Virtual WLC, customers of fall.

Similar Questions

• On the virtual machines of small, medium and large

  I've seen in many demos and presentations that the GUI offers of deployment of small, medium or large VMs. Can we get more details around this? These predetermined formats are? If so, who determines their - Evo seller or VMware? So customizable, y at - it a specific range, they can be customized to the breast (small to have not more than 2 vCPUs, medium to have not more than 4 vCPUs, etc..)? What happens if a virtual machine that never falls not into one of the three pre configured standards must be built?

  REDA

  Raj,

  Thanks for the question. To answer. They are predefinied... and that they are set by VMware (not the partner) and they are defined in the interface user Evo.

  Currently, it is not a custom option or the possibility of custom settings - if someone wanted a personalized, virtual computer they could open the vSphere Web Client or vSphere Client Desktop on vCenter and set them in a conventional way...

  Concerning

  Mike

• Comments of the virtual machine removes the packages using e1000 Mode VST adapter

  We discovered a recent issue in our datacenter where our virtual machine guests will fall packages when using frames on the map virtual e1000 on a vSwitch configured for VST mode.  The guest operating system is Red Hat Enterprise Linux 5 update 6.

  Ignored packets occur when the MTU has 9000 on the Linux OS.  The vSwitch is configured correctly for extended frames and we tested 2 virtual machines on the same hardware (and same VM network) as well as two different servers ESXi to verify this.

  Our wireshark caputures revealed that the last 4 bytes of the payload of the packet are deleted.  An example is the package of sending on a single server was 8142 bytes and package receiver 8138 bytes.  Because of the difference, the TCP checksum fails and the packet is ignored.  Somewhere by the transfer of the 802. 1 q header is missing on one end and on the other, less the last 4 bytes at the end of the frame.

  So far, our only workaround is to set the MTU 1500 on the Linux OS or use with MTU 9000 VMXNET3 adapter.  We use PXE to boot our virtual machines, that's why we chose to use the e1000 rather than the VMXNET3 adapter adapter (although RHEL 6 supports PXE with the new adapter, that's how good news in the future!)

  Hello

  You cannot use e1000 with frames jmbo it as design of esx, only enhanced vmxnet (and vmxnet3) adapters are supported of extended frames. Cards other than enhanced vmxnet (and vmxnet3) adapters, for example the adapter E1000, unusable with frames. Attempts to change the MTU seems to succeed but the adapter always deletes more than 1500 byte frames.
  TM

• Help with Setup for roaming on 3502 and 1252

  Hello everyone, I have a little suggest on how to set up roaming without having to connect different SSID. I find when I was at the Rochester Institute of Technology College, when I walk down the hall, I saw my phone wifi signal is never detached but seen 1142 (I thought to it what looks like design) change from green to blue in each location. My major is information & Computing studies at NTID.

  My current setup at home:

  1 Internet to untangle the firewall Cisco Catalyst Express 500 with PoE to two 3502i at home

  2 cisco Catalyst Express 500 to Cisco Catalyst Express 500 with PoE to two 1252 in the garage

  3 3502i and 1252 running IOS autonomous or independent

  And also we have smartphones, apple ipads and iphones and a laptop computer.

  I want to put the same SSID so they should connect automatically via roaming anywhere as LAUGHS and even double band should work also. I don't have a Windows Server or virtual WLC (should I get Windows Server 2008 R2 or 2012 of LAUGHS and I can download virtual WLC too). Will it work without WLC and server?

  In this case, if it is not possible without WLC so I want to know what requirement list so I can add to this to make it work.

  Gage Burchett wrote:
  Stephen,
  All of these AP are running WPA2-PSK AES + WPA-PSK TKIP (Cipher AES CCMP + TKIP) with same passhrase and same SSID. Any channel still work? Isn't 802.1x can be used with Windows Server that have RADIUS? Are you sure I leave these same configuration so it will roaming itself or client?
  

  I would stick with channels 06/01/11, standard no bunk channels for the side of 2.4 GHz.  For 5 GHz, any channel you choose should work as 5 GHz channels do not overlap.

  And Yes, provided that the mapping SSID, PSK and VLAN (if you make interfaces) is the same and there is some overlap between the signals of the AP, your customers need to wander between the AP very well.

  HTH,
  Steve

  ------------------------------------------------------------------------------------------------
  Please don't forget to rate helpful messages and mark the questions answers

• You try to run a Site to site VPN and remote VPN from the same IP remotely

  We currently have a site to site VPN configuration between our offices call center and a 3rd party that allows them to access our training to their employees to use environment while being trained on our systems. This tunnel is running between our ASA and their ASA without problem; However, when we have managers come out to the call center, they are unable to use remote VPN to access our office.

  Apparently the same IP peer remote that we use for our site to the other tunnel is the same IP that our managers use to access the internet when they are on-site with the customer. When I look at the logs it shows the VPN attempt and then I get treatment Information Exchange has failed. So from what I can understand when our managers are trying to connect to our firewall from the same IP address as the counterpart of site to site it automatically tries to create a tunnel, according to the information of the site to the other tunnel. If our managers are anywhere else, they can connect through remote VPN with no problems.

  My question is if anyone knows of a way to make the firewall allow VPN site to site and remote connections with the same remote IP address.

  Hi John,.

  Basically, in older versions, when you hit a static encryption card and you does not match this static encryption completely map the connection continues until the dynamic encryption card. For this reason, you can connect your IPSec clients before. A bug has been opened on this vulnerability.

  CSCuc75090  Details of bug

  The crypto IPSec Security Association are created by dynamic crypto map to static peers

  Symptom:

  When a static VPN peer adds all traffic to the ACL crypto, a surveillance society is based even if the pair IP is not allowed in the acl to the main façade encryption. Are these SA finally put in correspondence and commissioning the dynamic crypto map instance.

  Conditions:

  It was a planned design since the first day that allowed customers to fall through in the case of static crypto map did not provide a necessary cryptographic services.

  The SA must be made from a peer configured statically and a dynamic crypto map instance must be configured on the receiving end.

  Workaround solution:

  N/A

  Some possible workarounds are:

  Configure a static nat device when you try to use the remote VPN if the firewall remotely will be hit with a different public IP address. It would be a good solution, but it will depend on how many ip addresses public you have available, if you really want one of these ip addresses for that access.

  Also, I thought you could use AnyConnect instead of the IPSec VPN client. I don't know how many users need to connect from your PC to the remote site, but the ASA has 2 licenses SSL available that you could use. Because Anyconnect uses the SSL protocol, it won't have a problem on your environment.

  Below some information:

  http://www.Cisco.com/c/en/us/TD/docs/security/ASA/asa84/configuration/guide/asa_84_cli_config/vpn_anyconnect.html

  Hope this helps,

  Luis.

• WebAuth ISE Central and vWLC 7.4

  Hello world

  I wonder if anyone has had this scenario works, Cisco ISE comments portal via redirect CWA on an AP connected to a virtual WLC running 7.4. As vWLC can only run flexconnect and no VLAN centrally switched only is supported, how this scenario would be possible, if at all, the AP would have to do the redirect instead of the controller?

  Jan,

  It works fine, when the customer is in the WEBAUTH-REQD, begging provisioning or Posture_Reqd state traffic is centrally switched. Once the client is in the executing State, then the control message is sent to the AP to put the customer in mode flexconnect.

  Thank you

  Tarik Admani
  * Please note the useful messages *.

• Dissociated MAC Client timeout

  G ' Day all,

  Can anyone tell if I am able to change the time it takes for a MAC address is allowed out of the WLC customers dissociated. Clients on the interface page graphic it looks to be about 5 minutes so I think it is 300 seconds as the clock of arp table standard. I would change it if possible.

  Here's why:

  I have a wireless network that uses ISE to the machine authentication and posture of wireless devices. If a customer dissociates and re - partner without going through the entry of the client in the empty manually, WLC NAC agent don't postural again the wireless device.

  This seems to be the entry of the client in the WLC is in a RUNNING State, so if the re-associates, the last known state is RUN, then he joined just the customer upwards and the posture of the NAC is not finished.  This is a reproducible behavior.

  If the customer dissociates and clear manually the customer to enter the WLC, the customer may re-associate and focuses, as expected.

  I need to be able to configure this solution so that whenever the client is associated, regardless of the speed with which he associated after dissociation, the posture of the NAC process occurs.

  Any help is greatly appreciated.

  Thank you.

  JS

  To remove the client from the executing State, the timer of the session or the idle timer expires.  The inactivity timer is usually what happens to expire first.  The default value for the inactivity timer is also 300 seconds.

  Thank you

  Scott

  Help others by using the rating system and marking answers questions as 'response '.

• Multiple monitors with laptop docking Station

  I currently have a laptop with a closed lid hung in its docking station, it has 2 external monitors connected by separated through the docking station DVI ports that are configured for a dual monitor set up. Locally on the laptop, it works fine, but when you run the VMview Client (v5) the virtual session recognizes only a monitor. The laptop model is a Dell Latitude E6530 and is the Dell docking station. PRO2X. Our typical installation fuels the virtual desktop customers Wyse zero configuration double monitor works fine. But with the laptop and a station, with options of Windows display, it does not recognize another monitor connected. Does anyone know what I have to do to make this work? When I configured the machine dedicated through VMware View Admin (v5.1) I chose to allow up to 2 monitors.

  In the view of the customer, when you select the office you connect to.

  Below the list of available desktop computers is a menu drop down called "Display".

• OnThick space provisioned disks?

  I have configured my VM thick, but most of them show space put into service between 20% and 60% more than the space used. The data store is 200 GB pledged.  My understanding is that space put into service comes into play with thin provisioned disks, not thick. Can someone explain to me why it took so much space in service?  We are on the latest version of VMware.

  Thank you!

  Take it back storage provisioned the VMDK for the disk, the file etc vswap isn't just the disc.

  For example, if we have a virtual machine with a hard disk of 4 GB space of the thick put in service and windows 2008 R2 with 4 GB of RAM then the disc put into service will be around 8,11 GB

  Used storage will show 4.00 GB as this is the file to disk. The rest of the space put into service is mainly the vswap 4 GB file.

  Start the virtual machine and changes in storage provisioned to 8.05 as does the storage used such that it created vswap files.

  It off again and changes in storage provisioned to 8.12 GB and used (s) back up to 4 GB

  Set size in service has increased to 100% not sure de.01 why but could be the journal file, or something.

  But your space is higher than the discs it's file of vswap RAM the virtual machine it is either in the total of 20 to 60%.

  FYI, changing limits or action does not affect the space put into service, because it is for physical memory, not the size of the file vswap.

  The only way to reduce the space put into service is either to reduce hard drive size VMDK or reduce RAM assigned to the virtual machine.

  fall virtual machine up to 2 GB and put into service space is now 6.05 when the virtual machine is running.

• ESXi update 5 questions!

  I had a problem: the network of the virtual computer fails sometimes, run all the virtual machines on the Internet all of a sudden, there is no problem with the ISP, esx ssh and remote connections work but VM network is out of service.

  I think the update-ing the esxi for patch 15/03/2012 (build 623860) will allow them to solve!

  There is a problem:

  I run VMWare ESXi Driver Rollup 2 version and I am about to update to build 623860, patch 15/03/2012, I run the command:

  esxcli software sources vib liste--depot=/vmfs/volumes/datastore1/update/623860.zip | more to see what it's going to upgrade and downgrade, but the problem is that this net-tg3 driver is decommissioning which I think causes me problems, as he provoked with the original image of esxi to August 2011 (you can see my other thread).

  Latest version installed:
  Broadcom_bootbank_net - tg3_3.120 h .v50. 2 - 1OEM.500.0.0.472560 (new!)
  Name: net-tg3
  Payloads: net-tg3

  This is the latest version, but the last patch will downgrade to:

  NET-tg3, VMware 2011-08-19 3.110h.v50.4 - 4vmw.500.0.0.469512 VMwareCertified Downgrade

  Question 1:

  How can I make it without her screw my network card, making it unusable?

  Using the same net-tg3 driver!

  Question 2:
  Is it possible to back up my current configuration of esx and use it to restore if something goes wrong with driver?

  If that's the case, then how?

  Before the update-ing, I wanted to ask here for help!

  I have no access to the machine, but someone is closely in case something happens and if something goes wrong with the network to be able to restore to the old version.

  The main reason for the update-ing, is the virtual computer's network fall suddenly...

  Thank you

  Catalin Alin

  And if you are worried to screw up your installation...

  You can restore the State before your update by pressing SHIFT - R to the ESXi boot prompt and select the other bootbank to boot from.

  -Andreas

• Place Vcenter in what VLAN?

  Hello

  I have a question of general practices regarding where to VCenter. VCenter will host virtual.

  Currently I have 5 VLAN in my virtual environment. One for FT, ISCSI, Vmotion, VM-management and Production (Guest-Machines).

  Is there a best practice to place the VCenter? I guess it's VM-management or Production.

  Since I'm pretty new to this topic, I'd love to hear any experiences, advice and whatever.

  Thx.Andy

  I consider that the VC as a device of 'management' (even if it happens to be a Windows Server running the software) - as such, if possible, I've put it in our business layer.

  Well sure, if you do not go the layer management presented to the network adapters your VMS running through (and your RESUME is a virtual machine), then a fall on the network of the virtual computer is fine.

• Meaning of EAL4 Certification

  I'm trying to translate in practical terms vsphere EAL4 certification.  Suppose I have a virtual machine that is running on an ESX host, and this virtual machine is compromised (for example, the Windows operating system becomes filled with viruses, rootkits and malware).  Am I insured by EAL4 that compromised virtual machine can never jeproadize in any way the security of the host ESX 4?  Of course, it could begin to use too much RAM, CPU and network bandwidth and affect performance.   But are there any known cases of a compromised virtual machine something like fall the console service or to install the code in it, or install the code under the hypervisor or stop the esx host or anything of that nature? (assuming that the service console is itself fixed beforehand).

  Any thoughts appreciated - thanks

  Hello

  If a virtual machine is compromised, the ESX host is NOT compromised... It was that it was an attack 'escape from the virtual machine. There is no such attacks that are currently running on ESX/ESXi.

  EAL4 + does not necessarily imply this, but it is a reference point used by many organizations to determine the level of security in the operating system code. To achieve this certification hypervisor VMware went through an intense evaluation, etc.

  Search this forum for "escape the VM" for more ideas on this style of attack.

  Best regards
  Edward L. Haletky VMware communities user moderator, VMware vExpert 2009, 2010

  Now available: url = http://www.astroarch.com/wiki/index.php/VMware_Virtual_Infrastructure_Security'VMware vSphere (TM) and Virtual Infrastructure Security' [/ URL]

  Also available url = http://www.astroarch.com/wiki/index.php/VMWare_ESX_Server_in_the_Enterprise"VMWare ESX Server in the enterprise" [url]

  Blogs: url = http://www.virtualizationpractice.comvirtualization practice [/ URL] | URL = http://www.astroarch.com/blog Blue Gears [url] | URL = http://itknowledgeexchange.techtarget.com/virtualization-pro/ TechTarget [url] | URL = http://www.networkworld.com/community/haletky Global network [url]

  Podcast: url = http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcastvirtualization security Table round Podcast [url] | Twitter: url = http://www.twitter.com/TexiwillTexiwll [/ URL]

• Bran New VDI Setup

  Hello, I need help to get started.

  I want to create this company with VIEW 3 for their jobs on the field.

  THA will make them keep older hardware and use more recent operating system and applications via virtual machines.

  Pleasetell me if is too early to jump into a full working introduction of 25 runing PC on Virtual Machines

  Here are the details:

  Virtual PC customers expected 25

  Local data servers 2 and mail server file server

  Footstool of host files financial servers PeachTree in only 5 PC a few Client Applications to control machines. Word, Excel and Outlook and chronometric (Prety basic)

  I need to know:

  1 - How many new servers I need to implement this virtual PC 25

  2 - what specs on the servers I need

  3 - What redundancy should I plan on it?

  Thank you very much for the help. I've been looking into several PDF files and some people think I have this and installed and some are not clear on the record that I need. SO I am confused.

  Yes. 2 ESX servers to start then. I would say to them, at least 2 quad-core processors each.

  If you will allocate 1 GB of RAM for each workstation, you 25 GB. However, because VMware has feature of oversubscription, you can get away with about 8 GB of RAM in each ESX Server and host 12 virtual machines per server.

  It can get tight if one of the ESX Servers goes down. If it's your call if you want to put a little more RAM in the upper 8 ESX servers.

  Storage is critical. You should look into a cheap iSCSI or, possibly, a NAS solution. You want to configure vmotion, there must be something decent.

  NIC - if you can, I recommend at least 4 ports. You can do it any way - double plu NIC port built in ports or 2 single port NIC with built-in, etc..

  Of course, you will need to purchase licenses, but you already know.

  Hope this helps you can get.

• VMWare Server 2.0 bug on XP SP3?

  http://sharevm.WordPress.com/2008/12/03/VMware-Server-20-bugs-on-XP-SP3/

  My environment:

  • Windows XP SP3, Office 2007, Firefox, IE 7, Dell D630 Intel Core Duo with 2 GB of RAM, 60 GB hard drive

  • VMWare Workstation 6.5 on Fedora 9 with X windows or Ubuntu 8.10 base OS, not other applications running

  Problems observed:

  • Outlook 2007 crashes intermittently (I often stopped him free before starting the virtual machine)

  • Wireless falls intermittently, but reconnects quickly

  • A USB port not recognized by the host OS (XP)

  You realize that XP is not a supported host OS for Server 2?

  Server 2 user guide.

• customers on flexconnect AP cannot get dhcp address after upgrade wlc

  Hi community support.

  I have a WLC 2504, with 30 APs 1130 flexconnect mode. The WLC runs the code version 7.0.240.0. In order to register new models of ap, we need upgrade to a recent code.

  In the last attempt to upgrade to version 7.4.121.0, the AP has joined the WLC, mappings of vlan in flexconnect have been checked and were very good. However, customers were unable to get an address DHCP (169.254.x.x). The DHCP server is local to each location, is usually a 3750 x that serves as a master switch.

  connection via cable, clients received address dhcp. so the dhcp server isn't the problem. Updated for the 7.6.100.0 code, but got the same behavior.

  Finally, we decided to downgrade the wlc code 7.0.240.0 once again, and everything started working again, but I need upgrade we buy access to new models of points.

  Someone else had a similar problem?

  Thank you

  Hello

  What is the vlan native you are using? If it's the number of vlan 2, then it is known bug CSCui73764

  Symptom:

  Flex series APs 1130 & 1240 mode, won't see traffic, for example, DHCP, ARP. on some wireless LANs.

  Conditions:
  (1) flex connect local switching
  (2) AP 1240 or 1130
  (3) any version before 7.4.121.7
  (4) native vlan x, not work y vlan.
  (5) failed to get the ip address of the user.

  Workaround solution:
  change the vlan native to a surprisingly high number, so no wlan will never be are mapped to a very high bridge group number.

  Other Description of the problem:
  Telnet on the flex AP. here is an example. VLAN 3 is the vlan native Flex ap, it is correctly mapped to group 1. now WiFi is not working is the one that is mapped to vlan2. below, carefully, the vlan 2 is mapped to fill the 3 group. It is the forum where we hit the bug. Therefore, it can be any combination of wlan-vlan-native vlan.

  HTH

  Rasika

  Pls note all useful responses *.