AD & DNS setting for Hub and spoke network

Similar Messages

• DNS best practices for hub and spoke AD Architecture?

  I have an Active Directory Forest with a forest root such as joe.co and the root domain of the same name, and root DNS servers (Domain Controllers) dns1.joe.co and dns2.joe.co
  I have child domains with names in the form region1.joe.com, region2.joe.co and so on, with dns servers dns1.region1.joe.co and so on.
  Each region has distribute offices that may have a DC in them, servers named in the form dns1branch1.region1.joe.co
  Over all my DNS tests out okay, but I want to get the general guidelines for setting up new DCs correct.
  Configuration:
  Root DC/DNS server dns1.joe.co adapter settings points DNS to itself, then two other root domain DNS/DCs dns2.joe.co and dns3.joe.co.
  The other root domain DNS/DCs adapter settings point to root server dns1.joe.co and then to itself dns2.joe.co, and then 127.0.0.1
  The regional domains have a root dns server dns1.region1.joe.co with adapter that that points to root server dns1.joe.co then to itself.
  The additional region domain DNS/DCs adapter settings point to dns1.region1.joe.co then to itself then to dn1.joe.co
  What would you do to correct this topology (and settings) or improve it?
  Thanks in advance
  just david

  Hi,
  According to your description, my understanding is that you need suggestion about your DNS topology.
  In theory, there is no obvious problem. Except for the namespace and server plaining for DNS, zone is also needed to consideration. If you place DNS server on each domain and subdomain, confirm that if the traffic browsed by DNS will affect the network performance.
  Besides, fault tolerance and security are also necessary.
  We usually recommend that:
  DC with DNS should point to another DNS server as primary and itself as secondary or tertiary. It should not point to self as primary due to various DNS islanding and performance issues that can occur. And when referencing a DNS server on itself, a DNS client
  should always use a loopback address and not a real IP address. detailed information you may reference:
  What is Microsoft's best practice for where and how many DNS servers exist? What about for configuring DNS client settings on DC’s and members?
  http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest
  How To Split and Migrate Child Domain DNS Records To a Dedicated DNS Zone
  http://blogs.technet.com/b/askpfeplat/archive/2013/12/02/how-to-split-and-migrate-child-domain-dns-records-to-a-dedicated-dns-zone.aspx
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Best practises for Hub and spoke Metro Etherent network

  Hi there,
  It is my first MAN deployment. I will use the 6513 as the core switch and the 3550 as the edge switches to the customer.
  The customer has 9 locations. The customer asked for interconnection between the 9 locations and his Data center in his HQ.
  Additionally his Internet connection is at the HQ too.
  What is the best practice to architect this solution addressing security? How I deploy VLANs (like one vlan for the internet, one vlan for each department, one management vlan. Etc)
  Any advises

  Hi Sam,
  Let me add my two cents here, when speaking about MAN deployments the name of the game is MPLS, so I guess you are using the same on your Cat 6500s and connecting your customers on 3550s using Vlans.
  Regarding your questions:
  a) Upgrading Ethernet to L3 for traffic shaping: This is basically done at 3550, so I suppose that's what you intend to do, plus you will be letting Spokes talk to only Hub site, so inter Vlan, atleast between Hub and each spoke will be required, hence inter valn routing. Other way is to configure P2P circuits between Hub site with Vlan mapping (per spoke) and Spoke sites with Port mapping, in this scenario Inter Vlan routing is not a necessity.
  b) Security: This depends on what exact architecure you have deployed, in my case I have simply installed a Gateway router with BGP peering with PEs, a separate VRF alongwith redistribution does the trick.
  Hope I addresses the query correctly, let me know if that helped..
  Cheers
  ~sultan

• Fram Relay hub and spoke scenario

  See the attachment please
  Requirements:
  1.Using only physical interfaces configure a Frame Relay hub-and-spoke network between RTA and RTB and RTC, RTB as the hub.
  2.Traffic from RTA destined for RTC should transit RTB, and vice versa.
  3.Use only the DLCIs specified in the diagram.
  4.Do not use any Dynamic layer 3 to layer 2 mappings over these frame Relay connections.
  5.Do not send any redundant broadcast traffic from the spokes to the hub.
  RTB (Hub):
  interface Serial0/0
  ip address 3.1.1.2 255.255.255.0
  encapsulation frame-relay
  frame-relay map ip 3.1.1.1 200 broadcast
  frame-relay map ip 3.1.1.3 300 broadcast
  no frame-relay inverse-arp
  RTA (Spoke):
  interface Serial0/0
  ip address 3.1.1.1 255.255.255.0
  encapsulation frame-relay
  frame-relay map ip 3.1.1.2 22 broadcast
  frame-relay map ip 3.1.1.3 22
  no frame-relay inverse-arp
  RTC (Spoke):
  interface Serial1/0
  ip address 3.1.1.3 255.255.255.0
  encapsulation frame-relay
  frame-relay map ip 3.1.1.2 33 broadcast
  frame-relay map ip 3.1.1.1 33
  no frame-relay inverse-arp
  My queries:
  A- Does he use these two statements because (frame-relay map ip 3.1.1.3 22 and frame-relay map ip 3.1.1.1 33 ) of requirement number 2 ?
  B- Doesn’t he use keyword “broadcast” in these two statements (frame-relay map ip 3.1.1.3 22 and frame-relay map ip 3.1.1.1 33) because of requirement 5?
  C- Does that mean if requirement 5 is not there we should have used “broadcast“ keyword ?
  D- Does not that contradict with what Cisco syas: “The broadcast keyword is commonly used with the frame relay map command” ?
  E- By using these two statements (frame-relay map ip 3.1.1.3 22 and frame-relay map ip 3.1.1.1 33) doesn’t my network become full mesh? but if you look to the diagram it is partial mesh ?

  Answers to your queries:
  A. Correct
  B. Correct
  C. That depends. In most cases, it is a good idea to have broadcasts on, especially when using routing protocols like OSPF which send traffic to multicast destinations. I would habe it on most times.
  D. The recommendation from Cisco is not contradictory. The lab scenario is making you do something quite specific so you have to follow that. You don't always have to follow requirements in order to make things work.
  E. No. Full-mesh refers to a full mesh of PVCs. If there was a PVC from A to C it would be full mesh.
  Hope that helps - pls rate the post if it does.
  Paresh

• EIGRP in a NBMA hub and spoke configuration ?

  Hi,
  Is there a way to configure EIGRP for a Frame Relay NBMA network using a hub and spoke topology ?
  I'm curious that I cannot find any config examples for this, whereas with OSPF in this environment there are plenty of examples.
  I'm wondering if EIGRP being a distance-vector protocol this shouldn't be attempted.
  PS: I've been at this all day and have only managed to get EIGRP to work in one cofiguration and that was using physical interfaces on all routers and switching off split horizon at the hub router. I used frame-relay map statements with broadcast enabled also.
  Any pointers would be appreciated.
  Cheers,
  Phil.

  hi phil,,,
  here is the configuration for the HUB router
  ! hostname ABC
  interface Ethernet1
  ip address 192.168.2.1 255.255.255.0
  interface Serial0
  no ip address
  encapsulation frame relay
  no ip mroute cache
  interface Serial0.1 multipoint
  ip address 192.168.1.1 255.255.255.0
  no ip split horizon eigrp 2001 Split Horizons disabled
  bandwidth 112 Bandwidth set to the sum of the remote PVCs
  frame relay map ip 192.168.1.5 110 broadcast
  frame relay map ip 192.168.1.6 130 broadcast
  router eigrp 2001 EIGRP routing process
  network 192.168.1.0 Networks running EIGRP
  you can have appropriate IP addressing as per your design...
  you can have some easy configuration at spoke side with compere to HUB router....
  regards
  Devang

• DMVPN Hub and Spoke behind NAT device

  Hi All,
  I have seen many documents stating about DMVPN Hub behind NAT or DMVPN Spoke behind NAT.
  But My case i involve in both situation.
  1) HUB have a Load Balancer (2 WAN Link) ISP A & B
  2) Spoke have Load Balancer (2 WAN Link) ISP A & B
  Now the requirement is Spoke ISP A Tunnel to HUB ISP A.  Spoke ISP B tunnel to HUB ISP B
  So total of two DMVPN tunnel from spoke to hub, and i will use EIGRP and PBR to select path.
  As I know at HUB site, LB must do Static NAT for HUB router IP, so spoke will point to it as tunnel destination address. At spoke LB, i will do policy route to reach HUB ISP A IP via Spoke ISP A link, HUB ISP B IP via Spoke ISP B link.
  HUB and Spoke have to create 2 tunnel with two different network ID but using same source interface.
  The Tunnel destination IP at spoke router is not directly belongs to HUB router. Its hold by HUB LB , and forwarded to HUB router by Static NAT.
  Any problem will face with this setup? Any guide?
  Sample config at HUB.
  interface Tunnel0
  bandwidth 1000
  ip address 172.16.1.1 255.255.255.0
  ip mtu 1440
  ip nhrp authentication cisco123
  ip nhrp map multicast dynamic
  ip nhrp network-id 1
  ip nhrp holdtime 600
  delay 1000
  tunnel source FastEthernet0/0
  tunnel mode gre multipoint
  tunnel key 0
  tunnel protection ipsec profile cisco
  interface Tunnel1
  bandwidth 1000
  ip address 172.17.1.1 255.255.255.0
  ip mtu 1440
  ip nhrp authentication cisco123
  ip nhrp map multicast dynamic
  ip nhrp network-id 2
  ip nhrp holdtime 600
  delay 1000
  tunnel source FastEthernet0/0
  tunnel mode gre multipoint
  tunnel key 1
  tunnel protection ipsec profile cisco
  Spoke Config
  interface Tunnel0
  bandwidth 1000
  ip address 172.16.1.2 255.255.255.0
  ip mtu 1440
  ip nhrp authentication cisco123
  ip nhrp map 172.16.1.1 199.1.1.1
  ip nhrp network-id 1
  ip nhrp holdtime 300
  ip nhrp nhs 172.16.1.1
  delay 1000
  tunnel source FastEthernet0/0
  tunnel destination 199.1.1.1
  tunnel key 0
  tunnel protection ipsec profile cisco
  interface Tunnel1
  bandwidth 1000
  ip address 172.17.1.2 255.255.255.0
  ip mtu 1440
  ip nhrp authentication cisco123
  ip nhrp map 172.17.1.1 200.1.1.1
  ip nhrp network-id 2
  ip nhrp holdtime 300
  ip nhrp nhs 172.17.1.1
  delay 1500
  tunnel source FastEthernet0/0
  tunnel destination 200.1.1.1
  tunnel key 1
  tunnel protection ipsec profile cisco

  Hi Marcin,
  thanks for your reply. The NAT was set up in a way it was/is just to simulate the spoke to be behind NAT device.
  About AH and ESP, you are correct there... this was actually my issue. I should have used pure ESP. At the end, TAC actually assisted me with this. Before I called TAC, i did notice the following. ISAKMP traffic was NATed to 3.3.3.3, as expected. Anything after that, did not work and it has to with NAT and AH. Traffic was no longer NATed so the hub, saw the traffic come from 2.2.2.2 rather than 3.3.3.3, you can also see that in the error message you have pointed out. I also saw it in my packet captures. That caught my eye and i started troubleshooting it. I did not understand that AH can't be NATed, Below  is TAC's explanation. All is good now. Thanks
  .  Essentially, it comes down to the fact that AH will encapsulate the entire IP packet (hence why it is the outermost header) with the exception of a few mutable fields, including the DSCP/ToS, ECN, flags, fragment offset, TTL, and the header checksum.  Since the source/destination IP addresses & port numbers are actually protected by the AH integrity checking, this means that a device performing a NAT operation on the packet will alter these IP header fields and effectively cause the hub router to drop the packet due to AH failure.
  Conversely, ESP traffic is able to properly traverse NAT because it doesn't include the IP header addresses & ports in its integrity check.  In addition, ESP doesn't need to be the outermost header of the packet in order to work, which is why devices will attach an outer UDP/4500 header on the traffic going over NAT."

• VPN hub and spoke topology, hub using two interfaces

  Hi,
  I'm facing a problem with Cisco ASA 5500 running software 8.4.
  I know, i know, VPN hub and spoke was already discussed many times. But all these discussions are about a hub using only one interface, the outside/public interfcae.
  My topology is slightly different.
  LAN-A - VPN peer A <--> (Internet) <--> (outside if)-ASA-B-(inside if) <--> (corporate network) <--> (outside if)-ASA-C-(inside if) <--> LAN-C
  VPN communication should flow between LAN-A and LAN-C.
  Phase I and phase II are working on both tunnels (A-B, B-C). Therefore cryptomaps should be right.
  IPsec SA for tunnel A-B is explicit for LAN-A and LAN-C.
  IPsec SA for tunnel B-C connects any with LAN-C.
  What I can see on ASA-B is incoming traffic from LAN-A on tunnel A-B.
  That does not trigger an SA for tunnel B-C!
  Traffic initiated from LAN-C, I can see on ASA-B as incoming traffic, SA for LAN-A to LAN-C is build up on tunnel B-C.
  Traffic seems to enter tunnel A-B as I can see outgoing traffic on ASA-B.
  Of course, NAT exemption is configured for traffic between LAN-A and LAN-C.
  Why doesn't incoming traffic from LAN-A initiate SA on tunnel B-C?
  It looks like incoming traffic from LAN-A enters ASA-B and is dropped or send anywhere but the right direction.
  I admit I'm clueless.
  Any help would be appreciated.
  Thanks folks.

  Analyzing the config files you revealed the inactiv NAT exemption for traffic flow between LAN-A and LAN-C.
  Furthermore a static route fro LAN-C out the inside interface was missing.
  Fixing both communication works fine.
  Thanks for the real good support.

• ASA Hub-and-spoke VPN dhcp-relay

  Hi!
  Have anyone implemented a solution with a hub-and-spoke IPSEC VPN (running ASA) with dhcp relay for the inside clients on the spoke. With the DHCP server on the hub site?
  Normal LAN-LAN IPSEC VPN is a bit cumbersome to configure something like below: 
  SPOKE
  <snip>
  access-list CRYPTO_ALLOWED extended permit ip INSIDE-NETWORKS any
  #ALL INTERNET ACCESS GOES THROUGH THE SPOKE SITE
  access-list CRYPTO_ALLOWED extended permit udp host OUTSIDE_IF_ADDR host HUB_DHCP_SERVER_ADDR eq bootps
  access-list CRYPTO_ALLOWED extended permit udp host OUTSIDE_IF_ADDR host HUB_DHCP_SERVER_ADDR eq bootpc
  nat (INSIDE,OUTSIDE) source static CRYPTO_ALLOWED CRYPTO_ALLOWED destination static OSKO-INTERNET OSKO-INTERNET route-lookup
  dhcprelay DHCP-SERVER outside
  dhcprelay enable INSIDE
  dhcprelay setroute INSIDE
  dhcprelay timeout 60
  HUB
  <snip>
  access-list CRYPTO_ALLOWED_TO_SPOKE extended permit ip 0.0.0.0 0.0.0.0 HUB_NETWORKS
  access-list CRYPTO_ALLOWED_TO_SPOKE extended permit udp host HUB_DHCP_SERVER_ADDR host SPOKE_OUTSIDE_ADDR eq 67
  access-list CRYPTO_ALLOWED_TO_SPOKE extended permit udp host HUB_DHCP_SERVER_ADDR host SPOKE_OUTSIDE_ADDR eq 68
  nat (INSIDE,OUTSIDE) source static ANY ANY destination static SPOKE_NETWORKS SPOKE_NETWORKS
  nat (INSIDE,OUTSIDE) source static HUB_DHCP_SERVER_ADDR HUB_DHCP_SERVER_ADDR destination static SPOKE_OUTSIDE_ADDR SPOKE_OUTSIDE_ADDR
  ### HUB INTERNET ACCESS ##
  nat (OUTSIDE,OUTSIDE) source dynamic SPOKE_NETWORKS interface
  I can't really apply this to a hub-and-spoke configuration.
  Any ideas?
  Regards
  Daniel

  Thanks. That's what I thought. I'm trying to configure this a my lab and having trouble though. Here's what I am trying to accomplish: HUB should communication with spoke1 and spoke2 via ipsec vpn using their own internal addresses HUB: 192.100.10.0/24, SPOKE1 10.142.0.0/24, SPOKE2 10.25.0.0/24) Communication between SPOKE1 and SPOKE2 should be nat'ed by the HUB so SPOKE2's addresses appear to be 172.16.128.0/24. SPOKE1's interesting traffic rule will allow the entire 172.16.128.0 255.255.128.0 subnet. Any new SPOKE's will use another subnet of that network. In my head I think I might need to let SPOKE2 NAT it's own traffic before it gets to HUB, but I'm dealing with multiple different devices as spokes so I want to handle everything on the HUB. Ideally the HUB would translate all traffic in both directions so both business partners and clients would only need one supernet in their interesting traffic rules.

• Hub and Spoke IPSec VPN

  Guys,
  When it comes to creating a site to site VPN on Cisco IOS, I have a clear understanding of that from a 1-1 perspective4. However, I now need to extend that site to site VPN to have now more like a hub and spoke, 1 to many.
  So basically for a 1 to 1 site mapping I would do something like below. I would appreciate some suggestions on how to extend this or redesign it to suit. Thanks
  crypto isakmp policy 10
  hash md5
  authentication pre-share
  group 2
  lifetime 28800
  crypto isakmp key nik address 0.0.0.0 0.0.0.0
  crypto ipsec transform-set mySet ah-md5-hmac
  crypto map myMap 5 ipsec-isakmp
  set peer xx.0.0.2
  set transform-set mySet
  match address CW-VIC
  interface FastEthernet0/0
  ip address xx.0.0.2 255.255.255.x
  duplex auto
  speed auto
  crypto map myMap
  ip access-list extended VPN-TRAF
  permit ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255

  Guys,
  I've figured this out.
  For anyone else in the future having this issue
  While you cannot add more than one crypto map to the interface, you can add numbers at the end of the map.
  --- PEER 1
  crypto map myMap 5 ipsec-isakmp
  set peer X0.0.0.2
  set transform-set mySet
  match address 100
  access-list 100 permit ip 172.30.0.0 0.0.255.255 172.17.10.0 0.0.0.255
  --- PEER 2
  crypto map myMap 20 ipsec-isakmp
  set peer Y0.0.0.2
  set transform-set mySet
  match address 102
  access-list 102 permit ip 172.30.0.0 0.0.255.255 172.16.10.0 0.0.0.255
  Hope this helps someone in the future

• BPEL 10.1.2 hub-and-spoke or distributed architecture?

  Hi,
  I'm currently wrestling with the following question:BPEL 10.1.2 hub-and-spoke or distributed architecture?
  Hi,
  I'm currently wrestling with the following question:
  An ESB as per definition of e.g. Forrester should be capable of supporting a distributed bus architecture. From my understanding this distributed bus architecture is achieved by installing some sort of ESB component(s) on all machines that are participating in this infrastructure, together forming a ‘bus’.
  As I understand the BPEL 10.1.2 product basically offers two categories of functionality: orchestration and integration. Does this integration part offer ESB alike functionality and more specific allows for a distributed bus architecture? As far as I can see the BPEL 10.1.2 offers limited ESB alike functionality and only supports a hub-and-spoke architecture.
  Other threads in this forum talk about using BPEL 10.1.2 together with InterConnect in order to foresee in ESB functionality. What does InterConnect add to the BPEL 10.1.2 integration functionality?
  As of SOA suite 10.1.3 these products have been split up into a BPEL product and an ESB product. Is the ESB product in SOA suite 10.1.3 a combination of the integration from BPEL 10.1.2 and InterConnect? Is this new ESB product able to support a distributed architecture?
  I’m very much in favor of a distributed architecture compared to hub-and-spoke, as hub-and-spoke requires a very solid and redundant system that is going to handling all message traffic and other functions. When moving towards a SOA giving an ESB a back-bone role, I’m not very keen on introducing a single system that should actually make up this ESB. Distributed would mean all machines are taking care of some basic functions resulting in a fully functional ESB, even when one or more machines are down.
  Am I making sense with this? I would like to know how others are looking at these topics.
  Regards,
  Gershon Janssen

  We are struggling with this issue too. The "all-pervasive" vision of the ESB visionaries, in my opinion, means that every node in my enterprise architecture should have access to the bus and I should be able to orchestrate anything that is running on any node in my architecture. We were told to think of an ESB as the equivalent of the hardware bus in computers. From that perspective I thought that:
  (1) BPEL and ESB functions would add a marginal increment to the licensing cost of an app server - I should be able to afford an "all-pervasive" architecture.
  (2) BPEL and ESB functions would add a "marginal increment" to the memory and resource foot-print. Again, I should be able to afford an "all-pervasive" architecture.
  Are these two satisfied by Oracle's products ? Some vendors don't seem to support the above two. In that case there is a disconnect between the marketing and technology departments of the vendors. What am I missing ?
  If BPEL engines and ESBs are priced very high, based on economics we will end up with a hub-and-spoke model.
  Thanks

• Hub and Spoke between SA540 and RV120

  Hello.
  I want to build a "hub and spoke" topology for one of my clients.
  For the "HUB" , I'm planning to use an SA540, with a static public IP provided by a 4Mb SDSL.
  For the "spokes" (21 at the moment), I'm planning to use RV120. They will be behind a NAT, provided by a "SAGEM LIVEBOX", and a static public IP.
  The boss will connect to the HUB using Cisco VPN client, or quickVPN, and get access to all the spokes.
  Some spokes will have to connect to each other, via the HUB.
  I searched a long time on this forum and reading documentation, but I didn't find at the moment the answer to my question : is this topology suitable with the choosen hardwares ?
  Alain

  Alain,
  I would contact someone with the enterprise group with the questions on which enterprise router to use with your topology; I would expect a Cisco ASA5505 or ASA5510 with proper licensing would accomplish this at main office and cisco 800 series at remote offices. For your spokes(remote offices) the RV120 or RVS4000 should work fine if you are trying to route traffic from remote office to main office only. If you are looking to route traffic from remote office to main office then to another remote office. You would need to go all enterprise small business devices. In our small business routers we can’t specify to route traffic to another subnet across the IPSec tunnel. When we make the IPSec tunnel it creates the routes in routing table to the remote host. So we can only route traffic to directly connect IPSec tunnel host. If you need further clarification you can give us a call.
  SBSC
  1-866-606-1866
  TAC (Enterprise Group)
  1-800-553-2447
  Main office (ASA5505 – ASA5510) --- (Cisco 800 Series) = Remote office
  Please clarify with enterprise group.
  Thanks
  Jasbryan
  Cisco Support Engineer
  .:|:.:|:.

• I updated Itunes today to the latest version. Windows 7 64bit. None of my drivers work and get an error when itunes starts, about registry setting for reading and writing dvds and cds missing. Anyone else have the same issue. I downloaded itunes again, re

  I updated Itunes today to the latest version. Windows 7 64bit. None of my drivers work and get an error when itunes starts, about registry setting for reading and writing dvds and cds missing. Anyone else have the same issue. I downloaded itunes again, reinstalled still have same issue.

  I'd start with the following document, with one modification. At step 12 after typing GEARAspiWDM press the Enter/Return key once prior to clicking OK. (Pressing Return adds a carriage return in the field and is important.)
  iTunes for Windows: "Registry settings" warning when opening iTunes

• Multiple Spanning Tree in a Hub and Spoke topology?

  My company is planning to implement Multiple Spanning tree into our hub and spoke topology. Is that possible?
  Should I divide up the vlans into instances based on assigned switch or assigned department?
  Thank You.

  hi, everyone,
  i have search a internet draft to describe this situation, "Using an LSA Options Bit to Prevent Looping in BGP/MPLS IP VPNs", from "http://www.ietf.org/internet-drafts/draft-ietf-ospf-2547-dnbit-03.txt"
  does anyone can tell me how can disable this function and clear the "DN" bit on a cisco router? thanks very much.

• DHCP Server - Different Range for Wired and Wireless Network

  We have DHCP setup on Windows Server 2012r2 and the range given to us by the main HQ is 10.65.112.1-10.65.112.254 (there are several exclusions under this range)
  Now since the range gets exhausted quickly, they provided another one 10.65.122.1-10.65.122.254.
  What our branch would love to do is to dedicate the first range for Wired Computers and the other range for Wireless Devices (Phone,Tablets, Mobiles)
  Right now we have 2 different scopes setup in DHCP, the second one is disabled. In our network we have 6 access points and also have a CISCO SG300-52 Managed Switch. It has an inbuilt DHCP Server and also has the function for DHCP Relay. But we are not actually using any of its functionality as of now.
  So my question is how to have 2 separate ranges for wired and wireless network. People have mentioned vlans but I have no clue on how to get that done.
  Is there a simpler way avoding V-LANS or if not, would love to get step by step procedure on how to go about this. Any help will be much appreciated
  Regards,
  Sheldon

  Hi Sheldon, please read this post
  https://supportforums.cisco.com/thread/2270049
  You will need some modifications though. Steps 1-6 is very relevant. On step 6, you need to pay particular close attention to the "default router". If the SX300 handles your intervlan routing then the default router needs to be the IP of your VLAN. If you have a different device to handle VLAN routing then the default router needs to be that IP address.
  -Tom
  Please mark answered for helpful posts
  http://blogs.cisco.com/smallbusiness/

• Everytime i try to update my itunes it says make sure your network setting are correct and your network connection is active . what does that mean

  Everytime i try to update my itunes it says make sure your network setting are correct and your network connection is active . what does that mean??

  Are yo getting a network timeout error?
  Disabling the computer's antivirus and firewall during the download and update usually resolves the timeout error.