IP/Interface setup with zones

Similar Messages

• Branch office setup with L3 switch and router with IOS security

  Hello,
  I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
  I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
  Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
  I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
  If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
  Any input would be appreciated.
  Thanks,
  Austin

  Thanks for the input.
  1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
  2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3. 
  3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
  Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid.  

• Cluster test with zones

  Hi there,
  I would like to install and test sun cluster software. I installed 64 bit Solaris 10 into vmware workstation 6. Is it possible to setup some zones and test sun cluster software within one solaris installation? Or do I have to install 2 solaris into vmware and then go with cluster?

  You can install a single node cluster. You may need to change /etc/syslog.conf to lower the severity level to ignore the pm_tickdelay messages to kernel.notice. Although not supported, this is a very good environment for development and testing.
  And it is also possible to have a resource group failing over between two non-global zones running on that single-node cluster. For an example have a look at http://blogs.sun.com/SC/entry/new_solaris_10_experience which describes how to set this up for HA samba.
  Greets
  Thorsten

• Newbie with a Motif ES8 - optimum setup with a minimalistic approach?

  hi,
  I'm trying to decide on the optimum setup with a minimalistic approach!
  I a newbie with the Motif ES8 and am at cross roads deciding on the type of computer setup for my VST.
  PC + Cubase vs. MAC + Logic Pro or Logic Pro Express?
  With MAC, how far do I need to go;i.e. MACBook Pro a must?
  how many USB ports (types 400 vs 800), etc?
  With Logic Pro, is Express going to be sufficient for a full soup to nuts recording and mastering given that this is for a home studio setup though with an idealist running it?
  I'm a one woman show and so don't need too many inputs/outputs. I'd be recording a track at a time and my songs take up less than 16 tracks.
  I would really appreciate any and all responses.
  Roya
  macbook pro   Mac OS X (10.4.7)  

  thanks for the detailed response PK
  so, the extra USB port on the HD would facilitate a
  hub type interface i.e. once you hook up another\
  device to the HD via USB, you're really hooked up to
  the computer.. right? and so, if I get a powered USB
  Hub, this wouldn't really matter.. correct?
  For the most part, you have to be careful hooking
  too many devices up to a computer WHEN you are trying
  to do some sound work. When they say a computer
  can do ABC we sometimes think that should include D.
  As for the sound interface, I already have an
  Audiophile that has midi in/out, firewire to
  computer, RCA jack for i/o. I know its not the high
  end stuff but I hope to do a stepwise upgrade here if
  at all possible..
  That actually might work, if it supports at least
  16 bit 44.1 khz that is the lowest you want to go.
  Ideally it should be 24 bit to take advantage of Logics
  24bit environment. You might be able to run the ES8
  straight into those RCA jacks if they are SPDIF and your
  keyboard has the same on the back.
  There are a bunch of people on Motifator discussion
  groups that warn against Apple's lack of support for
  Logic. Not sure if the concern is only regarding the
  combination of Yamaha (Motif) and Apple (Logic).
  I went and read that thread, here are some of my thoughts
  on some of this.
  Can't comment on MAC, but a dear friend of mine who is an audio engineer said >he had walked away from Logic after Apple bought them out. "Straight downhill" >I think is how he put it.
  Many windows users just hate Apple and their products.
  I think much of it is ignorance. They will say
  Macs are junk but when I ask them why
  they never have an answer or say something
  that is false. It sounds like this "professional"
  did not even wait to see that Logic did get better.
  Apple charges 200.00 for support of it's Professional
  applications. You really do not need it since there are
  so many experienced Logic users here that I never had
  a question go unanswered. I've noticed on those forums
  the same small group of people do most of the problem
  solving. I am not overly impressed with Yamaha's support.
  I had my questions about my keyboard answered quicker
  by those forums. So I guess both companies need work
  in this area. Frankly, for recording, I think the Motif
  and Logic are a Killer combination. Both have steep
  learning curves but once you get up to speed I think
  the results speak for themselves. The main difference
  in my opinion is that the Motif is the ultimate
  performance tool and Logic is the ultimate studio toolshop.
  After having a Motif for over a month, I am convinced
  it has a steeper learning curve than Logic take for instance
  that thread on getting your keyboard to record it's own
  audio output. The list of things to do each time is as long
  as my arm. In case you did not read it here it is.
  First thing – STORE your MIX setup and SAVE the Song to SmartMedia (or USB mass storage device) before resampling it so you have a backup. You would create a mix to balance the instruments the way you like them.
  * Select a target track, then press the [INTEGRATED SAMPLING] button.
  Setup the parameters for resampling:
  * Press [F1] DEST
  * Select a TRACK and [KEYBANK] (note) into which you will record the resampled data. You can target either an empty track or the track on which you are going to play (if you are going to play along). If all tracks are full, don't worry, you can still resample anyway.
  * Press [F2] SOURCE. Set the source parameters as follows:
  - Type = Sample - with this type the Integrated Sampling Sequencer will not create any NOTE-ON data in your sequencer, it will just simply add a new sample waveform to the waveform list
  - Source = Resample
  - Mono/Stereo = Stereo
  - Next = OFF
  - Frequency = 44.1k
  * Press [F6] REC This will place the sampling sequencer in Standby mode. Set the TrggrMode paramter to Manual
  * Press Start on the sequencer and check your levels. If too low set the REC GAIN higher +6bB or +12dB, if the level is to high (clipping- you will see a lightning bolt) lower the GAIN to -6dB or -12dB. When you have checked the levels, press STOP and return to the top of the SONG.
  * Press F6 REC to start the Resample, Press [>] (play) to begin recording the resample. The Motif ES will draw the wave as it samples.
  * When the song is over press [F6] STOP. The Motif ES will take a few moments to gather the data.
  To create the .wav file:
  * Press [FILE]
  * Press [F1] CONFIG
  * Press [SF1] CURRENT
  * If you will be saving the resampled song to a SmartMedia Card set the Current parameter to CARD. To save to a USB device, set this parameter to USB
  * Press [F2] SAVE
  * Set the data TYPE field to WAV
  * Cursor down and Name the wave
  * (If desired, navigate to the subdirectory where you want to save the *.wav file.)
  * Press [ENTER]
  * The ES will ask you which TRACK and NOTE to save as a wave file. Enter the values you selected as the sample destination in the procedure above.
  * Press and hold the AUDITION button to make sure your sample is there.
  * Press [ENTER] and the Motif ES will export the sample as a .wav to your SmartMedia card or USB device.
  Once you have configured Logic which are takes about
  3 minutes (and only has to be done once)
  and set up the keyboard which takes 30 seconds.
  (this has to be done once for each session)
  you plug your keyboard into your audio interface then
  Hit Record
  that is the whole list, two words.
  Once it is in Logic, you have many way to edit it
  and process if needed. The midi is much
  easier to manipulate and there are more
  ways than the ES has keys. Plus you can add to the
  sounds with the internal instruments which are
  as sophisticated and as high quality as the ES.
  Then if your happy with it you can create MP3's
  and burn Red book compliant CD's for
  commercial duplication.
  It really is a complete setup.
  But at any rate I'm going to do some more research on
  another scenario, i.e. what about MAC and Cubase? As
  you may know Yamaha just acquired Cubase..
  I dont think I would be the best to comment on that.
  Maybe ask one of the Gurus on the unofficial
  website for Cubase, The Cubinator.
  Sorry, I just couldn't resist.
  you've been very helpful - thanks again
  cheers,
  Roya
  Cheers!
  P.S. I agree with Dave, If you have a Macbook
  Pro you dont need another computer. If you
  wanta desktop whatever reasons I understand
  Oh and btw, what's QWERTY?
  They are the first 6 keys (top row/left to right)
  on your computer keyboard

• Admin interface for solaris zones

  Is there any admin interface available for zones . Like may be web based ?

  Mike-Kirk wrote:
  Hi Arronfree,
  arronfree wrote:
  What about xVM Ops center? It looks like it has VM admin but I have not actually seen the program and I have not actually seen a price.
  Implicate_Order is right, [Solaris Container Manager|http://www.sun.com/software/products/container_mgr/index.xml] (part of [Sun Management Center|http://www.sun.com/software/products/sunmanagementcenter/index.xml]) provides that single web page to manage (create/destroy/boot/halt/migrate/copy/resource-cap) zones. xVM Ops Center is a fantastic tool for patching and provisioning system amongst other things, but doesn't have all SCMs zone features, yet.
  Don't post advertisements. You account will get blocked if you continue with it! I'm blocking your original post.
  Kaj

• Any perfect audio hardware setup with the new Macbook Pro?

  I'm still not sure if to go for the new Macbook Pro 2.8 ghz, or the 6 months earlier 2.5 ghz model (march 2008).
  I love to go for the new Macbook Pro, but I'm not sure about my setup. Now I have:
  - extern 7200 rpm bus powered LaCie firewire 800 hard drive
  - Saffire with firewire 400 (thinking about moving to Apogee Duet)
  Will the express card really help? I've read that if you connect a firewire 400 device to the express card, the firewire 800 won't work at 800 speed, but at 400? Also that a bus powered hard drive doesn't work, and that it needs it's own power to run with the express card?
  Bottom line:
  What would be the perfect audio hardware setup with the new Macbook Pro? I gladly invest in a different audio interface (or anything else) if it really fits and works as pro audio setup!

  I've read that if you connect a firewire 400 device to the express card, the firewire 800 won't work at 800 speed, but at 400?
  I don't think this is right. As I understand it, the advantage of having one of your devices on an express card slot is specifically so it is on its own bus.
  Then both devices will operate on their own speed.
  However, this is true for the older model Macbook Pros when you use both FW ports that are built in, because even though the machine has two ports, they each feed one firewire bus. So if you have a device plugged into each port, the one plugged into the 800 will only run at 400 speed because they're both on the same bus. Using an express card means both devices can operate at their own speed.
  If you want the newer machine I think you should get it. Then you can buy a firewire 400 express card, plug your interface into that, and plug your FW 800 drive into the main firewire port. This will give you better performance from your peripherals than an older machine with both devices plugged into the built in FW ports.
  Good Luck!

• HT204053 I have an iPhone 4S and the new Apple TV, both setup with my email as the Apple ID.  I gave my wife an iPad 3 and set it up using her email address as the Apple ID.  Is a second iTumes Match subscription required for her to use our music from iCl

  I have an iPhone 4S and the latest Apple TV, both setup with my email address as the Apple ID.  I subscribed to iTunes Match so our music could be played from iCloud.  I gave my wife an iPad 3 and set it up using her email address as the Apple ID.  When I try to turn on iMatch so she can play our music from iCloud on her new iPad it tells me that she needs a subscription to iTunes Match.  Is it Apple's intent that we would need two iTunes Match subscriptions?  If not, how do I accomplish what I want to get done?

  The problem is that all services are bundled with your Apple ID ([email protected]):
  Your iCloud account (Mail, Contacts, Calendars, Reminders, Notes, Backups, etc.),
  also iTunes & App Store purchases (Music, Movies, TV Shows, etc.),
  and the iTunes Match services.
  (I guess that all your devices - yours and your wife's are connected to one iTunes library, right?)
  If you want that your wife gets her own iCloud account for Mail, Contacts, Calendars, etc. but gets also access to your media then you have two set up two things on her device:
  iCloud (Settings > iCloud) with her account (e.g. [email protected])
  and
  iTunes & App Stores (Settings > iTunes & App Stores) with your account (e.g. [email protected]).
  In this case she gets access to your library and could use the same iTunes Match account.
  (See also: Using one Apple ID for iCloud and a different Apple ID for Store Purchases http://support.apple.com/kb/HT4895)

• How can we achive active/active cluster setup with Oracle

  Hi Experts,
  How can we achieve active/active database setup with oracle WITHOUT USING RAC.. As far as I know it's impossible (unless I'm wrong)..
  We are using Oracle 11.2.0.1 64bit on Windows 2008 server. We deployed Oracle FailSafe but that's more of an active/passive solution based on a windows cluster.
  The other solution we were thinking about is to use DataGuard and replication.. two servers.. the oracle instance running on one server generating logs, and the other server receive the logs and apply them to the physical standby db.. Still, this is not a real active/active setup.
  So, is it possible to run 2 servers in an active/active cluster and have the oracle database in an active/active setup or have the instance running on multiple nodes (at the same time)?
  Thanks

  Let me give you a brief explanation of what the situation is and you can be the judge..
  My client have four databases with the smallest one being 20GB and the biggest around the 35gb (SGA 750mb to 1.4gb (Tiny by DB standards) and probably on a normal day, you can run all four of them on a decent desktop).. The DBs are used to keep track of people information. Through out the year, the databases are almost sitting idle, and by idle I mean, the odd update here and there, the odd report..etc. No hard real processing of any sort. Two days of the year (end of year) we have all the operators consolidating records and what's not and they will be pounding away entering data and updating the tables - with hourly reports that goes to 3rd parties. The client expects a 99.99 up time and availability during those 2 days.
  Now, tell me, How can I justify using RAC and spending hundreds of thousands of dollars in licensing and what ever extra costs introduced by the complexity of the environment for the above scenario knowing that I don't have any real use for RAC for 363 days of the year; and we MIGHT need it for 2 days of the year? This is the dilemma we're facing.
  Thanks
  Edited by: rsar001 on Sep 3, 2010 9:42 AM

• My apple id account is setup with my dads cell phone number, so on my iMessages on my mac i get my dads texts messages, is there anyway to change it so my phone number is the one receiving messages on my mac?

  My apple id account is setup with my dads cell phone number, so on my iMessages on my mac i get my dads texts messages, is there anyway to change it so my phone number is the one receiving messages on my mac?

  Remove his phone number from your AppleID.
  http://appleid.apple.com

• HT4137 iCloud setup with one Apple ID and multiple devices

  iCloud setup with one Apple ID and multiple devices

  What, exactly, are you trying to do? You can use the same iCloud account on as many devices as you want, as long as you don't turn on iTunes Match. Once you turn on Match, you're limited to 10 devices total.
  Is this what you want to do...same iCloud account, but different iTunes/App store accounts on each device? If so, you can do that also.

• We have a IPad setup with my ID, now we have I phones what if I use the same IDs? Or can I create a new one and use both on the iPad?

  We have a I pad setup with my Apple ID, we have just got I phones today, can I create a different ID for my my wives phone and can she then sign into the IPad?

  Stuartied wrote:
  How do I sign out of the I Pad for for my wife to sign in?
  Mac App Store: Sign in and out
  http://support.apple.com/kb/PH11499?viewlocale=en_US
   Cheers, Tom

• How do I get a new icloud account for my phone when it was setup with my wifes account?

  How do I get a new icloud account for my phone when it was setup with my wifes account?

  Go to Settings>iCloud and sign out. Any synced data, such as calendars and contacts, will be removed.
  To get a new ID: go to http://appleid.apple.com and create a new ID - you will need a different non-Apple email address from any ID you already have.
  Then go back to Settings>iCloud and sign in there, enabling any data types you want to sync in the list there. You will be asked to create a new @icloud.com address when enabling Mail.

• Dual monitor setup with seperate resolutions

  hey guys!
  i currentley run thye latest version of archlinux with the cinnamon desktop environment and an nvidia geforce 7300SE graphics card.
  im running a dual monitor setup with one 27" 1920x1080 monitor and one 27" 1024X768 monitor
  because they have the same physical size they line up perfectley but because the resolution is different programs/mouse cursor movement doesnt, is there any way (without changing the resolutions) to compensate this effect so that in the eyes of linux/cinnamon the monitors line up so that for example dragging a window goes seamlessley between the 2 monitors.
  i HAVE found out the panning option in the nvidia x server settings, but that really isnt what i am looking for...
  Last edited by RikSolo (2014-08-04 11:25:02)

  A magnifier following the window down to the pixel, zooming to the exact size of 540 pixels the 384 pixels window could create an illusion of just that. It would be highly impractical however, not mention all the hacking time. Even if you would manage to get two screen with different sized icons, so that they match visually, the windows and fonts resizing on the fly, wmctrl might help with windows alone, no their themes (buttons, borders thickness etc.), you would still be left with a visually differently sized mouse cursor. Technically such a feat should be possible, but who is going to code it? Nvidia?
  Last edited by emeres (2014-08-04 18:48:59)

• Interface program with JDBC

  I created three database tables in PostgreSQL database and interfaced it with JDBC.
  In the interface program, I queried the program to retrieve data from two tables. I got results from the first table, but did not get any result from the second table. Rather, the system sent the following error message: Exception in thread "main" java.sql.SQLException: ERROR: parser: parse error at or
  near "mdas_ar_coments"
  at org.postgresql.core.QueryExecutor.executeV2(QueryExecutor.java:289)
  Mdas_ar_coments is the name of the second table. I have checked the names, there is no spelling mistake in both the database tables and interface program.
  Please, let me know how to query two or more tables in a JDBC interface program.
  Thanks.

  Please show me how you are attempting to query two tables using JDBC.

• Conditional Interface Determination with Flat Files

  Hello,
  I have one sender interface (dummy) which could either hold a flat file or an XML file. On receiver side there is one system with two receiver interfaces, one should be used for the XML structure and one for the flat structure.
  My requirement is to have a conditional interface determination with an (exclusive) OR logic. Pseudo code:
  The XML structure has "submission" as root node. So I use the condition (/submissioin) EX to determine whether it is an XML file and I check with not(/submission) EX to determine whether it is a flat file. However the condition does not work using a flat file ("Unable to find an inbound interface"). Could it be, that the conditional expression never is true in case a flat file arrives? How can I achieve this requirement?
  What I additionally do with the flat file is just calling a Java Mapping that sets dynamic attributes for a file receiver, the flatfile itself is dumped on a file system without any addtional conversion logic.
  Thank you for your advice.

  How can I ingnore a message in case a condition applies? I am just aware of the fact that you can ignore messages in case NO condition applies.
  Couldn't you simply reverse the logic and use "not equals"? Or perhaps you can use the EX operator to alter your conditions... here is more info on the EX (exists) operator
  Re: ConditionEditor: Check if element is empty
  What is best practice in this case? Should I use a "dummy receiver"? However if I use a dummy receiver I think I would receive a "interface determination not found" error. How would you do that?
  I've never found the need to work with dummy receivers so I cannot comment there.