WLC Best Practice - split LAG?

Similar Messages

• Best Practice Regarding Large Mobility Groups

  I was reading the WLC Best Practices and was wondering if anyone could put a number to this statement regarding the largest number of APs, end users, and controllers which can contained in a Mobility Group.
  We would be deploying WiSMs in two geographically dispersed data centers. No voice is being used or is planned.
  "Do not create unnecessarily large mobility groups. A mobility group should only have all controllers that have access points in the area where a client can physically roam, for example all controllers with access points in a building. If you have a scenario where several buildings are separated, they should be broken into several mobility groups. This saves memory and CPU, as controllers do not need to keep large lists of valid clients, rogues and access points inside the group, which would not interact anyway.
  Keep in mind that WLC redundancy is achieved through the mobility groups. So it might be necessary in some situations to increase the mobility group size, including additional controllers for
  redundancy (N+1 topology for example)."
  I would be interested in hearing about scenarios where a Catalyst 6509 with 5 WiSM blades is deployed in data centers which back each other up for cases of disaster recovery.
  Can I have one large Mobility group? This would be easier to manage.
  or
  Would it be better to back up each blade with a blade in the second data center? This would call for smaller Mobility Groups.
  Be glad to elaborate further if anyone has a similar experience and needs more information.
  All responses will be rated.
  Thanks in advance.
  Paul

  Well, that is a large group indeed, and I would say most organizations use nested groups instead of adding these behemoths to the directory as they are quite difficult to work with.  If it's a one-time thing, you could create it manually in bite-sized
  chunks with LDIF or the like, so that FIM only has to do small delta changes afterwards.
  The 5,000 member limit mostly applies to groups prior to the change to linked value storage.  What is your forest functional level, and have you verified that this group is using linked values?
  Steve Kradel, Zetetic LLC

• Best practices for network design on WLC 2504 and 5508

  Dear all:
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Maximum amount of AP per port
  The scenario when to use all ports in both WLC
  Maximum number of clients(users) per port
  Bandwidth comsumption of  management vs data in order to assign one port for management
  I've just found this:
  Cisco 5508 controllers have eight Gigabit Ethernet distribution system ports, through which the controller can manage multiple access points. The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller. Cisco 5508 controllers have no restrictions on the number of access points per port. However, Cisco recommends using link aggregation (LAG) or configuring dynamic AP-manager interfaces on each Gigabit Ethernet port to automatically balance the load. If more than 100 access points are connected to the 5500 series controller, make sure that more than one gigabit Ethernet interface is connected to the upstream switch.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/6-0/configuration/guide/Controller60CG/c60mint.html
  Thanks for your help.

  The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller.
  This is an old document.  5508 can now support up to 500 APs if you run firmware 7.X.  2504 can support up to 75 APs if you run firmware 7.4.X.
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Best practice and recommendation is to LAG all ports so you will be able to form a link redundancy.  If one link goes down, you have other link to push traffic. 

• Best practice to split up documents into articles?

  Dear Adobe,
  at the today's InDesign and DPS session I was asking how the DPS folks, split up the InDesign documents to upload as different articles to the dps? Bob wanted to ask Collin, but forgot to do it!
  I will explain my situation (supposing that most producers sitting in the same boat):
  I have a monthly magazine with about 30 different articles. I receive the print file to create an iPad 1/2, iPad 3 and beginning in next month also an iPhone and Android (also IceCream Sandwich) version. The magazine is just vertical orientation.
  Now with CS6, you do a lot of promotional work for the alternate layout feature.
  But what is the recommondation or best practice at Adobe to upload this one InDesign document with viewer builder to get an iPad 1/2, iPad 3 and iPhone rendition containing the separation of the different articles? Please let me know a workaround how you do this!
  Kind regards
  Yves

  as you know, you need one indesign file for each article (that file can
  contain cover all devices down to the iphone version). the next article
  needs a new indesign file. you can drag-and-drop pages from one indesign
  file into the new layout to move pages across documents.
  if youwant to synchronize settings, try the book feature. but I never
  tested the book feature on CS6/alternative layout compatibility.
  —Johannes

• WLC 5508 - config best practices - large deposit

  Hello everyone, I recently added a Cisco 5508 to control many LAPs on a very large deposit.
  We have indoor and outdoor LAPs on the environment. Many Hand Helds using 802.11b.
  I was wondering if anyone can tell me if there is a best practice for environments with:
  - 802.11b client devices.
  - 802.11g client devices.
  - indoor/outdoor LAP.
  - high-density mineral water/soda on the deposit.
  - LAPs are 1240 (indoor) and 1310 (outdoor).
  - Antennas are 1728 and 2506 respectively.
  Among that, on the log I see continous entries of reassociate and reauthentication for the same devices, but not equal logs of deauthentication.
  Thanks in advance.
  Regards

  for instance, I have this recent log:
  0 Mon Dec 10 17:39:50 2012 Client Authenticated: MAC Address:00:a0:f8:b9:58:73 base Radio MAC:00:24:c4:e0:3d:00 Slot: 0 User Name:unknown IP Addr:181.142.126.150 SSID:HH
  1 Mon Dec 10 17:39:50 2012 Client Association: Client MAC:00:a0:f8:b9:58:73 Base Radio MAC :00:24:c4:e0:3d:00 Slot: 0 User Name:unknown IP Addr: 181.142.126.150
  2 Mon Dec 10 17:39:27 2012 Client Authenticated: MAC Address:00:a0:f8:b9:58:73 base Radio MAC:00:24:c4:e0:3e:10 Slot: 0 User Name:unknown IP Addr:181.142.126.150 SSID:HH
  3 Mon Dec 10 17:39:27 2012 Client Association: Client MAC:00:a0:f8:b9:58:73 Base Radio MAC :00:24:c4:e0:3e:10 Slot: 0 User Name:unknown IP Addr: 181.142.126.150
  4 Mon Dec 10 17:39:26 2012 Client Deauthenticated: MACAddress:00:a0:f8:b9:58:73 Base Radio MAC:00:3a:9a:7d:20:80 Slot: 0 User Name: unknown Ip Address: 181.142.126.150 Reason:Unspecified ReasonCode: 1 
  5 Mon Dec 10 17:39:23 2012 Client Authenticated: MAC Address:00:a0:f8:b9:58:73 base Radio MAC:00:3a:9a:7d:20:80 Slot: 0 User Name:unknown IP Addr:181.142.126.150 SSID:HH
  6 Mon Dec 10 17:39:22 2012 Client Association: Client MAC:00:a0:f8:b9:58:73 Base Radio MAC :00:3a:9a:7d:20:80 Slot: 0 User Name:unknown IP Addr: 181.142.126.150
  Could be this because of excessive roaming?. If yes, how can I prevent it?.
  Two of the 3 LAPs reported are very close one of each other, but the 3° LAP is over 60 meters or more from the other two.
  The 3 LAPs are using 5,2 dBi antennas.

• Best practice for putting together scenes in a Flash project?

  Hi, I'm currently working on a flash project with the following characteristics:
  using a PC
  2048x1080 pixels
  30 fps
  One audio file that plays (once) continuously across the whole project
  there are actions that relate to the audio, so the timing is important
  at least 10 scenes
  about 7 minutes long total
  current intent is for it to be played in a modern theater as a surprise
  What is the best practice for working on this project and then compiling it together?
  Do it all in one project file?
  Split the work into different project (xfl) files for each scene and then put it together when all the scenes are finalized?
  Use one project file but create different "scenes" for each respective scene?  I think this is the "classic" way (?).
  Make the scenes "movie clips" and then insert them into the timeline with the audio as its own layer?
  Other?
  I'm currently working on it by having it all in one project file.  But I've noticed that there's some lag (or it gets choppy) at certain parts during playback and the SWF history shows 3.1 MB with a yellow triangle with exclamation point symbol.  Thanks in advance. 

  you would only do that if it makes your job easier.  generally speaking, it would not.
  when trying to sync sound and animation i think most authors find it easiest to use graphic symbols because you can see their animation when scrubbing the main timeline.  with movieclips you only see their animation when testing.
  however, if you're going to use actionscript to control some of your symbols, those symbols should be movieclips.

• Mac Best Practices?

  Hoping I can tack on some technical specifics here, but curious if anyone has any best practices for Mac clients on Cisco WLC-based networks.  We have a mix of 35xx-37xx AP's with 5508 WLC's and it seems that the MacBook Airs (maybe some Pros too?) tend to have the most issues.  Random disassociations/reassociations, etc.  Perhaps some (much?) of this is on the client side, but the issues seem to go away if Apple's AirPort Extremes are in use as the AP (could also be placebo effect :)).
  That said, figured some of you may have large-ish deployments with many Mac clients.  Any tips you could provide would be much appreciated.

  So, if there are times when I'm not home to access my external drive, then going with the two libraries is the best solution, yes?
  Perhaps, but you can get very small and portable external HDs these days.
  I'm not sure though if I should really make both a 180 GB iPhoto library, do you? It is a back up true, but seems like a chunk to move
  But you only do it once. The first time. Thereafter you're simply updating the other with the changes.
  At least maybe I could split into pictures from 2009 - 2010 and have that library for both my iMac and the MacBook. I very rarely access before then (only if I need something specific) so then I could access that via the iMac exclusively?
  That would be viable.
  I would maintain a +full Library+ on the Desktop, the mobile versions a Smaller subset.
  I'm sort of ruling out the one library on the external solution because it eliminates the possibility of being remote -
  As I said above you can get tiny portable drives...
  unless there is some swanky Login to My Computer or something that works with a Mac that can go remotely to my computer and then to my external drive.
  *_This_* might help.
  Regards
  TD

• IPhone Best Practices - A Work In Progress

  Hello all. I've been tasked with introducing my coworkers into the inner workings of the iPhone, and there are a good number of pointers that I find myself saying over and over again. I'd like to share my best practices with everyone, as well as collect more pointers and opinions from the community at large.
  Care and Handling:
  First - wash your hands, often. Now I know we all do this often anyway, but I'd like to point out that a healthy amount of hand washing will really go a long way to keep your iPhone screen smudge free. The worst offender, unfortunately, is doughnuts. A small layer of sugar will render that area un-tappable, without any real indication that it has done so. If you are frantically tapping the screen on the iPod button and nothing is happening, clean your phone before you do a hard reset.
  Second - Pockets. Keeping your phone in your front pocket is natural and what most of us do. In these summer months, however, keeping your phone in a sweaty front pocket can do a good deal to the dirt level of the screen. If you find yourself cleaning your phone constantly, try a belt clip.
  Lastly - Battery Life. Your iPhone's battery life is in your hands, literally. Being aware of your power consumption and planning accordingly is going to be infinitely more important that the battery's native charge-holding ability. This goes especially for the day of purchase - as tempting as it may be to open the box and activate, immediately running around the house watching YouTube, it is best to let the phone charge for 12 hours before use. Charging the phone every night is an absolute must, skipping a day will kill the battery life as your ride the bottom edge the following day. Most of us have access to a USB port while we're at work, best idea will be to plug in your phone when you sit down at your desk.
  iPod:
  Large Libraries: In the opening weekend, I got many complaints that you cannot manually manage your music. There is a workaround that has made me change the way I work with all of my iPods: the iPhone specific playlist. Simply create a playlist with all of the music you wish to put on your phone and sync that one playlist. This also helps with sync time - you have a start sync and an end sync, not a constant sync all throughout your music management, slowing your computer down in the process.
  TV Shows: I watch a lot of MST3K, which I have organized into iTunes as TV shows, split into seasons, the works. The problem that has arisen, therefore, is the one of selective synchronization - you cannot specifically select the TV show you want to sync to the device, instead getting the choices to sync all, unwatched, or latest shows. This is problematic when each show is 700MB large. Here's the work around - select all of the episodes of a specific show and right click, selecting "Mark as Not New", removing all of the little blue dots from the episodes. Select the one, three, or five episodes, and right click them, selecting "Mark as New", then sync the last one, three, or five unwatched episodes. The shows you selected will sync.
  iPhoto:
  Many users are complaining that iPhoto opens whenever the phone is connected. This is not a preference of the phone, but rather iPhoto. Remember when you first launched iPhoto and it asked you if you wanted to use iPhoto whenever your camera was attached? iPhoto is detecting that your phone is a camera and launching, just as you told it to do.
  Mail:
  POP accounts - too many unread messages: When first adding a POP account, all of the messages downloaded to the phone arrive as unread. Tapping a message, tapping back, and then tapping the next message can get tedious. Here's the workaround - tap the small down arrow to the upper right hand side of the screen, watching closely to the number next to Inbox. When that number goes down by one, tap the arrow again. If that number hasn't gone down yet, wait a sec, and do not try to tap tap tap tap tap, you'll flood the input queue and crash Mail.
  Syncing Mail accounts - All too often people blame the iPhone when their mail does not work. A perfect test is sync you accounts from Mail. If they work in mail, they'll work on the phone, if they are unreliable in Mail, they will also be unreliable on the phone. The Mail client on the iPhone is just as powerful as any other mail client in terms of how it connects to mail servers, if you are having problems you need to check your settings before blaming the hardware. If you prefer to leave your install of Mail.app alone, create a new user account on your Mac, set up all of the accounts you want there, and use iTunes to sync that data to the phone. Make sure to remove that portion of sync from your actual user account's instance of iTunes, however, or it will all sync back.
  This message has not been downloaded from the server: This message has snagged a couple users, but upon investigation, these users have filled their iPhones to the absolute brim with music and video. It hasn't been downloaded from the server because there is no space to download to - this also applies to the Camera application dumping to the Home screen. Because there is no space, it can't add any new data. Make some room, then be patient as the mail client gets to that message in cleanup (often a sync or reboot will clear it up).
  Safari:
  Safari and iPod: Many users have reported iPod stopping in the middle of browsing, often pouting and pursing their lips crying, "This is terrible, I can't even browse the web and listen to music at the same time?". I then check their phone, and lo and behold they have upwards of eight separate pages open at the same time. This device (like every other computer out there) has a finite amount of memory, each page taking up a significant portion depending on how busy the page is. I've routinely gotten through entire albums while browsing through Safari, but I've got one page open in total, and it's usually mostly text. Keep it to one or two pages open and iPod will run forever if you let it.
  Web Apps: "This web app is terrible, it keeps booting me to Home!" When was your last reboot? How many other pages are open? In the same vein as Safari and iPod, Web Apps need a good deal of breathing room - give it to them. Close down other pages, stop iPod, or even reboot. Give the app a clean slate and it will perform, every time. iPhoneRemote users will attest to this.
  iCal:
  Multiple Calendars - Default Calendar: When adding a new appointment, it adds to the default calendar. Appointments can't be shunted to the correct calendar until after sync anyway, so create an "iPhone" calendar and make that the default. Because it's in that calendar, you'll know enough to move it to the appropriate calendar after sync.
  Please feel free to add your own best practices, and ask questions, too.

  is there any application you can get for the iphone to enlarge text and phone numbers ?
  If included with an email or on a website, yes with no application needed.
  If you are referring to the text size for your iPhone's contact list, no.
  can you insert a phone number from your contact list into a text message ?
  No.
  i cant seem to figure it out, does the alarm clock work if you turn off the phone at night,
  No - powered off with the iPhone means powered off. Any phone that provides for this is not powered off - it is in deep sleep or deep standby mode, which the iPhone does not support. If you don't want your phone ringing or don't want to receive SMS at night but you want to use the iPhone's alarm feature as a wake-up alarm, you can turn on Airplane Mode before going to bed, which will also conserve the battery if your iPhone is not plugged in at night.
  can you send a multi media text message ?
  No.

• 2nd Mac - best practices using iPhoto on both?

  Hi -
  I just got a new MacBook and have an iMac that is still the "hub" of my photo library. It is, in fact, about a 180 GB iPhoto library. I know that I can't sync libraries between Macs (a shame - someone should come up with a way to that assuming they haven't already!) so I'm just looking for any best practices?
  I got the MacBook to be able to work on some photos while on the road - I can at least work on post processing in Photoshop, etc. I'm thinking now that my best strategy is to possibly work with the images on my MacBook, importing them into the iPhoto library if desired. Then use my Photo sharing service - Phanfare - to "sync" them? It requires me to download them on the other side and pull them again into the iPhoto Library on the iMac?
  I don't use the Mobile Me Gallery but I suppose that would be another way to have access to them on the alternate computer?
  Any other best practices or suggestions?
  Thx!

  So, if there are times when I'm not home to access my external drive, then going with the two libraries is the best solution, yes?
  Perhaps, but you can get very small and portable external HDs these days.
  I'm not sure though if I should really make both a 180 GB iPhoto library, do you? It is a back up true, but seems like a chunk to move
  But you only do it once. The first time. Thereafter you're simply updating the other with the changes.
  At least maybe I could split into pictures from 2009 - 2010 and have that library for both my iMac and the MacBook. I very rarely access before then (only if I need something specific) so then I could access that via the iMac exclusively?
  That would be viable.
  I would maintain a +full Library+ on the Desktop, the mobile versions a Smaller subset.
  I'm sort of ruling out the one library on the external solution because it eliminates the possibility of being remote -
  As I said above you can get tiny portable drives...
  unless there is some swanky Login to My Computer or something that works with a Mac that can go remotely to my computer and then to my external drive.
  *_This_* might help.
  Regards
  TD

• Best practice for multiple instances of the same BEX query

  Hi there,
  I'm wondering what's the best way to use multiple instances of the same BEX query. Let me explain what I mean:
  I have a dashboard with different queries feeding different period of time such as: week to date, month to date and so on. One query for each since it is based on a user exit.
  For each query I want to show different data in different sections of my dashboard. Per example: sales per directors or sales per customer group, sales per day, sales per week and the like.I tried to connect a simple bar chart via a direct connection but with no success due to the multiple lines generated by the addition of the sales director, customer group, week number and so on.
  My question is about the way to connect the different queries efficiently in order to show the different data while avoiding multiple useless lines.
  The image above shows the query browser where, per example, for a Month to date query there will be mutiple line for each week as well as one line for each director. If, for two different components, I want to show data per week and data per director or other representation what is the best practice:
  Add another instance of the same query and only put the week information and another one will only the director info?
  Should I bind those to the excel file and use formulas to make final calculations?
  Will there be a performance issues for adding different instances of the same query
  I have 6 different queries (read 6 user exit that filters time via user exit).
  Depending on the best practices there might be 4 instances for each for a total of 24 instances in the query browser.
  I hope my question is clear enough, if not please do not hesitate I'll clarify as much as possible.
  Regards,
  Steve

  Hi Steve,
  Might be trying for solution for a long time, If i understood your question clear let me clarify you few points.
  You are trying to access the bex query which is designed with the exit's in the background based on the logic and trying to call the entire dimensions and key-figures in a single connection. Then you are trying to map those data in the charts.
  Steve, try to make more connections based upon the logic and split them. use the same query but split them by sales per customer group, sales per day, sales per week by making three different connections and try. You can merge the prompts from all connections.
  Hope this Helps!!!
  Sorry if i misunderstood your question.
  --SumanT

• OS X Server 3.0 new setup -- best practices?

  Alright, here's what I'm after.
  I'm setting up a completely new OS X Server 3.0 environment.  It's on a fairly new (1.5 year old) Mac Mini, plenty of RAM and disk space, etc.  This server will ONLY be used interally.  It will have a private IP address such as 192.168.1.205 which will be outside of my DHCP server's range (192.168.1.10 to .199) to prevent any IP conflicts.
  I am using Apple's Thuderbolt-to-Ethernet dongle for the primary network connection.  The built-in NIC will be used strictly for a direct iSCSI connection to a brand new Drobo b800i storage device.
  This machine will provide the following services, rougly in order of importance:
  1.  A Time Machine backup server for about 50 Macs running Maverics.
  1a.  Those networked Macs will authenticate individually to this computer for the Time Machine service
  1b.  This Server will get it's directory information from my primary server via LDAP/Open Directory
  2.  Caching server for the same network of computers
  3.  Serve a NetInstall image which is used to set up new computers when a new employee arrives
  4.  Maybe calendaring and contacts service, still considering that as a possibility
  Can anyone tell me the recommended "best practices" for setting this up from scratch?  I've done it twice so far and have faced problems each time.  My most frequent problem, once it's set up and running, is with Time Machine Server.  With nearly 100 percent consistency, when I get Time Machine Server set up and running, I can't administer it.  After a few days, I'll try to look at it via the Server app.  About half the time, there'll be the expected green dot by "Time Machine" indicating it is running and other times it won't be there.  Regardless, when I click on Time Machine, I almost always get a blank screen simply saying "Loading."  On rare occasion I'll get this:
  Error Reading Settings
  Service functionality and administration may be affected.
  Click Continue to administer this service.
  Code: 0
  Either way, sometimes if I wait long enough, I'll be able to see the Time Machine server setup, but not every time.  When I am able to see it, I'll have usability for a few minutes and then it kicks back to "Loading."
  I do see this apparently relevant entry in the logs as seen by Console.app (happens every time I see the Loading screen):
  servermgrd:  [71811] error in getAndLockContext: flock(servermgr_timemachine) FATAL time out
  servermgrd:  [71811] process will force-quit to avoid deadlock
  com.apple.launchd: (com.apple.servermgrd[72081]) Exited with code: 1
  If I fire up Terminal and run "sudo serveradmin fullstatus timemachine" it'll take as long as a minute or more and finally come back with:
  timemachine:command = "getState"
  timemachine:state = "RUNNING"
  I've tried to do some digging on these issues and have been greeted with almost nothing to go on.  I've seen some rumblings about DNS settings, and here's what that looks like:
  sudo changeip -checkhostname
  Primary address = 192.168.1.205
  Current HostName = Time-Machine-Server.local
  The DNS hostname is not available, please repair DNS and re-run this tool.
  dirserv:success = "success"
  If DNS is a problem, I'm at a loss how to fix it.  I'm not going to have a hostname because this isn't on a public network.
  I have similar issues with Caching, NetInstall, etc.
  So clearly I'm doing something wrong.  I'm not upgrading, again, this is an entirely clean install.  I'm about ready to blow it away and start fresh again, but before I do, I'd greatly appreciate any insight from others on some "best practices" or an ordered list on the best way to get this thing up and running smoothy and reliably.

  Everything in OS X is dependant on proper DNS.  You probably should start there.  It is the first service you should be configuring and it is the most important to keep right.  Don't configure any services until you have DNS straight.  In OS X, DNS really stands for Do Not Skip.
  This may be your toughest decision.  Decide what name you want the machine to be.  You have two choices.
  1: Buy a valid domain name and use it on your LAN devices.  You may not have a need now for use externally, but in the future when you use VPN, Profile Manager, or Web Services, at least you are prepared.  This method is called split horizon DNS.  Example would be apple.com.  Internally you may name the server tm.apple.com.  Then you may alias to it vpn.apple.com.  Externally, users can access the service via vpn.apple.com but tm.apple.com remains a private address only.
  2: Create an invalid private domain name.  This will never route on the web so if you decide to host content for internal/external use, you may run into trouble, especially with services that require SSL certificates.  Examples might be ringsmuth.int or andy.priv.  These type of domains are non-routable and can result in issues of trust when communicating with other servers, but it is possible.
  Once you have the name sorted out, you need to configure DNS.  If you are on a network with other servers, just have the DNS admin create an A and PTR record for you.  If this is your only server, then you need to configure and start the DNS service on Mavericks.  The DNS service is the best Apple has ever created.  A ton of power in a compact tool.  For your needs, you likely need to just hit the + button and fill out the New Device record.  Use a fully qualified host name in the first field and the IP address of your server (LAN address).  You did use a fixed IP address and disabled the wireless card, right?
  Once you have DNS working, then you can start configuring your other services.  Time Machine should be pretty simple.  A share point will be created automatically for you.  But before you get here, I would encourage starting Open Directory.  Don't do that until DNS is right and you pass the sudo changeip -checkhostname test.
  R-
  Apple Consultants Network
  Apple Professional Services
  Author, "Mavericks Server – Foundation Services" :: Exclusively in the iBooks Store

• Best Practice for FlexConnect Wireless roaming in MediaNet environment?

  Hello!
  Current Cisco best practice recommendations for enterprise MediaNet design, specify that VLANs be local to a switch / switch stack (i.e., to limit the scope of spanning-tree). 
  In the wireless world, this causes problems if you want users while roaming to keep real-time applications up and running.  Every time they connect to a new AP on a different VLAN, then they will need to get a new IP address, which interrupts real-time apps. 
  So...best practice for LAN users causes real problems for wireless users.
  I thought I'd post here in case there's a best practice for implementing wireless roaming in a routed environment that we might have missed so far!
  We have a failover pair of FlexConnect 7510s, btw, configured for local switching for Internal users, and central switching with an anchor controller on the DMZ for Guest users.
  Thanks,
  Deb

  Thanks for your replies, Stephen and JSnyder.
  The situation here is that the original design engineer is no longer here, and the original design was not MediaNet-friendly, in that it had a very few /20 subnets bridged over entire large sites. 
  These several large sites (with a few hundred wireless users per site), are connected to an HQ location (where the 7510s in failover mode are installed) via 1G ethernet hand-offs (MPLS at the WAN provider).  The 7510s are new, and are replacing older contollers at the HQ location. 
  The internal employee wireless users use resources both local to their site, as well as centralized resources.  There are at least as many Guest wireless users per site as there are internal employee users, and the service to them consists of Internet traffic only.  (When moved to the 7510s, their traffic will continue to be centrally switched and carried to an anchor controller in the DMZ.) 
  (1) So, going local mode seems impractical due to the sheer number of users whose traffic bound for their local site would be traversing the WAN twice.  Too much bandwidth would be used.  So, that implies the need to use Flex / HREAP mode instead.
  (2) However, re-designing each site's IP environment for MediaNet would suggest to go routed to the closet.  However, this breaks seamless roaming for users....
  So, this conundrum is why I thought I'd post here, and see if there was some other cool / nifty solution I wasn't yet aware of. 
  The only other (possibly friendly to both needs) solution I'd thought of was to GRE tunnel a subnet from each closet to the collapsed Core / Disti switch at each site.  Unfortunately, GRE tunnels are not supported in the rev of IOS on the present equipment, and so it isn't possible to try this idea.
  Another "blue sky" idea I had (not for this customer, but possibly elsewhere in the future), is to use LAN switches such as 3850s that have WLC functionality built-in.  I haven't yet worked with the WLC s/w available on those, but I was thinking it looks like they could be put into a mobility group, and L3 user roaming between them might then work.  Do you happen to know if this might be a workable solution to the overall big-picture problem? 
  Thanks again for taking the time and trouble to reply!
  Deb

• Best practice for reinstalling anti virus on reinstalling windows

  Best practice for reinstalling anti virus after formatting drive and reinstalling windows No anti virus disc.
  Hasty

  Hello,
  I'd ask in the Windows forum on Microsoft Community.
  Karl
  When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
  My Blog:http://unlockpowershell.wordpress.com
  My Book:Windows PowerShell 2.0 Bible
  My E-mail: -join ('6F6C646B61726C40686F746D61696C2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

• Best Practice - WAP connecting switchport configuration.

  Is there a best practice for deploying the WAP's in a WAP/WLC infrastructure?  Should the connecting switchport be an Access port or a Trunk port?  I've seen this implemented in both fashions and wasn't sure if one was a better choice than the order.  What is the difference?
  My other question is regarding applying additional switchport configurations.  Is there anything wrong with applying either spanning-tree portfast, spanning-tree bpdguard, or switchport port-security. 

  Hi Ken,
  Access port all the time, everywhere, UNLESS the AP is configured for HREAP/FLEX then trunk. Or if you deploy a AP in monitor mode then TRUNK.
  QOS -- if its access port trust dscp. If you truck trust cos.
  No you are fine. Portfast is highly recommended.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• ISE Best Practice for Purging Endpoints

  Maybe I haven't looked long enough or deep enough through the documents and guides, but I am wondering if there is a best practice for purging endpoints in general. For my guest endpoints, I have it set to purge those endpoints every 3 days. When i look at how many endpoints I have profiled at the current time, its a very large number of devices. I'm sure there is a large number of these that are no longer connecting to our network and probably won't in the future.
  If there isn't a current best practice, would it sound logical to purge every 180 to 190 days? We are a public school district and we have 180 instructional days. Employees and students alike are able to bring their own devices. I figure with 190 day purge, it would cover the time that employees and students are in session.
  Thoughts, opinions?
  Thank you for your time.
  Kevin

  A lot of vendors will suggest also to have one SSID if possible, but the rule of thumb is 3-4 max.  The main issue is the differences required for specific WLAN's, which isn't just for Data and Voice, but you also have to look at mDNS, multicast, 802.11r, DTIM's, MFP, etc.  You can combine all devices to use one, but all the features/setting will be the same, which isn't ideal all the time.  There are attributes which you can set from ISE to push out to the WLC(s), but its the other unique values that you need to research and understand.