global Enable
  mca Machine Check Architecture
  cmov Conditional Move instruction
  pat Page Attribute Table
  pse36 36bit Page Size Extensions
  clflush Cache Line Flush instruction
  dts Debug Store
  acpi Thermal Monitor and Software Controlled Clock
  mmx MMX technology
  fxsr FXSAVE and FXRSTOR instructions
  sse SSE instructions
  sse2 SSE2 (WNI) instructions
  ss Self Snoop
  ht HyperThreading
  tm Thermal Monitor
  up smp kernel running on up
  pebs Precise-Event Based Sampling
  bts Branch Trace Store
  Memory
  Memory
  Total Memory 1034084 kB
  Free Memory 94276 kB
  Buffers 40536 kB
  Cached 700112 kB
  Cached Swap 0 kB
  Active 170788 kB
  Inactive 726844 kB
  Active(anon) 74112 kB
  Inactive(anon) 88348 kB
  Active(file) 96676 kB
  Inactive(file) 638496 kB
  Unevictable 12 kB
  Mlocked 12 kB
  High Memory 139144 kB
  Free High Memory 252 kB
  Low Memory 894940 kB
  Free Low Memory 94024 kB
  Virtual Memory 2931852 kB
  Free Virtual Memory 2931852 kB
  Dirty 12 kB
  Writeback 0 kB
  AnonPages 156996 kB
  Mapped 57392 kB
  Slab 24260 kB
  SReclaimable 18864 kB
  SUnreclaim 5396 kB
  PageTables 1376 kB
  NFS_Unstable 0 kB
  Bounce 0 kB
  WritebackTmp 0 kB
  CommitLimit 3448892 kB
  Committed_AS 404212 kB
  VmallocTotal 122880 kB
  VmallocUsed 27648 kB
  VmallocChunk 52368 kB
  DirectMap4k 32760 kB
  DirectMap4M 876544 kB
  Benchmarks
  CPU Blowfish
  CPU Blowfish
  This Machine 1595 MHz 50.176
  Intel(R) Celeron(R) M processor 1.50GHz (null) 26.1876862
  PowerPC 740/750 (280.00MHz) (null) 172.816713
  CPU CryptoHash
  CPU CryptoHash
  This Machine 1595 MHz 11.071
  CPU Fibonacci
  CPU Fibonacci
  This Machine 1595 MHz 74.202
  Intel(R) Celeron(R) M processor 1.50GHz (null) 8.1375674
  PowerPC 740/750 (280.00MHz) (null) 58.07682
  CPU N-Queens
  CPU N-Queens
  This Machine 1595 MHz 132.704
  FPU FFT
  FPU FFT
  This Machine 1595 MHz 104.630
  FPU Raytracing
  FPU Raytracing
  This Machine 1595 MHz 212.639
  Intel(R) Celeron(R) M processor 1.50GHz (null) 40.8816714
  PowerPC 740/750 (280.00MHz) (null) 161.312647
  So what I am wanting help with is finding the solution to the cpu usage so that I can use this computer at least until I can afford a new power supply or whatever. I am open to any good suggestions, though I must state I am not really interested in tiling wm's at the moment. I am just not a true minimalist.
  Thanks in advance for any and all help. I understand that there is a lot of info in this post, but it is my hope that with this info the problem can be solved. If there is info I didn't provide that is needed, please let me know.

  also check that you have
  session.screen0.opaqueMove false
  in your .fluxbox/init  this will probably help a bit if it is currently true,
  Last edited by Cyrusm (2009-01-26 13:52:13)

• Reading/snooping through backed up files

  Hi all - I backed up my Blackberry using BB Desktop software to my Mac about two months ago.  I'm giving my Mac to a  family member, who is NOSY and I want to make sure they can't recover /snoop through my personal information (backed up texts, MMS's, etc). Is there a way to delete the backed up texts before I give the Mac to them? I don't want them seeing my personal messages/backed up info. Thanks!

  Hiya!
  no they cannot view it... the backup file... is one file, only actually readable by the desktop software. they cannot simply open the file and browse around it.
  1). Please thank those who help you by clicking the beside the 'Reply' button.
  2). If your issue has been solved, please resolve it by marking "Accept as Solution" on the correct post!
  3). Remember to have fun! We are all in this together!
  4). Follow me on

• Solaris 9 U7 (2004/09) MultiLayered Flash Archive issue + solution ?

  In Solaris 9 Update 7 (2004/09) the multilayered flash archive installation feature is broken.
  I think that this is a known issue:
  4945516 Failure of multi-layered archive with Solaris 9 4/03 on Postdeployment process
  I manage to flash my archives by changing the following statement found at line 24 of the file
  ../Solaris_9/Tools/Boot/usr/lib/flash/postdeployment_processing
  from
  if [ ! -L $FLASH_ROOT/etc/rc2.d/S98flash_reboot ] ; then
  to
  if [ -L $FLASH_ROOT/etc/rc2.d/S98flash_reboot ] ; then
  This issue is addressed in the patch 113434-22
  113434-22/SUNWinst/reloc/usr/lib/flash/postdeployment_processing
  But the if statement is not the good one.
  Is this correct ?
  Coco D.

  Ideas.. Hmm, none which seems that correct, but you could try some things.
  If it gets the wrong IP that could explain why it fails to copy the sysidcfg file.
  First you could try and do a snoop on the ethernet address;
  snoop ether 0:3:ba:14:c6:cd
  (you could also try the -v flag to increase the verbosity).
  The things you should look for are arp/rarp requests, the jumpstart client will use arp/rarp to determine its IP address, snoop will show you which server that responds, and what address it gets, futher more its a good idea to verify that the response to the bootparams requests comes from the correct server.
  Of course there might be other oddnesses as well.
  Was the data you provided extracts? If it was you should check the /etc/ethers and /etc/bootparams for duplicates entries, so there are no other occourances of the clients ehternet address in /etc/ethers, and no bogus entries starting with * or the same hostname in /etc/bootparams.
  If you added the client manually you could always try and use the Tools/rm_install_client and Tools/add_install_client scripts to add it again, these script sometimes detect problems with the configuration.
  Lastly you didn't show us your /etc/nsswitch.conf file, but i assume that it has "files" first for the ethers, hosts and bootparams entries?
  Good luck
  //Magnus

• Vwlc 7.3.101.0 DHCP issue ?

  Hello all,
  a wireless client can't get an IP address via DHCP.
  The controler is configured as "DHCP bridging mode", the DHCP server is a 3750 on the same L2 segment.
  The security part is done by ISE 1.1.3, the client get authenticated successfully and debug on the vwlc says :
  (Cisco Controller) >*DHCP Socket Task: Apr 22 17:50:13.445: 00:26:4a:fd:ed:a4 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 1, encap 0xec03)
  *DHCP Socket Task: Apr 22 17:50:13.445: 00:26:4a:fd:ed:a4 DHCP processing DHCP REQUEST (3)
  *DHCP Socket Task: Apr 22 17:50:13.445: 00:26:4a:fd:ed:a4 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
  *DHCP Socket Task: Apr 22 17:50:13.445: 00:26:4a:fd:ed:a4 DHCP   xid: 0x7f6910ce (2137592014), secs: 0, flags: 0
  *DHCP Socket Task: Apr 22 17:50:13.445: 00:26:4a:fd:ed:a4 DHCP   chaddr: 00:26:4a:fd:ed:a4
  *DHCP Socket Task: Apr 22 17:50:13.445: 00:26:4a:fd:ed:a4 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
  *DHCP Socket Task: Apr 22 17:50:13.445: 00:26:4a:fd:ed:a4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  *DHCP Socket Task: Apr 22 17:50:13.445: 00:26:4a:fd:ed:a4 DHCP   requested ip: 192.168.10.4
  *DHCP Socket Task: Apr 22 17:50:13.445: 00:26:4a:fd:ed:a4 DHCP successfully bridged packet to DS
  *DHCP Socket Task: Apr 22 17:50:13.447: 00:26:4a:fd:ed:a4 DHCP received op BOOTREPLY (2) (len 308,vlan 0, port 1, encap 0xec00)
  *DHCP Socket Task: Apr 22 17:50:13.447: 00:26:4a:fd:ed:a4 DHCP processing DHCP ACK (5)
  *DHCP Socket Task: Apr 22 17:50:13.447: 00:26:4a:fd:ed:a4 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
  *DHCP Socket Task: Apr 22 17:50:13.447: 00:26:4a:fd:ed:a4 DHCP   xid: 0x7f6910ce (2137592014), secs: 0, flags: 80
  *DHCP Socket Task: Apr 22 17:50:13.447: 00:26:4a:fd:ed:a4 DHCP   chaddr: 00:26:4a:fd:ed:a4
  *DHCP Socket Task: Apr 22 17:50:13.447: 00:26:4a:fd:ed:a4 DHCP   ciaddr: 0.0.0.0,  yiaddr: 192.168.10.4
  *DHCP Socket Task: Apr 22 17:50:13.447: 00:26:4a:fd:ed:a4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  *DHCP Socket Task: Apr 22 17:50:13.447: 00:26:4a:fd:ed:a4 DHCP   server id: 192.168.10.1  rcvd server id: 192.168.10.1
  *DHCP Socket Task: Apr 22 17:50:13.447: 00:26:4a:fd:ed:a4 DHCP successfully bridged packet to STA
  however, the wireless client never get the IP address.
  See attached .jpg, the IP address seems to be attached to the wireless client.....
  Is anyone could help me please ?
  Regards.
  TM

  Ok DHCP Snooping was the issue....
  The DHCP message response seems to enter back the switch  (from the vwlc to the AP ) on the same port it came from.
  (the Sw acts as a DHCP server)
  Now I have an IP address assign by DHCP but no connectivity though !!!

• WLC 5508 7.0.98.0 has vpn client connection issues

  Hi
  my guest ssid is set to L2 security none and L3 Web policy and authentication local. clients that need to connect to some vpn server (internet) are reporting disconnection issues with the vpn session but not the wireless network. as soon as they get connected via another wireless internet connection the vpn connection gets stable. that makes me thing is in deed the my wireless network the one causing issues.  is there a know issues with the web authentication WLAN and vpn clients?  no firewall in the middle.
  Exclusionlist.................................... Disabled
  Session Timeout.................................. Infinity
  CHD per WLAN..................................... Enabled
  Webauth DHCP exclusion........................... Disabled
  Interface........................................ xxxxxxxxxxxxxxxx
  WLAN ACL......................................... unconfigured
  DHCP Server...................................... Default
  DHCP Address Assignment Required................. Disabled
  --More or (q)uit current module or <ctrl-z> to abort
  Quality of Service............................... Bronze (background)
  Scan Defer Priority.............................. 4,5,6
  Scan Defer Time.................................. 100 milliseconds
  WMM.............................................. Allowed
  Media Stream Multicast-direct.................... Disabled
  CCX - AironetIe Support.......................... Enabled
  CCX - Gratuitous ProbeResponse (GPR)............. Disabled
  CCX - Diagnostics Channel Capability............. Disabled
  Dot11-Phone Mode (7920).......................... Disabled
  Wired Protocol................................... None
  IPv6 Support..................................... Disabled
  Passive Client Feature........................... Disabled
  Peer-to-Peer Blocking Action..................... Disabled
  Radio Policy..................................... All
  DTIM period for 802.11a radio.................... 1
  DTIM period for 802.11b radio.................... 1
  Radius Servers
     Authentication................................ Disabled
     Accounting.................................... Disabled
     Dynamic Interface............................. Disabled
  Local EAP Authentication......................... Disabled
  Security
     802.11 Authentication:........................ Open System
     Static WEP Keys............................... Disabled
     802.1X........................................ Disabled
     Wi-Fi Protected Access (WPA/WPA2)............. Disabled
     CKIP ......................................... Disabled
     Web Based Authentication...................... Enabled
          ACL............................................. Unconfigured
          Web Authentication server precedence:
          1............................................... local
     Web-Passthrough............................... Disabled
     Conditional Web Redirect...................... Disabled
     Splash-Page Web Redirect...................... Disabled
     Auto Anchor................................... Disabled
     H-REAP Local Switching........................ Disabled
     H-REAP Learn IP Address....................... Enabled
     Client MFP.................................... Optional but inactive (WPA2 not configured)
     Tkip MIC Countermeasure Hold-down Timer....... 60
  Call Snooping.................................... Disabled
  Roamed Call Re-Anchor Policy..................... Disabled
  Band Select...................................... Disabled
  Load Balancing................................... Disabled

  Thanks Scott,
  We have two controllers and all the APs (50) are associated with the primary Controller,what is the best path to follow for the upgrade.
  we don't have Field recoversy image installed on our controller, do we have to do the FSU upgrade?
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.0.98.0
  Bootloader Version............................... 1.0.1
  Field Recovery Image Version..................... N/A
  Firmware Version................................. FPGA 1.3, Env 1.6, USB console                                                        1.27
  Build Type....................................... DATA + WPS
  System Name...................................... Airespace_01
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  IP Address....................................... 10.0.0.201
  Last Reset....................................... Power on reset
  System Up Time................................... 9 days 2 hrs 57 mins 21 secs
  System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
  Current Boot License Level....................... base
  Current Boot License Type........................ Permanent
  Next Boot License Level.......................... base
  Next Boot License Type........................... Permanent
  Configured Country............................... Multiple Countries:US,CN,DE,TW,HK
  Is the below Upgrade Path make sense ?
  1. Upgrade the Primary controller and reboot- wait till all APs associate with primary controller and download the new image
  2. Upgrade the secondary controller and reboot
  3. Failover the APs to secondary controller and test
  Siddhartha