WLC Guest Tunnel - client ip address problem

Similar Messages

• WLC Guest Tunnel

  Hi,
  I've some questions about Guest Tunneling, since the docs on CCO is not so complete.
  Right now I've 2WLC4400 Series in a redundant way with 2 WLANs, 1WLAN per AP Group. All the APs are setup as H-REAP node.
  We've to setup a WLC in DMZ so that Guest WLAN traffic will be tunneled from the internal WLC to the DMZ and all is fine.
  The WLAN Guest and the interface should be defined both on internal and DMZ WLC...isn'it? the DHCP Server should be setup in DMZ?
  Then I'll setup the mobility Anchor between WLC#1 internal and WLC DMZ and between WLC#2 internal and WLC DMZ correct?
  What about the AP sice are setup like H-REAP Node with switch port as access?
  Many thanks for helping me find a solution

  Hi fella,
  Tnx a lot for the useful infos...are you sure??? maybe i'm missing a piece of the puzzle...let's do a resume:
  - My APs on different IP Subnet are configured as H-REAP nodes
  - my internal WLCs are configured with more WLANs to do central AUTH and LOCAL switching
  - my WLANs since are in H-REAP mode are mapped the to AP-Manager interface of the WLC
  - the WLC in DMZ, behind a Firewall, is configured with mobility group to be "in the same one" with the internals WLCs
  - the Guest WLAN, defined on internal and external WLCs is mapped to AP-Manager IP to be LWAPP Tunneled (central Switching) and spread on all my APs
  - the Guest WLAN will be anchored from the internal WLCs to the external one.
  So basically one WLAN client which will connect to Guest WLAN, all traffic will be LWAPP tunneled from AP MGMT IP to WLC AP-Manager IP and then, since this WLAN is anchored to the DMZ WLC, the traffic will be EoIP tunneled to this WLC where is active an DHCP Server.
  After the client is receving an IP Address from the WLC's DHCP Server the Firewall in front of the WLC will be block all the access to the internal IP subnet and permti only to be routed to the external of the enteprise...
  Am I wrong with something?
  Thnxxxxx

• WLC 5508 , AP client dhcp address different from WLAN interface VLAN subnet?

  Hope the title makes sense, here's my situation: I have multiple businesses on 1 WLC 5508, there's a LAG to my core switch with seperate interfaces for each, broken up by vlans.
  My question is: if i have a WLAN setup to use interface "Company A" which is vlan 10 with an ip of 10.0.1.5 which then points to 10.0.1.10 for dhcp.
  Can the WLAN client connecting to the Company A WLAN use an IP in a different IP range?(192.168.1.10?) can the wlc route? from the perspective of the DHCP server where doers the request come from? (10.0.1.5?)
  Can the DHCP server 10.0.10.10 on vlan 10 respond back with and ip on a different subnet to assign to the client to use and still be fully fonctioning? would the default gateway for the client need to be 10.0.1.5?  So the clients ip would be 192.168.1.10 /24 with a gateway of 10.0.1.5 (ip adress fo vlan10 interface on WLC) And if multiple clients on the same subnet wanted to talk to each other woudl the WLC know how to route them to each other without passing through the default gateway?
  Sorry if this is confusing I'm having a bit of a hard time explaining it in works, i can try and draw somethign up if it makes more sense.
  thanks
  Eric

  I think if you want these clients to stick to a WLAN configured on a VLAN that has a different IP addressing you could configure your VLAN with the normal IP addressing then add on the SVI the 2nd IP_Class_default_gateway.
  E.G.
  Vlan 10
  interface vlan 10
  ip address 10.0.10.1 255.255.255.0
  ip address 192.168.1.1 255.255.255.0 secondary
  Clients that receive IP address from 192.168.1.0/24 network will be able to reach 192.168.1.1 and all traffic will pass right.

• WLC 5508 and Client IP addresses

  we have installed our first 5508 in a small remote office.  I setup a DHCP range on the 5508 to give the AP's a IP address.  After that I changed the AP's to have static IP address.  I wish for the wireless clients to use our DHCP servers here at the home office, so I shut down the DHCP service on the 5508.  Now the Clients will not get an IP address.  So now I re-enable the scope and the clients get an IP address.  How do I configure the 5508 so that the wireless clients will get an IP address from our DHCP servers and not the 5508?

  Go to WLAN > click the SSID of your choice > Advanced tab > click on "DHCP Server" and enter the DHCP Server.

• Cisco WLC Client MAC address backup to new Controller & ISE

  Hi All,
  We have an existing 4400 controller with MAC filtering for clients configured. Right Now, we are migrating to 5500 WLC and ISE setup.
  We want to use MAC filtering due to company policies on the new Controller as well as ISE.
  Is there a way (from GUI/CLI) that we can export the client MAC Addresses into an Excel file from existing WLC to new WLC & ISE?
  Thanks,
  CJ

  On the CLI issue a show macfilter summary and then import that into excel or a text editor.
  Sent from Cisco Technical Support iPhone App

• WLC - How to block a single client MAC address?

  Hi Sir,
  On a WLC (software version 4.1.185.0), how to block a single client MAC address?
  I thought of using the SECURITY -> Disabled Clients. Is it right?
  There are currently 250 users connected to the WLC. MAC Filtering is not a scalable solution because as I understand it, we have to specify all the legitimate MAC addresses in the local database.
  Thank you.
  B.Rgds,
  Lim TS

  Hi Lim,
  As you have discovered, the Mac filtering on the WLC is an Allow (based on Mac address) rather than what you need which is a Deny (based on Mac address). I have not tried this feature but I think you are on the right track in using the Exclusion List (Blacklist) feature. Have a look;
  Use SECURITY > AAA > Disabled Client then click New or MONITOR > Clients then click Disable to navigate to this page.
  This page allows you to manually Exclusion List (blacklist) a client by MAC address.
  Add the MAC Address and an optional Client Description for the client to be disabled.
  Note When you enter a client MAC address to be disabled, the Operating System checks that the MAC address is not one of the known Local Net clients ( Local Net Users), Authorized clients ( MAC Filtering), or Local Management users ( Local Management Users) MAC addresses. If the entered MAC address is on one of these three lists, the Operating System does not allow the MAC address to be manually disabled.
  Hope this helps! Let us know.
  Rob

• Guest tunneling security problem

  Hello,
  I configured guest tunneling between 5508 (internal LAN) and 2504 (DMZ) and it works perfectly. However when the tunnel is down guest users are 
  associated to the management interface on the 5508, I only have to configure an IP adress and a default gateway on a guest user to
  be routed on the internal network.....So, there is a security problem in my network architecture.  
  Do you have advice to avoid this problem ? 
  Best regards,
  Thib

  You can create  a "dummy/unrouted" interface on your 5508 & map that to guest SSID instead of management interface.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Duplicate Client IP Address Matching Teamed Adapter on Server

  I am experiencing a problem with a client's WLAN and client IP address conflicts.
  Basically every wireless client reports a problem that it is having an IP Address conflict with another device on the network (wired).
  The device in mention is a Dell Server with Teamed network cards. They have three of them and clients are reporting conflicts with all three.
  On investigating further there is no address conflict as the "Teamed Adapter" has a completly different network address (static) and the wireless clients are using the internal WLC DHCP server in a different range. (although it is all one flat network).
  The clients report that there is an address conflict, the MAc that it gives is the Teamed Server but the IP address is only its own and not on the Teamed Adapter.
  Has anyone seen this before or had a problem with "Teamed Adapters" on servers.
  Our environment is:
  WLC 4402-50 running 5.2.178
  Flat Network.
  Thanks

  Hi Roman,
  thanks for your reply.
  Basically what i have found is that it Servers running Microsoft Windows 2003 or Windows 2000, that have teamed NICs using Broadcom Advanced Server Programs (BASP) in an active/active team, respond to other server's gratuitous ARP packet with an incorrect IP address. The Microsoft Windows server will respond to the other server sending the gratuitous ARP, with the Microsoft Windows server team MAC address, but with the other server's IP address in the sender field of the packet. This causes the other system to respond as if there is a duplicate IP on the network.
  Fix is to upgrade to BASP driver version 6.2.32, or newer. This version of the BASP driver was first included with the Broadcom NetXtreme Gigabit Ethernet Software.
  An upgrade of the drivers apprently will fix this issue althouh i have tried it on 3 servers with this ocnfiguration and it fixed it for two of them.
  The work around is to disable the active/active NIC team and use an active/standby team instead.
  Someone else on this forum must of come across this before i am sure?
  Anyway if it does resolve the issue i will post it back here so that anyone else in the future with this problem has a resolution!!
  thanks

• Client IP Address issues

  Just starting to put a Cisco Wireless infrastructure in place, currently just testing every thing.  Here is my issue.
  After I create a WLAN, bind it to the VLAN I can authenticate but can't get an IP address.
  Now if I bind the WLAN to the same VLAN the AP is on, I can get an IP address.
  I do have the DHCP IP configured under WLAN as well as interface, I tried it with just configuring it on the interface but no use
  I tried DHCP proxy enabled and disabled
  Also want to mention that the AP is connected to a switch and the switch port is setup as an access port on VLAN130.

  what happens if we assign static Ip address?? are we able t oping the Default Gateway?? or from the DG are we able to ping the client??
  Normally the LWAPP in local mode will be in the Access Port.. not trunk... so if you assign vlan 130 on the switch port then the clients connecting to VLAN 109 should also get the IP since its LWAPP tunneled.. So from my understanding.. you are configuring VLAN 130 on the switch and connecting the AP and the VLAN 109 guys are not getting the IP where in VLAN 130 guys are getting the IP?? please correct me if my understandings are incorrect..
  >> in this case.. i have a question.. To what switch is this AP connected to?? any small business switch like CE 500 or anything better than that?? like 2960 and so on..??
  >> Are we able to ping the Default gateway from the WLC and the Client (the interface VLAN which is facing the issue )??
  >> check the switch port configuration on which the WLC is connected and make sure the problematic VLAN is allowed.. or on the switch check if we have that VLAN in the VLAN.dat allowed.
  Lemme know how this works out for you!!
  Regards
  Surendra

• WLC 5760 - show client ccx roam-history

  Hi,
  We're running an WLC 5760 with the latests version (3.3.1). We have several wlans, with diferent authentication methods, and they are all working fine.
  However we noticed that the roaming is working correctly but no information is displayed if the "show ccx roam-history".
  WLC1#sh wireless client mac-address 8853.2e9e.f70a det | i CCX
  Client CCX version : 4
  WLC1#debug dot11 ccx-roam all
  Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Mobile  8853.2e9e.f70a  associated
  Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile  8853.2e9e.f70a 
  Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile  8853.2e9e.f70a
  Dec 12 17:11:40.963: 00000000: 1 wcm:  01 1a 33 81 88 53 2e 9e  f7 0a c0 25 5c 68 50 50  ..3..S.....%\hPP
  Dec 12 17:11:40.963: 00000010: 1 wcm:  28 11 c0 25 5c 68 50 50  01 00 02 01 06 ab 0d 0d  (..%\hPP........
  Dec 12 17:11:40.963: 00000020: 1 wcm:  03 b8 05 28 11 c0 25 5c  ec 05 a0 0b 00 07 01 06  ...(..%\........
  Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11  0c 68 03 ea 52 10 06 00  ......(..h..R...
  Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8  05 28 11 0c 68 03 d6 e4  .........(..h...
  Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 00 0b 00 07 01 06 ab 0d  0d 03 b8 05 28 11 0c 68  ............(..h
  Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 03 4d d0 60 01 00 07 01  06 ab 0d 0d 03 b8 05 28  .M.`...........(
  Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 ea 40 70 01  00 07 01 06 ab 0d 0d 03  ..h..@p.........
  Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000080: b8 05 28 11 0c 68 03 ea  4b 10 01 00 07 01 06 ab  ..(..h..K.......
  Dec 12 17:11:40.963: 00000090: 1 wcm:  0d 0d 03 b8 05 28 11 c0  25 5c 68 50 5f 3c 01 04  .....(..%\hP_<..
  Dec 12 17:11:40.964: 000000a0: 1 wcm:  01 06 ab 12 12 03 b8 05  28 11 c0 25 5c ec 05 af  ........(..%\...
  Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 24 01 07 01 06 ab 12 12  03 b8 05 28 11 0c 68 03  $..........(..h.
  Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06  ab 12 12 03 b8 05 28 11  .R.$..........(.
  Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 ea 4b 1f 38 01  07 01 06 ab 12 12 03 b8  .h..K.8.........
  Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000e0: 05 28 11 0c 68 03 d6 e4  0f 38 01 07 01 06 ab 12  .(..h....8......
  Dec 12 17:11:40.964: 000000f0: 1 wcm:  12 03 b8 05 28 11 c0 25  5c a3 f4 8f 30 01 07 01  ....(..%\...0...
  WLC1#
  Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05 28  11 0c 68 03 ea 40 7f 30  .......([email protected]
  Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 00000110: 01 07 01 06 ab 12 12 03  b8 05                    ..........
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Received Neighbor List Request from Mobile  8853.2e9e.f70a
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile  8853.2e9e.f70a 
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile  8853.2e9e.f70a
  Dec 12 17:12:51.006: 00000000: 1 wcm:  01 1a 33 81 88 53 2e 9e  f7 0a c0 25 5c 68 50 50  ..3..S.....%\hPP
  Dec 12 17:12:51.006: 00000010: 1 wcm:  28 11 c0 25 5c 68 50 50  01 00 02 01 06 ab 0d 0d  (..%\hPP........
  Dec 12 17:12:51.006: 00000020: 1 wcm:  03 b8 05 28 11 c0 25 5c  ec 05 a0 0b 00 07 01 06  ...(..%\........
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11  0c 68 03 ea 52 10 06 00  ......(..h..R...
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8  05 28 11 0c 68 03 d6 e4  .........(..h...
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 00 0b 00 07 01 06 ab 0d  0d 03 b8 05 28 11 0c 68  ............(..h
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 03 4d d0 60 01 00 07 01  06 ab 0d 0d 03 b8 05 28  .M.`...........(
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 ea 40 70 01  00 07 01 06 ab 0d 0d 03  ..h..@p.........
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000080: b8 05 28 11 0c 68 03 ea  4b 10 01 00 07 01 06 ab  ..(..h..K.......
  Dec 12 17:12:51.006: 00000090: 1 wcm:  0d 0d 03 b8 05 28 11 c0  25 5c 68 50 5f 3c 01 04  .....(..%\hP_<..
  Dec 12 17:12:51.006: 000000a0: 1 wcm:  01 06 ab 12 12 03 b8 05  28 11 c0 25 5c ec 05 af  ........(..%\...
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 24 01 07 01 06 ab 12 12  03 b8 05 28 11 0c 68 03  $..........(..h.
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06  ab 12 12 03 b8 05 28 11  .R.$..........(.
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 ea 4b 1f 38 01  07 01 06 ab 12 12 03 b8  .h..K.8.........
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000e0: 05 28 11 0c 68 03 d6 e4  0f 38 01 07 01 06 ab 12  .(..h....8......
  Dec 12 17:12:51.006: 000000f0: 1 wcm:  12 03 b8 05 28 11 c0 25  5c a3 f4 8f 30 01 07 01  ....(..%\...0...
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05 28  11 0c 68 03 ea 40 7f 30  .......([email protected]
  Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000110: 01 07 01 06 ab 12 12 03  b8 05                    ..........
  Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Received Neighbor List Request from Mobile  8853.2e9e.f70a
  Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile  8853.2e9e.f70a 
  Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile  8853.2e9e.f70a
  Dec 12 17:15:48.712: 00000000: 1 wcm:  01 07 33 81 88 53 2e 9e  f7 0a c0 25 5c 68 81 20  ..3..S.....%\h..
  Dec 12 17:15:48.712: 00000010: 1 wcm:  28 11 c0 25 5c 68 81 20  01 00 02 01 06 ab 0d 0d  (..%\h..........
  Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 00000020: 03 b8 05 28 11 0c 68 03  ea 52 10 06 00 07 01 06  ...(..h..R......
  Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11  0c 68 03 ea 4a f0 0b 00  ......(..h..J...
  Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8  05 28 11 0c 68 03 d6 eb  .........(..h...
  Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 20 01 00 07 01 06 ab 0d  0d 03 b8 05 28 11 c0 25  ............(..
  Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 5c ec 05 a0 0b 00 07 01  06 ab 0d 0d 03 b8 05 28  \..............(
  Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 d6 e4 00 0b  00 07 01 06 ab 0d 0d 03  ..h.............
  Dec 12 17:15:48.713: 00000080: 1 wcm:  b8 05 28 11 c0 25 5c 68  50 50 01 00 07 01 06 ab  ..(..%\hPP......
  Dec 12 17:15:48.713: 00000090: 1 wcm:  0d 0d 03 b8 05 28 11 c0  25 5c 68 81 2f 38 01 04  .....(..%\h./8..
  Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000a0: 01 06 ab 12 12 03 b8 05  28 11 0c 68 03 ea 4a ff  ........(..h..J.
  Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 2c 01 07 01 06 ab 12 12  03 b8 05 28 11 0c 68 03  ,..........(..h.
  Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06  ab 12 12 03 b8 05 28 11  .R.$..........(.
  Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 d6 e4 0f 38 01  07 01 06 ab 12 12 03 b8  .h....8.........
  Dec 12 17:15:48.713: 000000e0: 1 wcm:  05 28 11 c0 25 5c ec 05  af 24 01 07 01 06 ab 12  .(..%\...$......
  Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000f0: 12 03 b8 05 28 11 0c 68  03 d6 eb 2f 3c 01 07 01  ....(..h.../<...
  Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05                              .......
  WLC1#show wireless client mac-address 8853.2e9e.f70a ccx roam-history
  Shouldn't the output be the same as the AireOS command "show client roam-history client-mac"?
  Kind regards,
  Vasco Costa

  Obtaining CCX Client Roaming Information (CLI)
  Step 1  
  View the current RF parameters configured for client roaming for the 802.11a or 802.11b/g network by entering this command:show {802.11a | 802.11b} l2roam rf-param
  Step 2  
  View the CCX Layer 2 client roaming statistics for a particular access point by entering this command:show {802.11a | 802.11b} l2roam statistics ap_mac
  This command provides the following information:
  The number of roam reason reports received
  The number of neighbor list requests received
  The number of neighbor list reports sent
  The number of broadcast neighbor updates sent
  Step 3  
  View the roaming history for a particular client by entering this command:show client roam-history client_mac
  This command provides the following information:
  The time when the report was received
  The MAC address of the access point to which the client is currently associated
  The MAC address of the access point to which the client was previously associated
  The channel of the access point to which the client was previously associated
  The SSID of the access point to which the client was previously associated
  The time when the client disassociated from the previous access point
  The reason for the client roam
  Debugging CCX Client Roaming Issues (CLI)
  If you experience any problems with CCX Layer 2 client roaming, enter this command:
  debug l2roam [detail | error | packet | all] {enable | disable}

• I am automating the process of sending appointment reminders to my clients. I started with an alert with an email in calendar using the clients email address as a custom entry in my me card in my contacts. this was resulting in three emails being sent wit

  I am automating the process of sending appointment reminders to my clients. I started with an alert with an email in calendar using the clients email address as a custom entry in my me card in my contacts. this was resulting in three emails being sent with slightly different versions of the same address (see my previous post). Heating someone else's suggestion I created a workflow file to send an email and calling that file from an alert on my calendar. This is working and sends only one email to the client.
  My calendar is on I cloud and I access it from three different computers so I can keep my appointment calendar current. The files that send the email only exist on one computer. My other computers show error messages when those emails get sent. It seems that each computer wants to send the email. It's a small problem but is there a way that I could not get those alerts.
  But appreciate any thoughts about this. It seems like both problems might be related to the iCloud system.
  Thank you in advance,
  Michael

  Good work, catch so far Michael, does seem to be a "feature" of iCloud syncing, not sure what you could do to disable it.

• WLC Guest portal - External DNS issue

  I have an interesting behavior.  When my guest users attach to the guest network, I want them to use some external DNS source and not my organizations DNS servers.  So, I set the dhcp scope options to point to other DNS Servers.  When I do, the users don't seem to be redirected to the WLC guest portal, they get nothing and because of that, they cannot get to the Internet.
  I am not sure why this is happening.  The re-direction URL is https://1.1.1.1/login.html?redirect=www.google.com?/ocid=iehp
  I don't understand why pointing a guest client to an external DNS servers would cause the guest login page not to come up.

  The issue is likely that you are attempting to redirect an HTTPS page. See this link for more information:
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html#anc7
  You didn't mention your code rev, but it seems that 8.0 is able to redirect HTTPS for guest portal.

• Missing Tunnel-Client-Endpoint attribute in AAA accounting from 2821

  I am trying to optimise the detailed accounting records for VPN client connections on our system
  but have noticed I am not receiving Tunnel-Client-Endpoint (attribute 66) in tunnel start accounting records from the router.
  The VPN functionality works fine, this is just an accounting issue.
  All other accouting attributes I need are received fine (times, username, VPN Framed IP, NAS identifier).
  The system details are:
  VPN server : Cisco 2821 with IOS 12.4(11)XW3
  Tunnel type: VPDN, PPTP, MPPE 128bit, MS-CHAPv2
  Accouting RADIUS: Microsoft Windows Server 2008 R2 NPS
  I have used the same setup many times previously on various 2801, 2811, and 2911 platfroms with no issue (across v12 and v15 IOS).
  Sending attribute 66 "Tunnel-Client-Endpoint" appeared to be standard for any tunnel setup, no config was require to send it.
  Does anyone know a reason why this fairly standard tunnel RADIUS attribute is not being sent to us from the router in this case?
  Example debug of tunnel start accounting message, showing that attribute 66 is not included in info sent to accouting server:
  Jun 25 2013 14:55:13.591 AEST: RADIUS/ENCODE(0000061A):Orig. component type = VPDN
  Jun 25 2013 14:55:13.595 AEST: RADIUS(0000061A): Config NAS IP: 0.0.0.0
  Jun 25 2013 14:55:13.595 AEST: RADIUS(0000061A): sending
  Jun 25 2013 14:55:13.595 AEST: RADIUS/ENCODE: Best Local IP-Address 192.168.xxx.xxx for Radius-Server 192.168.xxx.xxx
  Jun 25 2013 14:55:13.595 AEST: RADIUS(0000061A): Send Accounting-Request to 192.168.xxx.xxx:1646 id 1646/220, len 184
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  authenticator D7 DD 05 D9 72 FC 72 9C - 02 E0 6A FD D1 AC DB 06
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Acct-Session-Id     [44]  10  "00000642"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Tunnel-Medium-Type  [65]  6   00:IPv4                   [1]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Tunnel-Assignment-Id[82]  3   "1"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Tunnel-Server-Auth-I[91]  14  "********"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Acct-Tunnel-Connecti[68]  4   "44"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Framed-IP-Address   [8]   6   192.168.xxx.xxx          
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  User-Name           [1]   10  "*********"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Acct-Authentic      [45]  6  
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Acct-Status-Type    [40]  6   Start                     [1]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  NAS-Port            [5]   6   426                      
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  NAS-Port-Id         [87]  17  "Uniq-Sess-ID426"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Class               [25]  46 
  Jun 25 2013 14:55:13.595 AEST: RADIUS:   69 89 04 FA 00 00 01 37 00 01 02 00 C0 A8 AC 01  [i??????7????????]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:   00 00 00 00 00 00 00 00 00 00 00 00 01 CE 6E 22  [??????????????n"]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:   2F A7 37 14 00 00 00 00 00 00 00 29              [/?7????????)]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Service-Type        [6]   6   Framed                    [2]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  NAS-IP-Address      [4]   6   192.168.xxx.xxx          
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Acct-Delay-Time     [41]  6   0                        
  Jun 25 2013 14:55:13.691 AEST: RADIUS: Received from id 1646/220 192.168.xxx.xxx:1646, Accounting-response, len 20
  Jun 25 2013 14:55:13.691 AEST: RADIUS:  authenticator E8 EC 1C 30 D2 01 8E D8 - 15 10 09 5F 37 95 D4 25
  Important config
  aaa new-model
  aaa authentication login default local group radius
  aaa authentication ppp default local group radius
  aaa authorization exec default local group radius
  aaa authorization network default local group radius
  aaa accounting delay-start
  aaa accounting session-duration ntp-adjusted
  aaa accounting exec default start-stop group radius
  aaa accounting network default start-stop group radius
  aaa session-id common
  vpdn enable
  vpdn-group 1
  ! Default PPTP VPDN group
  accept-dialin
    protocol pptp
    virtual-template 1
  interface Virtual-Template1
  ip unnumbered Dialer1
  ip nat inside
  ip virtual-reassembly
  peer default ip address pool VPN
  no keepalive
  ppp encrypt mppe 128
  ppp authentication ms-chap-v2
  ip local pool VPN 192.168.xxx.xxx 192.168.xxx.xxx
  radius-server host 192.168.xxx.xxx auth-port 1645 acct-port 1646 key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  Larry,
  1) Please set up enable authentication to get the actual user name,
  aaa authentication enable console tacacs-auth LOCAL
  On ACS user setup you need to set up tacacs+ enable password.
  3) Since you have defined both server for authentication and accounting ie 219 and 218 it is sending accounting to 218, as it is also defined as accounting server and firewall it active.
  Use only
  aaa-server tacacs-auth (dept-outside) host 10.1.26.218 key tacacs-secret
  aaa-server tacacs-acct (dept-outside) host 10.1.26.219 key tacacs-secret
  Now auth should go to 218 and acc to 219.
  Regards,
  ~JG
  Do rate helpful posts

• Client IP address on Web Forms

  Hi Friends,
  I tried to get IP Address of Client by using
  SYS_CONTEXT('USERENV','IP_ADDRESS') in a database function but the problem it always brings the Forms Server IP Address instead of Client Ip Address on Web Forms. I'm just wondering is there any way to deal this problem?
  Thanks
  Rao Guduru

  You will probably have to use a PJC and execute ipconfig. You can also read the registry, but the location may vary.
  See
  http://www.governmentsecurity.org/articles/GettingIPdatafromnumeroussources.php
  http://www.codeproject.com/cs/internet/obafindingipinformation.asp
  Message was edited by:
  Mark Roberts

• How can I get the client IP address correctly?

  Hi,
  I am having a problem with getting the client ip address correctly using jsp. I am currently using the method request.getRemoteAddr() (JSP)to get the remote client IP. This method works fine with intranet addresses.
  However, when I am using a dial-up connection through a ISP (internet service provider), it could not detect the actual IP that is assigned to my client PC, but instead got another IP address.
  Could anyone advise me on that? And could anyone advise me on how to obtain the correct client ip address correctly using any of the java technologies?
  Thanks,
  Damien

  >
  I don't believe so. You can't establish aconnection
  over the internet using a private IP. As far as I
  know most, if not all routers, block them so itwon't
  even move over the backbone.Well with port-mapping it is definately possible to
  allow an external ip to "connect" to an internal ip, i
  have done this very thing myself...Not the same.
  You are addressing the external server with a public IP address. That is then translated into the internal connection.
  That is not the same as using a private IP on the internet.
  As I said, the backbone will not let a private IP through.
  >
  >
  Yes, but my point is that at any given time, in the
  world, many boxes might have one address. Even ifit
  is a private IP is it still that IP for aparticular
  box. So if you use java to get its IP that is theIP
  that it gets. And that IP is useless for anything
  unless that IP is meaningful for the othercomputer.
  But all ips must be unique in a designated "internet"
  be it an "intranet" or whatever, there cannot be a
  situation where two identical ips in the same
  "internet", such that an ip that is achieved from a
  page-hit is valid and meangingful in order to send the
  data it is requesting back to it, or find out more
  about that computer, or log and report it if it is
  doing something illegal; i don't think its that
  meangingless is it?Yes it is. You can't use an IP to uniquely identify a box, and that is the sole criteria, when there might be two boxes with the same IP.
  When you use java on a client box to get the IP of the box, it doesn't necessarily return an IP that it meaningful to the anyone outside the lan on which the box lives.
  Because of this internet systems must do one of the following:
  -Do not use the IP as an identifier.
  -Require that the client has a public IP. This is often static. At least some security systems use this to validate users.