Best authentication method for controlling DEVICE access to wlan

Hello,
I have a similar question to this thread ( https://supportforums.cisco.com/message/3927713 ) but I'm interested about device control on top of user control. Just like that thread, we are using WPA2-AES Enterprise with PEAP MSCHAPv2, which allow users to log on with their domain credentials. We wanted something simple for our users, so MSCHAPv2 with "single sign on" was optimal to us.
Problem is, we have a new requirement and we need to implement it yesterday. We would like to allow only mobile devices and computers of our choice.
Since we are using MSCHAPv2 which allow every domain user to connect using any device as long as their domain credentials are valid, is there a simple way to control this ?
I guess we could go with MAC filtering, but we have about a thousand laptops. Not a big problem, we could do a regular MAC address inventory using SCCM. It's just that it looks like a brute force tactic to a simple problem. Would a Cisco ACE 4.1 RADIUS server tolerate well a MAC address table with a thousand entries ? What if it goes to two thousands ? Would this be easy to implement ? I'm a bit new to this, is there some documentation I could follow ?
How do people usually do this in an elegant way ? How do you manage and control WLAN access to thousands of device ? I guess they go with TLS with certificates ?
Thank you very much !
Konnan

Konnan,
Just saw your PM:)
Would it be possible to configure Access policies even if our Radius servers aren't joined to the domain ?
> I really don't know... typically all my installs have the radius server joined to the domain.  I don't know what limitations you would have using the setup you currently are using.
Still wondering if it would be a good path for us, because of the computer authentication issue where it happens only at logon in Windows if I read correctly and our users don't have the habit to log off frequently and we use only manual connection mode when the user already has his session open. I guess MAR will have to be set to a stupid high value... if it even works.
> Well you need to sit down with everyone who is involved and really think out what works best for you.  Machine authentication works well, but then people wonder what happens if someone logs in that isn't authorized and that because the computer is a domain computer it automatically gets on the network.  Well your not going to get everything you want:)  So PEAP has issue because IT wants to limit the user to only be able to access using a company owned device... well, then ISE is your fix.  You can add a certificate that ISE can see and if that device has that or a registry value and the user is allowed to access the network, the authentication is allowed, or else it will not be.  EAP-TLS... well more work since you need a PKI infrastructure and both the radius and the clients need a cert...
No matter what, you need to decide what works best and don't over complicate it with adding mac filter, etc.
I'm wondering if EAP-TLS wouldn't be better for the long term, maybe with MAC Address restriction on the short term...
> See above
I'm also wondering if we could stay with PEAP MSCHAPv2 but use an NPS Radius server from Microsoft which allow to use complex policies instead of the Cisco ACS Radius server...
> You need to know how to setup and configure the policies... either one will work, but if your on ACS 4.x, I would look at upgrading to 5.4.  ISE is replacing ACS as far as the radius portion, but tacacs isn't yet available on ISE.
There's also the Cisco ISE, which seems to be equivalent to Microsoft NPS... a bit more costly OTOH.
> ISE allows you to profile devices so you know what device is accessing your network.  Again, ISE is replacing ACS as far as the radius, but tacacs will soon be out and available for ISE.  If you really want to create crazy profiles, then ISE is the way to go.  You can specify that this user group is allowed wireless, but it has to be a domain computer.  The user isn't allowed access if its not a domain computer.  The same user group is allowed access with company iPads (certificate installed), but not have access with personal iPads, tablets or smartphones.
Hope this helps.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"

Similar Messages

  • Best authentication method for controlling access to wlan

    What is the best method for controlling access to a wlan with a 5508 wlan controller
    The requirments are
    -Needs to support all types of clients (Mac, PC, smartphones, tablets)
    -Clients need to be able to connect easily and without errors or installing certs or wireless profiles etc..
    -Secure
    This doesn't seem like alot to ask but I keep running into problems.
    What are people using?
    Thanks

    I can't find an errors in any area of the event viewer.
    Here is these files cat'd together.
    GeoTrustGlobalCA
    GeoTrustDVSSLCA
    corp-vs-ca2.########-export
    -----BEGIN CERTIFICATE-----
    MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
    R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
    9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
    fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
    iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
    1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
    bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
    MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
    ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
    uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
    Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
    tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
    PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
    hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
    5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIID+jCCAuKgAwIBAgIDAjbSMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMTAwMjI2MjEzMjMxWhcNMjAwMjI1MjEzMjMxWjBhMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMURG9tYWluIFZh
    bGlkYXRlZCBTU0wxGzAZBgNVBAMTEkdlb1RydXN0IERWIFNTTCBDQTCCASIwDQYJ
    KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKa7jnrNpJxiV9RRMEJ7ixqy0ogGrTs8
    KRMMMbxp+Z9alNoGuqwkBJ7O1KrESGAA+DSuoZOv3gR+zfhcIlINVlPrqZTP+3RE
    60OUpJd6QFc1tqRi2tVI+Hrx7JC1Xzn+Y3JwyBKF0KUuhhNAbOtsTdJU/V8+Jh9m
    cajAuIWe9fV1j9qRTonjynh0MF8VCpmnyoM6djVI0NyLGiJOhaRO+kltK3C+jgwh
    w2LMpNGtFmuae8tk/426QsMmqhV4aJzs9mvIDFcN5TgH02pXA50gDkvEe4GwKhz1
    SupKmEn+Als9AxSQKH6a9HjQMYRX5Uw4ekIR4vUoUQNLIBW7Ihq28BUCAwEAAaOB
    2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIz02ZMKR7wAoErOS3VuoLaw
    sn78MB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMBIGA1UdEwEB/wQI
    MAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5j
    b20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAB
    hhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZIhvcNAQEFBQADggEBADOR
    NxHbQPnejLICiHevYyHBrbAN+qB4VqOC/btJXxRtyNxflNoRZnwekcW22G1PqvK/
    ISh+UqKSeAhhaSH+LeyCGIT0043FiruKzF3mo7bMbq1vsw5h7onOEzRPSVX1ObuZ
    lvD16lo8nBa9AlPwKg5BbuvvnvdwNs2AKnbIh+PrI7OWLOYdlF8cpOLNJDErBjgy
    YWE5XIlMSB1CyWee0r9Y9/k3MbBn3Y0mNhp4GgkZPJMHcCrhfCn13mZXCxJeFu1e
    vTezMGnGkqX2Gdgd+DYSuUuVlZzQzmwwpxb79k1ktl8qFJymyFWOIPllByTMOAVM
    IIi0tWeUz12OYjf+xLQ=
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIFaDCCBFCgAwIBAgIDBo5UMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRh
    dGVkIFNTTDEbMBkGA1UEAxMSR2VvVHJ1c3QgRFYgU1NMIENBMB4XDTEzMDQyNTA4
    NTEzNVoXDTE1MDQxNTA0NDcyOVowgdQxKTAnBgNVBAUTIHNZbkoyTG0tb2dGZnZC
    aFlodWRqWVZIMndEek43MGdOMRMwEQYDVQQLEwpHVDU3NDYxMTU1MTEwLwYDVQQL
    EyhTZWUgd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzIChjKTEzMTcwNQYD
    VQQLEy5Eb21haW4gQ29udHJvbCBWYWxpZGF0ZWQgLSBRdWlja1NTTChSKSBQcmVt
    aXVtMSYwJAYDVQQDEx1jb3JwLXZzLWNhMi5wb3BtdWx0aW1lZGlhLmNvbTCCASIw
    DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM4jgpKBeo8rtM/zJIEyho3HppeU
    tZeK+wmLfPeBTJxr2UmQFOmcniQblgsHREAGyJR0KT5yrYzxx6wpZaqCUcZlxl1Z
    lUz5mfxHnL5Oc14sUnqwaJuxprXV5Rnclci6W6BMFjI4QoxXjQwSa+3A1enf+ZsO
    sXUojQbQx62MX8rINuQ+srgdDielK/mJqTAMt11x6+NqIpwlGAgOxKd7vjG6aKRf
    a2efvS/hK4Pi0ieWPGn1GXz/AlYpHQv0cppUr8huL/+2+9cEvd1sp8XN/ASN3YTm
    WWo//fVpbXIlzp8mU4Q7t8+7LglxFQabhl4eMBarMi8SnNuh2zYKQxJRPvsCAwEA
    AaOCAbMwggGvMB8GA1UdIwQYMBaAFIz02ZMKR7wAoErOS3VuoLawsn78MA4GA1Ud
    DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwKAYDVR0R
    BCEwH4IdY29ycC12cy1jYTIucG9wbXVsdGltZWRpYS5jb20wQQYDVR0fBDowODA2
    oDSgMoYwaHR0cDovL2d0c3NsZHYtY3JsLmdlb3RydXN0LmNvbS9jcmxzL2d0c3Ns
    ZHYuY3JsMB0GA1UdDgQWBBSODVVgPunABo61x13N20tEP66egDAMBgNVHRMBAf8E
    AjAAMHUGCCsGAQUFBwEBBGkwZzAsBggrBgEFBQcwAYYgaHR0cDovL2d0c3NsZHYt
    b2NzcC5nZW90cnVzdC5jb20wNwYIKwYBBQUHMAKGK2h0dHA6Ly9ndHNzbGR2LWFp
    YS5nZW90cnVzdC5jb20vZ3Rzc2xkdi5jcnQwTAYDVR0gBEUwQzBBBgpghkgBhvhF
    AQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291
    cmNlcy9jcHMwDQYJKoZIhvcNAQEFBQADggEBAC2Kadfzc6X/3dI//J5SGR9fnCa7
    6NVl8SV5aAYAvmOdkZBiurIYa1eHYYaDUGmOO8awTOXTfc4QzX75QwBUmcZeZKdj
    ZMPiJlm7Bsz/3Q1eolxHCqkAiDZIEohoT0o8Spw6+Eq8KcPnhf+K5+rIzJnWBZ9P
    tmpS4SEtrGHIfj3+638eqTydxuOCZ0Be9EanVK0ERav25fTRgRoZ+yEDiFP/MjQd
    rAgW7SyLOjm4I6bTmzjugmXf2Axm2kFuoyyZdrvdrJ+GBku5F6DOufGdGu13j80S
    lp148qh7gCREWrCqn3pH14qPKeHwC47jAQ3+ikRDfB090h9HGRi/8+w7Tx4=
    -----END CERTIFICATE-----

  • What are the best AirPlay speakers for Apple devices?

    What are the best AirPlay speakers for Apple devices? I would like to get some good speakers to be used with my iPod, iPhone and iPad. Ideally, they should be able to play using AirPlay and be quite powerful, but with a good design if possible.
    I am particularly interested in the Fidelio range of speakers by Philips.
    Thank you for your help in advance.

    Best is going to be a matter of opinion.  What environment are the speakers going to be used in? How large is the room? What type of music are you going to play? What features/functions would you like in the speakers? What price range are you looking for?  All of these are going to effect which speakers will best fit your needs.

  • Best cleaning method for i pad screen

    What are the best cleaning methods for the touch screen on the i pad /  Lot of fingerprints need to be removed.  Any special product recommendations?

    Personally I just use cleaning cloths such as those for camera lenses or glasses.

  • Any best practice recommendations for controlling access to dashboards?

    Everyone,
         I understand that an Xcelsius dashboard compiled into a .swf file contains no means for providing access control to limit who can or how many times they can run the dashboard. Basically, if they have a copy of the .swf they can use it as much as they'd like. To protect access to sensitive data I'd like to be able to control who can access the dashboard and how many times or how long they can access it for.
         From what I've read it seems the simplest way to do this is to embed the swf file into a web portal that requires a user to authenticate before accessing the file. I suppose I can then handle how long they can access it from the back end.
         If I do this, is there anyway a user can do something like <right click - save as> on the flash file to save it on their local machine? Is there a best practice means for properly protecting the dashboard?
    Any advice would be appreciated,
    Jerry Winner

    Everyone,
         I understand that an Xcelsius dashboard compiled into a .swf file contains no means for providing access control to limit who can or how many times they can run the dashboard. Basically, if they have a copy of the .swf they can use it as much as they'd like. To protect access to sensitive data I'd like to be able to control who can access the dashboard and how many times or how long they can access it for.
         From what I've read it seems the simplest way to do this is to embed the swf file into a web portal that requires a user to authenticate before accessing the file. I suppose I can then handle how long they can access it from the back end.
         If I do this, is there anyway a user can do something like <right click - save as> on the flash file to save it on their local machine? Is there a best practice means for properly protecting the dashboard?
    Any advice would be appreciated,
    Jerry Winner

  • Best method for controlling Office 365 updates

    Were looking for the best method for updating Office 365. We will be testing prior to releasing the version to the rest of the company.  We have a couple of methods we're contemplating but looking for any pros or cons for each.  We are also
    using SCCM 2012.
    1. Run setup.exe setting the version and internal install source in an .xml file run as an SCCM package using distribution points as the install source.
    2. Run click2runclient.exe with command lines setting the version and internal install source as an SCCM package using distribution points as the install source.
    3  Set the version through group policy and turn on automatic updates and don't specify an install source.
    Option 3 appears to be the most straight forward with the least administrative overhead.  Would it be possible to revert back to an earlier version using this method?
    I have read various articles but looking for any input as to what is working well  or not working for others.

    Hi,
    I would like to share this
    blog post with you, which provides an example how to implement a fully automated testing and deployment process of Office 365 updates. This deployment method provides you the ability to test updates before you approve them in my environment.
    The process might look like:
    Deploy Office 365 in your environment with Office Deployment Tool, configure the "Updates" element in the configuration.xml file so that updates are enabled and the "UpdatePath" attribute points to an internal source.
    Download the latest Office 365 build into a different internal source, configure your test machine to pick up builds from it.
    After testing the updates, copy the updates to the first internal source.
    You should be able to integrate the process with SCCM to reduce your administrative effort.
    Hope this helps.
    Regards,
    Ethan Hua
    TechNet Community Support
    It's recommended to download and install
    Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
    programs.
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Authentication methods for BYOD senario?

                      I am in charge of setting up a 2500 wireless controller and a slew of 1142n APs as well coming up with a method to authenticate devices. This is a bring your own device senario so I do not have admin access to the devices. I would think that using MAC address filtering and a WEP key for authentication is the simplest and most cross platform method. Is there a way that I can capture the MAC addresses from the devices from lets say one of my APs and then add the MACs to the filter database? The person that will be adding the devices and the device owners themselves (high school students) might have a hard time finding the MAC of the devices, not to mention the possibility of entering them incorrectly. I was thinking that I can have an AP near the person that the users go to for setting up access that is setup to only use a WEP key to authenticate and then capture the MAC address of the authenticated devices to add to the MAC filter database used for the rest of the APs on the campus.
    Thanks in advance!

    The limit is indeed on the WLC. You can only have 2048 records. These records can be account logons, mac addresses etc. They all pull from the same pull.
    If you are only managing a few macs then it may not be so bad. If you are doing 50+ it will be a pain. Also it adds little value. Anyone can spoof a mac address get around mac filtering.
    Does that help ?
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • Authentication method for JCo connection in XSS installation

    Hi All,
    I have a query which perplexes me.  I am implementing XSS (ESS/MSS) on SAP Portal EP6 SR1 with an ECC5 backend for prototype purposes.
    When I follow SAP's help steps to setup JCo connections, it states that for the metadata connection you should use a security authentication method of 'User/Password', but for the application data connection you should use a security authentication method of 'Ticket'.
    Does anyone know why the difference in methods here?  Is it possible to use 'User/Password' for both?  Any thoughts would be appreciated.

    Hi john,
    User -ID /Pwd method can be used to access the backend for both types of Data as per your scenario.
    User -ID /Pwd method and logon tickets both can be used to access data in backend.
    The difference lies in the scenario with which you are accessing the back-end.
    If all your portal users are same as backend users then you can select Logon ticket methods.
    If they are going to be different then you need User-ID /Pwd method .
    Check the following link to get a clear picture:
    <a href="http://help.sap.com/saphelp_ep50sp2/helpdata/en/4d/dd9b9ce80311d5995500508b6b8b11/frameset.htm">Scenario to use type of SSO</a>
    Hope it helps.
    Regards,
    Vivekanandan

  • What's the best authentication model for a PRO*C process?

    We presently have a system where 5 or so PRO*C-based processes on remote nodes (HP OpenVMS) connect to a database (RH Linux) using Oracle Client and insert data. The current authentication method is for the C based program to read a connection string from a file and use that string to connect via an embedded sqlplus call.
    This works fine, however having the string contained in a file isn't all that great an idea, even with the protection we give it. It would be easy for a programmer to recompile & debug the process and read the string, so it's not really all that secure. It also just doesn't seem the best way to do this....
    I know this isn't much information to go on, but can anyone suggest a better model for this scenario that avoids putting connection strings and passwords in a file?
    Thanks in advance

    thanks for your helpfull evaluation.
    On the security question is it possible for you to use the Oracle Wallet ?
    http://www.stanford.edu/dept/itss/docs/oracle/10g/network.101/b10772/asowalet.htm
    Please ask more on that thread or post a question to the section : for security Questions/issues.
    Forum Home » Technologies » Security
    Hope this helps.
    Regards,
    Hub

  • OneDrive for Business for iOS Devices - Accessing Non Office 365 Hosted Sites

    Hello,
    I have a SharePoint site that I host on premise and am not using Office 365 at all.  Is it possible for me to access the site using the iOS version of the OneDrive for Business app?  When I specify my username, password and SharePoint 2013 site
    URL i get a login error with username/password incorrect.
    Does the iOS app only support Office 365 implementations of SharePoint?
    Thanks

    what type of authentication you are using, this is the key?
    check this official blog:
    http://blogs.office.com/2014/02/27/introducing-onedrive-for-business-for-ios-v1-2/
    http://social.technet.microsoft.com/Forums/sharepoint/en-US/3ad5b8ca-37e9-43b2-9201-9c5c339d157c/onedrive-for-business-ipad-app-with-onpremise-sharepoint-2013?forum=sharepointadmin
    Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

  • Best isolation method for Web Dynpr iViews ?

    I'm going to develop some Web Dynpro iView to be integrated into the SAP EP.
    THese iViews should work with KM APIs.
    I read into the HelpOnline it's possible to chose between Embedded or the URl isolation method.
    As far I know te web Dynpro tecnology offers the special client able to render just the changes and not the whole page....but i expect i have to set anyway an isolation method.
    I would like to know which in your opinion the best isolation settings method for the WebDynpro iView.
    regards and thanks in advance

    Hi Mauro,
        URL isolation method is better for several reasons:
    1. Performance: In Embedded Isolation method iView content is collected at the server side and sent to the client with the entire page, which obviously degrades performance.
    2. PageBuilder limitations: Page does not add scrollbars to iViews is one such limitation.
    3. A page may contain several form-type iViews. If the isolation method is set to Embedded, one iView may lose the information in its input fields when another form on the page is submitted.
    Regards,
    Satyajit.

  • ACE Best Sticky Method for SSL Traffic

    Hi, With ACE 4710 running serverfarms primarily running SSL traffic, what is the best method for configuring stickiness. Here are some parameters:
    1) low volume sites, 2 real servers
    2) ACE _will not_ do SSL offloading
    3) Balancing HTTPS requests
    4) Many versions of HTTP clients
    5) Currently running ACE A1 code
    I am thinking of:
    1) TCP Header | HostID inspection
    2) SSL-session ID (not good if re-key often though)
    3) Any suggestions?
    many thx,
    WR

    Hi Will,
    You can see a comple configured example for your perusal in this regard for
    Configure ACE Module for End to End SSL Termination
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
    And Many more here regarding
    Data Center Application Services Configuration Examples:
    http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples
    Hope these configuration examples will be useful to you.
    Sachin Garg

  • Best Encoding method for decent quality but low file size

    Been trying to encode some mountain bike helmet cam footage which is fairly fast moving and looking for the best method for encoding at a decent quality without to much pixelation occuring. videos will be on my website so want file size to be kept quite low. website is www.extremesportsfilms.com if anyone is interested.
    Cheers

    Thank you, Harm !
    This is the first time in my carreer, that I've seen a qualitysetting that doesn't inflict on filesized
    I went in to set the bitrate diffently, but the field is grey'd out - it's not possible for me to change.
    It seems to be locked no matter what quicktime-format I choose. If I choose h.264 format insted, I CAN change bitrate, but I need to deliver in XDcam for this client.
    Is there no way for me to make the XDcam files smaller, then? They end up 5-7GBs for each show and with my upload-speed, it takes me 6-7 hours to upload and I would like to speed this up by decreasing the file sizes a little, if possible?
    Thanks

  • What is the best method for controlling a data switch of 20x20 ports, with local and remote requests?

    I'm using booleon control boxes for 'source' ports - to be connected to 'customers' ports. Am not sure of choosing between arrays, clusters, case, etc.

    Thanks, however, I simply meant my boolean 'ports' to mean a 'yes/no' control box of a 'data source', which, when selected, would signify a 'source' that could then be connected to a 'customer' port or 'receiving box'. Perhaps instead of port, I should have said input/output box.
    My main question is simply about a data switch matrix of 20 inputs and 20 outputs. Should I attempt to manage the switching of data lines via cases, for loops, sequence, or what! I believe I will need to set up arrays, but controlling the matrix is ???. Thanks.

  • Which is the best authentication method?

    Okay; I'm asking this question a little late as I've already done my implementation and made my choices.
    Still; It seemed to me the most secure form of authentication for my small ~100 user wireless network was EAP-TLS. My requirements needed me to simply authenticate the machine to the network so a simple certificate based authentication using the same for the encryption seemed the best route. Also the others seemed to have less actual security in them from what I read.
    What other options are there that might be simple and rely on a user/pass combination rather than the certificate and are they truely better?
    My boss really liked the certificate method as it gave us what he felt was hard controls.
    Of course the cert management is a bit of a pain...

    Eap-TlS is also good
    Try this link
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml

Maybe you are looking for

  • How to use ANCESTOR function in BPC NW

    I need to calculate averagre NetSales rate and so forth at  product category level which is send level in the product hierarchy and three levels above base level product. I am using following MDX logic to calculate this average and store at every pro

  • How to capture SQL syntax

    Hi there, I'd like to be able to capture entire SQL that gets executed when our software creates Oracle schema. In this way we can get a SQL script, which then can be executed separately. Can I achieve that with Oracle Enterpreise Manager or any othe

  • Time stamp difference in obiee

    Hi I have two columns with TIMESTAMP data type(One is In time and the other is Outtime).The values are as below. In Time Out Time 14-jan-08 1:40:45 AM 14-jan-08 1:30:45 PM 15-jan-08 3:22:53 PM 15-jan-08 5:23:54 PM 16-jan-08 3:20:50 PM 16-jan-08 4:23:

  • TIFF file from PSD

    Does saving a PSD file to a TIFF file format destroy or otherwise do anything to the pixels and/or quality of the file? I'm asking because I user Silverfast to scan in to PS CS5 Extended and when I saved each scan I did so as a PSD thinking it is the

  • I use iPad 3 suddenly phone icon is missing.  I could browse using 3G network but could not make or receive any calls using cellular network.

    I could not make or receive any calls using cellular network.  But I could browse using 3G network.  Same sim works fine in iPhone