Wireless IP clients connecting to 7800 call manager

Similar Messages

• Maximum concurrent call connections for our Call Manager v7.15

  Hi everyone,
  Hope you can help! I was just asked one question I should have known how to answer...
  We are using CM 7.15. Have 1 publisher and 1 subscriber. We have 2 pri T1 (24 slots).  One connects to 1 2821 Voice gateway and another one is connection to another 2821 voice gateway in another location. I do not think we use SIP trunk...but I am not sure if we are using mpcp or H323.... so how do I check which protocol I use?
  The most important question is... I would like to ask how I can find out what the maximum concurrent sessions of the call connections are? How do I find it out?
  Please help...thank you very much for your help.
  Takumi

  Hi Bobson Lam,
   in CUCM Administration > Device > Gateway, you have a list of configured Gateways ... in this list there is a column called 'Device Type', this column shows the 'H.323 Gateway' or the Gateway Model (for ex.: 2821) if it's MGCP.
   For Maximum Concurrent Sessions ... have you try RTMT (CUCM Administration > Administrations > Plugin > RTMT for Windows)? There are some System - Performance, that shows, for example, Call Active for H.323.
  Hope this helps.

• Cisco ip phone 7960 cannot connect to call manager express

  The 7960 ip phone seems not to connect to the call manager express
  router and i have already put the firmware and configured the tftp
  server,the rest of the phones the 7911`s are all working ok,i have tried
  to reset the phone but it doesnt respond to the # key so as to reset to
  factory defaults.
  I have tried all the options of resetting it but to no avail.
  could someone give me some techie tips on this ? could it be a hardware issue ?? please assist.

  Go to the phone and check if the TFTP server is correct (should be the CME IP address). Also check the DHCP address.
  Resetting 7900 Series IP Phones to Factory Defaults:
  http://www.cisco.com/en/US/products/hw/phones/ps379/products_tech_note09186a00800941bb.shtml
  Check the bug:
  CSCed93627: Not able to reset 7970 back to factory defaults

• Call manager and type of Voip phones

  Just wanted to thank everyone for the help.
  My background is Telepresence and minimal on Call Manager 8.
  Just wanted to ask if I can somehow pull a list of all type of phones connected to the call manager - we currently have 7942 and 7975. I need the list which phone number is using which type of phone.

  Hi Mark,
  Here are 3 suggestions:
  1) Goto Device > Phone, add the 'Directory Number' and 'Device Type' as search criteria and click 'Find'. This is limited as it can't be exported.
  2) Run the following SQL Query:
  SELECT d.name, n.dnorpattern, dn.numplanindex, m.name as Model FROM numplan AS n JOIN devicenumplanmap AS dn ON n.pkid=dn.fknumplan JOIN device AS d ON d.pkid=dn.fkdevice JOIN typemodel AS m ON d.tkmodel=m.enum JOIN typeclass AS c ON d.tkclass=c.enum WHERE c.name="Phone" ORDER BY m.name, d.name, dn.numplanindex
  3) Use a 3rd Party product to extract and export the required data such as PhoneView from UnifiedFX
  PhoneView is the most advanced endpoint management product available including the ability to gather extensive device/user information and then interact and export that data.
  Thanks
  Stephen Welsh
  CTO
  http://www.unifiedfx.com

• IPCC Enterprise / Two Call Manager Clusters

  Let's say I have an IPCC Enterprise set up using  a call manager cluster, a progger server (has peripheral gateway, router, and logger), an HDS server, an IP-IVR, and a CAD server. Its up and running. Now let's say I have another call manager cluster and I'd like to have users on that cluster become call center agents connected to ICM in the IPCC Enterprise environment. Is this even possible? Can it done by the use of another peripheral gateway server used to connect the 2nd call manager cluster to the rogger and IP-IVR? Any feedback appreciated.

  Now let's say I have another call manager cluster and I'd like to have users on that cluster become call center agents connected to ICM in the IPCC Enterprise environment. Is this even possible?
  Of course it is possible. That's what it was designed to do.
  There are some big ICMs out there with many peripheral gateways. The big ones have many TDM switches, but some have multiple Call Managers too. I don't personally know of any with more than mid-30s peripheral gateways, but I have heard that there are much bigger ones than that (I am thinking of the IRS).
  Can it done by the use of another peripheral gateway server used to connect the 2nd call manager cluster to the rogger and IP-IVR? Any feedback appreciated.
  Yes.
  One thing I'd like to check with you ... you say "a progger server" and you say "an HDS, an IP-IVR" etc.
  Are there really just one of each of these? Normally there is a fault tolerant pair of proggers, two HDS for redundancy, two IP-IVR etc for redundancy. To extend the Enterprise system to another CUCM cluster one would add a PAIR of PGs.
  Regards,
  Geoff

• No CLI Access to Call Manager MCS 7800

  Hello, my client has a Call Manager server MCS 7800.  We have access to the GUI, but the former IT Manager's network docu
  mentation has an incorrect password for telnet access.  How can we go about recovering or resetting this password?
  thanks for any help in advance.

  Bad news:
  http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucmbe/rel_notes/6_1_2/cucmbe-rel_note-612_2.html#wp339319
  Cisco Unified Communications Manager Does Not Support Recovery of Administration or Security Passwords
  Cisco Unified Communications Manager does not support recovery of administration or security passwords. If you lose these passwords, you must reset the passwords, as described in the Cisco Unified Communications Operating System Administration Guide.
  The Cisco Unified Communications Operating System Administration Guide calls the section, "Recovering the Administrator or Security Passwords," instead of "Resetting the Administrator or Security Passwords." Access the "Recovering the Administrator or Security Passwords" section to reset the passwords.
  Find your version here and follow the docs.
  http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_documentation_roadmaps_list.html
  For 7.1.2, that would be here:
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch2.html#wp1044244
  Hope this helps....

• I have a wireless home phone connect device. Can call out on it when dial tone present, but most times cannot receive calls since purchase. Anyone else having a  problem with their home connect device?

  Have had Wireless Home Phone connect device refreshed and updated three times since I purchased it in September 2014. Last tech I worked with on it initialized an NRB to check the network. I checked the location of the tower, which is less than one mile up the hill with clear line of site. The device always has two antennas on it. The device is great when it does work, but most of the time it rings three times and then jumps to an automated message saying the person I am calling is not available. I've actually gone up there several times to try an fix the device, but always end up calling a Verizon tech who has me unplug it, pull the battery, and they do some network stuff and then we turn it back on and it works. After the last time on 10/02/14, I called it and got the message. I drove up there, 100 miles one way, and called it while standing in the room. Got the same message. I picked up the phone, heard a dial tone and dialed my phone and it range through. I hung that phone connected to the device and call it using my cell phone. It rang through. I went home and tried to call it the next day. Again it did not ring through and I got the message after three rings. I call another phone at the facility and had them call me on my mom's phone and it is fixed it again. The fix last for a day or two and then it's broken again, like it is today. If it's a network problem then it must be fairly close to the area because no matter what we do it fails again. So much for the 99.98% reliable. This thing is a piece of junk!
  I purchased this device and put it on my plan so that my mother who we placed in a home at 96 years old would have a phone connection that she could use and wouldn't flip her out. My family and her family has not been able to faithfully connect with her at this critical time in her life. I am giving Verizon 10 more days to figure this out and then I am going to ask for a total refund not to mention how much time and travel I have put into this piece of junk. Either the home connect transceiver is broken or the network is broken. Why should I pay close to $70 for a service that has not worked more than several days out of 35 days? Also I have spent close to three hours on the phone with decent technical people, but it's my time. I should send Verizon a bill for every time I have gone up there to fix this device as well.
  What perplexes me is that a regular cell phone would have sufficed, but because Verizon has to have a data connection that is not available on a regular phone and it was going to cost me $30/month, I decided to go with the home connect. Seemed like a nice solution for an older person who would have a hard time using a cell phone and keeping it charged. Plus after all the fees for getting it connected, it only cost $20/month. That would be a pretty good thing, IF IT WORKED....... The other thing that irks me is, why do I have to pay for a data connection when the cell phone Verizon originally provided can't even access the network. What ever happened to adding a phone line for $10 bucks\ month? All I wanted was a simple phone. She would not be able to use anything more complex and all she needs is a phone line period.
  I have no problem paying for something that works and does what it should, but this is ridiculousness. The MTF on this device is somewhere around 1 to 2 days. Out of 365 days that's about a 96.5% failure rate....... Want my advice? Get ride of this device. It sucks and it's bad marketing.

      jsavage9621,
  It pains me to hear about your experience with the Home Phone Connect.  This device usually works seamlessly and is a great alternative to a landline phone.  It sounds like we've done our fair share of work on your account here.  I'm going to go ahead and send you a Private Message so that we can access your account and review any open tickets for you.  I look forward to speaking with you.
  TrevorC_VZW
  Follow us on Twitter @VZWSupport

• Instruction book say go to verizon wireless to get free copy of media manager so I can connect phone to computer. Can't find listing

  Instruction book say go to verizon wireless to get free copy of media manager so I can connect phone to computer. Can't find listingfor the soft ware. It has one to send it to the cloud, but I want to save & edit it on my computer.

  Try this:  http://products.verizonwireless.com/index.aspx?id=fnd_backupAssistantPlus

• JCO_ERROR_COMMUNICATION:JCO. Client not connected in repository call

  Hi all,
  I  am trying to create an JCO connection with my Web Dynpro application to R/3 system. With WAS 6.40 i had no problems but with WAS 7.00 i am getting the following error:
  JCO_ERROR_COMMUNICATION:JCO. Client not connected in repository call.
  I think is has something to do with SLD on the WAS 7.00, but i don't know how to fix this.
  Can anyone help me?
  Regards
  Romeo

  Hi
  See this Document to fix the problem
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/526bd490-0201-0010-038e-d3ff7eb1d16e
  See this thread
  Can't get RFC connection to R/3 System
  Kind Regards
  Mukesh

• DPM console not connecting . Error- Cannot connect to Data Protection Manager. This version of DPM is not supported with Central Console Client (ID : 33345) DPM console not connecting

  I  am having problem connecting the DPM console to ther server. It gives me following error -
  "Cannot connect to Data Protection Manager. This version of DPM is not supported with Central Console Client (ID : 33345)"
  The server is DPM R2 and the same console is working on one other computer.
  Any idea how to solve the problem?
  Thanks   

  Hi
  Please make sure you have both versions of Microsoft Visual C++ 2008 Redistributable installed..
  Also make sure you have .netframework 2 installed. If you look at the dpm logs it should say what is missing.

• Understanding of wireless client connection to multiple APs

  Hello,
  I would like to know how do wireless clients connect to APs
  For e.g. if in a single floor square office space - wireless network with multiple APs exists on the same SSID, how do clients decide which AP to connect to. For e.g. the client may get similar strength signals from two APs close to each other (such as Excellent). Which AP does client connect to.
  Secondly, how does the load distribution take place. For e.g. if on one AP, 10 clients connect and on the other AP, 20 clients connect, how can equal load distribution be acheived, that is 15 on each AP without the tiring MAC filtering configurations.
  Thirdly, is there something like number of user/connection restrictions on APs. I have gone through some AP manuals and did not find any such specifications like max. # of users = 20 etc. Currently we are using D-Link AP and have noticed that once the # of connections go upto 20, performance reduces heavily such as the latency on gateway pings go upto 1000-2000ms.
  Fourthly, how can I identify from the client to which AP it is connected.
  Thanks.

  I would like to know how do wireless clients connect to APs
  For  e.g. if in a single floor square office space - wireless network with  multiple APs exists on the same SSID, how do clients decide which AP to  connect to. For e.g. the client may get similar strength signals from  two APs close to each other (such as Excellent). Which AP does client  connect to.
  ANS - Its first come first serve... however.. sometimes if we have multiple SSIDs one with open auth and no encryption and other fuly protected.. then the client wil connect to the open rather the secured on.
  Secondly, how does  the load distribution take place. For e.g. if on one AP, 10 clients  connect and on the other AP, 20 clients connect, how can equal load  distribution be acheived, that is 15 on each AP without the tiring MAC  filtering configurations.
  ANS - MAC is a good option but apart from that.. i have seen somewhere but not able to remember the command which will limit the number of clients per radio..
  Thirdly, is there  something like number of user/connection restrictions on APs. I have  gone through some AP manuals and did not find any such specifications  like max. # of users = 20 etc. Currently we are using D-Link AP and have  noticed that once the # of connections go upto 20, performance reduces  heavily such as the latency on gateway pings go upto 1000-2000ms.
  ANS - AP can take upto 2048 MAC addresses.. its recommended not to have more than 24 clients per AP..
  Fourthly, hw can I identify from the client to which AP it is connected.
  ANS -If the clients are CCX compatible and aironet extentions enabled on the AP. then the command "show dot11 ass" will tell the clients connecting to which AP.. the AP name will get displsayed in the output..
  Regards
  Surendra

• JCO.Client not connected in repository call (EP7)

  Hi guys,
  please can someone help me with this error msg?
  I don’t understand why we getting this error msg, for some users they can run reports and others get this msg.
  500 Internal Server Error
  BEx Web Application
  Failed to process request. Please contact your system administrator.
  [Hide]
  Error Summary
  While processing the current request, an exception occured which could not be handled by the application or the framework.
  If the information contained on this page doesn't help you to find and correct the cause of the problem, please contact your system administrator.
  To facilitate analysis of the problem, keep a copy of this error page. Hint: Most browsers allow to select all content, copy it and then paste it into an empty document (e.g. email or simple text file).
  Root Cause
  The initial exception that caused the request to fail, was: 
  JCO.Client not connected in repository call
  com.sap.mw.jco.JCO$Exception: (102) JCO_ERROR_COMMUNICATION: JCO.Client not connected in repository call
  at com.sap.mw.jco.JCO$Repository.getVersion(JCO.java:20290)
  at com.sap.mw.jco.JCO$Repository.queryFunctionInterface(JCO.java:20630)
  at com.sap.mw.jco.JCO$Repository.queryFunctionInterface(JCO.java:20351)
  at com.sap.mw.jco.JCO$Repository.getFunctionInterface(JCO.java:20465)
  at com.sap.mw.jco.JCO$BasicRepository.getFunctionTemplate(JCO.java:19533)
  Details: Full Exception Chain
  System Environment
  Server
  BI Java     Release: 7 - Patch level: 0000000009 - Description: BI Web Applications Java - Additional info:  - Production mode: true
  BI ABAP     unknown
  Java Virtual Machine     Java HotSpot(TM) 64-Bit Server VM - Sun Microsystems Inc. - 1.4.2_12-b03
  Operating System     Linux - ia64 - 2.6.9-22.0.1.EL
  Full Exception Chain
  Log ID     0012799E22D40054000001AF00006B9400042A20B9AF8861
  com.sap.ip.bi.base.exception.BIBaseRuntimeException: JCo exception thrown when connecting to system "SAP_BW"
       at com.sap.ip.bi.base.application.service.rfcproxy.impl.jco640.Jco640Proxy.createFunction(Jco640Proxy.java:87)
       at com.sap.ip.bi.base.application.service.impl.application.ApplicationSettingsService.initializeProperties(ApplicationSettingsService.java:130)
       at com.sap.ip.bi.base.application.service.impl.application.ApplicationSettingsService.initialization(ApplicationSettingsService.java:124)
       at com.sap.ip.bi.base.application.impl.Application.createService(Application.java:477)
       at com.sap.ip.bi.base.application.impl.Application.getProperty(Application.java:624)
       at com.sap.ip.bi.base.application.impl.Application.initialization(Application.java:229)
       at com.sap.ip.bi.base.application.ApplicationFactory.createApplication(ApplicationFactory.java:132)
       at com.sap.ip.bi.base.application.ApplicationFactory.createApplication(ApplicationFactory.java:63)
       at com.sap.ip.bi.webapplications.runtime.impl.Page.constructPage(Page.java:729)
       at com.sap.ip.bi.webapplications.runtime.impl.Page.<init>(Page.java:647)
       at com.sap.ip.bi.webapplications.runtime.controller.impl.Controller.createPage(Controller.java:504)
       at com.sap.ip.bi.webapplications.runtime.controller.impl.Controller.doProcessRequest(Controller.java:911)
       at com.sap.ip.bi.webapplications.runtime.controller.impl.Controller.processRequest(Controller.java:851)
       at com.sap.ip.bi.webapplications.runtime.jsp.portal.services.BIRuntimeService.handleRequest(BIRuntimeService.java:380)
       at com.sap.ip.bi.webapplications.runtime.jsp.portal.components.LauncherComponent.doContent(LauncherComponent.java:21)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:209)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
       at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
       at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)
       at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:646)
       at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
       at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753)
       at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
       at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
  Many thanks in advance
  Jo-lize

  Hi, you can fix the problem ?
  i have same problem in BI7 and EP7, when launch Template Installer.
  <b>Create Destination in ABAP Import not successful Element 'SAPConfigLib.DES.Unclassified.createRfcDestination':!BrokerImport.import_of_element_failed!!BrokerImport.Fehler!com.sap.tc.lm.ctc.cul.cpi.exceptions.CPIBaseException: <Localization failed: ResourceBundle='com.sap.tc.lm.ctc.cul.cpi.CPIResourceBundle', ID='com.sap.tc.lm.ctc.cul.cpi.BaseException_BASE_EXCEPTION', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key com.sap.tc.lm.ctc.cul.cpi.BaseException_BASE_EXCEPTION:com.sap.tc.lm.ctc.provider.javaServiceProvider.JavaServiceWriter.writeElement!BrokerImport.LINE!157-:com.sap.tc.lm.ctc.cul.broker.BrokerImport.importElement.86
  -:com.sap.tc.lm.ctc.cul.broker.BrokerImport.importElement.128
  -:com.sap.tc.lm.ctc.cul.broker.BrokerImport.importElement.128
  -:com.sap.tc.lm.ctc.cul.serviceimpl.importservice.CULConfigurationImport.importConfiguration.96
  -:com.sap.tc.lm.ctc.ccl.templateinstaller.StepExecuter.run.41
  Element 'SAPConfigLib.DES.Unclassified.createRfcDestination':Error during executing Java Reflection:JCO.Client not connected in repository call
  </b>

• Wireless Lan Client Manager for WinXP?

  Hello,
  Is there a way to install wireless lan client manager under windows XP? If there is a way can somebody help me please? I dont want install Windows 2k because win 2k is so slow.
  Thanks a lot!
  A.

  Hello
  If you have Intel WLAN card you can download and use the Intel WLAN client manager. You can find it under http://downloadfinder.intel.com/scripts-df-external/detail_desc.aspx?ProductID=1637&DwnldID=9003&agr=N .
  Bye

• Connectivity Issue between ASA 5520 firewall and Cisco Call Manager

  Recently i have installed ASA 5520 firewall, Below is the detail for my network
  ASA 5520 inside ip: 10.12.10.2/24
  Cisco Switch 3560 IP: 10.12.10.1/24 for Data and 10.12.110.2/24 for Voice
  Cisco Call Manager 3825 IP: 10.12.110.2/24
  The users and the IP phone are getting IP from the DHCP server which configured on cisco 3560 Switch.
  the Default Gateway for Data user is 10.12.10.2/24 and
  for the voice users is 10.12.110.2/24
  now the problem is that the users is not able to ping 10.12.110.2 call manager. please if somebody can help in this regard. i will appreciate the prompt response against this issues.

  Actually i don't wana to insert new subnet and complicate the nework. i need a simple way to solve the problem. below is the details for the asa 5520 config.
  ASA Version 8.2(1)
  name x.x.x.x Mobily
  interface GigabitEthernet0/0
   nameif inside
   security-level 99
   ip address 10.12.10.2 255.255.255.0
  interface GigabitEthernet0/1
   nameif outside
   security-level 0
   ip address x.x.x.x 255.255.255.252
  object-group service DM_INLINE_SERVICE_1
   service-object tcp-udp
   service-object ip
   service-object icmp
   service-object udp
   service-object tcp eq ftp
   service-object tcp eq www
   service-object tcp eq https
   service-object tcp eq ssh
   service-object tcp eq telnet
  access-list RA_VPN_splitTunnelAcl_1 standard permit Inside-Network 255.255.255.0
  access-list RA_VPN_splitTunnelAcl standard permit Inside-Network 255.255.255.0
  access-list inside_nat0_outbound extended permit ip Inside-Network 255.255.255.0 10.12.10.16 255.255.255.240
  access-list inside_nat0_outbound extended permit object-group DM_INLINE_SERVICE_1 10.12.10.16 255.255.255.240 Inside-Network 255.255.255.0
  access-list inside_nat0_outbound_1 extended permit ip Inside-Network 255.255.255.0 10.12.10.16 255.255.255.240
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu mgmt 1500
  ip local pool VPN-Pool 172.16.1.1-172.16.1.30 mask 255.255.255.0
  ip local pool VPN-Users 10.12.10.21-10.12.10.30 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-641.bin
  asdm history enable
  arp timeout 14400
  global (inside) 2 interface
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound_1
  nat (inside) 1 Inside-Network 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 Mobily 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http Mgmt-Network 255.255.255.0 mgmt
  http Inside-Network 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  crypto isakmp policy 30
   authentication pre-share
   encryption 3des
   hash md5
   group 2
   lifetime 86400
  telnet Inside-Network 255.255.255.0 inside
  telnet timeout 5
  ssh Inside-Network 255.255.255.255 inside
  <--- More --->              ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy RA_VPN internal
  group-policy RA_VPN attributes
   dns-server value 86.51.34.17 8.8.8.8
   vpn-tunnel-protocol IPSec
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value RA_VPN_splitTunnelAcl
  username admin password LPtK/u1LnvHTA2vO encrypted privilege 15
  tunnel-group RA_VPN type remote-access
  tunnel-group RA_VPN general-attributes
   address-pool VPN-Users
   default-group-policy RA_VPN
  tunnel-group RA_VPN ipsec-attributes
   pre-shared-key *
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:e5a64fa92ae465cd7dabd01ce605307d
  : end

• Howto block p2p traffic of clients connected to the same ssid on different wlc

  Hi all,
  I use two wlc 4400 (4.2.x version) with a mobility domain and one ssid, both wlc are connected to a cisco l2 switch infrastructure. On the wlc I use the p2p blocking action 'drop' (http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1209597) to isolate the clients from each other. Does anybody know if only unicast traffic is blocked or also multicast and broadcast traffic like arp requests?
  Concerning blocking p2p traffic of clients connected to the same ssid but different controllers I found the following statement in the LAP FAQs (http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml):
  ===
  Q. In autonomous APs, Public Secure Packet Forwarding (PSPF) is used to avoid client devices associated to this AP from inadvertently sharing files with other client devices on the wireless network. Is there any equivalent feature in Lightweight APs?
  A. The feature or the mode that performs the similar function of PSPF in lightweight architecture is called peer-to-peer blocking mode. Peer-to-peer blocking mode is actually available with the controllers that manage the LAP. If this mode is disabled on the controller (which is the default setting), it allows the wireless clients to communicate with each other through the controller. If the mode is enabled, it blocks the communication between clients through the controller. It only works among the APs that have joined to the same controller. When enabled, this mode does not block wireless clients terminated on one controller from the ability to get to wireless clients terminated on a different controller, even in the same mobility group.
  ===
  Does anybody know what's the best practise to prevent this inter wlc client traffic? I already read about using acls on the wlc dynamic interfaces, or private vlans on the l2 switch vlans where the dynamic interfaces are connected to. Is it allowed to completely isolate the wlc from each other on these dynamic interfaces with acls or private vlans or do the wlc need to see each other on this interfaces (e.g. heart beat)?
  Many thanks in advance,
  Thorsten

  Hi Sasha,Thorsten
  The bug is Junked and I believe which is what you are running into with your tests:
  CSCtr60787    WLC P2P Blocking Set to Forward-UpStream Doesn't Work.
  Bugtoolkit : http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
  To answer your original query :
  ACL is only solution to block client communication on same ssid between 2 wlcs. 5508 works better with ACLs then 44xx platform.
  ARP requests will be forwarded to upstream router just like any other traffic. WLC won't proxy arp for clients on same vlan.
  Gateway arp's I believe should be handled by WLC . ( Don't quote me on this but I am pretty sure it is ) ..If it was not, then how would client know about gw ?
  Multicast traffic is not applicable for p2p.
  Your ACL can be as simple as this for the scenario :
  WLC 1 - clientvlan = 10
  WLC 2 - clientvlan = 10
  and you want to restrict users from wlc1-wlc1, wlc1-wlc2, wlc2-wlc2 for same vlan10.
  Basically in that case the ACL should look like on both WLCs :
  1. Permit statement to talk to gateway.
  2. Deny to subnet.
  3. Permit all.
  4. If DHCP/DNS other services are on same subnet then you would need to add a permit
  statement before the deny.
  5. Attach the ACL to SSID or dymanic interface.
  Thanks..Salil
  CSCtr60787    WLC P2P Blocking Set to Forward-UpStream Doesn't Work.