Deploying 5 sensors in my network

Similar Messages

• Deploying a secure internal wireless network

  Hi, We've got a 5508 WLAN controller with about 200 WAPs currently deployed for guest access only. We would now like to deploy wireless for our internal network as well and would like for this to support voice as well. I'm reviewing the various options that are available and trying to figure out which one is the best. I've narrowed it down to EAP-TLS and PEAP with MS-CAHPV2 with Windows based certificates. Our management wants us to use Microsoft RADIUS servers instead of ACS.  Just wanted to get some feedback to see if someone has done this in their environment before and the pros and cons of choosing one authentication method over another.
  Thanks in advance for you valuable input!

  Lets be clear...
  You can only do EAP-PEAP or EAP-TLS with WZC. This is not a limitation of ISE, rather its a limitation with WZC. Take a peek at the EAP options and you will see.
  ISE can be used as a radius server or you can proxy to another radius server, for example ACS. ISE allows all types of EAP types PEAP,LEAP,TLS, etc. If you use ISE as a radius server, you can also take advantage of the RADIUS probe.
  One problem is CoA and WZC. If a CoA has to happen after a device is already connected, it most likely will not work with WZC. Let me give you an example.
  Lets say you need to do a vlan move for a user from vlan 200 to vlan 300. ISE may not properly identify the device until after it has a IP. The users HTTP traffic is then analyze and its "hay this guy needs to move from 200 to 300". The WLC will make that move after being instructed by ISE, but your WZC is still on vlan 200 (ip address) wise. The CoA will happen on the WLC, but the WZC client will sit and spi becuase of the ip/vlan mismatch.
  Suppose, if you used Cisco anyconnect wireless client. If a CoA happens like the above exmaple, the anyconnect client will detect the traffic is not passing and it will re-ip automagically.
  Does that make sense?

• Deploying bpel sensors as part of SOA archive

  Oracle documentation (http://docs.oracle.com/cd/E25054_01/dev.1111/e10224/bp_sensors.htm) mentions about adding custom sensors as part of bpel project to have it deployed as part of SOA archive. However on following steps I am getting java.lang.ClassNotFoundException exception.
  Can anyone guide me what I am missing ?
  Please note that by following instructions as mentioned in http://mazanatti.info/index.php?/archives/71-SOA-Suite-11g-fabric-logging-with-BPEL-sensors.html I am able to get sensors working but it is separate offline deployment for sensors.
  Thanks.

  Hi Ravi,
  I used the below script to deploy the ear.
  <wldeploy action="deploy" name="${application}" source="${apps.root}/${application}/deploy/${application}-${apps.version}.ear"
       user="${deploy.user}" upload="true"
       password="${deploy.password}" nostage="true" verbose="true"
       adminurl="t3://${deploy.host}:${deploy.port}" targets="${deploy.target}" />
  and below target to generate ear file.
  <target name="ear" >
       <echo>Building the ear file</echo>
       <ear destfile="${apps.root}/${application}/deploy/${application}-${apps.version}.ear" appxml="${apps.root}/${application}/adfmsrc/META-INF/application.xml">
       <fileset dir="${apps.root}/${application}/deploy" includes="*.war" />
  </ear>
  But I am getting the error
  Target state: deploy failed on Server AdminServer
  java.lang.ClassNotFoundException: oracle.adf.library.webapp.ResourceServlet
  I get the same error ih JDeveloper, If i try to deploy the war from project. But if i deploy it from Application view then there will be no error.
  There are lots of libraries, if I had to manually add it to the classpath in Ant script.
  Any idea to solve this issue from Ant scripts.
  Regards,
  Subhashini

• Need help to deploy IP Multicast in private network

  Hi,
  I am currently working on a project where there is an urgent requirement to deliver an IP multicast solution.
  The network itself is fairly simple.
  IP Cameras as connected to pairs of Catalyst 2960 switches in 'access nodes'. There are 8 cameras per node, 4 on each switch. There are multiple nodes, 3 at the moment in our testing environment, all trunked together, so 24 cameras in total.
  The Catalyst 2960 switches are trunking to a Core node, which consists of a pair of Catalyst 3750 switches with MHSRP configured for each of 8 VLANs, with 2 DCs and 2 Video storage servers for storing camera footage attached to access ports on those switches. We also have workstations attached to the core node switches which have software installed to view live images and manage the cameras across the network.
  We have no routing - the access switches have default gateways pointing to the VLANs SVIs configured on the core switch, and each function has its on VLAN. InterVLAN routing is enabled on the 3750s and connectivity is working fine.
  I wish to send a TCP stream to the Video Storage servers for storage, and to multicast to the workstations so that the software can see multiple streams from multiple cameras.
  Could someone please suggest a suitable deployment strategy, including how to configure the cameras and switches appropriately to allow this to happen? I am struggling to understand what type of configuration is required.
  Much appreciated. I'm actively viewing this thread for assistance.

  Paul
  I don't think IP Base supports any PIM mode other than PIM stub routing (unless you know otherwise) so your solution wouldn't work. Or perhaps i am not understanding ?
  Martin
  I think the only way forward is to test what we have already covered.
  I didn't realise this was a test environment so at least you can try all things out without worrying about the production network.
  The thread i linked to suggested that you can get the routing working even without a L3 device capable of running full multicast routing but at the moment the question concerns those extra commands you can't enter. Can you verify they are not available in config mode ?
  An additional problem is because PIM is passive on the SVIs no IGMP queries are being made so there is no way for the switches to work out which ports needs the multicast stream and so it will be flooded.
  There is a function, supported on the 3750s called the IGMP querier function which allows the switch to make IGMP queries per vlan without PIM enabled. We may be able to use this but i have absolutely no idea how it will work with the L3 multicast routing config.
  I recommend you try and get multicast routing working first. If you can get to the stgae where you can send a multicast stream from one vlan to another then you should be able to use wireshark to then see each port in the destination vlan receiving the stream (even when you don't want it to).
  If you can get to that stage we can then try the IGMP snooping querier to see if we can restrict the stream to only those ports that need to receive it. It may be we can't in which case -
  a) you could statically configure the multicast mac address to the relevant ports but this is no scalable and does not allow clients to dynamically join and leave the multicast group
  or
  b) simply allow the stream to be flooded to all ports within the destination vlan. Not ideal and kind of defeats the purpose of multicast but you may have no choice.
  I doubt whether any of this would be supported by Cisco though as i think their position would be to simply upgrade to an IP Services license although in understand this may not be possible for you because of cost.
  Jon

• One Cisco prime deployment for three physically different Networks

  Can one Cisco prime deployment be used to manage three physically different Networks without creating a bridge between the networks. It is imperative that the networks remain separated but they will be managed by the same team so can you somehow use one Cisco Prime without the networks becoming connected 

  Hi,
  I believe you can manage any device, if it reachable (ICMP/SNMP) to Prime Infrastructure.
  Just make sure all the 3 different network reachable to PI, it's not required they're reachable among them. 
  PI itself do not do any bridging/routing between your 3 different network , therefore PI doesn't know if you can route between them or if they're separated.
  Since 3 different network are not reachable among themselves, use 3 different seed ip while discovering.
  Also, from management point of view, you can create virtual domain, group the devices network wise, & then while logging in PI, you'll the get feel if you're managing 3 different network by same PI.
  But since we know that PI, all the devices of 3 different network, it'll consume the CPU/RAM/Disc space accordingly. therefore need to pay attention for the resources of PI
  Using Virtual Domains to Control Access to Sites and Devices
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/administrator/guide/PIAdminBook/maint_user_access.html#pgfId-1056197
  - Ashok
  Please rate the post or mark as correct answer as it will help others looking for similar information

• Deploying an RT app with Network Variables

  David Thomson Original Code Consulting
  www.originalcode.com
  National Instruments Alliance Program Member
  Certified LabVIEW Architect
  There are 10 kinds of people: those who understand binary, and those who don't.

     Oops - the message got posted before I even wrote it - sorry!
     I'm working on a simple RT daq app that acquires 32
  channels of AI and pops them into a network variable for a host program
  to read several times a second.  I build and deploy the app as a
  startup so that it starts every time the PXI RT system boots.  I
  want to move the RT box to another computer that has LV, but not LV-RT.
     I first tried using the variable server on the host. 
  The LV box boots and the app starts.  I start my program on the
  host, and it connects.  Everything is fine.
     However, to make the transition to another computer
  easier, I would like to host the network variables on the RT box. 
  Then I don't have to deploy them to the network variable engine on the
  new computer.  When I write the program this way, the RT half
  still boots and runs.  Using the variable monitor program, I can
  see that the variables are hosted on the RT box and are being
  updated.  So I open the host program in LV and start it.  It
  has to deploy some sort of connection to the network variables, so a
  deploy dialog pops up.  It finds out that the RT box already has
  an app running and says that if I continue to deploy, that app will be
  stopped.  If I cancel, the host app doesn't run.  If I don't
  cancel, the RT app stops.  I have to connect to the RT box again
  and redeploy the RT app.  Then both are running and I get data.
     Is there a way to host the variables on the RT box, and
  have the RT program start automatically on bootup, and have LV for
  Windows start a program that gets the variables off the RT box from a
  Windows machine that doesn't have RT?
  Thanks,
     Dave
  David Thomson Original Code Consulting
  www.originalcode.com
  National Instruments Alliance Program Member
  Certified LabVIEW Architect
  There are 10 kinds of people: those who understand binary, and those who don't.

• How to deploy MPLS Diff-serv in network?

  Hi,I have trouble with how to deploy MPLS Diff-serv in ISP network. Who can give me a example or a design? thanks
  Sincerely

  Hi,
  This link might help you.
  http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a008022ad7e.shtml

• Providing DRC solution for ATMs in the enterprise network

  Hi all,
  I am looking for ideas on how to provide a Disaster Recovery solution for thousands of ATMs (Automated Teller Machine) deployed in the bank enterprise network. The solution should consider
  the following facts:-
  1.- Having the ATMs switch the connection to the Server at DRC shouldn't be automatic. This situation might last for the next few years until DRC becomes mirror image of primary data center.
  2.- The ATM servers at the primary and disaster recovery center is single server equipped with high availability (Tandem). I mean to say, there is no SLBs invloved in the connection
  3.- The application running on the ATMs is calling the ATM Server by hardcoded IP address in the application. The bank is willing to visit the ATMs to change once and forever.
  I see source natting as the most appropriate solution, however your opanion and expertise are appreciated.
  Thanks
  Sami

  Sami,
  what kind of solution are you looking for ?
  Is the concern the connection from ATM to central location ?
  Or is it a concern about the server at the central location ?
  For connection issues, I don't see any other solution than providing multiple lines.
  If the concern is the single server, you could have a loadbalancer somewhere in your network.
  The loadbalancer can use probes to check the health of the server.
  If the primary fails, or is unreachable, you can automatically redirect the traffic to the standby.
  ATM machines will point to the virtual ip (you could reuse the current ip and assign a new one to the servers).
  Not sure where to place the loadbalancer without a better idea of the problem to solve and the network.
  Gilles.

• How can I deploy my AAMEE without Apple Remote Desktop?

  Hi everyone,
  I created a build for Adobe CS6 Production Premium for Mac with the serial number embedded, along with the current updates. All is well with that; however, this is the issue that I am having:
  I have tried to test the build on a local machine (the computer I created the build on) and was able to install the package with no issues; however, when I try to deploy build onto a networked machine, it doesn't work.
  I have read through the AAMEE Reference Guide and have read (if I am not mistaken) that for CS6, you can only deploy an AAMEE build through Apple Remote Desktop onto multiple machines. I have also read that you would need Apple Remote Desktop on all of the machines you want the build to deploy on.
  If that is case, if I have read the guide correctly, what is the point of deploying the build through a network if you have to still install ARD onto all the machines you want the software one? How can you get around this to be able to deploy your AAMEE successfully onto a network on machines?
  When I tried it last night on one network Mac with ARD, I received the error message for "Validating packages...". I'm not sure what that means because the build works perfectly on local machine.
  Any ideas would help as far as deploying the build on a network without using ARD, or really, just a simpler alternative that works?
  PLEASE HELP.
  Thanks.

  Hi,
  You can deploy package using any of these tools - ARD, SSH, Casper suite, Absolute manage, Land desk..and may be more but we have only tried these.
  We have mentioned ARD as an example, but other standard tools can be very well used for deploying package. and there is no need to have ARD installed on all machines where you want to deploy the package, but only on admin machine.
  can you please let me know - which client OS are you trying to deploy the package and whether the client machine is logged or logged in? please forward install.log if you are facing the error.
  thanks,
  Rahul | [email protected]

• Network variables hang subvi

  I have a GUI with several subvis.
  I am using an LV project (LV 8.2).
  One of the subvis is used to construct a GPS string and hand it over to a RT (cFP-2120) deployed serial write vi using network variables.
  If I run the subvi standalone from the project with the RT deployed vi all works perfectly.
  If I open the GUI from the project, it also opens the GPS subvi now.
  When I run the GUI it apparently tries to run the subvi and the subvi's front becomes a blank white window with only the subvi title bar showing.
  It hangs in this postion and never gets any further.
  Before I implemented the network variables for the serial write, the subvi did not open on GUI launch.
  Further, the two are designed such that pressing a button on the GUI would open up the subvi as a dialog.  Once the stop button on the subvi is clicked it would close down.  This is how it used to work before I implemented the network variables.  Now the GUI won't even run.

  I don't get anything when running in highlight modem, just a blank white window.
  I let the original run last night while I went home.  It finally had come up and was running this morning.
  After days of working with bindings, etc I finally started hacking off sections of my main VI today.  It eventually started working.
  I apparently have too much baggage or a conflict on the main vi structure. 
  I'm dealing with nearly 40 indicators/controls used to monitor or modify simulation values for an avionics simulator.
  Clearly I'm not being effecient in memory management.
  I do have multiple while loops monitoring and sending data.

• Error when deploying a scenario in CE 7.2 server

  Hi all
  I have encountered with the below when i tried to deploy my first scenario in CE 7.2 Server.
  The given network does exceed the maximum revision number. The given network has revision number 2.4 (Galaxy BPMN compiler as of NetWeaver CE 7.20. Give yourself to the dark side.) but maximum possible revision number is 2.2
  I have checked the versions of my CE Server and NWDS as given in the below thread by Martin
  Deployment Exception: Could not instantiate network ...
  Both the NWDS and CE Server are on same level 7.2 SP01.
  Please let me know the other possible reasons for this error.
  Thank you
  Ram

  Hello Ram,
  To resolve the issue, I donwloaded the NWDS 7.1 version. Now I am able to deploy the BPM process successfully.
  Link to download the NWDS 7.1 is :
  [NWDS 7.1 EHP 1|https://nwds.sap.com/swdc/downloads/updates/netweaver/nwds/nw/711/index.html]

• Ask the Expert: Hierarchical Network Design, Includes Core, Distribution, and Access

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about hierarchical network design. 
  Recommending a network topology is required for meeting a customer's corporate network design  needs in their business and technical goals and often consists of many interrelated components. The hierarchical design made this easier like "divide and conquer" the job and develop the design in layers.
  Network design experts have developed the hierarchical network design model to help to develop a topology in discrete layers. Each layer can be focused on specific functions, to select the right systems and features for the layer.
  A typical hierarchical topology is
  A core layer of high-end routers and switches that are optimized for availability and performance.
  A distribution layer of routers and switches that implement policies.
  An access layer that connects users via lower-end switches and wireless access points.
  Ahmad Manzoor is a Senior Pre-Sales Engineer at AGCN, Pakistan. He has more than 10 years of experience in first-rate management, commercial and technical skills in the field of data communication and services lifecycle—from solution design through sales pitch, designing RFPs, architecture, and solution—all with the goal toward winning projects (creating win/win situations) of obsolete solutions.  Ahmad also has vast experience in designing end-to-end data centers, from building infrastructure design to data communication and network Infrastructure design. He has worked for several large companies in Pakistan and United Arab Emirates markets; for example, National Engineer, WATEEN Telecom, Emircom, Infotech, Global Solutions, NETS International, Al-Aberah, and AGCN, also known as Getronics, Pakistan.
  Remember to use the rating system to let Ahmad know if he has given you an adequate response. 
  Because of the volume expected during this event, Ahmad might not be able to answer every question. Remember that you can continue the conversation in the  Solutions and Architectures under the sub-community Data Center & Virtualization, shortly after the event. This event lasts through August 15, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Dear Leo,
  We are discussing the following without any product line, discussing the concept of hierarchical design, which will help you to take decision which model is better for you Two Layer or Three Layer hierarchical model.  
  Two-Layer Hierarchy
  In many networks, you need only two layers to fulfill all of the layer functions—core and aggregation
  Only one zone exists within the core, and many zones are in the aggregation layer. Examine each of the layer functions to see where it occurs in a two-layer design:
  Traffic forwarding—Ideally, all interzone traffic forwarding occurs in the core. Traffic flows from each zone within the aggregation layer up the hierarchy into the network core and then back down the hierarchy into other aggregation zones.
  Aggregation—Aggregation occurs along the core/aggregation layer border, allowing only interzone traffic to pass between the aggregation and core layers. This also provides an edge for traffic engineering services to be deployed along.
  Routing policy—Routing policy is deployed along the edge of the core and the aggregation layers, generally as routes are advertised from the aggregation layer into the core.
  User attachment—User devices and servers are attached to zones within the aggregation layer. This separation of end devices into the aggregation permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, it is best not to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the aggregation layer. You can also place traffic admittance controls at the aggregation points exiting from the aggregation layer into the core of the network, but this is not common.
  You can see, then, how dividing the network into layers enables you to make each layer specialized and to hide information between the layers. For instance, the traffic admittance policy implemented along the edge of the aggregation layer is entirely hidden from the network core.
  You also use the core/aggregation layer edge to hide information about the topology of routing zones from each other, through summarization. Each zone within the aggregation layer should have minimal routing information, possibly just how to make it to the network core through a default route, and no information about the topology of the network core. At the same time, the zones within the aggregation layer should summarize their reachability information into as few routing advertisements as possible at their edge with the core and hide their topology information from the network core.
  Three-Layer Hierarchy
  A three-layer hierarchy divides these same responsibilities through zones in three vertical network layers,
  Traffic Forwarding—As with a two-layer hierarchy, all interzone traffic within a three- layer hierarchy should flow up the hierarchy, through the layers, and back down the hierarchy.
  Aggregation—A three-layer hierarchy has two aggregation points:
  At the edge of the access layer going into the distribution layer
  At the edge of the distribution layer going into the core
  At the edge of the access layer, you aggregate traffic in two places: within each access zone and flowing into the distribution layer. In the same way, you aggregate interzone traffic at the distribution layer and traffic leaving the distribution layer toward the network core. The distribution layer and core are ideal places to deploy traffic engineering within a network.
  Routing policy—The routing policy is deployed within the distribution layer in a three- layer design and along the distribution/core edge. You can also deploy routing policies along the access/distribution edge, particularly route and topology summarization, to hide information from other zones that are attached to the same distribution layer zone.
  User attachment—User devices and servers are attached to zones within the access layer. This separation of end devices into the access layer permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, you do not want to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the access layer. You can also place traffic admittance controls at the aggregation points along the aggregation/core edge.
  As you can see, the concepts that are applied to two- and three-layer designs are similar, but you have more application points in a three-layer design.
  Now the confusion takes place in our minds where do we use Two Layer and where the Three layer hierarchical model.
  Now we are discussing that How Many Layers to Use in Network Design?
  Which network design is better: two layers or three layers? As with almost all things in network design, it all depends. Examine some of the following factors involved in deciding whether to build a two- or three-layer network:
  Network geography—Networks that cover a smaller geographic space, such as a single campus or a small number of interconnected campuses, tend to work well as two-layer designs. Networks spanning large geographic areas, such as a country, continent, or even the entire globe, often work better as three layer designs.
  Network topology depth—Networks with a compressed, or flattened, topology tend to work better as two-layer hierarchies. For instance, service provider networks cover large geographic areas, but reducing number of hops through the network is critical in providing the services they sell; therefore, they are often built on a two-layer design. Networks with substantial depth in their topologies, however, tend to work better as three-layer designs.
  Network topology design—Highly meshed networks, with many requirements for interzone traffic flows, tend to work better as two-layer designs. Simplifying the hierarchy to two levels tends to focus the design elements into meshier zones. Networks that focus traffic flows on well-placed distributed resources, or centralized resources, such as a network with a large number of remote sites connecting to a number of centralized Data Centers, tend to work better as three-layer designs.
  Policy implementation—If policies of a network tend to focus on traffic engineering, two-layer designs tend to work better. Networks that attempt to limit access to resources attached to the network and other types of policies tend to work better as three-layer designs.
  Again, however, these are simple rules of thumb. No definitive way exists to decide whether a network should have two or three layers. Likewise, you cannot point to a single factor and say, “Because of this, the network we are working on should have three layers instead of two.”
  I hope that this helps you to understand the purposes of Two Layer & Three layer Hierarchical Model.
  Best regards,
  Ahmad Manzoor

• How do you set up a deployment server to image a Macbook Air

  I have 240 Macbook Airs to deploy.  Having problems gettng them to netboot to the deployment server using the USB network adapter.
  The server is 10.6.8.  Does it need to be updated to Lion to work?

  The new MacBook Airs should boot off a Snow Leopard server machine running Netboot for these machines. At least the 85+ machines I've imaged off my SL NetBoot box do, so that's not the issue. Are using Netboot or something else? What image/build of Lion is on the box that you're trying to boot these machines against? I agree with Captfred if you're trying to use some system restore image for the MacBook Airs, I wouldn't bother. I compiled a custom boot image that installs 10.7.2 already out of the box and all of the Airs fired up just fine.

• Greyfield Deployment of UC320w with RV120w

  I have a number of customers using the RV120w Small Business Firewall/Router in their business, and am having problems deploying the UC320w into these networks in a greyfield scenario. I am following the published Cisco document for configuring the up-front firewall, but cannot get the RV120w to forward the required packets to the UC320w. All customers are using NexVortex SIP trunking. With the RV120w, inbound calls either do not ring the phones or ring but exhibit one-way communication when answered. I have had good success when deploying the UC320w greyfield behind the RV180w (very similar device), set up in the identical way.
  Has anyone else had success using the RV120w with latest firmware in a UC320w greyfield deployment?
  What ports should be forwarded to the UC320w?
  Here is my router configuration on both RV120w and RV180w devices:
  VLAN 4 created, untagged on LAN port 4
  VLAN 4 configured with IP 192.168.2.253 (255.255.255.252)
  DHCP off on VLAN 4
  VLAN 1 untagged on LAN ports 1, 2, 3
  VLAN 1 configured with IP 192.168.10.5 (255.255.255.0)
  DHCP off on VLAN 4 (DHCP provided on customer network by Small Business Server)
  WAN configured with public static IP address from DSL modem
  Port forwarding configured for the Small Business Server (Ports 80, 443, 25, etc. forwarded to server static LAN IP)
  DMZ Mode configured to forward all remaining incoming traffic to the UC320 at 192.168.2.254
  (I have tried forwarding only SIP ports, etc, but have had best success with DMZ)
  Enable SIP ALG Option in Firewall
  UC320w configuration:
  UC320w Topology: Routes Voice Only
  UC320w VLAN 1 configured at 192.168.10.6 (255.255.255.0)
  UC320w VLAN 100 at defaults
  UC320w WAN configured at 192.168.2.254 (255.255.255.252) GW 192.168.2.253
  Thanks,
  Andy Williams

  Based on this info, I tried disabling the DMZ and adding an access rule at the bottom of my list of 5 other port forwards. This last access rule is to "allow any service from any address" and route the packets to the UC320w on VLAN4's subnet. This does not work any better. Maybe this "allow any service" fails in the same way as the DMZ checkbox?
  Can someone provide info on what TCP and UDP ports should be forwarded from my NexVortex SIP provider to the UC320w? I will give configuring just specific ports a try.
  Thanks,
  Andy Williams

• SCCM 2012 - Network requirements for Client communication to primary in a Cross Forest Environment

  Hello, I have been trying to get some definitive answers on what network traffic is required between a client and a primary site versus a secondary in a cross forest scenario.
  Here is the scenario:
  Company A has an existing SCCM 2012 primary Site. Company B (Separate Forest) has now been brought in. One subnet on each side can route to each other and using that one subnet a two way forest
  trust has been setup. But the remote offices have IP address overlaps between companies. At some point in the future all assets on company B will be re-IP and brought over to Company A domain. But in the interim it would be nice to get SCCM cross forest clients
  working. Upgrading to a CAS model with two Primaries would not be preferred here as this is a temporary solution. 
  My questions are as follows.
  If a secondary site is deployed into Company B Forest/Network. I have seen people online elude to that clients will still need to communicate to the Primary located at Company A, even though they
  are assigned to a secondary on Company B’s network. Is this true? Is there any workarounds for this? Is a NAT back to the primary acceptable, or is reverse lookup required?
  Will the Primary need to communicate directly to the clients in Company B? If this is in fact a requirement, then this would be a show stopper. But if its only needed for things like client pushes,
  then we could work around it.
  Thanks

  "But the remote offices have IP address overlaps between companies"
  Technically, this is unsupported because clients, depending upon your boundaries, will not be able to find a local DP since they use IP addresses for this. The only way to work around this is to use AD Site boundaries.
  "though they are assigned to a secondary"
  Clients are *never* assigned to a secondary site -- that's not what secondary sites are for. Yes, clients require communication with an MP in the primary site where they are assigned. There is no way to change this or work-around this except to put
  an MP from the primary site closer to those clients and use the new MP affinity option in R2 CU3.
  Reverse lookups are only used to verify names by applications that wish to have this type of functionality (which are very few in number) and have nothing to do with true network traffic. NATing is an issue for the reason I gave above -- DP location.
  Remote control, client push, and WoL won't work either because there is no way for the traffic to reach the destination behind the NAT.
  All client *agent* communication in ConfigMgr is client initiated in ConfigMgr (remote control, client push, and WoL -- as just mentioned -- are sort of exceptions to this but they don't really involve the client *agent*.)
  Jason | http://blog.configmgrftw.com | @jasonsandys