WLC 4404 Anchor mobility

Hi,
i've 2 wlc lan controller 4404
1 wlc is in the DMZ area. On This controller i've configured the SSID named TEST (for the internet), that is connected at the cisco switch (id vlan 120)
If i try connect and work very well.
i must use this SSID over DMZ , in the other WLC in the other LAN SEGMENT.
I configured the anchor mobility.
i following the explain that i find on cisco. I don't understand if i must create che vlan also in the other LAN Segment.
I had configured this:
I created on the remote wlc the SSID TEST (= at the WLC in the DMZ)
I created the vlan 120 on the remote switch , and also i created this vlan in the remote WLC. In the Wlan SSID TEST i set the interface TEST(vlan120)
After this step, I created the anchor mobility (that is up) in the DMZ site and in the Remote site.
If i connected my pc on the SSID TEST in the remote wlc , the connection don't work.
is ok my configuration or i don't understand how to configure the anchor feature?
thanks for your help
fcostalunga

Take a look at this doc. You have to have the guest ssid configured the same for the foreign (inside) and anchor controller. The only difference is that you have to map the ssid to the management interface on both controllers. This is where the tunnel is created from. Ports have to be opened up on the dmz for the foreign and anchor controller to communicate:
http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html

Similar Messages

  • Anchor mobility between WLC 5508 and Aruba/Clearpass

    Hello. I have a question regarding the abiltiy to configure anchor mobility between a 5508 WLC and an Aruba controller. To date, my understanding is it has never been possible and I have never found any documentation that says it can be done.
    Scenario: My organization and a partner organization co-own a hospital. We coexist on a large campus, with each org having a number of buildings that the owning org maintains the network presence in. We also maintain back-to-back firewalls between us and do not hand-off any direct layer 2 interfaces to each other. However, the two orgs do partner to provide each others business SSID's in each other's WiFi networks using anchor mobility. Our current solution utilizes an A/M tunnel between my org's 5508 controllers and the partner orgs 2504 controller and we explicitly permit the tunnel traffic between partner controllers for A/M to work. Last year, the partner org retired some old WiSM's and changed their wireless solution to Aruba and recently implemented Clearpass. In order to maintain A/M with us they left a 4404 operational, but due to the newer code we were running they were forced to purchase a 2504. So now they are only maintaining a limited footprint in their network with a few Cisco AP's and the rest of their coverage areas use Aruba AP's and they have indicated that they want to completely retire their Cisco WLC's. Because we host some of their SSID's on our controllers and can tunnel them to their 2504, they get all of their WiFi traffic coming from our network, however my org can only connect to our SSIDs on their campus in certain areas.
    The solution I have been asked to provide is to find a way to continue providing some sort of anchor mobility services between our WLC's and their Aruba controllers. My org maintains that we do not want to simply hand them a layer 2 interface for security reasons, but they want our SSIDs to be available in all areas of the partner org's campus and vice versa. So far I have stalled the partner org's plans to retire their WLC's by telling them that retiring their WLC's will completely break WiFi between orgs, but they are adamant that some sort of A/M solution must be found.
    Is there any way to do some sort of A/M between a WLC and Aruba controller and if so, is there any documentation showing configuration examples etc?
    Thanks,
    John

    Hi John,
    I do not think it will work. Even if it get working somehow, it will be operation nightmare to troubleshoot & fix a issue since both vendor will say it is NOT supported solution.
    What about if you ask them to advertise your SSID (assuming it is dot1x) on their APs as another SSID on their network, but pointing it to your RADIUS & DHCP for IP connectivity (you do not have layer 2 requiremnt for this & can do this as long as you have L3 communication between each other)
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Anchor mobility configuration getting lost in wlc 5508 ios code 7.4.100.0

    It is observed that in WLC 5508 , ios 7.4.100.0 ,  mobility anchor configuration on wlan  is getting lost .  we configure anchor ip address on  guest wlan > mobility anchor >  Switch IP Address (Anchor).
    We have configured the template on NCS 2.0 to push the anchor mobility ip address on all WLC
    Has anyone oberved this behavoiur. We have more than 100 WLC  , and  everyweek  mobility anchor configuration is lost on some WLC having code  7.4.100.0.

    I am having this exact same problem.  I am running 7.3 on 5508 WLC.   My remote site LAP's are using Flex (HREAP).  The initial access point that my laptop associates to connects with no problem, as soon as I wander out of range of the initial LAP and into the area of another access point, I lose data connectivity.   The was validated like the original post as I start a constant ping on the LAN and watch as the ping latency increases and then ping replies stop.  The only way to correct the problem is resetting of the wireless adapter on the laptop.  Side note my DroidX has no problem wandering from AP to AP.
    Laptop: Windows 7 32bit
    I then returned to my home site and test where I have a secondary controller and the LAP's are configured for local mode, no problems roaming from access point to access point.   Validated with constant ping test.  The pings drop for a second and re-
    continues as the laptop reconnects.
    **Edit: I am going to try the removing the DHCP Addr. Assignment required option, and report that back to the TAC engineer.
    Message was edited by: Michael Dunki-Jacobs
    **Edit Solved:***
    The problem is in deed solved by turning the "DHCP Address Required" but why?

  • Layer 2 security with WLAN auto-anchor mobility

    Hello,
    I was wondering if Layer 2 security can be used with auto-anchored WLANs.
    I need to deploy two new isolated WLANs which will terminate in two DMZ environments.
    I was hoping to use the existing WCS-managed infrastructure with 4404 and 4402 WLCs and just throw on a couple more WLANs.
    However, I've built a little test environment and while I can get the new VLAN traffic tunneled and origininating from the correct anchor controller with no layer 2 security - as soon as I turn on WEP or WPA security options it stops working. I can't find anything in documents or this forum to show auto-anchor mobility with anyhing other than unsecured guest WLANs.
    Am I trying to do somethng unsupported or is it just an error on my part?

    Hi Greg,
    no, the users are internal so I only want to use L2 security. I can't see that L3 should be a problem to add on though. I'm using 3.2.x of the WLC code - so there is no "Guest LAN" mode - I was playing with the new versions and it looks like L2 security is disabled in that mode?
    If you want to see how I got my bit working I would be happy to share my doco when I'm done.
    regards,
    Aaron

  • What settings need to be set for the fastest roaming on my wlc 4404

    Hi all
    I notice that on my WLC 4404 when walking around with my laptop, I am dropping pings when it roams to another access point, Is there anything on the controller I need to check, and can I optimize these settings for roaming?
    cheers
    carl

    Hello Carl,
    to have romaing working fine you need to be sure of following:
    1) RF designed correctly , and enough overlapping is availble between the AP's.
    in addition for environment to be free from external noise..
    this can be confirmed with spectrum expert site survey
    2) what authentication and encryption used ( WEP , or WPA-PSK no need to check this point ->> skip :-) )
    if you are using any authentication like 802.1x ->> then enable CCKM on the WLAN to make more seamless roaming.
    3) if more than one WLC availble on site , configure mobility group between them,
    so if client roam from one AP in WLC 1 to AP on WLC 2 ->> no disocnnection observed....
    Kind regards
    Talal
    ===========
    please rate answers that you find useful , and mark as answered - when it is :-) - so others can find it easily

  • Upgrade BootLoader on Cisco WLC 4404

    What is the latest Bootloader for the Cisco WLC 4404?  And where can I download it?
    My current versions are:
    Product Version.................................. 5.2.178.0
    RTOS Version..................................... 5.2.178.0
    Bootloader Version............................... 4.0.206.0
    Also is there a reason to upgrade the bootloader image?
    On this webpage http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805f381f.shtml it shows the steps to upgrade WLC are :
    This sequence is recommended for your WLC software upgrade:
    Upload a backup of your controller configuration to a TFTP server.
    Disable the 802.11a and 802.11b/g networks on your controller.
    Upgrade the primary image on your controller.
    Upgrade the boot image on your controller.
    Note: This is a required step for upgrades to 4.1 on the WiSM, 3750G Wireless LAN Controller, and 4400 Series Controllers.
    Re-enable the 802.11a and 802.11b/g networks on your controller.
    I get the primary image is just going to be AIR-WLC4400-K9-6-0-196-0.aes.  But where do i download the Bootloader and it looks like i just do the same thing i did with the primary image.
    I think I am missing something.
    Thanks

    The boot software image consists of the controller boot kernel and           boot menu script. that is.. when you use the WLC for the first time. then you will be able to use this while entering the username, mobility information.. interfaces informations etc.. the Software version is the one which you issue CLI  commands...or even simple example wil be.. reboot the WLC and hit ESC.. the software that you access at this time will be boot loader..
    to upgrade the bootloader...
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805f381f.shtml#hw
    Regards
    Surendra

  • Anchor Mobility

    Hi
    I have created SSID's that remote users can log onto to that point to thier own Radius servers. Someone suggested that I need to use Anchor Mobility. Can you please tell me what this is in WLC and where I can find this.
    Thank you            

    You only use anchor if you have another WLC and its part of the design. Here is a document that will explain auto anchor.
    http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_mobility.html
    Sent from Cisco Technical Support iPhone App

  • WLC 4404 Wireless users getting disabled

    Currently Being Moderated
    Wireless users getting disabled
    Hi,
    I have WLC 4404 with 7.0.116.0 version. I was getting following messages for particular APs
    *Dec 20 14:11:13.875: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Dec 20 14:11:13.908: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Dec 20 14:11:29.383: %LWAPP-5-RLDP: RLDP stopped on slot 0.
    *Dec 20 14:11:29.674: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
    *Dec 20 14:11:29.678: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Dec 20 14:11:29.700: %LWAPP-5-RLDP: RLDP started on slot 0.
    *Dec 20 14:11:29.707: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Dec 20 14:11:29.752: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
    *Dec 20 14:11:29.757: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Dec 20 14:11:29.790: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Dec 20 14:11:45.396: %LWAPP-5-RLDP: RLDP stopped on slot 0. *Dec 20 14:11:13.875: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    After seeing one of the cisco forum, I have disabled RLDP for that particular APs
    so above messages are rectified.
    But right now we are not able to identify Rogue IP and it is not contained.
    So please give any suggetion so that i can rectify the above messages as well as i can identify the rogue IP.
    Thanks & Regards
    Gaurav Pandya

    Hi Scott,
    You are right i am not able to detect rogue APs because i disabled the RLDP. but when i enable the RLDP for that particular AP. i got the following messages with interface go up and down
    *Dec 20 14:11:13.875: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Dec 20 14:11:13.908: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Dec 20 14:11:29.383: %LWAPP-5-RLDP: RLDP stopped on slot 0.
    *Dec 20 14:11:29.674: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
    *Dec 20 14:11:29.678: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Dec 20 14:11:29.700: %LWAPP-5-RLDP: RLDP started on slot 0.
    So please suggest me the mid way so that i can enable the RLDP (Detect the rogue APs) with out interface going up and down frequently.
    Regards
    Gaurav

  • WLC (Foreign-Anchor), problem with the external web auth -- ISE

    hello guys
    I am currently designing a platform for a guest network, which must be isolated from the local network, the following equipment:
    ISE 1.2 (Cisco SNS- 3415-K9)
    WLC 7.0.230.0 (Cisco controller 5508)---> wlc Foreign
    WLC 7.0.230.0 (Cisco controller 5508)---> wlc Anchor.
    The EoIP tunnel between wlc is performed successfully.
    The wireless client gets IP address of the anchor wlc (DHCP server).
    Test 1:
    I configure the WLC ANCHOR with local web authentication (internal), the wireless client is authenticated by WLC and navigate successfully.
    Test 2:
    Configure the WLC to anchor external web authentication (ISE). configure a user in ISE guest portal.
    The wireless client gets IP address of the anchor wlc (DHCP server), attempting to navigate not display the guest portal.
    Debug a wireless client trying to connect to the guest network is attached.

    Thanks for your help Scott...
    Now I presents another problem with the guest portal page. The wireless client obtains IP address and managed to reach the guest portal page, then enter the username and password page tells me it was successful. When I try to browse again brings me to the portal visitor page and asks me to enter user name and password.
    test 1:
    the username and password created for away was verified.
    Scoot will have some implementation details with the same scenario I am developing? I think I'm missing some details in the ISE does not allow me to navigate the entrance for visitors to be successful.

  • Wireless clients load balancing on the APs on WLC 4404

    Hi Experts,
    I'm just wondering if the WLC 4404 with firmware 4.2.207.0 can load balance the wireless clients on different WAPs. Let's say that an AP is already handling 15 Wireless devices. When the 16th is trying to join, the controller somehow puts it on another nearby AP, even the signal from this AP is weaker. I heard the similar feature on other Wireless solution vendors. I'm just wondering if Cisco has the similar feature or not.
    Thanks!

    Yes it is known as aggressive load balancing sending a code 17 making the wireless client to loook at another nearby AP.
    here it is the documentation:
    http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809c2fc3.shtml

  • WLC 5508 and mobility groups

    Hi,
    We are using 2 WLC 5508 running 7.0.98.0 sw (AP's are 1142) at our primary site. They are hosting 3 different WLAN/SSID's, one for guest and the
    other 2 are for corporate access. We have put the WLC's in a mobility group, say "AAAA".
    Now we have the need for our UK peer site to publish a corp WLAN that exists in UK - at our site, and when trying to configure for that (following the c70cg.pdf) - I put the WLC's for UK in a new mobility group, say "BBBB". But i can't add our WLC's into that mobilty group
    (i get a duplicate mac address message).
    What's the correct way of configuring this, does all WLCs need to be in the same mobility group?
    Is there some reason why we can't have 2 mobility groups? Is there any upside/downside to configuring 2 mob. groups?
    Any clearification would be greatly appreciated
    BR
    //Mikael

    I think you are misunderstanding , so far what you did on your local swedish site is correct. Your two swedish WLCs have to be in their own same mobility group so you can give seamless roaming to your wireless users across your swedish area without interruption.
    On a WLC mobility group config page, you can have only one entry  per WLC, this is why you are getting the duplicate error message.
    WEBGUI - CONTROLLER - MOBILITY MANAGEMENT - MOBILITY GROUPS
    If you want to put your 4 WLCs so they exchange mobility messages, the following has to happen on all 4 WLCs.
    xx:xx:xx:xx:xx:xx  192.168.1.1  uk
    yy:yy:yy:yy:yy:yy 192.168.1.2 uk
    zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
    aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
    Note when you add WLC on the mobility section, the WLC start sending messages to each like, hey i have this client and you have that client and so on. But this has nothing to do with what you are trying to achieve.
    With regards to the execs that are coming, yes, replicate the SSID and point it to the Radius Server they have in UK, add your swedish WLC(s) as a NAS on the Radius Server and it should work as if they were in UK. that should be enough and i advise you to do the following for mobility groups config.
    on the two UK WLCs
    xx:xx:xx:xx:xx:xx  192.168.1.1  uk
    yy:yy:yy:yy:yy:yy 192.168.1.2 uk
    on the two Swedish WLCs
    zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
    aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
    hope i cleared it out for you. greeting from cold Belgium tonight :-) and hope the execs will enjoy Sweden!

  • WLC 4404 %OSAPI-3-FILE_OPEN_FAILED

    the WLC 4404 present this logs:
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/927/stat.(erno 24)
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'gccp_t'
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/926/stat.(erno 24)
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'dot1dTimer'
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/925/stat.(erno 24)
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'dot1dRecv'
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/921/stat.(erno 24)
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'fdbTask'
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/920/stat.(erno 24)
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'nPCSL_timer'
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/916/stat.(erno 24)
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'tFrameReceive'
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/913/stat.(erno 24)
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'tFrameReceive'
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/917/stat.(erno 24)
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'tFrameSend'
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'Gmac Link Task'
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/905/stat.(erno 24)
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'tDapiTxTask'
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/904/stat.(erno 24)
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED:  osapi_task.c:3431 Failed to retrieve statistics  (/proc/<pid>/stats) for task 'RMONTask'
    *osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED:  osapi_file.c:370 Failed to open the file : /proc/903/stat.(erno 24)
    when present this loggs the device present those symptoms:
    lost GUI session
    Lost console conection
    Lost SSH and Telnet conecction
    the WLC 4404 not work is stopedd

    Almost looks like it could be defect ID CSCtx02515.  SHows that it's fixed in 7.2.110.0, but if you have a 4404, you can't run 7.2 code.
    Symptom:
    High CPU on webJavaTask
    Alternatively: large number of TCP connections, leading to file descriptor problems like:
    osapi_file.c:370 Failed to open the file : /proc/1054/stat.(erno 24)
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtx02515
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • Layer2 security 802.1x radius traffic will be sent from foreign WLC or anchor WLC?

    Wireless Design with foreign WLC or anchor WLC, understood that after WIFI client associated with WLC, all traffic should be tunneled to anchor WLC including DHCP request or any layer3 security such as web auth.
    What if we are using layer2 security 802.1x using ACS for authentication, which WLC will be sending radius traffic to ACS, foreign WLC or anchor WLC? This impacts our firewall rules.

    Authentication and all L2 encryptions will happen at the "foreign" WLC.
    HTH
    Steve

  • WLC 4404 - Clearing the Load Balancing Statistics?

    Does anyone know of a way to clear the load balancing statistics from a WLC 4404?  I've looked through the gui and CLI and can't seem to find a way to do it.
    Thanks,
    Rob

    You can do a 'show summary' to see the number of connections that have been sent to each servers.
    You can't see the number of bytes so.
    I would suggest to collect this info on the server.
    Regards,
    Gilles.

  • 802.1x anchor mobility

    Hi,
    We are using the anchor mobility feature to authenticate 802.1x/WPA2 clients. We see that dhcp/data traffic traverses the Eth/IP tunnel, but do not see the authentication/radius packets. We see the authentication sourcing from the local controller. Is this how anchor mobility works or are we missing something ?
    Thanx....

    The below link is a good explanation of the Anchor-Mobility function within Mobility Groups.
    http://www.cisco.com/en/US/docs/wireless/controller/4.0/configuration/guide/c40mobil.html#wp1002608
    HTH.

Maybe you are looking for

  • Can't play google video

    having problems playing video in google video. something is wrong with my quicktime. I tried to reinstall it and switch it to run under rosetta. but it isn't working any suggestions.

  • How can I add a Smart object (button) to a quiz background and have it work?

    Good day, I have the need to add button to a quiz (in Captivate 6) to allow people to leave the quiz and go back to the start page. I realize you cant add a normal button to quiz, so I added a smart object converted to a button on the master page.  I

  • Set default to Classic style control/indicator

    Is it possible to set default to "classic style" control/indicator so that when I create a control/indicator from the block diagram, I will have a classic style control/indicator on the front panel? Somehow, I still like the classic style control/ind

  • Getting focus

    hi all! who knows how force the focus to a JInternalFrame when is created? i tried these methods but niet the focus is always for the framework : * requestFocus() * requestFocusInWindow() thank u for ur interesting ciao

  • Photos with TS-E 24 II are pixelated (both in PS5 and LR4)

    Hi there, I started a discussion about this problem already in the LR4 forum. But as this is related not only to LR, but seems to be a general problem of ACR, I thought to add a link also here to attract also other people experienced with ACR, but ma