Lan setup question....
ok, this is driving me nuts, i have been scouring these forums for a few days, and cannot find any help specifically related to my problem.
heres the deal. I use a PC as my gateway/firewall. i don't trust these router units hehe
so i have
internet--> firewall PC/ICS server/dhcp server --> ezxs55w switch(3 pcs connected FINE)
i recently got a wireless router (model befw11s4) and want to hang it off the switch as a wireless access point. i found several good posts about router to router connections, and a few on router and switch, but most were from router to switch, not the other way.
one post said to disable dhcp, set as router, and it makes the router into a wireless switch, but this doesn't seem to work.
could someone please advise on how to make this work?
the setup i want is such
inet->ics/firewall PC->(uplink)switch->pc's/wireless router
this all connects fine, the 3 pcs on the switch get net just fine, but the router is not getting its ip fomr the ics server, and will not pass on wireless connections for extra pcs...
any thoughts?
i think the problem is in the setup of the ips, i have the device ip set to 192.168.0.* (ms ICS used the 192.168.0.* range, so i set it to be on this lan) but nothing passes on..
i am missing something, and cannot figure it out...
thanks cryogen
update.... well..it's working now. i set the internet ip to 192.168.0.25, device ip to ...192.168.0.50 mode router, dhcp disabled, wireless bcast on.. my linux box with wireless usb picks it up fine...but it seemed to take a few mins hehe unfortunately i did all this at once, and something made it work, i'm not sure which...ideas? if anyone sees any glaring problems with this setup plz advise... thanks cryogen
Similar Messages
-
Just got a new MBP 17incher, and I love it!
I simply want to be able to network my MBP when home via LAN to my PC desktop to access the 3 terabytes it contains of music and movies.
I went to the network properties on the MBP and set it to ethernet and manual so I could assign the IP 192.168.1.20.
Upon connecting the cable I lost my wireless connection... is there a way to keep my wireless connection but setup a smb share or something that would specifically use the gigabit port to access with windows machine as it is WAY faster using LAN.?? (crossover cable or direct connection is best)
please be possible other wise i'm gonna have to start punching holes in the wall to run cable down stairs to the router.The following may help:
http://www.macdevcenter.com/pub/a/mac/2002/11/19/mac_pc.html
http://forums.macrumors.com/showthread.php?t=54704
http://joelshoemaker.com/computer/mac/macfilesharing.html
http://www.apple.com/support/tiger/network/
http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1161.html
http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1163.html
http://docs.info.apple.com/article.html?artnum=107369
http://docs.info.apple.com/article.html?artnum=106461
Why reward points?(Quoted from Discussions Terms of Use.)
The reward system helps to increase community participation. When a community member gives you (or another member) a reward for providing helpful advice or a solution to their question, your accumulated points will increase your status level within the community.
Members may reward you with 5 points if they deem that your reply is helpful and 10 points if you post a solution to their issue. Likewise, when you mark a reply as Helpful or Solved in your own created topic, you will be awarding the respondent with the same point values. -
PIX515E and simple LAN setup question
Hello all,
I am trying to setup an Cisco PIX 515E.
Outside interface is connected to internet.
Inside interface is connected to inside private LAN.
I am able to use http traffic from inside LAN. However, I have problem with DNS and Ping.
I can not ping inside FW interface from LAN clients (this is also GW for LAN clients), because LAN address is NATed to outside interface address. ( I see this with debug icmp trace)
I can not ping outside addresses from LAN clients. When debugging icmp at FW, I can see ping request is received back to FW, but not from FW to client.
DNS is not working. DNS server is public IP address. It seems DNS querys is not passed through FW.
Basicly, I want to access internet through PIX FW. Can anyone give me some tips what to do here?Its not the outside interface I want to ping, Its outside hosts on the internet I want to ping through outside interface.
Here is my current config:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security4
enable password encrypted
passwd encrypted
hostname fw
domain-name something.no
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group service Internet tcp
description Standard Internet trafikk
port-object eq www
port-object eq https
access-list inside_access_in remark Traffic out
access-list inside_access_in remark
access-list inside_access_in permit icmp 172.16.1.0 255.255.255.0 any
access-list inside_access_in remark icmp
access-list inside_access_in permit tcp any any
access-list inside_access_in remark Trafic out
pager lines 24
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
ip address outside 194.xx.xx.34 255.255.255.248
ip address inside 172.16.1.1 255.255.255.0
ip address DMZ 194.xx.xx.41 255.255.255.248
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 200 interface
global (inside) 200 interface
nat (inside) 200 172.16.1.0 255.255.255.0 0 0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 194.xx.xx.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 172.16.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 172.16.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 172.16.1.200-172.16.1.210 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80 -
LoginModule with JAAS, setup question for Frank Nimphius
Hi Frank,
i am trying to use a custom LoginModule in conjuction with the setup procedure in your "J2EE Security in Oracle ADF Web Applications" white paper. Have you done this before? can you provide roadmap for additional/alternate setup steps needed to use a LoginModule?
this is my original post from early this week:
JAAS Setup question
thanks,
brendenBrenden,
please refer to the OC4J security documentation which si a part of the Oracle Application Server documentation that can be looked up online here on OTN. Custom LoginModule configurations require OC4J 9.0.4. In addition, this feature also only works with the jazn-data.xml provider and not with OID.
From the perspective of this whitepaper, the LoginModule will be used by the OC4J container to authenticate users and thus should not require any change in teh paper.
I haven't yet had the time created an example and document that showcases how to do this. Hopefully christmas will give me some rest to look into this.
Frank -
DMVPN w/ Multicasting setup/questions
Hello
I have a lot of questions, so bare with me as i puke them out of my head.
I have been doing some testing with DMVPN inconjuction with multicasting video (Hub and spoke, w/ no spoke to spoke). The test setup is using 2 cisco 2811 w/out the vpn module. I understand the performance hit with not having the module. With that being said here are my questions.
1. With encryption on both the HUB and spoke routers are using 90-97% cpu (8Mb multicast stream). With encryption off, the Hub is around 60%, and spoke around 75%. Here is where i'm confused. If i send that same stream as a unicast stream, w/ encryption on, both the Hub and spoke are only using around 30-35% cpu. Why is there so much more cpu need when its a multicast stream?
2. In the current config i'm seeing input, throttles, and ignore errors on the Hub and spoke. The Hub has these errors on the LAN interface, and the spoke has these errors on the WAN interface. All other interfaces are totally clean. I have checked and there are no duplex or speed mismatches. Any ideas?
HUB:
Current configuration : 1837 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Hub
boot-start-marker
boot-end-marker
logging message-counter syslog
enable password
no aaa new-model
clock timezone Central -6
dot11 syslog
ip source-route
ip cef
no ip domain lookup
ip name-server 8.8.8.8
ip multicast-routing
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
archive
log config
hidekeys
interface Tunnel1
bandwidth 100000
ip address 192.168.11.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
ip pim sparse-mode
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 450
no ip route-cache cef
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel bandwidth transmit 100000
tunnel bandwidth receive 100000
interface FastEthernet0/0 (WAN)
ip address 216.x.x.x 255.255.255.192
ip pim sparse-mode
load-interval 30
duplex auto
speed auto
interface FastEthernet0/1 (LAN)
ip address 128.112.64.5 255.255.248.0
ip pim sparse-mode
load-interval 30
duplex auto
speed auto
router eigrp 1
network 128.112.0.0
network 192.168.11.0
auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 216.x.x.x
ip http server
ip http authentication local
ip http secure-server
ip pim rp-address 128.112.64.5 10
access-list 10 permit 239.10.0.0 0.0.255.255
snmp-server community public RO
Spoke:
Current configuration : 1857 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Spoke
boot-start-marker
boot-end-marker
logging message-counter syslog
enable password
no aaa new-model
clock timezone central -6
dot11 syslog
ip source-route
ip cef
no ip domain lookup
ip multicast-routing
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
archive
log config
hidekeys
interface Tunnel1
bandwidth 100000
ip address 192.168.11.2 255.255.255.0
no ip redirects
ip mtu 1400
ip pim sparse-mode
ip nhrp map 192.168.11.1 216.x.x.x
ip nhrp map multicast 216.x.x.x
ip nhrp network-id 1
ip nhrp holdtime 450
ip nhrp nhs 192.168.11.1
no ip route-cache cef
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
delay 1000
tunnel source FastEthernet0/0
tunnel destination 216.x.x.x
tunnel key 100000
tunnel bandwidth transmit 100000
tunnel bandwidth receive 100000
interface FastEthernet0/0 (WAN)
ip address 65.x.x.x 255.255.255.192
ip pim sparse-mode
load-interval 30
duplex auto
speed auto
interface FastEthernet0/1 (LAN)
ip address 128.124.64.1 255.255.248.0
ip pim sparse-mode
ip igmp join-group 239.10.10.10
load-interval 30
duplex auto
speed auto
router eigrp 1
network 128.124.0.0
network 192.168.11.0
auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 65.x.x.x
no ip http server
no ip http secure-server
ip pim rp-address 128.112.64.5 10
access-list 10 permit 239.10.0.0 0.0.255.255
snmp-server community public ROJoe,
You ask the right question.
CPU ultization = CPU consumed by processes + IO operations (in a huge simplification - CEF)
Typically when a packet is processed by router we expect it to be be processed by CEF, i.e. very fast.
Packet is not processed by CEF:
- when there is something missing to route the packet properly (think missing ARP/CAM entry) i.e. additional lookup needs to be done.
- a feature requests that a packet is for processing/mangling
- Packet is destined to the router
(And several other, but those are the major ones).
When a packet is recived, but cannot be processed by CEF, we "punt the packet to CPU" this in turn will cause the CPU for processes to go up.
Now on the spoke this seems to be the problem:
Spoke#show ip cef switching stati Reason Drop Punt Punt2HostRP LES Packet destined for us 0 1723 0RP LES Encapsulation resource 0 1068275 0
There were also some failures on one of the buffer outputs you've attached.
Typically at this stage I would suggest:
1) "Upgrade" the device to 15.0(1)M6 or 12.4(15)T (latest image in this branch) and check if the problem persists there.
2) If it does, swing it by TAC. I don't see any obvious mistakes, but I'm just a guy in a chair same as you ;-)
Marcin -
Hi to all,
My home setup is as follows:
DSL Modem <-> Router with 4-Port Switch <-> Mac / OS X 10.4.3
Everything works perfectly, yet in monitoring my network traffic I see regular queries for the LAN-DHCP-assigned private address of the Mac (i.e. 192.168.x.x) being sent to the external DNS server of my ISP with the standard query response: "No such name".
I would imagine that it's possible and rather desirable to have these private address space queries resolved without resorting to the external DNS server. The only question is how?
I would greatly appreciate a pointer in the right direction.Hi Tim,
Many thanks for your post.
Having searched far and wide on this, I've been surprised to find so little information that exactly fits the question:
i.e.
Why are queries for my private (non-routable) LAN address being sent to the external DNS servers?
Of course there's no shortage of material surrounding the issue, but I've managed to narrow it down to two possible solutions.
The first and simplest is, as you've described, adding relevant entries to the /etc/hosts file.
The alternative, though, involves adding a directory "/locations/lookupd/" to the NetInfo database and there adding the necessary entries for hosts. Also, the default LookupOrder of lookupd would need to be adjusted.... all much too hairy for my liking.
Anyhow, thanks again for responding and confirming the solution.
Cheers
-Andre
iMac G4 Mac OS X (10.4.3) -
New UCS and VMware setup Questions
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
We are currently in the process of migrating out vmware infrastructure from HP to UCS. We are utilizing the Virtual Connect Adapters for the project. With the migration we also plan on implementing the cisco nexus v1000 in our environment. I have demo equipment setup and have had a chance to install a test environment, but still have a few design questions.
When implementing the new setup, what is a good base setup for the virtual connect adapters with the v1000? How many Nics should I dedicate? Right now I run 6 nics per server (2 console, 2 Virtual Machines, and 2 Vmotion). Is this a setup I should continue with going forward? The only other thing I am looking to implement is another set of nics for nfs access. In a previous setup at a different job, we had 10 nics per server (2 console, 4 virtual machines, 2 vmotion and 2 iSCSI). Is there any kind of standard for this setup?
The reason I am asking is I want to get the most out of my vmware environment as we will be looking to migrate Tier 1 app servers once we get everything up and running.
Thanks for the help!Tim,
Migrating from HP Virtual Connect (VC) -> UCS might change your network design slightly, for the better of course . Not sure if you're using 1G or 10G VC modules but I'll respond as if you've using 10G modules because this is what UCS will provide. VC modules provide a 10G interface that you can logically chop up into a max of 4 host vNIC interfaces totaling 10G. Though it's handy to divide a single 10G interfaces into virtual NICs for Service Console, VMotion, iSCSI etc, this creates the opportunity for wasted bandwidth. The logical NICs VC creates provides a max limit of bandwidth to the adapter. For example if create a 2GB interface for your host to use for vMotion, then 2G of your 10G pipe is wastes when there's no vMotions taking place!
UCS & 1000v offer a different solution in terms of bandwidth utilization by means of QoS. We feel it's more appropriate to specifiy a "minimum" bandwidth guarantee rather than a hard upper limit - leading to wasted pipe. Depending on which UCS blade and mezz card option you have, the # of adapters you can present to the Host varies. B200 blades can support one mezz card (with 2 x 10G interfaces) while the B250 and B440 are full width blades and support 2 Mezz cards. In terms of Mezz cards now, there's the Intel/Emulex/Qlogic/Broamcom/Cisco VIC options. In my opinion the M81KR (VIC) is best suited for virtualized environments as you can present up to 56 virtual interfaces to the host, each having various levels of QoS applied. When you roll the 1000v into the mix you have a lethal combination of adding some of the new QoS features that automatically match traffic types such as Service Console, iSCSI, VMotion etc. See this thread for a list/explanation of new features coming in the next verison of 1000v due out in a couple weeks https://www.myciscocommunity.com/message/61580#61580
Before you think about design too much, tell us what blades & adapters you're using and we can offer some suggestions for setting them up in the best configuration for your virtual infrastructure.
Regards,
Robert
BTW - Here's a couple Best Practice Guides with UCS & 1000v that you might find useful. -
New Mac Pro setup questions..
Hi,
Just pulled the trigger on a Mac Pro 3gh, 4gb, ATI 1900. I am going to that from a dual 1.42 quicksilver and had some questions.
It seems migration assistant may not be the best way to go. Is this true, should I reinstall everything? Is it possible to drag and drop apps to the new machine?
Is it possible to get mail info from another machine to the new one? I have an iMac at home that I have been using Mail with and would like all the email addresses on the new machine at work. My old setup, I was still using Enterouge (sp) and would like to use Mail like at home.
I have the stock 250gb drive and I need to figure out different drive scenarios. I recently bought two external 500gb drives before even thinking about a new system. I am a commercial photographer and one drive is a backup that lives offsite from my studio for protection. Should I mirror with an external?
Thanks for any help!
HDThis FAQ may be helpful:
A Basic Guide for Migrating to Intel-Macs
If you are migrating a PowerPC system (G3, G4, or G5) to an Intel-Mac be careful what you migrate. Keep in mind that some items that may get transferred will not work on Intel machines and may end up causing your computer's operating system to malfunction.
Rosetta supports "software that runs on the PowerPC G3 or G4 processor that are built for Mac OS X". This excludes the items that are not universal binaries or simply will not work in Rosetta:
Classic Environment, and subsequently any Mac OS 9 or earlier applications
Screensavers written for the PowerPC
System Preference add-ons
All Unsanity Haxies
Browser and other plug-ins
Contextual Menu Items
Applications which specifically require the PowerPC G5
Kernel extensions
Java applications with JNI (PowerPC) libraries
See also What Can Be Translated by Rosetta.
In addition to the above you could also have problems with migrated cache files and/or cache files containing code that is incompatible.
If you migrate a user folder that contains any of these items, you may find that your Intel-Mac is malfunctioning. It would be wise to take care when migrating your systems from a PowerPC platform to an Intel-Mac platform to assure that you do not migrate these incompatible items.
If you have problems with applications not working, then completely uninstall said application and reinstall it from scratch. Take great care with Java applications and Java-based Peer-to-Peer applications. Many Java apps will not work on Intel-Macs as they are currently compiled. As of this time Limewire, Cabos, and Acquisition are available as universal binaries. Do not install browser plug-ins such as Flash or Shockwave from downloaded installers unless they are universal binaries. The version of OS X installed on your Intel-Mac comes with special compatible versions of Flash and Shockwave plug-ins for use with your browser.
The same problem will exist for any hardware drivers such as mouse software unless the drivers have been compiled as universal binaries. For third-party mice the current choices are USB Overdrive or SteerMouse. Contact the developer or manufacturer of your third-party mouse software to find out when a universal binary version will be available.
Also be careful with some backup utilities and third-party disk repair utilities. Disk Warrior (does not work), TechTool Pro (pre-4.5.1 versions do not work), SuperDuper (newest release works), and Drive Genius (untested) may not work properly on Intel-Macs. The same caution may apply to the many "maintenance" utilities that have not yet been converted to universal binaries.
Before migrating or installing software on your Intel-Mac check MacFixit's Rosetta Compatibility Index.
Additional links that will be helpful to new Intel-Mac users:
Intel In Macs
Apple Guide to Universal Applications
MacInTouch List of Compatible Universal Binaries
MacInTouch List of Rosetta Compatible Applications
MacUpdate List of Intel-Compatible Software
Written by Kappy with additional contributions from a brody.
Here is a list of where your important data is stored ("~" stands for "Home"):
Your Data in Documents:
~/Library/Application Support/AddressBook (copy the whole folder)
~/Library/Application Support/iCal (copy the whole folder)
Also in ~ / Library/ Application Support (copy whatever else you need)
~/Library/Keychains (copy the whole folder)
~/Library/Mail (copy the whole folder)
~/Library/Preferences/com.apple.mail.plist (This is a very important file which contains all email account settings and general mail preferences.)
~ / Library/iTunes (copy the whole folder)
~ / Library/Safari (copy the whole folder)
~/ Pictures/iPhoto Library
If you want cookies:
~/Library/Cookies/Cookies.plist
~/Library/Application Support/WebFoundation/HTTPCookies.plist
For Entourage users:
Entourage is in Documents/Microsoft User Data
Also in ~ /Library/ Preferences/Microsoft
Why reward points?(Quoted from Discussions Terms of Use.)
The reward system helps to increase community participation. When a community member gives you (or another member) a reward for providing helpful advice or a solution to their question, your accumulated points will increase your status level within the community.
Members may reward you with 5 points if they deem that your reply is helpful and 10 points if you post a solution to their issue. Likewise, when you mark a reply as Helpful or Solved in your own created topic, you will be awarding the respondent with the same point values. -
New W530 setup questions...
Just received my W530 in the mail and I've been trying to get up to speed on all the new technology out there and how to properly setup my computer... I've tried various searches but haven't got a clear answer I don't think - here goes:
W530 8gb RAM (2x4), K2000, 500 gb HDD with raid option, x64 win 7, hi res screen
I already bought a Samsung EVO SSD 250GB for the main drive which I will pickup from my US mailbox on Monday.
The reason I bought the computer is because my 4 year old Acer just couldn't handle the intensity of PlanSwift and On-Centre digital estimating programs for construction. In addition I dabble with Chief Architect Premiere for 3D house design and the Adobe Suite to do graphics stuff for the company, etc., etc. I will likely take some CAD related courses at school as well in the future.
My plan was to install OS and programs on the new SSD in the main bay and keep current project files on there. All misc pictures, videos and company files and other things on the HDD which would be in the UltraBay. I currently use about 180 GB and have another 250GB stored on an old laptop which I'd like to transfer over so everything is on one laptop. That one will be for internet searches in the garage for dirtbike repairs
Questions:
1. Is it worth getting a 128 GB mSata drive for the OS (under $100 for Crucial)? Then have all program files on SSD in main bay and misc files on HDD in ultrabay? do I need an adapter for the ultrabay or is it already able to accept the HDD in the ultrabay? I haven't popped out the ultrabay yet to see...
2. I hear of using the mSata drive for Caching? Is 128 GB enough for OS and caching? When is the caching helpful? Should I use the mSata just for caching?
3. Do I setup the computer with the OS on the HDD in the main bay and then clone/image it to the mSata drive oro SSD drive? Or do I start with the SSD in the main bay? I'm really confused on this part...
4. If necessary I will upgrade the RAM later - I think this is a straightforward upgrade as long as the voltages with the original RAM are the same - is this correct?
5. I currently use a Sony KDL 40XBR8 TV as a second monitor at work - what connection should I be using to get the best display settings? I currently use an HDMI with my Acer for no particular reason. I also have an Acer 23" at home which will be replaced with another Sony or Samsung TV when we move into our new house...
sorry for the noob questions... I am typically really good at finding answers to my questions but i really didn't find any clear answers or they were so technical I didn't realize it was the answer to my question ;-)
Can someone give me a practical approach to setting up my computer so I can start off right... thanks!!
Daniel
Thanks in advance
Daniel
ps can't wait to light this thing up with the SSD! It should rip pretty good...
| W530 | i7-3630QM | 16GB DDR3 | 128GB mSATA | 250GB 840 EVO | 500GB HDD | 1920x1080 | QUADRO K2000M |Hi Daniel. When I bought my w530 I immediately installed a 256gb SSD. And now, over a year later I'm looking at getting a 256gb mSata for the boot drive.
1. The mSata port may only be Sata II but I figure it's not likely that I'll notice the difference. High transfer rates are really only realized with large files and the OS is usually a large collection of very small files. But that's just an opinion and your experience may vary.
For an ultrabay adapter, check out newmodeus. Quite a few forum posts mention success with this adapter versus the cheap ones from eBay. I haven't bought one yet myself, but this is what I will get when the time comes. (they also sell an adapter to convert your optical drive into an external USB optical drive.)
http://www.newmodeus.com/shop/index.php?main_page=product_info&cPath=2_7&products_id=400
Also, search the forum and be aware that there are many who report problems of the w530 kicking out the ultrabay drive, but it seems better with the newmodeus adapter (as I recall; it was quite a while back when I read about it). I haven't looked at what ncix carries for adapters but would be interested to know if you find something that works.
And the drives shipped with the w530 come in different heights, and if it doesn't match the height of your SSD you will need rubber rails. I still haven't ordered mine and I'm letting my drive sit in the overheight internal bay without proper support. I just carry it very carefully. I'm not sure of the best place to get rails, direct from Lenovo or elsewhere. Last time I checked with Newmodeus they didn't sell just rails, but that may have changed (it was quite a while ago that I checked).
2. Caching only helps if your OS boot partition is on a traditional harddrive. With an SSD you won't utilize the caching as it won't be any faster (and may be slower).
3. I would try installing direct to the mSata/SSD instead of cloning. For a new system it's probably just as easy and less prone to issues. Windows will take care of alignment, etc., and turning off features unnecessary for SSD (superfetch/prefetch/and all that).
I also don't believe it necessary to install Win7 fresh. It depends on your view. I didn't want the hassle of tracking down a legit copy of Win7 install that I would trust, not to mention the hassle of installing it. Instead, I made the restore DVD(s) using the Lenovo tools whlie the original harddrive was installed, then switched the drive with the new SDD and restored from the DVDs. Then I went through and uninstalled any Lenovo software I didn't think was useful. It's been working nicely ever since and I don't regret not starting with a fresh install. Your experience may vary, though.
4. Upgrading ram is very easy. I'm not sure about specs, but if you don't match voltage and speed the system will downgrade both to the lowest common available. You should be able to find many discussions about matching RAM voltage on the 'net. You also would have to wait until your system arrives anyways because you don't know the specs of the RAM in advance (since Lenovo uses different suppliers).
I'm not sure how much RAM you'd need for CAD software. I upgraded mine to 32gb because I didn't want to find myself wishing I had more (for software development). I think I only ever hit as high as 20gb used, and am usually around the 6-12gb mark (depends on how many VMs I have going).
5. Sorry, I can't answer your video question. I use the docking station with two monitors via DVI. I haven't tried HDMI.
Before you sell off the extra parts, make sure you don't need them for warranty coverage. Warranty will only cover the system with original parts, so if you have to send in your system you would remove all custom parts and reinstall the originals. I'm not sure about onsite service, if you have to revert your system or not to original specs.
All comments I made above were in respect of Win7 Pro. I have no idea if anything changes under Win8/8.1.
Good luck! I hope you enjoy your w530 as much as I do mine.
w530 i7-3820QM / 32GB Corsair Vengeance 1600 RAM / 256GB Plextor M3P SSD / Quadro K1000M -
Newb setup question re: 500 cannot compile error
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: Unable to compile class for JSP
An error occurred at line: -1 in the jsp file: null
Generated servlet error:
[javac] Compiling 1 source file
This is on the default index.jsp page that installs with Apache Tomcat/4.1.18... at http://localhost:8080/index.jsp which maps to C:\Program Files\Apache Group\Tomcat 4.1\webapps\ROOT\index.jsp
by now I have way too many java sdks installed...
C:\Program Files\Java\j2re1.4.1_01
C:\Program Files\Java\j2re1.4.0_03
C:\j2sdk1.4.0_03
C:\j2sdkee1.4
The first one I tried got me the same error I am getting now.. and since I have tried different versions changing JAVA_HOME
Right now..
JAVA_HOME = C:\j2sdkee1.4
CATALINA_HOME = C:\Program Files\Apache Group\Tomcat 4.1
I have no idea what's going on here not having much experience in settting up web servers or java SDKs. But in order to learn the stuff I have planned to I need teh following to get up and running on Win2K.. any help is greatly appreciated.
Java JDK 1.4.
Tomcat servlet\JSP engine 4.0.1.
MySQL database 3.23.46
If I stick a standard html page in the tomcat root it will show just fine.. so I suspect the whole Java thing is buggin for some reason.
Here's the full text of the returned error followed by the text of the index.jsp file
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: Unable to compile class for JSP
An error occurred at line: -1 in the jsp file: null
Generated servlet error:
[javac] Compiling 1 source file
at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:130)
at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:293)
at org.apache.jasper.compiler.Compiler.generateClass(Compiler.java:340)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:352)
at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:474)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:184)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:432)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:386)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:534)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:530)
at java.lang.Thread.run(Unknown Source)
Apache Tomcat/4.1.18
<!doctype html public "-//w3c//dtd html 4.0 transitional//en" "http://www.w3.org/TR/REC-html40/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title><%= application.getServerInfo() %></title>
<style type="text/css">
<!--
body {
color: #000000;
background-color: #FFFFFF;
font-family: Arial, "Times New Roman", Times;
font-size: 16px;
A:link {
color: blue
A:visited {
color: blue
td {
color: #000000;
font-family: Arial, "Times New Roman", Times;
font-size: 16px;
.code {
color: #000000;
font-family: "Courier New", Courier;
font-size: 16px;
-->
</style>
</head>
<body>
<!-- Header -->
<table width="100%">
<tr>
<td align="left" width="130"><img src="tomcat.gif" height="92" width="130" border="0" alt="The Mighty Tomcat - MEOW!"></td>
<td align="left" valign="top">
<table>
<tr><td align="left" valign="top"><b><%= application.getServerInfo() %></b></td></tr>
</table>
</td>
<td align="right"><img src="jakarta-banner.gif" height="48" width="505" border="0" alt="The Jakarta Project"></td>
</tr>
</table>
<br>
<table>
<tr>
<!-- Table of Contents -->
<td valign="top">
<table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolor="#000000">
<tr>
<td bgcolor="#D2A41C" bordercolor="#000000" align="left" nowrap>
<font face="Verdana" size="+1"><i>Administration</i> </font>
</td>
</tr>
<tr>
<td bgcolor="#FFDC75" bordercolor="#000000" nowrap>
Tomcat Administration<br>
Tomcat Manager<br>
</td>
</tr>
</table>
<br>
<table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolor="#000000">
<tr>
<td bgcolor="#D2A41C" bordercolor="#000000" align="left" nowrap>
<font face="Verdana" size="+1"><i>Documentation</i> </font>
</td>
</tr>
<tr>
<td bgcolor="#FFDC75" bordercolor="#000000" nowrap>
Tomcat Documentation<br>
</td>
</tr>
</table>
<br>
<table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolor="#000000">
<tr>
<td bgcolor="#D2A41C" bordercolor="#000000" align="left" nowrap>
<font face="Verdana" size="+1"><i>Tomcat Online</i> </font>
</td>
</tr>
<tr>
<td bgcolor="#FFDC75" bordercolor="#000000" nowrap>
Home Page<br>
Bug Database<br>
Users Mailing List<br>
Developers Mailing List<br>
IRC<br>
</td>
</tr>
</table>
<br>
<table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolor="#000000">
<tr>
<td bgcolor="#D2A41C" bordercolor="#000000" align="left" nowrap>
<font face="Verdana" size="+1"><i>Examples</i> </font>
</td>
</tr>
<tr>
<td bgcolor="#FFDC75" bordercolor="#000000" nowrap>
JSP Examples<br>
Servlet Examples<br>
WebDAV capabilities<br>
</td>
</tr>
</table>
<br>
<table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolor="#000000">
<tr>
<td bgcolor="#D2A41C" bordercolor="#000000" align="left" nowrap>
<font face="Verdana" size="+1"><i>Miscellaneous</i> </font>
</td>
</tr>
<tr>
<td bgcolor="#FFDC75" bordercolor="#000000" nowrap>
Sun's Java Server Pages Site<br>
Sun's Servlet Site<br>
</td>
</tr>
</table>
</td>
<td> </td>
<!-- Body -->
<td align="left" valign="top">
<p><center><b>If you're seeing this page via a web browser, it means you've setup Tomcat successfully. Congratulations!</b></center></p>
<p>As you may have guessed by now, this is the default Tomcat home page. It can be found on the local filesystem at:
<blockquote>
<p class="code">$CATALINA_HOME/webapps/ROOT/index.html</p>
</blockquote>
</p>
<p>where "$CATALINA_HOME" is the root of the Tomcat installation directory. If you're seeing this page, and you don't think you should be, then either you're either a user who has arrived at new installation of Tomcat, or you're an administrator who hasn't got his/her setup quite right. Providing the latter is the case, please refer to the Tomcat Documentation for more detailed setup and administration information than is found in the INSTALL file.</p>
<p><b>NOTE: For security reasons, using the administration webapp
is restricted to users with role "admin". The manager webapp
is restricted to users with role "manager".</b>
Users are defined in <code>$CATALINA_HOME/conf/tomcat-users.xml</code>.</p>
<p>Included with this release are a host of sample Servlets and JSPs (with associated source code), extensive documentation (including the Servlet 2.3 and JSP 1.2 API JavaDoc), and an introductory guide to developing web applications.</p>
<p>Tomcat mailing lists are available at the Jakarta project web site:</p>
<ul>
<li><b>[email protected]</b> for general questions related to configuring and using Tomcat</li>
<li><b>[email protected]</b> for developers working on Tomcat</li>
</ul>
<p>Thanks for using Tomcat!</p>
<p align="right"><font size=-1><img src="tomcat-power.gif" width="77" height="80"></font><br>
<font size=-1>Copyright © 1999-2002 Apache Software Foundation</font><br>
<font size=-1>All Rights Reserved</font> <br>
</p>
<p align="right"> </p>
</td>
</tr>
</table>
</body>
</html>I ended up uninstalling every java this and that.. and tomcat.
Then installing only the j2sdk1.4.0_03 SDK.
Then set up JAVA_HOME for all users and modified the path with full path to the bin (c:\j2sdk1.4.0_03\bin)
Lastly I reinstalled tomcat and, voila, everything was working.
It can be quite maddening when you THINK you did everything by the boook and something doesn't work. When you replied and confirmed that I was on the right track.. uninstalling and trying yet again became les frustrating an option.
Thanks.
BTW- I needed this env to do the projects in what sems to be a very interesting book.. "macromedia Flash MC application design and development" by Jessica Speigel .. published by New Riders.
Her flash help website is at www.were-here.com.. the projects in the book are for flash-based multiplayer games and multi-user formums and such. -
i am setting up a mac pro with the leopard server. After 3 reinstallations of the os i keep reaching the same situation. Once i have setup mail services the mails can only be relayed within the local lan and mail sent via smtp can go to the internet. Mails forwarded to the ip/subdomain however do not arrive.
the dns & mx has been setup as the mail services pdf indicates. on the domain side a subdomain has been created with mx but of a lower priority than the main domain mx.
www.casinomalindi.com is the domain and the mx are mail.casinomalindi.com & mld.casinomalindi.com
kindly assist.
regardsSorry for the delay in response. The server is at a remote site.
Sending mail is OK and receipients are receiving mails ok. The problem is in receiving mail from external sources. e.g. if i send mail from gmail i get the following:
Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at http://mail.google.com/support/bin/answer.py?answer=7720
[mld.casinomalindi.com (1): Connection timed out]
kindly find the post conf file:
------------------------------postconf -------------------------------------
Last login: Tue Jun 30 15:35:43 on ttys000
mld:~ adminmyd$ postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = all
mail_owner = _postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
messagesizelimit = 10485760
mydomain = casinomalindi.com
mydomain_fallback = localhost
myhostname = mld.casinomalindi.com
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpdpw_server_securityoptions = gssapi
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpduse_pwserver = yes
unknownlocal_recipient_rejectcode = 550
mld:~ adminmyd$
pls advise if this is ok.
regards
LM -
I have a cisco 891 router, and 3 unmanaged switches that i would like to use to segment my small office network into 3 VLANs groups to help reduce out current bottleneck we are having in our network. From everything i read i should be able to setup 3 VLANs on the router, and pick 3 out of the 8 ports on the router to be switchports for each of the 3 VLANs, and each of the 3 switches would connect to those.
My question is, when i setup the VLAN i cannot access the internet, though the inital VLAN 1 which currenlty has all our office computers sharing 1 switch and 1 VLAN works fine, any ideas? Is segmenting our network via 3 switches and 3 VLANs going to help with overall bandwidth?
My last question is, what are the proper steps to setup each VLAN on the router so i can access the internet with them and achieve the increased bandwidth through segmenting each office group?
I am new to cisco routers, so any help you can give me would be great.Thanks for your help. I think ive helped myself on the bandwidth end by spliting up my office on to 3 switches, but still using 1 VLAN. Before we had 16 people using 1 100Mbps link to the router which was at times getting maxed. Now i have it split across 3. But for security reasons with accounting and such i still want to setup 3 vlans. Here is the version information on the router:
Cisco IOS Software, C890 Software (C890-UNIVERSALK9-M), Version 12.4(22)YB, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Tue 27-Jan-09 02:48 by prod_rel_team
ROM: System Bootstrap, Version 12.4(22r)YB3, RELEASE SOFTWARE (fc1)
yourname uptime is 3 days, 5 hours, 24 minutes
System returned to ROM by reload at 10:18:03 PCTime Fri Oct 8 2010
System image file is "flash:c890-universalk9-mz.124-22.YB.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 891 (MPC8300) processor (revision 1.0) with 498688K/25600K bytes of memory.
Processor board ID FTX134680PV
9 FastEthernet interfaces
1 Gigabit Ethernet interface
1 Serial interface
1 terminal line
256K bytes of non-volatile configuration memory.
250880K bytes of ATA CompactFlash (Read/Write)
License Information for 'c890'
License Level: advipservices Type: Permanent
Next reboot license Level: advipservices
Configuration register is 0x2102
Current configuration : 12609 bytes
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname yourname
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 ***********************
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authentication login ciscocp_vpn_xauth_ml_3 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa session-id common
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-2084037767
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2084037767
revocation-check none
rsakeypair TP-self-signed-2084037767
crypto pki certificate chain TP-self-signed-2084037767
certificate self-signed 01
quit
no ip source-route
ip dhcp pool data-vlan-10
import all
network 10.10.10.0 255.255.255.0
dns-server *****************(OUTSIDE IP)
default-router 10.10.10.1
ip cef
no ip bootp server
ip domain name yourdomain.com
ip name-server *****************(OUTSIDE IP)
ip name-server *****************(OUTSIDE IP)
ip port-map user-protocol--1 port tcp 3389
no ipv6 cef
multilink bundle-name authenticated
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group Everyone
key *********
crypto isakmp client configuration group user
key **********
pool SDM_POOL_1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ctcp port 10000
archive
log config
hidekeys
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 102
match protocol user-protocol--1
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any SDM_WEBVPN
match access-group name SDM_WEBVPN
class-map type inspect match-all SDM_WEBVPN_TRAFFIC
match class-map SDM_WEBVPN
match access-group 103
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map match-any CCP-Voice-1
match dscp ef
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map match-any CCP-Management-1
match dscp cs2
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 101
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map CCP-QoS-Policy-1
class CCP-Voice-1
priority percent 33
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-user-protocol--1-1
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_WEBVPN_TRAFFIC
inspect
class class-default
drop
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
interface Loopback0
description Do not delete - SDM WebVPN generated interface
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
interface Null0
no ip unreachables
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
description $ES_WAN$$ETH-WAN$$FW_OUTSIDE$
ip address *****************(OUTSIDE IP) 255.255.255.248
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex full
speed 100
snmp trap ip verify drop-rate
service-policy output CCP-QoS-Policy-1
interface GigabitEthernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
ip local pool SDM_POOL_1 10.10.10.50 10.10.10.60
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 *****************(OUTSIDE IP) 2
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 6000
ip nat inside source list 100 interface FastEthernet8 overload
ip nat inside source static tcp 10.10.10.71 3389 interface FastEthernet8 3389
ip nat inside source static tcp 192.168.1.1 443 *****************(OUTSIDE IP) 4443 extendable
ip access-list extended SDM_WEBVPN
remark CCP_ACL Category=1
permit tcp any any eq 443
logging trap debugging
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip**********************(OUTSIDE IP) 0.0.0.7 any
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 10.10.10.71
access-list 103 remark CCP_ACL Category=128
access-list 103 permit ip any host *****************(OUTSIDE IP)
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username privilege 15 secret 0
Replace and with the username and password you want to
use.
^C
banner login ^C
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN
CREDENTIALS
Here are the Cisco IOS commands.
username privilege 15 secret 0
no username cisco
Replace and with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
^C
line con 0
transport output telnet
Replace and with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
^C
line con 0
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
webvpn gateway gateway_1
ip address 72.242.1.187 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-2084037767
inservice
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context VPN
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "SDM_POOL_1"
svc keep-client-installed
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_3
gateway gateway_1 domain pwvpn
inservice
end
So thats the config right now, i have not added the vlans yet, because when i did it shutdown all our network, so i went back to our working config. So if you can tell me what steps i need to setup the vlans that would be great. I need to start another thread about VPNS, cause i cant get our VPN working either but thats another story -
sorry if this a repeat question, but i'm stumped. i've set up
a number of sites previously, and never had a problem using the ftp
with dw. my typical setup has been
ftp host: ftp.mysite.com
host directory: public_html/
username
password
never a problem.
now i'm trying to set up a site on a new dedicated server
host and these same setting don't work. as an aside, i'm using
cpanel and when i set up the ftp user i noticed the directory is
/home/wwwcoun/public_html/, so i alternated this with a simple
public_html/ but it didn't work. suggestions please. thanks.
mikeTry -
FTP Host - www.mysite.com
Host directory - BLANK
Can you connect? If you can, tell me what FOLDER names you
see on the
remote folder list.
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com
- Template Triage!
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
http://www.macromedia.com/support/search/
- Macromedia (MM) Technotes
==================
"hconnorjr" <[email protected]> wrote in
message
news:emvf4c$6cr$[email protected]..
> sorry if this a repeat question, but i'm stumped. i've
set up a number of
> sites
> previously, and never had a problem using the ftp with
dw. my typical
> setup has
> been
>
> ftp host: ftp.mysite.com
> host directory: public_html/
> username
> password
>
> never a problem.
>
> now i'm trying to set up a site on a new dedicated
server host and these
> same
> setting don't work. as an aside, i'm using cpanel and
when i set up the
> ftp
> user i noticed the directory is
/home/wwwcoun/public_html/, so i
> alternated
> this with a simple public_html/ but it didn't work.
suggestions please.
> thanks.
>
> mike
>
> -
802.1x for user authentication setup questions
Hi,
I am fairly new to the 802.1x realm, I have read several documents on how the setup is accomplished and I was hoping someone could validate the setup I have in mind to make sure I am on the right page. Any comments or assistance would be greatly appreciated, I do not have the infrastructure to test everything before hand.
I have a remote site with a switch and router. I want to authenticate users using their AD credentials. At the datacenter I will have ACS 5.2, a Windows 2008 enterprise server for AD service and CS service. I do not have the option to install an additional client on the PC like anyconnect, I need to use Windows OS supplicant without installing physcial certificates on the machine.
- Within the CS service I will generate a certificate that will be imported by ACS.
- I will activate ACS to integrate with AD
- I do not want to insall certificates on the client machines so I will use PEAP w/ MSCHAPv2
- The authenticating clients will be XP w/ SP3, I am hoping that a group policy can be created to enabed the wired service to start automatically and I will also need to add my CS/CA server as a trusted authority unless I purhcase a verisign certificate to be used. Correct? or will this need to be done when the desktop image is installed on the pc?
Additional Questions:
- With the setup I described above using MSCHAPv2 when the user boots the computer in the morning, hits ctrl+alt+delete and provides their AD credentials will this act as a single sign on? first authenticating them through 802.1x so the port is authorized and then authenticating them to the AD server? or will there be some type of pop up window that will appear before the ctrl+alt+delete window? making the user provide credentials twice (annoying)
- Once the user is autheticated can I push an ACL down to the switch to enforce a set policy? or does this happen on the router?
- Most of the documents I have read are related to L2 802.1x is there a L3 option that includes the router that I should be looking at to provide more features?
- can anyone speak to their experience with the Windows OS supplicants? is the functionality flaky/clunky or if the backend is setup properly it works seamlessly?
Sorry for the long winded post but I am kind of shooting in the dark without having the equipment to test with. Any help is appreciated!
ThanksThanks too you both for the responses.
I have a few followup questions which I have added inline.
Q:
- With the setup I described above using MSCHAPv2 when the user boots the computer in the morning, hits ctrl+alt+delete and provides their AD credentials will this act as a single sign on? first authenticating them through 802.1x so the port is authorized and then authenticating them to the AD server? or will there be some type of pop up window that will appear before the ctrl+alt+delete window? making the user provide credentials twice (annoying)
A: If you select "Use windows credentials" it won't prompt you for credentials. so All automatic.
However note that it will only login AFTER you entered the credentials on the logon page. So you won't have network connectivity for the initial logon, so no login scripts this way.
With your comments I am rethinking my approach, I am considering that if the company security policy will allow it I will do machine authentication only instead of user auth. Obviously this is not as secure since a rogue user could change the local admin password and have access to the network. But interms of simplicity and ease of use machine authentication provides a transparent authentication mechanism that should suffice. I would just have to sell the solution to security.
There a few things I need to understand before persuing this.
- will the machine be 802.1x authenticated and on the network before the ctrl+alt+delete? so when user logs in the machine has passed 802.1x already and has received ip from dhcp? this is my hope.
- is peap/mschap still the supported protocol so no physical cert is required per machine? no EAP-TLS
- is the machine profile on the AD server used for 802.1x verification/authentication? meaning ACS will pass off to AD to verify the machine is part of the domain? or do you have to create machine profiles in ACS?
- I have read a few articles out there about issues with machine auth with clients using XP, perhaps this was related to previous serivce packs before SP3? there was mention of registery changes required etc.
- is there a different supplicant offered by cisco that is more robust that would provide more stability or is the cisco supplicant cost money per user license or other etc.
Again your feedback is invaluable as I do not have the physical equipment to test with. Unfortunatly I have to propose a solution before actually testing something which I am not particularly fond of.
Regards,
Eric -
Oracle 11gR2 RAC VM and SCAN and DNS and /etc/hosts (two) setup questions
Hi,
I am looking forward to setting up two Oracle 11gR2 RAC instances
on my Oracle VM test machine.
I plan on using the Oracle 11gR2 RAC VM template.
I want the final Oracle 11gR2 RAC instances to have SCAN that uses DNS.
The DNS will be pre-installed in the JeOS.
My first simple question about the setup is the following.
In my DNS name file, for example,
/var/named/chroot/var/named/milkyway.univ.db
do I need to provide the racnode1 and racnode2 information,
for example,
# DNS name file (snippet)
myjeos IN A 192.168.1.150
racnode1 IN A 192.168.1.161
racnode1-vip IN A 192.168.1.163
racnode2 IN A 192.168.1.162
racnode2-vip IN A 192.168.1.164
rac-scan IN A 192.168.1.131
rac-scan IN A 192.168.1.132
rac-scan IN A 192.168.1.133
Or, can I just provide only the rac-scan information
# DNS name file alternate (snippet)
myjeos IN A 192.168.1.150
rac-scan IN A 192.168.1.131
rac-scan IN A 192.168.1.132
rac-scan IN A 192.168.1.133
What I am getting at is the following.
Within the install process, will racnode1, racnode1-vip, racnode2,
and racnode2-vip host names and their IP address be written
to the RAC instances /etc/hosts files? (So I should not bother
to put them in the DNS name file like '# DNS name file alternate (snippet)'?)
Or, should I put the racnode and racnode-vip host names and IP addresses
in the DNS name file like '# DNS name file (snippet)'?
The second question is the following.
Are the cluster name and the scan name allowed to be different?
Currently, I would plan them to be different,
for example, rac-cluster and rac-scan.
Or, are they required to be the same,
for example, rac-cluster and rac-cluster.
Thank you.
AIMAIM wrote:
do I need to provide the racnode1 and racnode2 information,
Or, can I just provide only the rac-scan information You need to provide all of it in DNS, because other hosts in your network will need to be able to resolve all of the normal, VIP and SCAN addresses for your RAC nodes. We write this data out to /etc/hosts just to reduce the amount of round-trip DNS requests the cluster nodes make for themselves.
Are the cluster name and the scan name allowed to be different?They can be different.
Maybe you are looking for
-
Why is it not possible to attach more then one photo on email
i tried to send several photos with the email app but there is no way... did I miss something? it works with gmail app but not with the Ipad. regards
-
HP Photosmart 8750 prints slow when using Photo Gray Cartidge
HP Photosmart 8750 prints slow when using Photo Gray Cartidge ... sometimes indicates Black Cartridge failed, however upon reinserting works slow
-
Is there a way to turn off skimming - not just audio, but video as well?
Or do I need to re-install my old imovie? If so, will it work on 10.5? thanks!
-
FSCM(ECC6.0) How to report securities' balance amount by each transaction ?
Hello. My client asked me to make add-on report which shows securities' amount by each transaction. The image is like as below. Security ID # 1000 ABC Co.,Ltd. Date Transaction # Flowtype Amount
-
File To File with merging and two sources one receiver.
Hi Experts, My scenario is File to File In this I need to pick Files from two different Directories on different systems: Sys1 and Sys2 In Sys1 i have 7 Files File1 to File7 In sys2 i have 8 Files File 8 to File14 and File_EOPM Now <B>I need to merge