Wireless IP clients connecting to 7800 call manager

Can a windows mobile 5 802 PDA with SIP capability be connected to a cisco call manager to use its voip ability like a soft phone? Is there a client program like skype that is needed that cisco provides to allow it to connect as a phone to the 7800 call manager?

I've given up and had to go back to running "Double NAT" which also reports as a "problem" within the AEBS, but I just "ignore" it so the light will always be green.
It still ***** though, as "Double NAT" is also a reason for "Back to my Mac" not working properly, but how the ** am I supposed to avoid Double NAT when the wireless will not work in bridged mode?!

Similar Messages

Maximum concurrent call connections for our Call Manager v7.15

Hi everyone,
Hope you can help! I was just asked one question I should have known how to answer...
We are using CM 7.15. Have 1 publisher and 1 subscriber. We have 2 pri T1 (24 slots). One connects to 1 2821 Voice gateway and another one is connection to another 2821 voice gateway in another location. I do not think we use SIP trunk...but I am not sure if we are using mpcp or H323.... so how do I check which protocol I use?
The most important question is... I would like to ask how I can find out what the maximum concurrent sessions of the call connections are? How do I find it out?
Please help...thank you very much for your help.
Takumi

Hi Bobson Lam,
in CUCM Administration > Device > Gateway, you have a list of configured Gateways ... in this list there is a column called 'Device Type', this column shows the 'H.323 Gateway' or the Gateway Model (for ex.: 2821) if it's MGCP.
For Maximum Concurrent Sessions ... have you try RTMT (CUCM Administration > Administrations > Plugin > RTMT for Windows)? There are some System - Performance, that shows, for example, Call Active for H.323.
Hope this helps.

Cisco ip phone 7960 cannot connect to call manager express

The 7960 ip phone seems not to connect to the call manager express
router and i have already put the firmware and configured the tftp
server,the rest of the phones the 7911`s are all working ok,i have tried
to reset the phone but it doesnt respond to the # key so as to reset to
factory defaults.
I have tried all the options of resetting it but to no avail.
could someone give me some techie tips on this ? could it be a hardware issue ?? please assist.

Go to the phone and check if the TFTP server is correct (should be the CME IP address). Also check the DHCP address.
Resetting 7900 Series IP Phones to Factory Defaults:
http://www.cisco.com/en/US/products/hw/phones/ps379/products_tech_note09186a00800941bb.shtml
Check the bug:
CSCed93627: Not able to reset 7970 back to factory defaults

Call manager and type of Voip phones

Just wanted to thank everyone for the help.
My background is Telepresence and minimal on Call Manager 8.
Just wanted to ask if I can somehow pull a list of all type of phones connected to the call manager - we currently have 7942 and 7975. I need the list which phone number is using which type of phone.

Hi Mark,
Here are 3 suggestions:
1) Goto Device > Phone, add the 'Directory Number' and 'Device Type' as search criteria and click 'Find'. This is limited as it can't be exported.
2) Run the following SQL Query:
SELECT d.name, n.dnorpattern, dn.numplanindex, m.name as Model FROM numplan AS n JOIN devicenumplanmap AS dn ON n.pkid=dn.fknumplan JOIN device AS d ON d.pkid=dn.fkdevice JOIN typemodel AS m ON d.tkmodel=m.enum JOIN typeclass AS c ON d.tkclass=c.enum WHERE c.name="Phone" ORDER BY m.name, d.name, dn.numplanindex
3) Use a 3rd Party product to extract and export the required data such as PhoneView from UnifiedFX
PhoneView is the most advanced endpoint management product available including the ability to gather extensive device/user information and then interact and export that data.
Thanks
Stephen Welsh
CTO
http://www.unifiedfx.com

IPCC Enterprise / Two Call Manager Clusters

Let's say I have an IPCC Enterprise set up using a call manager cluster, a progger server (has peripheral gateway, router, and logger), an HDS server, an IP-IVR, and a CAD server. Its up and running. Now let's say I have another call manager cluster and I'd like to have users on that cluster become call center agents connected to ICM in the IPCC Enterprise environment. Is this even possible? Can it done by the use of another peripheral gateway server used to connect the 2nd call manager cluster to the rogger and IP-IVR? Any feedback appreciated.

Now let's say I have another call manager cluster and I'd like to have users on that cluster become call center agents connected to ICM in the IPCC Enterprise environment. Is this even possible?
Of course it is possible. That's what it was designed to do.
There are some big ICMs out there with many peripheral gateways. The big ones have many TDM switches, but some have multiple Call Managers too. I don't personally know of any with more than mid-30s peripheral gateways, but I have heard that there are much bigger ones than that (I am thinking of the IRS).
Can it done by the use of another peripheral gateway server used to connect the 2nd call manager cluster to the rogger and IP-IVR? Any feedback appreciated.
Yes.
One thing I'd like to check with you ... you say "a progger server" and you say "an HDS, an IP-IVR" etc.
Are there really just one of each of these? Normally there is a fault tolerant pair of proggers, two HDS for redundancy, two IP-IVR etc for redundancy. To extend the Enterprise system to another CUCM cluster one would add a PAIR of PGs.
Regards,
Geoff

No CLI Access to Call Manager MCS 7800

Hello, my client has a Call Manager server MCS 7800. We have access to the GUI, but the former IT Manager's network docu
mentation has an incorrect password for telnet access. How can we go about recovering or resetting this password?
thanks for any help in advance.

Bad news:
http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucmbe/rel_notes/6_1_2/cucmbe-rel_note-612_2.html#wp339319
Cisco Unified Communications Manager Does Not Support Recovery of Administration or Security Passwords
Cisco Unified Communications Manager does not support recovery of administration or security passwords. If you lose these passwords, you must reset the passwords, as described in the Cisco Unified Communications Operating System Administration Guide.
The Cisco Unified Communications Operating System Administration Guide calls the section, "Recovering the Administrator or Security Passwords," instead of "Resetting the Administrator or Security Passwords." Access the "Recovering the Administrator or Security Passwords" section to reset the passwords.
Find your version here and follow the docs.
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_documentation_roadmaps_list.html
For 7.1.2, that would be here:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch2.html#wp1044244
Hope this helps....

I have a wireless home phone connect device. Can call out on it when dial tone present, but most times cannot receive calls since purchase. Anyone else having a problem with their home connect device?

Have had Wireless Home Phone connect device refreshed and updated three times since I purchased it in September 2014. Last tech I worked with on it initialized an NRB to check the network. I checked the location of the tower, which is less than one mile up the hill with clear line of site. The device always has two antennas on it. The device is great when it does work, but most of the time it rings three times and then jumps to an automated message saying the person I am calling is not available. I've actually gone up there several times to try an fix the device, but always end up calling a Verizon tech who has me unplug it, pull the battery, and they do some network stuff and then we turn it back on and it works. After the last time on 10/02/14, I called it and got the message. I drove up there, 100 miles one way, and called it while standing in the room. Got the same message. I picked up the phone, heard a dial tone and dialed my phone and it range through. I hung that phone connected to the device and call it using my cell phone. It rang through. I went home and tried to call it the next day. Again it did not ring through and I got the message after three rings. I call another phone at the facility and had them call me on my mom's phone and it is fixed it again. The fix last for a day or two and then it's broken again, like it is today. If it's a network problem then it must be fairly close to the area because no matter what we do it fails again. So much for the 99.98% reliable. This thing is a piece of junk!
I purchased this device and put it on my plan so that my mother who we placed in a home at 96 years old would have a phone connection that she could use and wouldn't flip her out. My family and her family has not been able to faithfully connect with her at this critical time in her life. I am giving Verizon 10 more days to figure this out and then I am going to ask for a total refund not to mention how much time and travel I have put into this piece of junk. Either the home connect transceiver is broken or the network is broken. Why should I pay close to $70 for a service that has not worked more than several days out of 35 days? Also I have spent close to three hours on the phone with decent technical people, but it's my time. I should send Verizon a bill for every time I have gone up there to fix this device as well.
What perplexes me is that a regular cell phone would have sufficed, but because Verizon has to have a data connection that is not available on a regular phone and it was going to cost me $30/month, I decided to go with the home connect. Seemed like a nice solution for an older person who would have a hard time using a cell phone and keeping it charged. Plus after all the fees for getting it connected, it only cost $20/month. That would be a pretty good thing, IF IT WORKED....... The other thing that irks me is, why do I have to pay for a data connection when the cell phone Verizon originally provided can't even access the network. What ever happened to adding a phone line for $10 bucks\ month? All I wanted was a simple phone. She would not be able to use anything more complex and all she needs is a phone line period.
I have no problem paying for something that works and does what it should, but this is ridiculousness. The MTF on this device is somewhere around 1 to 2 days. Out of 365 days that's about a 96.5% failure rate....... Want my advice? Get ride of this device. It sucks and it's bad marketing.

jsavage9621,
It pains me to hear about your experience with the Home Phone Connect. This device usually works seamlessly and is a great alternative to a landline phone. It sounds like we've done our fair share of work on your account here. I'm going to go ahead and send you a Private Message so that we can access your account and review any open tickets for you. I look forward to speaking with you.
TrevorC_VZW
Follow us on Twitter @VZWSupport

Instruction book say go to verizon wireless to get free copy of media manager so I can connect phone to computer. Can't find listing

Instruction book say go to verizon wireless to get free copy of media manager so I can connect phone to computer. Can't find listingfor the soft ware. It has one to send it to the cloud, but I want to save & edit it on my computer.

Try this: http://products.verizonwireless.com/index.aspx?id=fnd_backupAssistantPlus

JCO_ERROR_COMMUNICATION:JCO. Client not connected in repository call

Hi all,
I am trying to create an JCO connection with my Web Dynpro application to R/3 system. With WAS 6.40 i had no problems but with WAS 7.00 i am getting the following error:
JCO_ERROR_COMMUNICATION:JCO. Client not connected in repository call.
I think is has something to do with SLD on the WAS 7.00, but i don't know how to fix this.
Can anyone help me?
Regards
Romeo

Hi
See this Document to fix the problem
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/526bd490-0201-0010-038e-d3ff7eb1d16e
See this thread
Can't get RFC connection to R/3 System
Kind Regards
Mukesh

DPM console not connecting . Error- Cannot connect to Data Protection Manager. This version of DPM is not supported with Central Console Client (ID : 33345) DPM console not connecting

I am having problem connecting the DPM console to ther server. It gives me following error -
"Cannot connect to Data Protection Manager. This version of DPM is not supported with Central Console Client (ID : 33345)"
The server is DPM R2 and the same console is working on one other computer.
Any idea how to solve the problem?
Thanks

Hi
Please make sure you have both versions of Microsoft Visual C++ 2008 Redistributable installed..
Also make sure you have .netframework 2 installed. If you look at the dpm logs it should say what is missing.

Understanding of wireless client connection to multiple APs

Hello,
I would like to know how do wireless clients connect to APs
For e.g. if in a single floor square office space - wireless network with multiple APs exists on the same SSID, how do clients decide which AP to connect to. For e.g. the client may get similar strength signals from two APs close to each other (such as Excellent). Which AP does client connect to.
Secondly, how does the load distribution take place. For e.g. if on one AP, 10 clients connect and on the other AP, 20 clients connect, how can equal load distribution be acheived, that is 15 on each AP without the tiring MAC filtering configurations.
Thirdly, is there something like number of user/connection restrictions on APs. I have gone through some AP manuals and did not find any such specifications like max. # of users = 20 etc. Currently we are using D-Link AP and have noticed that once the # of connections go upto 20, performance reduces heavily such as the latency on gateway pings go upto 1000-2000ms.
Fourthly, how can I identify from the client to which AP it is connected.
Thanks.

I would like to know how do wireless clients connect to APs
For e.g. if in a single floor square office space - wireless network with multiple APs exists on the same SSID, how do clients decide which AP to connect to. For e.g. the client may get similar strength signals from two APs close to each other (such as Excellent). Which AP does client connect to.
ANS - Its first come first serve... however.. sometimes if we have multiple SSIDs one with open auth and no encryption and other fuly protected.. then the client wil connect to the open rather the secured on.
Secondly, how does the load distribution take place. For e.g. if on one AP, 10 clients connect and on the other AP, 20 clients connect, how can equal load distribution be acheived, that is 15 on each AP without the tiring MAC filtering configurations.
ANS - MAC is a good option but apart from that.. i have seen somewhere but not able to remember the command which will limit the number of clients per radio..
Thirdly, is there something like number of user/connection restrictions on APs. I have gone through some AP manuals and did not find any such specifications like max. # of users = 20 etc. Currently we are using D-Link AP and have noticed that once the # of connections go upto 20, performance reduces heavily such as the latency on gateway pings go upto 1000-2000ms.
ANS - AP can take upto 2048 MAC addresses.. its recommended not to have more than 24 clients per AP..
Fourthly, hw can I identify from the client to which AP it is connected.
ANS -If the clients are CCX compatible and aironet extentions enabled on the AP. then the command "show dot11 ass" will tell the clients connecting to which AP.. the AP name will get displsayed in the output..
Regards
Surendra

JCO.Client not connected in repository call (EP7)

Hi guys,
please can someone help me with this error msg?
I dont understand why we getting this error msg, for some users they can run reports and others get this msg.
500 Internal Server Error
BEx Web Application
Failed to process request. Please contact your system administrator.
[Hide]
Error Summary
While processing the current request, an exception occured which could not be handled by the application or the framework.
If the information contained on this page doesn't help you to find and correct the cause of the problem, please contact your system administrator.
To facilitate analysis of the problem, keep a copy of this error page. Hint: Most browsers allow to select all content, copy it and then paste it into an empty document (e.g. email or simple text file).
Root Cause
The initial exception that caused the request to fail, was:
JCO.Client not connected in repository call
com.sap.mw.jco.JCO$Exception: (102) JCO_ERROR_COMMUNICATION: JCO.Client not connected in repository call
at com.sap.mw.jco.JCO$Repository.getVersion(JCO.java:20290)
at com.sap.mw.jco.JCO$Repository.queryFunctionInterface(JCO.java:20630)
at com.sap.mw.jco.JCO$Repository.queryFunctionInterface(JCO.java:20351)
at com.sap.mw.jco.JCO$Repository.getFunctionInterface(JCO.java:20465)
at com.sap.mw.jco.JCO$BasicRepository.getFunctionTemplate(JCO.java:19533)
Details: Full Exception Chain
System Environment
Server
BI Java     Release: 7 - Patch level: 0000000009 - Description: BI Web Applications Java - Additional info: - Production mode: true
BI ABAP     unknown
Java Virtual Machine     Java HotSpot(TM) 64-Bit Server VM - Sun Microsystems Inc. - 1.4.2_12-b03
Operating System     Linux - ia64 - 2.6.9-22.0.1.EL
Full Exception Chain
Log ID     0012799E22D40054000001AF00006B9400042A20B9AF8861
com.sap.ip.bi.base.exception.BIBaseRuntimeException: JCo exception thrown when connecting to system "SAP_BW"
     at com.sap.ip.bi.base.application.service.rfcproxy.impl.jco640.Jco640Proxy.createFunction(Jco640Proxy.java:87)
     at com.sap.ip.bi.base.application.service.impl.application.ApplicationSettingsService.initializeProperties(ApplicationSettingsService.java:130)
     at com.sap.ip.bi.base.application.service.impl.application.ApplicationSettingsService.initialization(ApplicationSettingsService.java:124)
     at com.sap.ip.bi.base.application.impl.Application.createService(Application.java:477)
     at com.sap.ip.bi.base.application.impl.Application.getProperty(Application.java:624)
     at com.sap.ip.bi.base.application.impl.Application.initialization(Application.java:229)
     at com.sap.ip.bi.base.application.ApplicationFactory.createApplication(ApplicationFactory.java:132)
     at com.sap.ip.bi.base.application.ApplicationFactory.createApplication(ApplicationFactory.java:63)
     at com.sap.ip.bi.webapplications.runtime.impl.Page.constructPage(Page.java:729)
     at com.sap.ip.bi.webapplications.runtime.impl.Page.<init>(Page.java:647)
     at com.sap.ip.bi.webapplications.runtime.controller.impl.Controller.createPage(Controller.java:504)
     at com.sap.ip.bi.webapplications.runtime.controller.impl.Controller.doProcessRequest(Controller.java:911)
     at com.sap.ip.bi.webapplications.runtime.controller.impl.Controller.processRequest(Controller.java:851)
     at com.sap.ip.bi.webapplications.runtime.jsp.portal.services.BIRuntimeService.handleRequest(BIRuntimeService.java:380)
     at com.sap.ip.bi.webapplications.runtime.jsp.portal.components.LauncherComponent.doContent(LauncherComponent.java:21)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:209)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
     at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
     at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)
     at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:646)
     at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
     at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753)
     at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
     at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
Many thanks in advance
Jo-lize

Hi, you can fix the problem ?
i have same problem in BI7 and EP7, when launch Template Installer.
<b>Create Destination in ABAP Import not successful Element 'SAPConfigLib.DES.Unclassified.createRfcDestination':!BrokerImport.import_of_element_failed!!BrokerImport.Fehler!com.sap.tc.lm.ctc.cul.cpi.exceptions.CPIBaseException: <Localization failed: ResourceBundle='com.sap.tc.lm.ctc.cul.cpi.CPIResourceBundle', ID='com.sap.tc.lm.ctc.cul.cpi.BaseException_BASE_EXCEPTION', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key com.sap.tc.lm.ctc.cul.cpi.BaseException_BASE_EXCEPTION:com.sap.tc.lm.ctc.provider.javaServiceProvider.JavaServiceWriter.writeElement!BrokerImport.LINE!157-:com.sap.tc.lm.ctc.cul.broker.BrokerImport.importElement.86
-:com.sap.tc.lm.ctc.cul.broker.BrokerImport.importElement.128
-:com.sap.tc.lm.ctc.cul.broker.BrokerImport.importElement.128
-:com.sap.tc.lm.ctc.cul.serviceimpl.importservice.CULConfigurationImport.importConfiguration.96
-:com.sap.tc.lm.ctc.ccl.templateinstaller.StepExecuter.run.41
Element 'SAPConfigLib.DES.Unclassified.createRfcDestination':Error during executing Java Reflection:JCO.Client not connected in repository call
</b>

Wireless Lan Client Manager for WinXP?

Hello,
Is there a way to install wireless lan client manager under windows XP? If there is a way can somebody help me please? I dont want install Windows 2k because win 2k is so slow.
Thanks a lot!
A.

Hello
If you have Intel WLAN card you can download and use the Intel WLAN client manager. You can find it under http://downloadfinder.intel.com/scripts-df-external/detail_desc.aspx?ProductID=1637&DwnldID=9003&agr=N .
Bye

Connectivity Issue between ASA 5520 firewall and Cisco Call Manager

Recently i have installed ASA 5520 firewall, Below is the detail for my network
ASA 5520 inside ip: 10.12.10.2/24
Cisco Switch 3560 IP: 10.12.10.1/24 for Data and 10.12.110.2/24 for Voice
Cisco Call Manager 3825 IP: 10.12.110.2/24
The users and the IP phone are getting IP from the DHCP server which configured on cisco 3560 Switch.
the Default Gateway for Data user is 10.12.10.2/24 and
for the voice users is 10.12.110.2/24
now the problem is that the users is not able to ping 10.12.110.2 call manager. please if somebody can help in this regard. i will appreciate the prompt response against this issues.

Actually i don't wana to insert new subnet and complicate the nework. i need a simple way to solve the problem. below is the details for the asa 5520 config.
ASA Version 8.2(1)
name x.x.x.x Mobily
interface GigabitEthernet0/0
nameif inside
security-level 99
ip address 10.12.10.2 255.255.255.0
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.252
object-group service DM_INLINE_SERVICE_1
service-object tcp-udp
service-object ip
service-object icmp
service-object udp
service-object tcp eq ftp
service-object tcp eq www
service-object tcp eq https
service-object tcp eq ssh
service-object tcp eq telnet
access-list RA_VPN_splitTunnelAcl_1 standard permit Inside-Network 255.255.255.0
access-list RA_VPN_splitTunnelAcl standard permit Inside-Network 255.255.255.0
access-list inside_nat0_outbound extended permit ip Inside-Network 255.255.255.0 10.12.10.16 255.255.255.240
access-list inside_nat0_outbound extended permit object-group DM_INLINE_SERVICE_1 10.12.10.16 255.255.255.240 Inside-Network 255.255.255.0
access-list inside_nat0_outbound_1 extended permit ip Inside-Network 255.255.255.0 10.12.10.16 255.255.255.240
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu mgmt 1500
ip local pool VPN-Pool 172.16.1.1-172.16.1.30 mask 255.255.255.0
ip local pool VPN-Users 10.12.10.21-10.12.10.30 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-641.bin
asdm history enable
arp timeout 14400
global (inside) 2 interface
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound_1
nat (inside) 1 Inside-Network 255.255.255.0
route outside 0.0.0.0 0.0.0.0 Mobily 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http Mgmt-Network 255.255.255.0 mgmt
http Inside-Network 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet Inside-Network 255.255.255.0 inside
telnet timeout 5
ssh Inside-Network 255.255.255.255 inside
<--- More ---> ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy RA_VPN internal
group-policy RA_VPN attributes
dns-server value 86.51.34.17 8.8.8.8
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RA_VPN_splitTunnelAcl
username admin password LPtK/u1LnvHTA2vO encrypted privilege 15
tunnel-group RA_VPN type remote-access
tunnel-group RA_VPN general-attributes
address-pool VPN-Users
default-group-policy RA_VPN
tunnel-group RA_VPN ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:e5a64fa92ae465cd7dabd01ce605307d
: end

Howto block p2p traffic of clients connected to the same ssid on different wlc

Hi all,
I use two wlc 4400 (4.2.x version) with a mobility domain and one ssid, both wlc are connected to a cisco l2 switch infrastructure. On the wlc I use the p2p blocking action 'drop' (http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1209597) to isolate the clients from each other. Does anybody know if only unicast traffic is blocked or also multicast and broadcast traffic like arp requests?
Concerning blocking p2p traffic of clients connected to the same ssid but different controllers I found the following statement in the LAP FAQs (http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml):
===
Q. In autonomous APs, Public Secure Packet Forwarding (PSPF) is used to avoid client devices associated to this AP from inadvertently sharing files with other client devices on the wireless network. Is there any equivalent feature in Lightweight APs?
A. The feature or the mode that performs the similar function of PSPF in lightweight architecture is called peer-to-peer blocking mode. Peer-to-peer blocking mode is actually available with the controllers that manage the LAP. If this mode is disabled on the controller (which is the default setting), it allows the wireless clients to communicate with each other through the controller. If the mode is enabled, it blocks the communication between clients through the controller. It only works among the APs that have joined to the same controller. When enabled, this mode does not block wireless clients terminated on one controller from the ability to get to wireless clients terminated on a different controller, even in the same mobility group.
===
Does anybody know what's the best practise to prevent this inter wlc client traffic? I already read about using acls on the wlc dynamic interfaces, or private vlans on the l2 switch vlans where the dynamic interfaces are connected to. Is it allowed to completely isolate the wlc from each other on these dynamic interfaces with acls or private vlans or do the wlc need to see each other on this interfaces (e.g. heart beat)?
Many thanks in advance,
Thorsten

Hi Sasha,Thorsten
The bug is Junked and I believe which is what you are running into with your tests:
CSCtr60787 WLC P2P Blocking Set to Forward-UpStream Doesn't Work.
Bugtoolkit : http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
To answer your original query :
ACL is only solution to block client communication on same ssid between 2 wlcs. 5508 works better with ACLs then 44xx platform.
ARP requests will be forwarded to upstream router just like any other traffic. WLC won't proxy arp for clients on same vlan.
Gateway arp's I believe should be handled by WLC . ( Don't quote me on this but I am pretty sure it is ) ..If it was not, then how would client know about gw ?
Multicast traffic is not applicable for p2p.
Your ACL can be as simple as this for the scenario :
WLC 1 - clientvlan = 10
WLC 2 - clientvlan = 10
and you want to restrict users from wlc1-wlc1, wlc1-wlc2, wlc2-wlc2 for same vlan10.
Basically in that case the ACL should look like on both WLCs :
1. Permit statement to talk to gateway.
2. Deny to subnet.
3. Permit all.
4. If DHCP/DNS other services are on same subnet then you would need to add a permit
statement before the deny.
5. Attach the ACL to SSID or dymanic interface.
Thanks..Salil
CSCtr60787 WLC P2P Blocking Set to Forward-UpStream Doesn't Work.

Wireless IP clients connecting to 7800 call manager

Similar Messages

Maybe you are looking for