LAN network design - Core/access with Cisco 6513

Similar Messages

• Networking Printer on MBA with Cisco Network Magic

  I have Kodak ESP-3 printer attached to Windows Vista PC and networked with Cisco Network Magic to Windows Laptop. I have installed Cisco Network Magic for MAC on MBA. There seems to be a problem in that the MBA doesn't pick up the printer,links with pc & laptop fine for all file sharing etc.
  Am new convert to Mac so any help would be good from one of you experts PLEASE

  What model number is it?
  Printers Supported
  Network Printer Troubleshooting

• Network interface cards tested with cisco agent desktop and CTI Toolkit Desktop Silent Monitor

  Hi Guys,
  My Customer is testing the Silent Monitoring, but, not is working. He is using the NIC Intel 82579LM, version 17.4 - 64 bits. I read the documentation the link http://www.cisco.com/en/US/prod/voicesw/custcosw/ps5693/ps14/prod_system_requirements0900aecd800e3149.pdf
  but, the reference is to version 7.1.3. My Customer work with UCCX and CUCM version 8.6. Are there one specific documentation about this version? The link don´t show the NIC tested by my Customer
  Thank You,
  Best Regards,
  Wilson

  Hi
  I've done lots of deployments of this on UCCX, and still haven't found a NIC that doesn't work. I'm sure there are some, but they appear to be very rare.
  If you can sniff the UDP when a call is in progress, it can work. If you can't, then it's usually down to configuration - e.g. non-phone-connected PCs, span-to-PC-port, PC vvvlan access, etc etc.
  Aaron

• SCOM network discovery & port stitching with Cisco UCS & Hyper-V and/or VMware

  Before we have our network engineers reconfigure their infrastructure to allow network discovery from SCOM, does anyone know whether or not SCOM will include the virtual switches (Hyper-V or VMware), the UCS fabric interconnects, and the hosted virtual machines in the network vicinity dashboard if you enable network monitoring in SCOM? We're hoping to have monitoring visibility of all network components end-to-end in SCOM, but I've not been able to find any useful information online as to how SCOM network discovery/monitoring handles infrastructure like UCS.

  The PF Vnic within UCS Manager has one vlan attached and is tagged native. The Fabric Network Set has a matching network segment with the same vlan ID. I removed the pin group. The port profile according to the SCVMM documentation needs to be set to "Sla only" which removes the options for vlans within the port profile. I've tried adjusting Host Network IO Performance as well with no luck. System Center Virtual Machine Manager 2012R2 still throws the same two errors. One thing to note is we are trying to do this thru SCVMM and not Hyper-V on the host itself.
  I opened a TAC case and there is one known bug for
  Symptom:
  Everytime I assign a Logical Switch to a network adapter or during migration, SCVMM generate an error 25262, "Cannot set a bandwidth setting on the virtual network adapter for the SR-IOV switc
  Conditions:
  [ From SCVMM, right click VM and assign logical switch to a network adapter.
  OR
  Migrate a client to a different host.
  https://tools.cisco.com/bugsearch/bug/CSCum75054
  There is no workaround for the issue currently.
  My other issue of
  Failed while applying switch port settings 'Ethernet Switch Port VLAN Settings' on switch 'UCS-SCVMM': The request is not supported. (0x80070032).
  Unknown error (0x8000) has no fix or information.

• Cisco Video Telephony Solution Reference Network Design (SRND)

  Below are links to two design guides focused on video telephony and videoconferencing. The first link is goes to the NEW Video Telephony guide while the second links to the existing Videoconferencing guide that has been referenced before in a previous thread.
  Cisco Video Telephony Solution Reference Network Design (SRND):
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns268/c649/ccmigration_09186a008026c609.pdf
  IP Videoconferencing Solution Reference Network Design (SRND):
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns280/c649/ccmigration_09186a00800d67f6.pdf

  Hi
  As long as this is new instalation I recommend you to use SIP on all of the end points where possible and integrate with CUCM using sip trunk this will give you two main benefits
  - the transformation of the called and calling number from and to CUCM will be easier
  -if have end point using H323 and communicating with other end using sip the vcs will do internetworking to this call and you will need license for each internetworked call plus the media path will go through the vcs not direct between end points for internetworking
  If you use sip make the end point name/sip usri as [email protected]  Calls from vcs to CUCM use search rules with trsformation so if end point dial 123456 only from vcs and the default call is sip vcs will send it to CUCM as 123456@sip domain.com you need to do transformation before sending it to CUCM and send it as 123456@cucmip. 
  This is just in brief and also using the expersss way you can have your sip domain registered over the Internet and configure dns srv record point sip ton the vcs public ip and Internet calls can come to your end point sip name directly no need to publish ip to others to dial you
  HTH
  If helpful rate

• Ask the Expert: Hierarchical Network Design, Includes Core, Distribution, and Access

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about hierarchical network design. 
  Recommending a network topology is required for meeting a customer's corporate network design  needs in their business and technical goals and often consists of many interrelated components. The hierarchical design made this easier like "divide and conquer" the job and develop the design in layers.
  Network design experts have developed the hierarchical network design model to help to develop a topology in discrete layers. Each layer can be focused on specific functions, to select the right systems and features for the layer.
  A typical hierarchical topology is
  A core layer of high-end routers and switches that are optimized for availability and performance.
  A distribution layer of routers and switches that implement policies.
  An access layer that connects users via lower-end switches and wireless access points.
  Ahmad Manzoor is a Senior Pre-Sales Engineer at AGCN, Pakistan. He has more than 10 years of experience in first-rate management, commercial and technical skills in the field of data communication and services lifecycle—from solution design through sales pitch, designing RFPs, architecture, and solution—all with the goal toward winning projects (creating win/win situations) of obsolete solutions.  Ahmad also has vast experience in designing end-to-end data centers, from building infrastructure design to data communication and network Infrastructure design. He has worked for several large companies in Pakistan and United Arab Emirates markets; for example, National Engineer, WATEEN Telecom, Emircom, Infotech, Global Solutions, NETS International, Al-Aberah, and AGCN, also known as Getronics, Pakistan.
  Remember to use the rating system to let Ahmad know if he has given you an adequate response. 
  Because of the volume expected during this event, Ahmad might not be able to answer every question. Remember that you can continue the conversation in the  Solutions and Architectures under the sub-community Data Center & Virtualization, shortly after the event. This event lasts through August 15, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Dear Leo,
  We are discussing the following without any product line, discussing the concept of hierarchical design, which will help you to take decision which model is better for you Two Layer or Three Layer hierarchical model.  
  Two-Layer Hierarchy
  In many networks, you need only two layers to fulfill all of the layer functions—core and aggregation
  Only one zone exists within the core, and many zones are in the aggregation layer. Examine each of the layer functions to see where it occurs in a two-layer design:
  Traffic forwarding—Ideally, all interzone traffic forwarding occurs in the core. Traffic flows from each zone within the aggregation layer up the hierarchy into the network core and then back down the hierarchy into other aggregation zones.
  Aggregation—Aggregation occurs along the core/aggregation layer border, allowing only interzone traffic to pass between the aggregation and core layers. This also provides an edge for traffic engineering services to be deployed along.
  Routing policy—Routing policy is deployed along the edge of the core and the aggregation layers, generally as routes are advertised from the aggregation layer into the core.
  User attachment—User devices and servers are attached to zones within the aggregation layer. This separation of end devices into the aggregation permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, it is best not to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the aggregation layer. You can also place traffic admittance controls at the aggregation points exiting from the aggregation layer into the core of the network, but this is not common.
  You can see, then, how dividing the network into layers enables you to make each layer specialized and to hide information between the layers. For instance, the traffic admittance policy implemented along the edge of the aggregation layer is entirely hidden from the network core.
  You also use the core/aggregation layer edge to hide information about the topology of routing zones from each other, through summarization. Each zone within the aggregation layer should have minimal routing information, possibly just how to make it to the network core through a default route, and no information about the topology of the network core. At the same time, the zones within the aggregation layer should summarize their reachability information into as few routing advertisements as possible at their edge with the core and hide their topology information from the network core.
  Three-Layer Hierarchy
  A three-layer hierarchy divides these same responsibilities through zones in three vertical network layers,
  Traffic Forwarding—As with a two-layer hierarchy, all interzone traffic within a three- layer hierarchy should flow up the hierarchy, through the layers, and back down the hierarchy.
  Aggregation—A three-layer hierarchy has two aggregation points:
  At the edge of the access layer going into the distribution layer
  At the edge of the distribution layer going into the core
  At the edge of the access layer, you aggregate traffic in two places: within each access zone and flowing into the distribution layer. In the same way, you aggregate interzone traffic at the distribution layer and traffic leaving the distribution layer toward the network core. The distribution layer and core are ideal places to deploy traffic engineering within a network.
  Routing policy—The routing policy is deployed within the distribution layer in a three- layer design and along the distribution/core edge. You can also deploy routing policies along the access/distribution edge, particularly route and topology summarization, to hide information from other zones that are attached to the same distribution layer zone.
  User attachment—User devices and servers are attached to zones within the access layer. This separation of end devices into the access layer permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, you do not want to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the access layer. You can also place traffic admittance controls at the aggregation points along the aggregation/core edge.
  As you can see, the concepts that are applied to two- and three-layer designs are similar, but you have more application points in a three-layer design.
  Now the confusion takes place in our minds where do we use Two Layer and where the Three layer hierarchical model.
  Now we are discussing that How Many Layers to Use in Network Design?
  Which network design is better: two layers or three layers? As with almost all things in network design, it all depends. Examine some of the following factors involved in deciding whether to build a two- or three-layer network:
  Network geography—Networks that cover a smaller geographic space, such as a single campus or a small number of interconnected campuses, tend to work well as two-layer designs. Networks spanning large geographic areas, such as a country, continent, or even the entire globe, often work better as three layer designs.
  Network topology depth—Networks with a compressed, or flattened, topology tend to work better as two-layer hierarchies. For instance, service provider networks cover large geographic areas, but reducing number of hops through the network is critical in providing the services they sell; therefore, they are often built on a two-layer design. Networks with substantial depth in their topologies, however, tend to work better as three-layer designs.
  Network topology design—Highly meshed networks, with many requirements for interzone traffic flows, tend to work better as two-layer designs. Simplifying the hierarchy to two levels tends to focus the design elements into meshier zones. Networks that focus traffic flows on well-placed distributed resources, or centralized resources, such as a network with a large number of remote sites connecting to a number of centralized Data Centers, tend to work better as three-layer designs.
  Policy implementation—If policies of a network tend to focus on traffic engineering, two-layer designs tend to work better. Networks that attempt to limit access to resources attached to the network and other types of policies tend to work better as three-layer designs.
  Again, however, these are simple rules of thumb. No definitive way exists to decide whether a network should have two or three layers. Likewise, you cannot point to a single factor and say, “Because of this, the network we are working on should have three layers instead of two.”
  I hope that this helps you to understand the purposes of Two Layer & Three layer Hierarchical Model.
  Best regards,
  Ahmad Manzoor

• Ask the Expert: Plan, Design, and Implement Mobile Remote Access, the Cisco Collaboration Edge Architecture

  Welcome to the Cisco® Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about planning, designing, and implementing mobile remote access (Cisco Collaboration Edge Architecture) with Cisco subject matter experts Aashish Jolly and Abhijit Anand.
  Cisco Collaboration Edge Architecture is an architecture that provides VPN-less access of Cisco Unified Communications resources to Cisco Jabber® users. This discussion is dedicated to addressing questions about design best practices while implementing mobile remote access.
  For more information, refer to the Unified Communications Mobile and Remote Access via Cisco VCS deployment guide. 
  Aashish Jolly is a network consulting engineer who is currently serving as the Cisco Unified Communications consultant for the ExxonMobil Global account. Earlier at Cisco, he was part of the Cisco Technical Assistance Center (TAC), where he helped Cisco partners with installation, configuring, and troubleshooting Cisco Unified Communications products such as Cisco Unified Communications Manager and Manager Express, Cisco Unity® solutions, Cisco Unified Border Element, voice gateways and gatekeepers, and more. He has been associated with Cisco Unified Communications for more than seven years. He holds a bachelor of technology degree as well as Cisco CCIE® Voice (#18500), CCNP® Voice, and CCNA® certifications and VMware VCP5 and Red Hat RHCE certifications.
  Abhijit Singh Anand is a network consulting engineer with the Cisco Advanced Services field delivery team in New Delhi. His current role involves designing, implementing, and optimizing large-scale collaboration solutions for enterprise and defense customers. He has also been an engineer at the Cisco TAC. Having worked on multiple technologies including wireless and LAN switching, he has been associated with Cisco Unified Communications technologies since 2006. He holds a master’s degree in computer applications and multiple certifications, including CCIE Voice (#19590), RHCE, and CWSP and CWNP.
  Remember to use the rating system to let Aashish and Abhijit know if you have received an adequate response. 
  Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation on the Cisco Support Community Collaboration, Voice and Video page, in the Jabber Clients subcommunity, shortly after the event. This event lasts through June 20, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hi Marcelo,
     Yes, there are some requirements for certificates in Expressway.
  Expressway Core (Exp-C)
  - Can be signed by either External or Internal CA
  - Better to use a cluster name even if you start with 1 peer in Exp-C cluster. In the future, if more peers are added, changes would be minimal.
  - Better to use FQDN of cluster as CN of certificate, this way the traversal zone configuration on Expressway-E won't require any change even if new peers are added to Exp-C cluster.
  - If CUCM is mixed mode, include security profile names (in FQDN format) as Subject Alternate Names
  - The Chat Node Aliases that are configured on the IM and Presence servers. They will be required only for Unified Communications XMPP federation deployments that intend to use both TLS and group chat. (Note that Unified Communications XMPP federation will be supported in a future Expressway release). The Expressway-C automatically includes the chat node aliases in the CSR, providing it has discovered a set of IM&P servers.
  - For TLS b/w CUCM, IM-P & Exp-C
    + If using self-signed certificates on CUCM, IM/P. Load Cisco Tomcat, cup, cup-xmpp certificates from IM-P on Exp-C. Load callmanager, Cisco Tomcat certificates from CUCM on Exp-C.
    + If using Internal CA signed certificates on CUCM, IM/P. Load Root CA certificates on Exp-C.
    + Load CA certificate under tomcat-trust, cup-trust, cup-xmpp-trust on IM-P.
    + Load CA certificate under tomcat-trust, callmanager-trust on CUCM.
  Expressway Edge (Exp-E)
  - Signed by External CA
  - Configured Unified Communications domain as Subject Alternate Name
  - If using a cluster, select FQDN of this peer as CN and FQDN of Cluster + this peer as Subject Alternate Name.
  - If XMPP federation is being deployed, enter the same Chat Node Aliases as entered in Exp-C.
  For more details, please refer to the Certificate Creation Guide for Cisco Expressway x8.1.1
  http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-1.pdf
  - Aashish

• Ask the Expert: Scaling Data Center Networks with Cisco FabricPath

  With Hatim Badr and Iqbal Syed
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about the Cisco FabricPath with Cisco technical support experts Hatim Badr and Iqbal Syed. Cisco FabricPath is a Cisco NX-OS Software innovation combining the plug-and-play simplicity of Ethernet with the reliability and scalability of Layer 3 routing. Cisco FabricPath uses many of the best characteristics of traditional Layer 2 and Layer 3 technologies, combining them into a new control-plane and data-plane implementation that combines the immediately operational "plug-and-play" deployment model of a bridged spanning-tree environment with the stability, re-convergence characteristics, and ability to use multiple parallel paths typical of a Layer 3 routed environment. The result is a scalable, flexible, and highly available Ethernet fabric suitable for even the most demanding data center environments. Using FabricPath, you can build highly scalable Layer 2 multipath networks without the Spanning Tree Protocol. Such networks are particularly suitable for large virtualization deployments, private clouds, and high-performance computing (HPC) environments.
  This event will focus on technical support questions related to the benefits of Cisco FabricPath over STP or VPC based architectures, design options with FabricPath, migration to FabricPath from STP/VPC based networks and FabricPath design and implementation best practices.
  Hatim Badr is a Solutions Architect for Cisco Advanced Services in Toronto, where he supports Cisco customers across Canada as a specialist in Data Center architecture, design, and optimization projects. He has more than 12 years of experience in the networking industry. He holds CCIE (#14847) in Routing & Switching, CCDP and Cisco Data Center certifications.
  Iqbal Syed is a Technical Marketing Engineer for the Cisco Nexus 7000 Series of switches. He is responsible for product road-mapping and marketing the Nexus 7000 line of products with a focus on L2 technologies such as VPC & Cisco FabricPath and also helps customers with DC design and training. He also focuses on SP customers worldwide and helps promote N7K business within different SP segments. Syed has been with Cisco for more than 10 years, which includes experience in Cisco Advanced Services and the Cisco Technical Assistance Center. His experience ranges from reactive technical support to proactive engineering, design, and optimization. He holds CCIE (#24192) in Routing & Switching, CCDP, Cisco Data Center, and TOGAF (v9) certifications.
  Remember to use the rating system to let Hatim and Iqbal know if you have received an adequate response.  
  They might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community Unified Computing discussion forum shortly after the event. This event lasts through Dec 7, 2012.. Visit this support forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hi Sarah,
  Thank you for your question.
  Spanning Tree Protocol is used to build a loop-free topology. Although Spanning Tree Protocol serves a critical function in these Layer 2 networks, it is also frequently the cause of a variety of problems, both operational and architectural.
  One important aspect of Spanning Tree Protocol behavior is its inability to use parallel forwarding paths. Spanning Tree Protocol forms a forwarding tree, rooted at a single device, along which all data-plane traffic must flow. The addition of parallel paths serves as a redundancy mechanism, but adding more than one such path has little benefit because Spanning Tree Protocol blocks any additional paths
  In addition, rooting the forwarding path at a single device results in suboptimal forwarding paths, as shown below, Although a direct connection may exist, it cannot be used because only one active forwarding path is allowed.
  Virtual PortChannel (vPC) technology partially mitigates the limitations of Spanning Tree Protocol. vPC allows a single Ethernet device to connect simultaneously to two discrete Cisco Nexus switches while treating these parallel connections as a single logical PortChannel interface. The result is active-active forwarding paths and the removal of Spanning Tree Protocol blocked links, delivering an effective way to use two parallel paths in the typical Layer 2 topologies used with Spanning Tree Protocol.
  vPC provides several benefits over a standard Spanning Tree Protocol such as elimination of blocker ports and both vPC switches can behave as active default gateway for first-hop redundancy protocols such as Hot Standby Router Protocol (HSRP): that is, traffic can be routed by either vPC peer switch.
  At the same time, however, many of the overall design constraints of a Spanning Tree Protocol network remain even when you deploy vPC such as
  1.     Although vPC provides active-active forwarding, only two active parallel paths are possible.
  2.     vPC offers no means by which VLANs can be extended, a critical limitation of traditional Spanning Tree Protocol designs.
  With Cisco FabricPath, you can create a flexible Ethernet fabric that eliminates many of the constraints of Spanning Tree Protocol. At the control plane, Cisco FabricPath uses a Shortest-Path First (SPF) routing protocol to determine reachability and selects the best path or paths to any given destination in the Cisco FabricPath domain. In addition, the Cisco FabricPath data plane introduces capabilities that help ensure that the network remains stable, and it provides scalable, hardware-based learning and forwarding capabilities not bound by software or CPU capacity.
  Benefits of deploying an Ethernet fabric based on Cisco FabricPath include:
  • Simplicity, reducing operating expenses
  – Cisco FabricPath is extremely simple to configure. In fact, the only necessary configuration consists of distinguishing the core ports, which link the switches, from the edge ports, where end devices are attached. There is no need to tune any parameter to get an optimal configuration, and switch addresses are assigned automatically.
  – A single control protocol is used for unicast forwarding, multicast forwarding, and VLAN pruning. The Cisco FabricPath solution requires less combined configuration than an equivalent Spanning Tree Protocol-based network, further reducing the overall management cost.
  – A device that does not support Cisco FabricPath can be attached redundantly to two separate Cisco FabricPath bridges with enhanced virtual PortChannel (vPC+) technology, providing an easy migration path. Just like vPC, vPC+ relies on PortChannel technology to provide multipathing and redundancy without resorting to Spanning Tree Protocol.
  Scalability based on proven technology
  – Cisco FabricPath uses a control protocol built on top of the powerful Intermediate System-to-Intermediate System (IS-IS) routing protocol, an industry standard that provides fast convergence and that has been proven to scale up to the largest service provider environments. Nevertheless, no specific knowledge of IS-IS is required in order to operate a Cisco FabricPath network.
  – Loop prevention and mitigation is available in the data plane, helping ensure safe forwarding that cannot be matched by any transparent bridging technology. The Cisco FabricPath frames include a time-to-live (TTL) field similar to the one used in IP, and a Reverse Path Forwarding (RPF) check is also applied.
  • Efficiency and high performance
  – Because equal-cost multipath (ECMP) can be used the data plane, the network can use all the links available between any two devices. The first-generation hardware supporting Cisco FabricPath can perform 16-way ECMP, which, when combined with 16-port 10-Gbps port channels, represents a potential bandwidth of 2.56 terabits per second (Tbps) between switches.
  – Frames are forwarded along the shortest path to their destination, reducing the latency of the exchanges between end stations compared to a spanning tree-based solution.
      – MAC addresses are learned selectively at the edge, allowing to scale the network beyond the limits of the MAC addr

• PoE auto switchover with Cisco 1252 Access Point.

  Dear All
  I have a network for Managed Wireless using Cisco. This is a new network for me.
  I am in problem with Cisco Access Point 1252. My AP's are connected to a PoE Switch. And Cisco AP's are also connected Powered with also Power Adapter with UPS backup.
  But problem is if I disconnect power source of AP Power Adapter , AP is not getting up with PoE. PoE is up only when POWER PLUG of AP ADAPTER is physically pulled out from Socket.
  Question is if it is possible to make automatic Failover by PoE when Power source of AP ADAPTER is down ?? I mean no need to PULL OUT  POWER PLUG of AP ADAPTER.
  Waiting for your rely.
  It is very urgent .
  Thanking You
  Subrun.

  Hi Suburn,
  1- yes it is possible to do failover without unlupping the cable of AC adapter. When power on ACS adapter is off, then the faiolver happens.
  2- with regards to POE, if your switch supporting enhanced POE?
  Powering the Aironet 1250 Series Access Point with Cisco Enhanced PoE
  Cisco  Enhanced PoE was designed for customers who want to install new  PoE-enabled technologies that require greater than 15.4W per port to  function at full capability, such as wireless technology based on the  IEEE 802.11n standard. Cisco Enhanced PoE provides the full power  requirements for dual-radio modules and eliminates the need to run an  additional cabling drop or insert a separate power injector. Support for  Enhanced PoE is currently available on a variety of Cisco Catalyst® switching platforms. For more information on Enhanced PoE, visit http://www.cisco.com/en/US/prod/switches/epoe.html.
  Serge

• How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

  Dear All,
  We are having an infrastructure setup of around 500 client computers managed through group policy.
  Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
  Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
  It would be great if you can assist me with the following query.
  How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
  Can we disable Network Tab on the left hand pane ?
  explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

  >   * explorer.exe is blocked already, but users are able to enter the
  >     Windows Explorer by clicking on the name which is visible on the
  >     Start Menu.
  You cannot block explorer.exe when you do not replace the shell - the
  desktop you see effectively IS explorer.exe...
  Your requirement sounds like you need a custom shell:
  http://gpsearch.azurewebsites.net/#2812
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Issue with cisco ONS 15310. Slot with Ethernet ports, designed for bridging.

  Hi, guys. I’ve got an issue with cisco ONS 15310 sdh optical network. I’ve got a special slot with Ethernet ports, designed for bridging. Assume, we’ve got to multiplexers, named A and B with ports A0 and B0 respectively. The ios console of these slots says, the configuration is as follows:
  no ip address set on these ports
  Ports are administratively up
  Auto mdix
  Bridge groups are the same on these ports.
  Dot1q tunnel.
  I’m trying to monitor a device with an ip-address connected to port B0. It answers ping if I connect the notebook directly to a device. But if I connect the notebook to port A0 and ping the device pluged in port B0 through the optical network, it doesn’t answer. I tried connections with straight and cross cable.
  Guys, who set the network said, it should work as a point to point bridge with no extra configuration. But it doesn’t. I used wireshark sniffer to lookup what’s happening on port A0. All I see is cdp-s from port A0 and self-announcements of the notebook.
  Any suggestions? Thank you in advance.

  B
  Building configuration...
  Current configuration : 3712 bytes
  ! Last configuration change at
  version 12.2
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname B
  boot-start-marker
  boot-end-marker
  enable password -
  clock timezone -
  ip subnet-zero
  no ip domain-lookup
  no mpls traffic-eng auto-bw timers frequency 0
  bridge 100 protocol ieee
  bridge 140 protocol ieee
  bridge 141 protocol ieee
  bridge 142 protocol ieee
  bridge 143 protocol ieee
  bridge 144 protocol ieee
  interface Loopback0
  ip address 192.x.0.x 255.255.255.255
  interface FastEthernet0
  description -
  no ip address
  mode dot1q-tunnel
  bridge-group 140
  bridge-group 140 spanning-disabled
  interface FastEthernet1
  description --- B0 ---
  no ip address
  mode dot1q-tunnel
  bridge-group 141
  bridge-group 141 spanning-disabled
  interface FastEthernet2
  description -
  no ip address
  mode dot1q-tunnel
  bridge-group 142
  bridge-group 142 spanning-disabled
  interface FastEthernet3
  description -
  no ip address
  mode dot1q-tunnel
  bridge-group 143
  bridge-group 143 spanning-disabled
  interface FastEthernet4
  description -
  no ip address
  mode dot1q-tunnel
  bridge-group 144
  bridge-group 144 spanning-disabled
  interface FastEthernet5
  no ip address
  shutdown
  interface FastEthernet6
  no ip address
  shutdown
  interface FastEthernet7
  description -
  no ip address
  shutdown
  mode dot1q-tunnel
  bridge-group 100
  bridge-group 100 spanning-disabled
  interface POS0
  description -
  no ip address
  crc 32
  interface POS0.1
  encapsulation dot1Q 141
  no snmp trap link-status
  bridge-group 141
  interface POS0.2
  encapsulation dot1Q 142
  no snmp trap link-status
  bridge-group 142
  interface POS0.3
  encapsulation dot1Q 143
  no snmp trap link-status
  bridge-group 143
  interface POS0.4
  encapsulation dot1Q 144
  no snmp trap link-status
  bridge-group 144
  interface POS0.5
  description -
  encapsulation dot1Q 140
  no snmp trap link-status
  bridge-group 140
  interface POS1
  no ip address
  crc 32
  interface POS1.1
  encapsulation dot1Q 100
  no snmp trap link-status
  bridge-group 100
  router ospf 100
  log-adjacency-changes
  network 192.x.0.x 0.0.0.0 area 0
  ip default-gateway [x.x.x.x]
  ip classless
  no ip http server
  snmp-server community public RO
  snmp-server ifindex persist
  snmp-server trap link ietf
  snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
  snmp-server enable traps tty
  snmp-server enable traps config
  snmp-server enable traps cpu threshold
  snmp-server enable traps entity
  snmp-server enable traps syslog
  snmp-server enable traps hsrp
  snmp-server enable traps config-copy
  snmp-server enable traps bridge
  snmp-server enable traps ospf state-change
  snmp-server enable traps ospf errors
  snmp-server enable traps ospf retransmit
  snmp-server enable traps ospf lsa
  snmp-server enable traps ospf cisco-specific state-change
  snmp-server enable traps ospf cisco-specific errors
  snmp-server enable traps ospf cisco-specific retransmit
  snmp-server enable traps ospf cisco-specific lsa
  snmp-server enable traps bgp
  snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
  snmp-server enable traps ipmulticast
  snmp-server enable traps rtr
  snmp-server enable traps mpls traffic-eng
  snmp-server enable traps mpls ldp
  snmp-server enable traps rsvp
  snmp-server enable traps l2tun session
  snmp-server enable traps mpls vpn
  snmp-server host x.x.x.x public
  control-plane
  line con 0
  line vty 0 4
  password -
  logging synchronous level 4
  login
  end

• Mac suddenly stopped communicating with LAN devices, but internet access still OK.

  My iMac has suddenly stopped communicating with my wireless printer and my blu-ray player (DLNA).  Both have worked well for the past 3-4 weeks since I set up a new wireless router (Cisco EA4500). 
  Troubleshooting so far:
  Printer Function: My wife's MacAir and my iPhone both print wirelessly to the printer. [OK]
  2nd Printer connected to Mac via USB. [OK]
  Blu-Ray Player Function: System is able to reach the internet (YouTube) via the wireless router. [OK]
  Mac Function:
  Internet access. [OK]
  PRAM and SMC resets: [nothing]
  Restarted "Playback" media server software for blu-ray (DLNA) server. [nothing]
  Printer Setup: I have deleted and re-added the wireless printer and reset printer system. Mac will "see" the printer on the network, but cannot communicate with it.  [nothing]
  Attempts to use Epson Utility: Connection Error
  Router Function:
  Checked Firmware.  Most recent version prior to the "Cisco Cloud" fiasco - my router did not auto-upgrade and was not involved in the most recent firmware upgrade.
  I just cannot get the Mac to see any other hardware on the local wifi network, but the mac has no problem connecting to the internet.
  Any ideas?
  Travis

  Happened to me.Drove me crazy. Turns out, iMac can fix itself.
  Go to system preferences then network and select the connection (wireless or ethernet) that you want to use.At the bottom of the box you'll find "Assist me". click that and follow the prompts. it will likely telly you that your settings are screwed up (surprise) and ask if you want to fix them or let DHCP do it. Just let DHCP do it.

• Anyone using Cisco Clean Access with Juniper SSL VPN?

  We're testing Cisco Clean Access with Juniper SSL VPN, and are running into a problem with single sign on. The Juniper box is sending the user's source IP as the framed-ip-address, and not the Network Connect assigned IP, which is why we need to get SSO to work. Has anyone done this, and what did you do to get it working? Thanks.

  Hi,
  I've no experience with this app but it does list
  Juniper as a sujpported client:
  http://www.equinux.com/us/products/vpntracker/interoperability.html

• Cisco Prime Infrastructure 1.2 with Cisco Prime Network Control System Hardware Appliance

  Hi Team,
  I have  following BOM
  Cisco Prime Infrastructure
  R-PI-1.2-K9
  Cisco Prime Infrastructure 1.2
  1
  R-PI-1.1-500-K9
  Prime Infrastructure 1.2 Software - 500 Device Base Lic
  1
  L-PILMS42-500
  Prime Infrastructure LMS 4.2 - 500 Device Base Lic
  1
  L-PINCS12-500
  Prime Infrastructure NCS 1.2 - 500 Device Base Lic
  1
  PRIME-NCS-APL-K9
  Cisco Prime Network Control System Hardware Appliance
  1
  PI-APL-IMAGE-1.2
  Cisco Prime Infrastructure 1.2 Appliance Software
  1
  Pls let me know if we have both NCS and LMS preinstalled with Cisco Prime Infrastructure 1.2 Appliance Software orwe need seperate appliance or server for LMS 4.2. 
  Regards

  Hi Scott,
  Thanks for the response but I got to know that LMS and NCS are combined in single ISO image from PI 1.2 and can be installed on the same physical NCS appliance.
  Can you pls check this.
  Regards

• Can not access FWSM via session command in cisco 6513 (VSS enabled)

  Dear All,
                Today i received FWSM from cisco (RMA), I need to configure it as standby unit for existing FWSM active/standby setup.
  IOS on RMAed FWSM is 2.3.4 and  cisco VSS supports FWSM IOS 4.0.4 and later.
  My issue is, I cannot access FWSM (IOS 2.3.4) via session command from cisco 6513 but could successfully consoled it without any problem. I have reloaded it twice and also tried to disable and enable power on it.
  VSS#sh module switch 2
  Switch Number:     2   Role:  Virtual Switch Standby
  Mod Ports Card Type                              Model              Serial No.
     2    6  Firewall Module                        WS-SVC-FWM-1  -----------
  Mod MAC addresses                       Hw    Fw           Sw           Status
    2  0034.2fd7.3b04 to 0019.2fa7.3b0b   4.2   7.2(1)       2.3(4)       Ok
  Mod  Online Diag Status
    2  Pass
  VSS#session switch 2 slot 2 pro 1
  The default escape character is Ctrl-^, then x.
  You can also type 'exit' at the remote prompt to end the session
  Trying 127.0.1.21 ...
  % Connection timed out; remote host not responding
  Can someone please let me know why I cannot access FWSM through session command ?
  Whether this is because of older IOS ? If yes then how to upgrade its IOS ?
  Is it possible to upgrade IOS via FWSM console ? if yes, please let me know.
  Do i need to test on different slot ?
  Look forward to hearing from someone.
  Thanks & Regards
  Ahmed...

  There is a limitation that FWSM running version older than 4.0.4 will not accept session from the switch if the FWSM is not seated into switch 1 AND if switch 1 is not active.
  So to upgrade the FWSM you either need to use the console or put the FWSM physically in switch 1.
  Thanks,
  Jeroen