Hey All, I've installed a second Cisco ACS server for redundancy on our WPA2/AES/802.1X wlan and I was wondering how this will affect user connections. I have 2 ACS's with 2 different certificates and they are setup as radius 1 and 2 under this specific wlan. I'm concerned that when a user connects and authenticates to ACS1 and then later on roams or reauthenticated due to some timer that they'll hit ACS2 and the client won't have an existing session built and fail. 1. Can someone elaborate on when the 2nd radius server gets used. round robin or only when ACS 1 is unresponsive/failed user login. 2. Is there a better way to work with this senario? i.e. 1 cert (e.g) wireless.xxx.yyy and put the acs's behind a load balancer? 3. Can I get the load balance affect with just the wlc's and the ACS's? I'm just trying to verifiy a few things before I go live with it. Thanks Craig ... View more

Hi, We are looking to deploy either appletv or airserver to support the demand for mirroring ipads/android/laptops to projectors in our classrooms. I'd like to leverage the existing hardwires computer/vpu and install airserver and allow the pc (ethernet) to talk with our various wireless devices. We run vrf-lite in our network and have designed our wireless to mostly be outside our internal network with a few holes punched in for certain services, but mostly just web and dmz applications. In order to use "any apple device" with bonjour you need to have layer 2 adjacency, pretty much unless your controllers support a bonjour gateway of some sort. With vrf-lite and our policy of not spanning a vlan out of a certain area it makes it extremely difficult (in my mind) to get the classroom PC to look like its directly attached to our cisco wireless controller. I'll try to give an idea of the architecture of one area where we'd like this. Classroom PC (10.12.12.1 - vlan 2) ---->3750 switches ---> distribution --> aggregation (cisco 6500)--->cisco 5508 wifi--->ipad (10.239.12.1 -vlan3) I was wondering what peoples ideas were on tunneling the classroom pc back to the cisco 6500 and make it look like its attached to the cisco wlc? From what I've read, its pretty limited on tunneling on a cisco 3750 so that might just cut the story short. I thought of putting a wifi NIC in each pc and just going all wireless and I also thought about tunneling the actual classroom PC (like ssl or ipsec client) back to the aggregation. The main reason that I like the airserver part is that potenially we could have 100-200 appletv/airserver devices and using group policies to change passwords on airserver is alot easier than change 200 appletv's 1 by 1. I might be totally missing something but any ideas would be great. thx Craig                   ... View more