Firewall considerations ZfH Access point to MGT server

Hi there,
According to the TID10095278 the ZfH access point talks to the ZfH
Management server on port 2398. I presume the Access point does all the
initiating to the Management Server.
I know to can use HTTP encapsulation on port 80 but I've never got that to
work.
In the case where you want to locate an Access point on the public side of
a firewall and the Management Server on the private side. I presume an
inbond rule of 2398 needs to be allowed using TCP.
In the paragraph in the TID "In some cases the ZfH will send a UDP packet
to the Access Points over port 2398, but this is to optimize some things,
and will work correctly if this packet isn't delivered correctly." I'm
presuming this means from the handheld to the access point.
Does anyone have any thoughts on this?
Thanks,
Fred.

Fred,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

Similar Messages

  • IOS Access Point Bombards TACACS+ Server with Requests

    Problem: When using the web GUI to manage an IOS access point such as the AP350, AP1100, or AP1200, and when using TACACS+ to authenticate the HTTP accesses, the access point will send numerous authentication requests to the TACACS+ server for each web page accessed.
    Workaround given by cisco was to use single-connection tacacs server.
    My question:
    How to implement this command? Is it as below
    "tacacs-server host x.x.x.x single-connection port 49 key test".
    I've tried using this command but still getting numerous authentication request.
    Any help?
    regards,
    Ganesh

    We experienced similar problems. We were instructed to use local authentication at the current time. Something about HTTP requiring authentication for each part of the page that accesses data. The configuration line is:
    ip http authentication local
    The single connection did not help. We were also advised that if we required ACS HTTP authentication to use RADIUS because it scaled better than TACACS and would not be as impacted as TACACS. If neither of these are an option, another workaround is to, disable logging "passed authentications". We tested this and it prevented our ACS server from pegging the cpu, memory and I/O write queues. We opted for local authentication because the lack of "passed authentication" logs impacted our troubleshooting.
    Good Luck
    Gerry

  • Access point as Dhcp Server

    is there a way to use the access point as a dhcp server?

    No The AP is a layer 2 bridge innetwork terms, (not to be confused with the WLAN bridge products.) Think of it as a hub with one ethernet ports and allow mutilple wireless devices
    You will need to have a DHCP server on the ethernet side to provide DHCP to your wireless clients

  • Cisco 1242AG Access Point proper configuration

    Hello everyone,
    Here is the situation:
    Recently we decide to create a small WLAN in our business.We choose the Cisco AIR-AP1242AG-E-K9 with 2x2.4GHz 2.2dbi Swivel Dipole Antenna.
    For better managability a new routable VLAN (ID:20) added to our Router with IP 192.168.55.1 and SNET 255.255.255.0
    Next, I made the followings configurations in the autonomous AP through WEB Console:
    Static IP:192.20.10.35, SNET:255.255.254.0, GWY:192.20.10.200
    VLAN1 (Native) and VLAN20 (Radio0-802.11g) added into Services.
    I set the Encryption Mode to None for VLAN1 and Cipher AES CCMP for VLAN20
    Into Server Manager I defined a new RADIUS server 192.20.10.35 (AP IP) and a shared secret and left the default ports for Authentication and Accounting (1645 and 1646). Also, in Default Server Priorities section I set as Priotity 1 both for EAP and MAC authentication the Access Point IP (Radius Server) 192.20.10.35.
    In Local RADIUS Server General Set-Up, I add as current network access server (AAA client) the same IP and shared secret like the ones I use during RADIUS server configuration above. Into Enable Authentication Protocols I left checked only the LEAP and MAC. Also, into Individual Users section 2 new users created with text passwords.
    Into SSID Manager a new hidden SSID created for interface Radio0-802.11g, associated with VLAN20 and into Client Authentication Settings section I left as accepted Method Open Authentication with MAC authentication and EAP. Also, I left the Use Defaults option both for EAP and MAC Authentication Servers in Server Priorities Section and finally into Client Authenticated Key Management section I choose Mandatory for Key Management and checked the Enable WPA option.
    I can ping both the AP and VLAN20 IPs from any PC which is a member of the native VLAN
    As wireless clients I use 2 Motorola MC5574 with Windows Mobile 6.1 professional. Both of them have a Jedi WLAN adapter configured with the followings:
    IPs:192.168.55.10 and 192.168.55.11
    SNET:255.255.255.0
    GWY:192.168.55.1
    Also, a unique profile has been created on each one of them to be used for AP association-authentication. Each profile has been configured for WPA2 Enterprise with AES and LEAP and the predefined user credentials (those defined into AP for Individual Users)
    The problem:
    Clients association with AP is always succesful but, Authentication fails and I can't ping from the clients AP IP,  VLAN20 IP, neither each other.
    What am I missing here? I'm sure that it is somenthing quite simple but although I tried several different setups (i.e. WPA2-PSK, WPA-PSK even with TKIP) I always end up without a proper solution for ping inability.
    Thank you in advance for any help

    Hello Madhuri,
    below is the latest run config output from the access point
    Building configuration...
    Current configuration : 3743 bytes
    ! Last configuration change at 03:56:04 +0200 Sun Nov 28 2010 by Cisco
    ! NVRAM config last updated at 03:58:07 +0200 Sun Nov 28 2010 by Cisco
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname RCT_THP_AP1
    enable secret 5 $1$26u0$emaUzNvvihCCZeKeooQ8M0
    aaa new-model
    aaa group server radius rad_eap
    server 192.20.10.35 auth-port 1645 acct-port 1646
    aaa group server radius rad_mac
    server 192.20.10.35 auth-port 1645 acct-port 1646
    aaa group server radius rad_acct
    aaa group server radius rad_admin
    aaa group server tacacs+ tac_admin
    aaa group server radius rad_pmip
    aaa group server radius dummy
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authorization exec default local
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    clock timezone +0200 2
    ip name-server 192.20.11.2
    dot11 ssid RCTHP
       vlan 20
       authentication open mac-address mac_methods eap eap_methods
       authentication key-management wpa
    power inline negotiation prestandard source
    username Cisco password 7 00271A150754
    username 00236867a192 password 7 101E594B56414A5D5B057B7276
    username 00236867a192 autocommand exit
    username 00236867a19b password 7 091C1E5B4A534F445C0D557329
    username 00236867a19b autocommand exit
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan 20 mode ciphers aes-ccm
    ssid RCTHP
    channel 2462
    station-role root
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.20
    encapsulation dot1Q 20
    no ip route-cache
    bridge-group 20
    bridge-group 20 subscriber-loop-control
    bridge-group 20 block-unknown-source
    no bridge-group 20 source-learning
    no bridge-group 20 unicast-flooding
    bridge-group 20 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    shutdown
    no dfs band block
    channel dfs
    station-role root
    interface Dot11Radio1.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface FastEthernet0.20
    encapsulation dot1Q 20
    no ip route-cache
    bridge-group 20
    no bridge-group 20 source-learning
    bridge-group 20 spanning-disabled
    interface BVI1
    ip address 192.20.10.35 255.255.254.0
    no ip route-cache
    ip default-gateway 192.20.10.200
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1
    snmp-server view dot11view ieee802dot11 included
    snmp-server community public view dot11view RO
    snmp-server contact IS
    radius-server local
      no authentication eapfast
      nas 192.20.10.35 key 7 03130807055F2C1F
      user motomob1 nthash 7 15315B29557B0D767E111074455E332022000F0D0A725C223B300C7A0E760A0371
      user motomob2 nthash 7 075E716D6C2F49514636532A5C0B0A067C1567003224335553047F0C710058263E
    radius-server attribute 32 include-in-access-req format %h
    radius-server host 192.20.10.35 auth-port 1645 acct-port 1646 key 7 120E561B115B0157
    radius-server vsa send accounting
    bridge 1 route ip
    line con 0
    line vty 0 4
    sntp server 192.20.10.2
    sntp broadcast client
    end
    Regards
    Vasilis

  • I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

    I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
    I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
    I need to allow the following IP addresses to have RDP access to my server:
    66.237.238.193-66.237.238.222
    69.195.249.177-69.195.249.190
    69.65.80.240-69.65.80.249
    My external WAN server info is - 99.89.69.333
    The internal IP address of my server is - 192.168.6.2
    The other server shows up as 99.89.69.334 but is working fine.
    I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
    THE FOLLOWING IS MY CONFIGURATION FILE
    Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
    Also the bolded lines are the modifications I made but that arent working.
    ASA Version 7.2(4)
    hostname ciscoasa
    domain-name default.domain.invalid
    enable password DowJbZ7jrm5Nkm5B encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.6.254 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 99.89.69.233 255.255.255.248
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    ftp mode passive
    dns server-group DefaultDNS
    domain-name default.domain.invalid
    object-group network EMRMC
    network-object 10.1.2.0 255.255.255.0
    network-object 192.168.10.0 255.255.255.0
    network-object 192.168.11.0 255.255.255.0
    network-object 172.16.0.0 255.255.0.0
    network-object 192.168.9.0 255.255.255.0
    object-group service RDP tcp
    description RDP
    port-object eq 3389
    object-group service GMED tcp
    description GMED
    port-object eq 3390
    object-group service MarsAccess tcp
    description MarsAccess
    port-object range pcanywhere-data 5632
    object-group service MarsFTP tcp
    description MarsFTP
    port-object range ftp-data ftp
    object-group service MarsSupportAppls tcp
    description MarsSupportAppls
    port-object eq 1972
    object-group service MarsUpdatePort tcp
    description MarsUpdatePort
    port-object eq 7835
    object-group service NM1503 tcp
    description NM1503
    port-object eq 1503
    object-group service NM1720 tcp
    description NM1720
    port-object eq h323
    object-group service NM1731 tcp
    description NM1731
    port-object eq 1731
    object-group service NM389 tcp
    description NM389
    port-object eq ldap
    object-group service NM522 tcp
    description NM522
    port-object eq 522
    object-group service SSL tcp
    description SSL
    port-object eq https
    object-group service rdp tcp
    port-object eq 3389
    access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
    access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
    access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
    access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
    access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
    access-list outside_access_in extended permit tcp any interface outside eq 3389
    access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
    access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
    access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
    access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-524.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
    static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    http server enable
    http 192.168.6.0 255.255.255.0 inside
    http 0.0.0.0 0.0.0.0 outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto map outside_map 1 match address outside_1_cryptomap
    crypto map outside_map 1 set peer 68.156.148.5
    crypto map outside_map 1 set transform-set ESP-3DES-MD5
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash md5
    group 1
    lifetime 86400
    crypto isakmp policy 30
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    tunnel-group 68.156.148.5 type ipsec-l2l
    tunnel-group 68.156.148.5 ipsec-attributes
    pre-shared-key *
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
    : end
    ciscoasa(config-network)#

    Unclear what did not work.  In your original post you include said some commands were added but don't work:
    static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
    and later you state you add another command that gets an error:
    static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
    You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
    The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface.  Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
    Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive?  Static PAT usually makes sense when you need to change the TCP port number.  In your example, you are not changing the TCP port 3389.

  • Can an iMac serve as a wireless access point server?

    I have a current iMac with standard built in wireless capability but I'm on the net with wires (RJ45 twisted pair ethernet CAT5 cables). Can my iMac serve as a wireless access point for a new device in the house (Nintendo Wii)? Is there a setting I can turn on, or software that can be downloaded to have the iMac act as a server instead of just a client on a wireless network? I know that it's best to have dedicated hardware do this, but I'm looking for a software solution to use while I decide what to buy.
    Currently I have a DSL connection and a star style home network. The DSL modem has an ethernet cable to a hub, and our 2 macs connect with wires to the hub. (I have an older DSL modem that has no wireless capability, I know that upgrading the DSL connection involves a new modem that includes wireless, but the phone company makes no guarantees about supporting Macs, so I have to do some research first.)
    -Ken

    If your iMac connects to internet from ethernet cable, you can use airport to share the connection wirelessly by creating a network from airport, then go to system preference > sharing > internet and enable internet sharing. But if you already have a wireless router, Mac should be compatible, there is nothing inherently different between iMac's airport and PC's wireless card.
    For Wii, I have no experience myself but there are plenty of posts on this forum, like this one: http://discussions.apple.com/thread.jspa?messageID=4528652&#4528652
    (linked to http://www.virtualmatt.com/?p=7)

  • Access Point  not visible in UMS server for Application using UMS adapter

    Email Driver Properties for email is configured in UMS and works fine which means its able to poll for any incoming Email from the Configured Account.
    Now i am builiding a soa Composite application and and using UMS adapter to receive that incoming mail and process it further.
    I have succesfully deployed that application in my soa server but it doesn't show any access point for that application.
    I have followed oracle Documentation (section 11.2.3.3)
    http://docs.oracle.com/cd/E28280_01/integration.1111/e10231/ums_adapter.htm
    how to get that Access point configured for application ?
    Please Help.
    Thanks in Advance
    Divyanshu

    Thanks for the reply.
    I had readded the access points after phone reset, so they are available under internet destination but none of the apps are able to see them.
    I also saw 3-4 processes listed under panic tab in KillMe application, not sure if being inside panic tab means that the processes crashed, i hope it's not a hardware related problem.

  • A tech company just set up a wifi network in my house and does not use my existing TC; how do I get it in the network to serve as backup for my iMac? (I don't need it as a wifi access point anymore)

    a tech company just set up a wifi network in my house and does not use my existing TC; how do I get it in the network to serve as backup for my iMac? (I don't need it as a wifi access point anymore) thanks

    Just bridge the TC and plug it by ethernet into the main router.
    Bridge in v5 airport utility.
    In v6 it is under network.. change it from DHCP and NAT to Off bridge mode.
    Turn off the wireless.

  • Unable to get ip address from DHCP server for Aironet 1130AG Access Point

    I have a network in which DHCP server is enabled. I have read the installation guide also there it is mentioned that 1130G Access point will not have any staic ip assigned to it.So it will automatically get the ip from the DHCP server from the network. I have connected that from the network but it is unable to get the ip address from the same. The same thing i have configured in the netgear it is coming fine. I have seen the sonic wall and used the IPSU tool also from checking the ip address from Mac Address but i am not able to get the same. Please provide me some tips to check where i am wrong in configuration because the first web page also not coming because of the ip address.

    narendra,
    I would suggest that the AP be connected to a laptop or desktop pc that would run a local dhcp server with a small scope setup...plenty of free ones on the web(this pc would obviously not be connected to your currnet network). This way you can watch the dhcp server hand the AP it's address (this can take a few minutes). Once you have the address use it to access the GUI and give the AP a static address (I find it good pratice to give all my autonomous AP's static addresses for ease of troubleshooting)...Hope that helps.

  • Radius local server and wireless access points

    Hello to all,
    I would like to ask a question related to radius server. I have a Allied telesis core switch and i configure the radius server locally, also i configure the port1.0.7 for dot1x and i am using dynamic vlan. If i connect my laptop to port 1.0.7 i can get the correct ip from the dhcp server. If i connect an access point to the same port , how i should configure the dot1x ? for multiple hosts? I know i am using allied telessis but the config is very similar to the cisco: take a look:
    (Radius and nas config)
    radius-server host 127.0.0.1 key awplus-local-radius-server
    aaa authentication dot1x default group radius
    aaa authentication auth-web default group radius
    crypto pki trustpoint local
    crypto pki enroll local
    radius-server local
    server enable
    nas 127.0.0.1 key awplus-local-radius-server
    group Andrew
      attribute NAS-Identifier andrew
      attribute Tunnel-Medium-Type IEEE-802
      attribute Tunnel-Private-Group-Id 10
      attribute Tunnel-Type VLAN
    user andrew encrypted password wh8q0J2oYSn0y4cynksNCqfbaUtRGv/E6JaJrW+s3Zs= group Andrew
    (port config)
    interface port1.0.7
    switchport
    switchport mode access
    auth-web enable
    dot1x port-control auto
    auth host-mode multi-supplicant
    auth dynamic-vlan-creation
    I tried with auth-web and without but no luck. If someone have a sample config how to configure the dot1x to be able to use access point please paste it.
    Thanks
    Andrew

    I'm not sure if the Autonomous APs have the option for AAA Override.  On the WLC, I can go into the BSSID, Security, Advanced, and there's a checkbox that I would check to allow a Radius server to send back the VLAN.
    I did a little research and it looks like the 1300 may give this option but instead is defined as "VLAN Override".  I've found the release notes for 12.3(7)JA5 (not sure what version you're running) that give mention and a link to configuring EAP on page 4: http://www.ciscosystems.ch/en/US/docs/wireless/access_point/1300/release/notes/o37ja5rn.pdf
    Hope this helps

  • Scale out file server client access point using public nic

    Thoughts on this one.
    I have a Scale Out File Server cluster with a Client Access Point. Whenever i talk to the Client Access Point it uses the public nics.
    If i talk to the Scale Out File Server directly it uses the private like i want it to. How can i get the Client Access Point using the private nics?

    Hi JustusIV,
    Could you tell us why you want to modify the CAP use the “private” network, the CAP is used for client access, your clients may can’t access your cluster if modify your CAP
    use private network, if you want know how to modify the CAP of a cluster you can refer the following KB:
    Modify Network Settings for a Failover Cluster
    http://technet.microsoft.com/en-us/library/cc725775.aspx
    More information:
    Understanding Access Points (Names and IP Addresses) in a Failover Cluster
    http://technet.microsoft.com/en-us/library/cc732536.aspx
    Windows Server 2008 Failover Clusters: Networking (Part 4)
    http://blogs.technet.com/b/askcore/archive/2010/04/15/windows-server-2008-failover-clusters-networking-part-4.aspx
    Hope this helps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • AP Extreme (WiFi Access Point)... LAN... Web Proxy Server help.

    Hello...
    I need a little help configuring this Airport Extreme as a Wireless Access point, serving a bunch of iPads via the schools LAN connection for which traffic is routed through a Web Proxy Server. I've been told to set it up as a bridge as the PC LAN and Proxy are providing NAT but can't seem to crack it.
    The WiFi side of things is up and running, we can all see and connect to the AP.
    I'm told that it was working fine before the school break in the summer, then something was changed and the position of the AP altered.
    The Web Proxy Server is normally accesses from the PC's via the following address... IP > 10.12.14.122  //  PORT > 3128
    I'm not certain where the Proxy settings need to go in the new 'simple' Airport Utility, can't see a place for Port at all?!?
    (I've taken the AP home, tried it on my home network and it works fine, so we know its all OK and its down to config).
    Here are some screen images of the settings as they are, that do not work.
    (I was trying a few different settings hence the screens like Static/DHCP etc.)
    Any help is greatly appreciated.

    Hi Daniel,
    >>Now when I go on a client site my internet access on the host laptop is via a web proxy on a LAN connection.
    "LAN connection" means physical NIC (Realtek PCIe GBE Family Controller) ?
    " web proxy " means adding a proxy server IP in IE ?
    Bounding the NIC (Realtek PCIe ) to external virtual switch then connect all VMs to that external virtual switch ,still can not access ?
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Syslog server for access points

    Hello,
    On the controller, when you look at an access points config. There is the syslog server for the access point with the default ip address of 255.255.255.255. I was wondering if there was any way to disable the syslog server for the access points. The only thing I've found so far is that the ip address of the syslog server can be changed.
    Thanks,

    i am not sure if "no" command works.
    but on 5.2 ver
    config logging trap disable global
    disbale/ enable is the key to set the ip address for syslog server

  • Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points

    Hi Guys,
    I would like to go for "Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points 1300". I want the AP to broadcast only 1 SSID. The client find the SSID ->put in his user credential->Raudius athentication->assign him to an specific vlan based on his groupship.
    The problem here is that I don't have a AP controller but only configurable Aironet Access Points 1300. I can connect to the radius server, but I am not sure how to confirgure the AP's port, radio port, vlan and SSID.
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
    I go through some references:
    3.5  RADIUS-Based VLAN Access Control
    As discussed earlier, each SSID is mapped to a default VLAN-ID on the wired side. The IT administrator may wish to impose back end (such as RADIUS)-based VLAN access control using 802.1X or MAC address authentication mechanisms. For example, if the WLAN is set up such that all VLANs use 802.1X and similar encryption mechanisms for WLAN user access, then a user can "hop" from one VLAN to another by simply changing the SSID and successfully authenticating to the access point (using 802.1X). This may not be preferred if the WLAN user is confined to a particular VLAN.
    There are two different ways to implement RADIUS-based VLAN access control features:
    1. RADIUS-based SSID access control: Upon successful 802.1X or MAC address authentication, the RADIUS server passes back the allowed SSID list for the WLAN user to the access point or bridge. If the user used an SSID on the allowed SSID list, then the user is allowed to associate to the WLAN. Otherwise, the user is disassociated from the access point or bridge.
    2. RADIUS-based VLAN assignment: Upon successful 802.1X or MAC address authentication, the RADIUS server assigns the user to a predetermined VLAN-ID on the wired side. The SSID used for WLAN access doesn't matter because the user is always assigned to this predetermined VLAN-ID.
    extract from: Wireless Virtual LAN Deployment Guide
    http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html
    ==============================================================
    Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration Example
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
    ==============================================================
    Controller: Wireless Domain Services Configuration
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml
    Any help on this issue is appreicated.
    Thanks.

    I'm not sure if the Autonomous APs have the option for AAA Override.  On the WLC, I can go into the BSSID, Security, Advanced, and there's a checkbox that I would check to allow a Radius server to send back the VLAN.
    I did a little research and it looks like the 1300 may give this option but instead is defined as "VLAN Override".  I've found the release notes for 12.3(7)JA5 (not sure what version you're running) that give mention and a link to configuring EAP on page 4: http://www.ciscosystems.ch/en/US/docs/wireless/access_point/1300/release/notes/o37ja5rn.pdf
    Hope this helps

  • Packet Data Access Point Names vs real data server...

    I am trying to activate an application that requires GPRS.
    I currently can get EGPRS and assume that will do the same but faster. But I have a question that may not pertain to this but as I am new at this I will ask it here. From reading I see that the settings of packet data appear to have more to do with setting up phone as a modem to use. So I don't know truly if this has any bearing on my problem with the software registering to complete the setup of it.
    However my web access which is unlimited month to month internet access which allows me to go anywhere on web (not a walled garden) also uses this GPRS or EDGE version of GPRS. I am in the USA with T-Mobile. Phone is set to use GSM. The screen where it concerns connectivity says that I have Access Points which were configured by T-Mobile sms file they sent me twice. I actually have 5 names under Access Points.
    1)MMS = wap.voicestream.com
    2)T-Mo WEB = Internet.voicestream2.com with small i in settings
    3)T-Mo WEB(01) - this from 2nd sms copy same
    4)T-Mobile Internet = Internet.voicestream2.com with small i in settings too.
    5)t-zones this is their wall garden = wap.voicestream.com
    ok since I can browse the web anywhere and download the application I don't know why I cannot register it. But it states it needs an internet connection before activation through authentication, or basically registering it to use.
    So I am trying to do this after verifying that I have an internet connection with the too connection arrows symbols on phone screen showing internet connectivity with E over them currently by starting a browser first as the application doesn't seem to do this for me when trying to activate it.
    E
    --> where the lines are solid. Ok here is my issue here.
    The arrows are not coming up correctly in this forum anyway I get what shows I have EGPRS connectivity, I don't know if the application is sensitive to using GPRS only but will find out. I doubt it. The GPRS would show the arrows with an antennae above. I am talking about the indicators from what the pdf and book say.
    Below Access Points on the menu in settings for connection is Packet data.
    Packet data has to variables
    1) when needed , or when available
    2) Access point
    Access point is blank. Should I enter one of T-Mobiles names in the list above this under Access Points such as
    T-Mobile Internet or should I put the server name in specifically internet2.voicestream.com?
    I set the Data Call setting to Unlimited to make sure if its using this process it doesn't turn off after the 5 minute default on the next setting.
    Any ideas why this gprs app is not activating itself and making the gprs internet connection with the pin I was provided? I had to use the pin just to download it and install it.

    that will work. You only need to change if you need to have always on (highly unlikley) or if you are using modem dial up and need to specify access point for that.
    If you using Nokia One Touch access then you don't even need to define access point in this menu as that application will take care of it for you.
    All other network aware applications will use access point settings as defined in settings menu.

Maybe you are looking for