Best practice configure DHCP server NAC

Similar Messages

• Best practice for DHCP Server 2008 utilization of IP Addresses

  I am currently using 85% of addresses on my DHCP server running windows 2008 Server. Does microsoft recommend a particular percentage (%) of its utilization before building another scope? Or what is the industry's best practice or microsoft's
  recommendation to build another scope?

  Hi,
  As far as I know, there is no standard for the
  usage of DHCP scope. Just make sure that the IP address pool isn’t exhausted.
  For the best practices of DHCP, please refer to the article below,
  DHCP Best Practices
  http://technet.microsoft.com/en-us/library/cc780311(v=WS.10).aspx
  Recommended tasks for the DHCP server role
  http://technet.microsoft.com/en-us/library/cc731392.aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Looking for Best Practice Configuration Building Block for Material Ledger

  I need to configure and create the Material Ledger for a customer in the near future.  Could someone help me find the Best Practice Configuration Guide for Material Ledger?
  Thanks in advance!

  The official config is in Best Practices for Primary Steel
  there is a delta building block which contains Material Ledger configuration
  http://help.sap.com/bp_bblibrary/500/HTML/T02_EN_ZH.htm

• Airport Extreme best practice configuration for Sleep Proxy, DHCP/NAT and PPPOE

  Hi
  I have recently bought a Airport Extreme and it is working well.  One of the reasons I bought is to take advantage of the Bonjour Sleep Proxy on it so I can wake my MAC up remotely from my iPad using the REMOTE app to stream things like iTunes etc...  I followed the set up instructions and basically let it configure itself.  I have an ISP router / modem which currently is providing DHCP services, NAT and PPPOE.
  The Airport detected all of this and set itself up as bridge only.  The speed of the network outo to the internet is fine (more or less what it was before).  However, in doing a bit of research, I have found out that if I want the Airport to act as a sleep proxy, I need it to "host" the network.  I am not an expert in networking but from what I understand I need the Airport to be moved from "Bridge Only" to at least be providing DHCP to my internal network clients.
  This has prompted me to ask what is "Best practice" when it comes to configuring the Airport given I want to have Sleep Proxy enabled.  I think the two options I have are as follows but would really welcome feedback on which is the best option to go for or if there are other options I should be thinking of
  (1)  Have the Airport perform DHCP for my internal clients and leave the ISP router/modem doing NAT
  (2)  Have the Airport perform DHCP and NAT.  I think to do this I need to turn the ISP router / modem into Bridge mode only.  (I've looked and I seem to have this option on the device.  It's an Irish ISP branded device but I think it is a Zyxel)
  I have no reason to believe the ISP router / model is doing a bad job but given I understand the Airport Extreme is a reasonably high-end device (I think?) I am wondering if option 2 is the way to go.
  In addition, during my research, I have also discovered that many people seem to have their Airport Extreme also handle PPPOE.  This is currently being done by my ISP router/modem.  I am  inclined to leave it this way (following the mantra if it isn't broken, don't fix it) but if there was a good reason to have the Aiport do this, perhaps I should make the switch?  Having said this, I have seen on this forum and others, some posts about problems with Internet connection drops when the Airport is handling PPPOE.
  So, a bit of a long post, but if anyone has any information or perspective on this, I'd very much appreciate it. 
  Thanks
  Dave

  I forgot to thank you, John Galt. Yap, it solve my problem by restoring back the original firmware to 7.6.1. My unit is Airport Extreme 2012. I am still using double NAT because I cannot figure it out on how to set DHCP only in the Network tab.
  My goal it to use the airport extreme to the internet and to share the internet to all my devices in the house. Just like my previous Accesspoints. Before I use AP+router Linksy$ WRT54G and D-l!nk DIR-655 without activating the NAT to share my internet connection and they work.
  My problem is that when I set it to DHCP in the internet tab and DHCP in the Network tab in Airport Utility inorder to solve the double NAT situation, only one of all my devices (wired or wireless) can connect to the internet. Each time I connect the other device(s) to the internet my subscriber will verify my subscription (web browser based verification) in which I have to manually enter my account number, etc to validate my subscription.
  So I stick to double NAT so that I can share the internet
  Our broadband provider uses DHCP to link us to the internet. If I change the settings to Static in the Internet Tab, my broadband provider will not let me connect to the internet. In the Airport Utility if I set to static in the Internet Tab inorder to set it to solve the double NAT, a message box appear informing me that I have invalid beginning IP address in the DCHP range in the Network Tab when it appears that only the last 3 digits of the DHCP range is editable.
  Is there any way of configuring the Airport Utility's Internet TAB to DHCP and Network TAB to DHCP to connect to the internet with all my devices without the double NAT and without the aid of another device such as AP or router or switch connected to the Airport or vice versa?

• Best Practice: Configuring Windows Azure Management Services

  I have a 3 Websites, 1 Blob Storage, and 1 SQL Server that I would like to configure for basic stability and performance monitoring. I know I can set up alerts through Management Services based on various metrics. My question is, can someone give me a recommended
  set of metrics that are good baselines?
  It is nice that Azure is so customizable, but frankly I have no idea how much CPU Time in milliseconds over a given evaluation window is appropriate. Or how many Http Server Errors? More than 0 seems bad, no? Wouldn't I want to know of any/all errors?
  So if anyone has some "best practice" metrics for me, that would be really helpful.
  Thanks.

  Hi,
    >> can someone give me a recommended set of metrics that are good baselines?
  Actually, many metrics depend on your scenario. For instance, if there're a lot of concurrent requests or if a single request is expected to take some heavy computation, then it is expected to have a high CPU usage, thus it is difficult to give
  you a specific number.
  In general, you may want the CPU usage of a web server to be as high as possible (idle CPU costs money but does not provide valuable results), but if it is low enough, if additional concurrent requests are received, they can be served without too much
  delay. In Windows Azure, you may want to setup auto scaling so that if CPU usage is high enough during a period, you create a new instance. If CPU usage is low enough during a period, you remove an instance. You may also want to use response time in addition
  to CPU to monitor whether you need to add/remove an instance.
    >> Or how many Http Server Errors? More than 0 seems bad, no? Wouldn't I want to know of any/all errors?
  As for server error, in general you want to get notified by all errors (> 0), however they're unexpected and need to be investigated. But if in your scenario you expect a certain level of server errors, then it is fine to use a larger number.
  Best Regards,
  Ming Xu
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Jdev101304 SU5 - ADF Faces - Web app deployment best practice|configuration

  Hi Everybody:
  1.- We have several web applications that provides a service/product used for public administration purposes.
  2.- the apps are using adf faces adf bc.
  2.- All of the apps are participating on javaSSO.
  3.- The web apps are deployed in ondemand servers.
  4.- We have notice, that with the increase of users on this dates, the sessions created by the middle tier in the database, are staying inactive but never destroyed or removed.
  5.- Even when we only sing into the apps using javasso an perform no transacctions (like inserting or deleting something), we query the v$sesisons in the database, and the number of inactive sessions is always increasing, until the server colapse.
  So, we want to know, if this is an issue of the configurations made on the Application Module's properties. And we want to know if there are some "best practices" that you could provide us to configure a web application and avoid this behavior.
  The only configurations that we found recomended for web apps is set the jbo.locking.mode to optimistic, but this doesn't correct the "increasing inactive sessions" problem.
  Please help us to get some documentation or another resource to correct configure our apps.
  Thnks in advance.
  Edited by: alopez on Jan 8, 2009 12:27 PM

  hi alopez
  Maybe this can help, "Understanding Application Module Pooling Concepts and Configuration Parameters"
  see http://www.oracle.com/technology/products/jdev/tips/muench/ampooling/index.html
  success
  Jan Vervecken

• Configure DHCP Server in Solaris 10

  Hi,
  I am trying to configure my Solaris 10 as an DHCP server. I managed get it configured and assigning IP address to my client machines (Windows XPs). However, I can't figure out how to get the "Default Gateway" passed into the Windows XP. Here is what I have done so far:
  # /usr/sbin/dhcpconfig -D -r SUNWfiles -p /var/dhcp
  # /usr/sbin/dhcpconfig -N 192.168.1.0 -t 192.168.1.1
  # pntadm -A 192.168.1.51 -m dns 192.168.1.0
  But on the Windows XP clients, I get the right IP address, and netmask, but the default gateway is blank. How do I specify that in my DHCP server so that the default gateway gets sent to the XP clients?
  Thanks.

  Get the apache server from www.sunfreeware.com and install it on your server.
  The url will http://hostname-of-your-server
  Go to apache.org to get apache documentation.

• BPC 7M SP6 - best practice for multi server setup

  Experts,
  We are considering purchasing new hardware for our BPC 7M implementation. My question is what is the recommended or best practice setup for SQL and Analysis Services? Should they be on the same server or each on a dedicated server?
  The hardware we're looking at would have 4 dual core processors and 32 GB RAM in a x64 base. Would this adequately support both services?
  Our primary application cube is just under 2GB and appset database is about 12 GB. We have over 1400 users and a concurrency count of 250 users. We'll have 5 app/web servers to handle this concurrency.
  Please let me know if I am missing information to be able to answer this question.
  Thank you,
  Hitesh

  I don't think there's really a preference on that point. As long as it's 64bit, the servers scale well (CPU, RAM), so SQL and SSAS can be on the same server. But it is important to look also beyond CPU and RAM and make sure there's no other bottlenecks like storage (Best practice is to split the database files on several disks and of course to have the logs on disks that are used only for the logs). Also the memory allocation in SQL and OLAP should be adjusted so that each has enough memory at all times.
  Another point to consider is high availability. Clustering is quite common on that tier. And you could consider having the active node for SQL on one server and the active node for OLAP (SSAS) on the other server. It costs more in SQL licensing but you get to fully utilize both servers, at the cost of degraded performance in the event of a failover.
  Bruno
  Edited by: Bruno Ranchy on Jul 3, 2010 9:13 AM

• Best practice for licence server for RDS Farm & Certificate errors

  Hello,
  I am in the process of creating an RDS farm using Server 2008 R2.  I have three Session Hosts and a Connection Broker.
  I have a set of 10 user CALs available and also another 20 on our current RDS server which will need migrating once we go live with the farm.
  I understand the User CALs need to be installed on another Server 2008 R2 and I am wondering what is best practice.  We are running on an entirely virtual environment and it would be simple enough to create another server and install the CALs on there. 
  The only issue with that is that I would need to create a replica of this new machine for DR purposes, but this would take up valuable space which may not be necessary.
  We are planning on creating replicas of one of the Session hosts and the broker for DR, so I am guessing I would need to install some CALs on the Session Host which is going to be replicated.
  There are a few options and I am just wondering what is the best way to go about things.
  Also, as an aside, I am getting an annoying certificate error each time I log a test user onto the RDS farm - I think this is because I am using the DNS alias of the RDS Farm to log on. Is there an easy way to get around this, other than the 'Do not show
  this message again'. I have been doing some research and the world of Certificates is very confusing!!
  Thanks,
  Caroline
  C.Rafferty

  Hi Caroline,
  Firstly for your License related issue, you can perform the step on any VM or can create the new VM as replica for RDSH server also. But please be sure that you have installed RD License server on it, activate it and then install RDS CAL on it. But be safe
  if possible don’t install RD License server with RDCB, please make that out of it as little away. As you can also install RD License server with AD or make replica of that and install RDL on that.
  Best practices for setting up Remote Desktop Licensing (Terminal Server Licensing) across Active Directory Domains/Forests or Workgroup
  http://support.microsoft.com/kb/2473823
  What’s the specified certificate error which you are receiving?
  If you're going to allow users to connect externally and they will not be part of your domain, you would need to deploy certificates from a public CA. In meantime you can refer blog for getting insight for certificate case.
  Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Configure DHCP Server options for Internet Sharing?

  Good morning, all.
  I have a Sprint (Sierra 595U) AirCard internet connection, which I'm sharing over my AirPort (using OS X's built-in Internet Sharing) to several Windows clients in my office. I see that when Sharing is enabled, en1 takes on the address 10.0.2.1 by default, as well as the role of default gateway/router and DHCP server for the Windows clients.
  My question is: Can I configure the IP addresses and DHCP options for Internet Sharing to another address/mask scheme?
  Just like I changed my home wireless network away from the default 192.168.1.0/24 for security reasons, I'd like to do the same here.
  Thanks and Regards,
  BrooklynWalker

  Some paranoia is good.
  Yes, of course security paranoia can be cultured. like yogurt
  I googled.
  This might help:
  http://www.aleph0.com/computing/macosx/dhcp-setup/
  but from what I just read, changing away from the default net & mask might be putzy.Some other discussions for you:
  http://www.macosxhints.com/article.php?story=20050331194834746
  or you might see something here that helps.
  Sorry not to be more specific. Hard to tell if you already googled for yourself.
  I'll let someone smarter than I am take a look for you, here.

• How do you configure DHCP server on OSX Lion Server

  I want to use my Mac Mini Server as a DHCP server on my network.   I cannot find the place under Server to configure it.  
  Where would I find it?   It is not under Server.

  Hi
  Download the Server Admin Tools from here:
  http://support.apple.com/kb/DL1457
  These are not installed when installing Lion and then Server App. Once installed launch Server Admin, click on the Server's name in the side panel, click on Settings > Services and enable the DHCP Service. Once enabled it should appear in the side panel. The rest should be fairly obvious?
  HTH?
  Tony

• Best Practice for DHCP when Anchoring to a Guest Wireless LAN Controller

  Hi all,
  I'm interested in the communities opinion in relation to DHCP provisioning when using auto-anchor/guest tunneling.
  As far as I can tell, one cannot use the internal DHCP on the anchor controller when using auto-anchor due to incompatibility between the auto-anchor feature and DHCP Option 82.
  The scenario is as follows:
  Guest controller is the anchor which provides Internet access to guests.
  There is a foreign controller which is configured to anchor to the guest controller.
  The internal DHCP server is configured on the guest anchor controller, therefore DHCP proxy must be enabled for DHCP to work.
  DHCP proxy enables Option 82.
  The guidlines for guest tunneling state that DHCP Option 82 isn't supported. (Ref: Deploying and Troubleshooting Cisco Wireless LAN Controllers - Ch14)
  So, the internal DHCP server requires DHCP proxy to be enabled; this in turn enables Option 82, which stops DHCP leases being made to clients connected to the foreign controller.
  Given that a guest WLC would normally be placed in a DMZ, the internal DHCP server may often be the only DHCP solution available.
  I look forward to hearing your opinions.
  Thanks
  Rhodri Jenkins

  There are a couple of options here if you need to get proxy disabled
  1) pinhole with an ACL that allows dhcp to pass your internal servers
  2) run dhcp on a switch, router, or firewall in the dmz
  3) if you are using a cab,e modem or dsl for the guest users, you can let that do the dhcp
  In general I've seen most of these in play, but I like option 2 myself
  Sent from Cisco Technical Support iPad App

• Imaging solution for EBS: Best practice guide for server setup

  Hi,
  We have to implement Imaging solution for EBS using AXF adapter. For this, customer is going to procure and implement SOA and WebCenter Content from scratch.
  We are now faced with the challenge whether to recommend SOA and WCC on the same Weblogic server or on separate Weblogic servers. Is there any best practice guide available for setting up Application Adapters for WCC?
  Thanks
  Arijit

  Hi ,
  I think this documentation would atleast help you in starting with planning :http://docs.oracle.com/cd/E23943_01/doc.1111/e15483/toc.htm
  Thanks,
  Srinath

• Best Practices configuration PSEUDO_TIME CLOCK or TBAR

  Friends,
  I Find for a manual of best practices for configuration PSEUDO_TIME CLOCK GET VPN>
  could someone help me?

   GET VPN uses time-based anti-replay (TBAR), which is 
  based on a pseudo-time clock that is maintained on the KS. 
  http://www.cisco.com/c/dam/en/us/products/collateral/security/group-encrypted-transport-vpn/GETVPN_DIG_version_1_0_External.pdf

• Need best practice configuration document for ISU CCS

  I am working on ISU CCS project. i need  best practice cofiguration document for
  Contract management
  Collections management
  Invoicing
  Work Management as it relates to ERP Billing.
  Thanks
  Priya
  priyapandey.sapcrmatgmailcom

  Which version are you setting up and what are the requirements? IF you are discussing the use of NIC bonding for high availability beginning in 11.2.0.2 there is a concept of "High Availability IP" of HAIP as discussed in the pre-installation chapters,
  http://docs.oracle.com/cd/E11882_01/install.112/e22489/prelinux.htm, section 2.7.1 Network Hardware Requirements.
  In essence, using HAIP eliminates the need to use NIC bonding to provide for redundancy.