Can we use a using a routed port as a gateway instead of SVI on a l3 switch ?

Similar Messages

• Which security risks can be exploited bij opening a routed port on a windows network

  Which security risks can be exploited by opening a routed port on a windows network
  Our company is implementing a web application with potential security issues we have never dealt with before. The situation is 
  as follows:
  Network
  •A LAN with internet router and firewall with a port (f.e. 4589) open, which is routed to IIS server address.
  •Network with IIS server, Windows clients and server(s)
  •MSSQL application Database on a windows client or server
  •IIS Server hosts a .NET 4.0 WCF Web service
  Purpose of this config:
  •Internet users can use IIS web service to read and write application database tables.
  •IIS server has a certificate for authenticity, web services are configured to only use https.
  •Application exposes 2 web services:
  •1. without user authentication: can only read non-essential information from database
  •2. with user auth., for reading and writing more essential information.
  I have the following questions concerning security:
  1.Can I Isolate external access to the IIS server only, and shield access to the rest of the physical (windows) machine ?
  2.We have a lot of customers with only 1 windows 7 or 8 PC. What extra security risks arise in case of a combined MSSql Express
  database, Windows integrated IIS 7 or 8, and a customer doing its daily business on the windows client on this PC. (Daily  business involves: use of our application (with database), Email, Office, Internet)
  3.Can you see any other security vulnerabilities in this scenario, assumed that all machines in the LAN are properly patched ,
  shielded with antivirus product and maintained?
  Since security is not really my field of expertise, I would be very happy to get some explanation on potential risks of this 
  configuration.
  Thanx in advance, Oskar Stok
  Thanks in advance. Sincerely, Robert Bakker Flexdata

  Hi,
  1.Can I Isolate external access to the IIS server only, and shield access to the rest of the physical (windows) machine ?
  You can configure Windows Firewall rules based on ports.
  2.We have a lot of customers with only 1 windows 7 or 8 PC. What extra security risks arise in case of a combined MSSql Express
  3.Can you see any other security vulnerabilities in this scenario, assumed that all machines in the LAN are properly patched ,
  Honestly, I don’t see vulnerabilities here, if you want to secure the server and clients, place them in a private network, you can also use NAT and hardware firewall.
  In addition, you can install System Center Endpoint Protection to prevent virus and spyware.
  More information for you:
  Configuring Firewall Rules
  http://technet.microsoft.com/en-us/library/dd448559(v=WS.10).aspx
  Frequently asked questions about malicious software
  http://technet.microsoft.com/en-us/library/ff823783.aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Extend Wireless Network using a Telstra technicolor Gateway wireless Router to Airpot extreme but Airport will only except join not extend and I can not get a network on the Airpor Extreme ethernet ports but can ping Airport extreme from Technicolor Rout/

  Extend Wireless Network using a Telstra technicolor Gateway wireless Router to Airpot extreme but Airport will only except "join a wireless network (which it does) not "extend a wireless network" (Led turns yellow and I can not get a network working on the Airpor Extreme ethernet ports but can ping Airport extreme from Technicolor Router.
  Airport gets it address DHCP.

  Funny how I can ping the Extreme but the Hard Ethernet ports dont seem to work correctly.
  When the AirPort Extreme is configured to "Join" a wireless network, the Ethernet ports are not enabled.
  Oddly, the AirPort Express has a special feature that will allow it to to "Join" virtually any wireless network.....and the Ethernet port can be enabled. So, an Express would work for your purpose to provide an Ethernet connection to the media player. This assumes that the Express is located where it can receive a strong wireless signal from your main router.
  Note that the Express will not provide any additional wireless coverage when it "Joins".

• Can't connect to skype, get invalid port,  using laptop with iphone as router

  can't connect to skype, get invalid port,  using laptop with iphone as router

  can't connect to skype, get invalid port,  using laptop with iphone as router

• Is it better to use router port versus vlan member port?

  Hi CSC,
  This is more of a philosophical or "best practices" question.
  I have a Cisco 3550 at the home office. Connected to the 3550 is a number of branch offices by way of T1 circuits or VDSL modems. They all come to the home office, where we have a central internet connection and server farm for our entire organization.
  Except for one special case branch office, we don't forsee the need for appearances of the  home office vlan at the branch office sites. In that case, we bring it  into a trunk port at the home office, and at the special case branch office we have a dell 3024  switch and tag some ports as vlan 18 (the home office) or vlan 27 (the  special case branch office).
  We also do not forsee a need for the vlan from one branch office to appear at another branch office.
  They are all (except for the special case mentioned above) currently configured something like this:
  interface FastEthernet0/1
  description home office
  switchport access vlan 18
  switchport mode access
  interface FastEthernet0/2
  description t1 to branch office 1
  switchport access vlan 19
  switchport mode access
  interface Vlan18
  description subnet for home office
  ip address 192.168.18.1 255.255.255.0
  interface Vlan19
  description subnet for branch office 1
  ip address 192.168.19.1 255.255.255.0
  Is it better, in terms of reduced network complexity or performance on my 3550, to do something like this instead?
  That is, to make the interfaces router ports as opposed to vlan member ports?
  Of course, if we ever DID need to have appearances of the home office vlan at branch office sites, or appearances of one branch office's vlan at another branch office, we would lose that flexibility.
  interface FastEthernet0/1
  description home office
  switchport access vlan 18
    switchport mode access
  interface FastEthernet0/2
  description t1 to branch office 1
  ip address 192.168.19.1 255.255.255.0
  interface Vlan18
  description subnet for home office
  ip address 192.168.18.1 255.255.255.0
  no vlan 19

  Hello,
  In my opinion there is no 100% right answer here. I think it depends also about network forecast. I'll try to add here some thoughts:
  - if you use trunk interfaces from home to branch and SVI for L3 connection, in terms of scalability is much easier to expand (you have now only one p2p L3 link, but in future you'll need another one; if the port is a trunk one, you just configure another SVI interface, allow vlan on trunk and your good to go)
  - trunk interfaces involve more configuration (L2 interface and SVI L3 interface)
  - if you add in the home office another switch to existing one, and for some reason you have misconfiguration in STP / VTP, then you can run into problems like loops, vlan database modification (e.g. VTP server mode and the new added switch has a higher revision number than existing one)
  - L3 physical interfaces are easier to configure and less complex, but in case you want to scale to additional p2p link will be harder
  - L3 configuration is easier to troubleshoot as you avoid the L2 complexity
  - in terms of packet exchange a L3 interface will exchange less packets than a L2 trunk with SVI (I'm talking here about control traffic, not user traffic)
  - with L2 trunk you can have other problems like if somebody is "smart enough" to add a new switch into the existing switch (if you have a switch there) at the branch location; imagine that the new switch due to misconfigurated STP became root bridge; you have a large STP domain.
  As I said, there is no good or bad approach. You have to guide yourself about forecasts in your network. For example if you know that a branch location will not be extended in the next 2 years, then go ahead with L3 interface and that's it. On the other hands if you have doubts you can add for another location L2 trunk with SVI. You can mix this two solution to obtain the best results for your network characteristics.
  Cheers,
  Calin

• Can Time capsule be used a normal router?

  and I would like all my macs to connect to the internet as well. Is this possible? thanks

  To answer your original question, yes Time Capsule can be used as a normal router. Think of it as a router with a built in hard drive. And yes all your Macs can connect to it to share Internet.
  Now as for your second question, how are you accessing the Internet right now? Because you can't connect the Time Capsule to your phone jack on the wall. I'm assuming you're using some kind of DSL. If so, then you need to connect your DSL modem to the Time Capsule, not Time Capsule to your phone wall jack. Then you'll be able to share and connect with all your Macs. Make sense?
  Time Capsule has ethernet ports (bigger "phone" jack), take the ethernet cable from your DSL modem and plug it into the WAN ethernet port of the Time Capsule.
  If you're on dial-up, then you can't share Internet with all your Macs. (Actually you could, but it's going to be painfully slow and not worth it)

• How can I share printers using a non apple router, imac to ipad?

  Newbie in osx, but experienced in linux.
  My new imac has 3 printers setup for sharing, but ipad 2 / iphone 4 fail to see them.  I am using the belkin router that I owned already, instead of buying an Airport.
  I found a solution at askubuntu.com Q 26130 at http://askubuntu.com/questions/26130/how-can-share-my-printer-so-that-i-can-use- it-with-airprint
  I setup a linux machine on the network, with no physical connection to any printer. The 1st, an hp fax psc has a usb to imac, as the 2nd, an hp psc, the 3rd printer is an epson wireless, which is only connected on the network by wifi to the belkin router. I'm certain the imac "sharing" is properly setup, because the linux machine has no trouble finding the printers.  Only the ipad / iphone have a problem.
  Once I put the linux machine (with the above changes) on the network, everything works as desired.  I can print on the ipad / iphone to any of the 3 printers, using the built in Airport printer routine (not the epson or hp apps). And the imax and linux machines can also print on all 3.
  So, I suspect the imac isn't telling the router to display the printers on the network in a way that iOS can see them. I know it would work if I owned an Airport, but I'd rather not spend that much right now.
  I'm sure someone knowledgable in OSX might have an idea where to stick an Airport definition file, created from the python script in askubuntu, that could solve this without having to run the linux laptop all the time.  Any ideas?
  TIA

  It's possible to use free software (Virtualbox and Ubuntu) to fix the broken iOS 5 Airprint printing with non supported printers.  Here's a fix that works on my imac, but should also work on even a windows pc.
  My setup is a lion imac with 2 non-airprint supported usb printers attached, a belkin wifi router that provides network connectivity for my imac, ipad, and iphone.
  Install ubuntu 11.10 in a virtualbox vm.  Specify to use the "Bridged Adapter" with "en1: WiFi (AirPort)" for the network hardware.  Make sure the imac's usb printers are setup with sharing.  On ubuntu, select System Settings > Printers and add your imac's shared printers to the list.  Then start ubuntu's firefox and set "localhost:631" in the address. On the administration tab, under the Server section, check "Share printers connected to this system" and hit Change Settings button to activate it.  Go back to ubuntu's printer setup, and right click on each printer and check that the properties Policies tab does not have any messages about it being unshared. If so, then go back to firefox and make sure the Server sharing checkbox is enabled. It may help to reboot.
  Fire up virtualbox to be able to use AirPort printing to your imac's usb printers, when you want to print from the iphone or ipad. This also works on iOS 5.
  Only problem is error message from iphone to check the printer for errors, even though it actually prints ok.
  references: 
  http://askubuntu.com/questions/26130/how-can-share-my-printer-so-that-i-can-use- it-with-airprint
  https://lists.ubuntu.com/archives/ubuntu-devel/2011-June/033611.html

• Can i use the HDMI port and the Mini displayport to HDMI adapter simultaneously to switch between two displays?

  I just bought a new Mac Mini and was hoping that i can connect my TV via the HDMI port and also connect a 19" monitor via the Minidispaly port to HDMI adapter or the Mini DisplayPort to VGA Adapter. This way i can pick between having the screen mirrored to my tv, or having the screen displayed at my desk.
  Is this possible?

  Yes. Note the resolution via HDM is limited to
  This model simultaneously supports 1920x1200 on an HDMI or a DVI display (using the included HDMI-to-DVI adapter) and2560x1600 on a Thunderbolt or Mini DisplayPort display or even a VGA display (with an optional Mini DisplayPort-to-VGA adapter, which is compatible with the Thunderbolt port).
  HD 4000 Mini Video

• I have a linksys WRT54G router that we use as a base. I want to use Airplay using Airport Express and hook up my stereo to it. How can i set up my Airport express without a PC/laptop? I just downloaded Airport utility on my iphone and ipad,will that work?

  I have a linksys WRT54G router that we use as a base. I want to use Airplay using Airport Express and hook up my stereo to it. How can i set up my Airport express without a PC/laptop? I just downloaded Airport utility on my iphone and ipad,will that work? And one more thing about the setup, the linksys router shich acts as a base is in a different room as the airport express which i wanted to use for airplay. So I'm hoping to hook up the Airport express via wireless signal. If i can set it up, can someone pls help me out by posting detailed instructions. Thanks so much!

  The first message that AirPort Utility will display during the auto setup will be that the Express will be confgured to "extend" the network. When AirPort Utility analyzes the network further, and sees that the Express cannot "extend" the 3rd party network, the next message will indicate that the Express is being configured to "join" the wireless network.
  Once the Express is configured, if you later go into AirPort Utility to check the settings under the Wireless tab, you will see that the Wireless Mode is indeed "Join a wireless network".

• How can I use a SCH-LC11 device in CHINA which bought from ebay. I am not Verizon customer but I prefer to using your 4G LTE Router . How can I get the unlock code? The device may have a bad ESN but I only use it in CHINA. Kindly looking forward your repl

  How can I use a SCH-LC11 device in CHINA which bought from ebay. I am not Verizon customer but I prefer to using your 4G LTE Router . How can I get the unlock code? The device may have a bad ESN but I only use it in CHINA. Kindly looking forward your reply. Thanks!

  It's good to read Antoniad's post.  It reassures me that I can use my new iPad as an international communication device which is the reason I purchased the thing.  However, I called Verizon today (my provider of cellular data) who told me that I can't just pop in a SIM card as you suggested.  He also said that he was from the "Pre-Pay" division of Verizon and he was certain that I couldn't do what I planned to do.  I was extremely disappointed as I had called Apple prior to buying the iPad and I read the algorhythm on the website for choosing an iPad before purchasing.  Those sources were quite specific and the information seemed clear.  I would be able to use my iPad to communicate through cellular connections while traveling on the road, literally, abroad.  I was told that I could pop in a data card wherever I was, just as you indicated in your message above, and voila I was good to go.  The Verizon rep definitively rained on that parade, but said that I might be able to do this if I have a "Post-Pay" account, a different area of Verizon.  I haven't had the chance to talk to this division yet, so I looked to Apple's Support for answers.  Maybe I will find out that I can use my iPad as an international communication device while traveling on the road afterall, however, it appears I may need a different type of account (Post-Pay), something I was never warned about. Can I switch to this kind of account?  I don't know.  I have to find out.  If you have any information about this issue, it would be good to share since I strongly suspect there are others who bought the iPad for the same purpose that I have.

• Using multiple MIDI-in sources - can you now select the incoming MIDI port?

  Exciting to see that Logic Pro X has launched at last!
  I'm hoping someone who has already had a chance to download it can report back on a specific feature.
  In previous versions of Logic, the only way to record multiple MIDI sources (for example a V-Drums kit and a keyboard) at the same time has been to make sure they are on different MIDI channels, and then choose the "auto demix MIDI channels" option in preferences.
  In this way, the MIDI data is separated by channel and recorded to separate tracks.
  However, it only separates the channels when two or more tracks are armed for recording, and does not offer any option for selecting the specific MIDI port for incoming MIDI signals.
  DAWs such as Cubase and ProTools have always had a drop-down menu for MIDI channels, where the MIDI port can be chosen. This way, you can easily separate your MIDI controllers for either jamming or recording, and they will only play virtual instruments on tracks which are selected to their specific channel. This applies for recording as well as just jamming or trying parts prior to recording.
  I have several hardware synths in my studio and often record MIDI jams with multiple players, and on that basis moved back to Cubase last year. I have been hoping Logic would update this feature for a long, long time!
  Can anyone who is using Logic Pro X already confirm whether MIDI tracks now have a port select option, or whether the old channel-based system and the clumsy "auto demix MIDI channels" method remains...?
  Cheers,
  Mike

  Guys, this is really quite simple to accomplish in the midi environment, susprised you've been hunting for so long for the answers, here's a quick step by step:
  1. Go into Midi Environment
  2. Change the view in the Environment window to show Click & Ports
  3. To make things easier, click the 'Input Notes' label, and delete the object.  And also click the 'Input View' label, and delete that also, so you're left with a blank canvas.  (These are handy tools when testing, just deleting them to make things clearer).
  You should now be left with just the Sequencer Input  (And midi click, but ignore that) - Basically anything that connects into this input goes through as an input into logic... So, all we have to do now is to split each device into seperate channels.  This is simply done through the 'transform' objects.
  4. Add 2x Transformer objects via the 'new' menu (Or however many external inputs you need).
  5. Drag the connection from each device listed on the left, to it's own transformer as shown:
  6. Then plug each transformer into the Sequencer input
  7. Double click each Transformer object and simply FIX the midi channel to be whatever you desire, in this example i've picked channel 2 and channel 3
  8. Now, just make sure the 'Auto demix by channel if multitrack record' option is selected in project settings, and you're good to go!
  Now just simply select the channel number that corresponds to the devices you transformed, and when more than one track is armed for recording it will be split to how you would like.  *Please take note, that the demix only kicks in when multitracking, i.e. more than one track is armed*
  Now, this seems really long winded on a forum with screenshots etc. - But it's truly not, takes about 30 seconds, and once you've done it a few times makes sense.  Plus going through an environment like this opens up possibilites such as splitting one midi keyboard into different zones which can transmit to different channels, so you can have bass on your left hand, and lead on the right for example.  But the midi data will split to each track when recording.
  Reply back if you get stuck, more than happy to help!

• Why can I no longer use my exterior speakers connected to the USB port on my MacBook pro

  QuestionWhy can I no longer use my exterior speakers connected to the USB port on my MacBook pro ?

  Have you checked the Sound Preferences under the System Preferences and set it to USB speaker for the sound output? Sometimes it can change on its own or after and update of an App or the OS?

• I have moved from a G5 Powermac to an Intel Mac Pro and am porting over Items from a Backup HDD. How can I access and use drawings and documents created on the PC computer on the Intel computer ?

  I have moved from a G5 Powermac to an Intel Mac Pro and selectively porting over items from a backup hard drive.
  How can I access and use documents and drawings created on the PC based computer ?

  Clarisworks, you need Appleworks, which will only work with Mac OS X10.6.8 or earlier.  See this tip if you must go newer.  Mac Pros with newer hardware configuration than July 20, 2011 can't use Mac OS X 10.6.8 or earlier without this tip and then it would be Mac OS X Server.  I'm not sure if the new black Mac Pro supports that configuration or not.
  iPhoto, there is an iPhoto for all versions of Mac OS X.
  iTunes, there is an iTunes for all versions of Mac OS X.  Note with iTunes versions 11 and later, which are needed for syncing with iOS 7 or or later, you will lose coverflow, if you liked that feature.  Sadly you can't run an older version of iTunes from within Mac OS X 10.9 or later.
  Sketchup: http://help.sketchup.com/en/article/60107 shows the versions that will work with intermediate Mac OS X versions, and this shows the latest version: http://help.sketchup.com/en/article/36208 be sure to click on the operating system you choose to use.
  GIF - Viewing GIFs Apple's Preview can do that.  Editing them, I like http://www.lemkesoft.com/ Graphicconverter.
  DMG is able to be opened by all versions of Mac OS X.  This are just "disk images" which store programs on a virtual disk that will open when double clicked.    Frequently you'll find the installer of the said program inside.  To find out if the program itself is compatible with 10.7 through 10.9, see http://www.roaringapps.com/
  Otherwise see the resources on:
  https://discussions.apple.com/docs/DOC-2455
  If you end up deciding to stick with Snow Leopard.

• I am trying to connect my server using an Ethernet to router and want to search the internet using another wifi router. How can I accomplish this?

  I have a small storage server and want to connect to it via Ethernet.  I also want to connect the internet using a separate Wifi router from my provider.  How can I do both?

  Set the service order to have wifi first.
  System Preferences > Network > Click on the gear > Set Service order

• How can i browse FP 2000 via serial port same use Ethernet port(RJ 45)?

  I am a new user for  labview.I develope my program with FP 2000 but I have some problem
    1 How can i browse FP 2000 via serial port same use Ethernet port(RJ 45)? if it can Tell me please.
    2 If  I use GSM/GPRS modem via FP 2000 rs 232 port (I under stand how to send AT command) and leave it stand alone
       Can I dial modem and browse file in FP 2000 same as use Ethernetport?
  Someone please help me.Thank you very much.

  Hi!
      First, I can say that your project involves many things, I cannot describe all features in the forum, and I'm not used with GPRS modems (my modems are base band serial modems...).
      Anyway, I would say that in your project you should proceed like this:
        1) Configure your FP 2000 module via MAX and ethernet connection;
        2) Download an embedded application to your module (build in LabView Real-Time)
        3) In your application, you should build a kind of serial port manager, and by the means of serial port you send/receive commands from PC.
      The commands from PC can include "Tell me the about the FP 2000 file system ", or "switch on line X", or anything you need.
     I think it would be difficult to use Internet exp, because you use IE with TCP/IP, and TCP/IP is over ethernet.
     I know that for Windows you can find some wrappers that make you "see" the serial port as an ethernet, but these wrapper do not exist under filed Point, and you shoul build one yourself!!!(and that's not easy).
      For example, to browse your files, you should build a VI that searches through your file system, and reports, via serial, the files present in a directory (it's an example....).
      About communication between GPRS modems and FP2000, I know nothing.  I suppose that these modems accept serial inputs, so you'll have to configure your serial port on FP 2000 with the correct baud rate, parity, and so on..... and you send your data to the modem.  The modem will transfer data in its way, no matter on how it does.
      To send data to your modem you shoud take a look to some Serial communication examples.  What I suggest you, first, is to connect the serial port of FP2000 to a PC, and test communication between PC and FP2000, without modems. Just direct cable connection!  If you're able to do this, insertion of modems is the next step, and should be quite easy.  If you're not able to make the PC receive strings of data from FP2000, over  RS232, adding modems is a further complication, and you won't come out of this mess!
     So, what I say, is just build, for now, a simple embedded application for FP2000, that, using RS232, sends data to a PC (you should see data sent with use of Hyper terminal).
      To build this application, use Instrument I/O --> VISA commands (VISA open, VISA write, and Property node should be enough, for now).
     Please, let me know if this helps......
      Have a nice (programming) day!
  graziano