Greetings, we have a very busy guest/byod wireless network which has recently started to exceed 1000 clients on a regular basis, up until now it has worked without issue but have had reports that people are frequently unable to connect to the internet at peak times (Lunchtime etc) Investigations revealed that the WAN router (Cisco 3825) has started exceededing the maximum number of NAT/PAT translations on the external facing interface >65,000 - At one point it was showing as having 72,000 translations. As such i have decided to create a NAT pool to make use of additonal public address space that we have on our WAN breakout and to load balance PAT across several external IP addresses to counter the problem, however when i look at the NAT translations it still appears that i'm only overloading on the interface IP address and not load balancing ammougst all 5 external addresses in the NAT pool. WAN Breakout 213.**.**.32 /27 Interface configuration interface GigabitEthernet0/0  bandwidth 25000  ip address 213.**.**.33 255.255.255.224  ip nat outside  ip virtual-reassembly in  rate-limit input 25000000 4687500 9375000 conform-action transmit exceed-action drop  rate-limit output 25000000 4687500 9375000 conform-action transmit exceed-action drop  duplex full  speed 100  media-type rj45 NAT configuration ip nat pool GUEST_WLAN 213.**.**.33 213.**.**.37 prefix-length 27 ! ip nat inside source list NAT pool GUEST_WLAN overload ! ip access-list extended NAT  permit ip 192.168.16.0 0.0.7.255 any  deny   ip any any Debugs #sh ip nat translations | include 213.**.**.33 tcp 213.**.**.33:50630    192.168.16.6:50630    31.13.72.112:443      31.13.72.112:443 tcp 213.**.**.33:7309     192.168.16.6:50633    31.13.64.97:443       31.13.64.97:443 tcp 213.**.**.33:18769    192.168.16.6:51052    17.130.254.15:5223    17.130.254.15:5223 tcp 213.**.**.33:18747    192.168.16.6:51233    173.194.34.152:443    173.194.34.152:443 tcp 213.**.**.33:59589    192.168.16.6:51295    173.252.103.16:443    173.252.103.16:443 tcp 213.**.**.33:33720    192.168.16.6:51470    17.172.233.120:443    17.172.233.120:443 tcp 213.**.**.33:47715    192.168.16.6:51477    67.195.236.72:993     67.195.236.72:993 tcp 213.**.**.33:30787    192.168.16.6:51481    206.191.242.230:443   206.191.242.230:443 tcp 213.**.**.33:32230    192.168.16.6:51484    188.125.68.71:993     188.125.68.71:993 sh ip nat translations | include 213.**.**.34 tcp 213.**.**.52:51466    192.168.21.198:51466  17.149.32.57:443      17.149.32.57:443 tcp 213.**.**.34:52574    192.168.21.198:52574  173.252.103.16:443    173.252.103.16:443 --- 213.**.**.34          192.168.21.198        ---                   --- sh ip nat translations | include 213.**.**.35 --- 213.**.**.35          192.168.16.223        ---                   --- sh ip nat translations | include 213.**.**.36 --- 213.**.**.36          192.168.16.195        ---                   --- sh ip nat translations | include 213.**.**.37 --- 213.**.**.37          192.168.21.214        ---                   --- Really appreciate if someone could validate if this configuration is correct please? Would i be correct in assuming it wont load balance and will only utilise the pool members when the first one is exhausted? Regards ... View more

Greetings, we have two 5508 WLC's in our HQ, all AP's connected in local mode and heavily use MS Lync over wireless. We have 5 SSID's configured for various functions, one of which is the corporate SSID which users associate to by default, at present the QoS policy is set on all WLAN's to Silver. Based on information from various sources and tech docs from Cisco i have thus far created the following AVC profile and applied it to the Corporate WLAN to identify Lync traffic and mark it accordingly Set WMM on the WLAN to required. And configured 802.1p settings on the Silver QoS profile I have also configured the switch ports connected to the WLC's to trust COS (mls qos trust cos) all switch interconnects/uplinks to trust DSCP (mls qos trust dscp) and all access ports connected to lighweight AP's to trust dscp. Now this is where i start to get confussed: Do i need to enable 802.1p if using AVC profiles to correctly classify traffic? Or based on some post just set the corporate SSID to use the Platinum QoS profile, leave all others as Silver? Any recomendations would be appreciated. Regards ... View more

Greetings, i'm looking to deploy two Cisco 5508 WLC's in a HA pair and license them to support 150 2600e AP's. Would the BoM below be sufficient? As i understand the HA controller doesnt need licensing as in the event of the primary controller failing they would be transfered to the backup controller. 15 x AIR-CAP2602E-EK910 - AP's 600 x AIR-ANT2524DW-R - Antenna 1 x AIR-CT5508-100-K9 - Cisco 5508 Controller (Primary) 1 x AIR-CT5508-HA-K9 - Cisco 5508 HA Controller (Standby) 1 x L-LIC-CT5508-50A - Adiitional 50 AP License Regards ... View more